mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Fix S256 code challenge method
According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3): If the "code_challenge_method" from Section 4.3 was "S256", the received "code_verifier" is hashed by SHA-256, base64url-encoded, and then compared to the "code_challenge", i.e.: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge So, the hash must be done before the base64_encode. The tests are modified to use example data from the [RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B).
This commit is contained in:
@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
case 'S256':
|
||||
if (
|
||||
hash_equals(
|
||||
hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
|
||||
strtr(rtrim(base64_encode(hash('sha256', $codeVerifier, true)), '='), '+/', '-_'),
|
||||
$authCodePayload->code_challenge
|
||||
) === false
|
||||
) {
|
||||
|
Reference in New Issue
Block a user