diff --git a/packages/core/auth-js/src/GoTrueClient.ts b/packages/core/auth-js/src/GoTrueClient.ts
index 341d35ce0..19faa36e1 100644
--- a/packages/core/auth-js/src/GoTrueClient.ts
+++ b/packages/core/auth-js/src/GoTrueClient.ts
@@ -572,6 +572,7 @@ export default class GoTrueClient {
       const { data, error } = res
 
       if (error || !data) {
+        await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
         return { data: { user: null, session: null }, error: error }
       }
 
@@ -585,6 +586,7 @@ export default class GoTrueClient {
 
       return { data: { user, session }, error: null }
     } catch (error) {
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
       if (isAuthError(error)) {
         return { data: { user: null, session: null }, error }
       }
@@ -1078,6 +1080,7 @@ export default class GoTrueClient {
       return { data: { ...data, redirectType: redirectType ?? null }, error }
     } catch (error) {
       if (isAuthError(error)) {
+        await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
         return { data: { user: null, session: null, redirectType: null }, error }
       }
 
@@ -1186,6 +1189,7 @@ export default class GoTrueClient {
       }
       throw new AuthInvalidCredentialsError('You must provide either an email or phone number.')
     } catch (error) {
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
       if (isAuthError(error)) {
         return { data: { user: null, session: null }, error }
       }
@@ -1285,6 +1289,7 @@ export default class GoTrueClient {
         xform: _ssoResponse,
       })
     } catch (error) {
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
       if (isAuthError(error)) {
         return { data: null, error }
       }
@@ -1741,6 +1746,7 @@ export default class GoTrueClient {
         return { data: { user: session.user }, error: null }
       })
     } catch (error) {
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
       if (isAuthError(error)) {
         return { data: { user: null }, error }
       }
@@ -2193,6 +2199,7 @@ export default class GoTrueClient {
         redirectTo: options.redirectTo,
       })
     } catch (error) {
+      await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
       if (isAuthError(error)) {
         return { data: null, error }
       }
@@ -2319,6 +2326,7 @@ export default class GoTrueClient {
         }
         return { data, error }
       } catch (error) {
+        await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
         if (isAuthError(error)) {
           return { data: { user: null, session: null }, error }
         }
@@ -2667,7 +2675,7 @@ export default class GoTrueClient {
     // _saveSession is always called whenever a new session has been acquired
     // so we can safely suppress the warning returned by future getSession calls
     this.suppressGetSessionWarning = true
-
+    await removeItemAsync(this.storage, `${this.storageKey}-code-verifier`)
     // Create a shallow copy to work with, to avoid mutating the original session object if it's used elsewhere
     const sessionToProcess = { ...session }