Fix codeVerifier hash verification.

2024-12-28 16:00:24 +05:30 · 2017-06-16 12:02:34 -05:00 · 2017-06-16 12:02:34 -05:00 · 2482630221
commit 2482630221
parent bf7084a147
1 changed files with 1 additions and 1 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                case 'S256':
                    if (
                        hash_equals(
-                            urlencode(base64_encode(hash('sha256', $codeVerifier))),
+                            rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='),
                            $authCodePayload->code_challenge
                        ) === false
                    ) {