ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Stricter validation of code challenge value to match RFC 7636 requirements

Browse Source
This commit is contained in:
Alex Bilbie
2017-06-16 16:52:36 +01:00
parent 6bdd108145
commit 57d199b889
2 changed files with 119 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Grant/AuthCodeGrant.php
View File

@ -264,6 +264,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
throw OAuthServerException::invalidRequest('code_challenge');
}
if (preg_match("/^[A-Za-z0-9-._~]{43,128}$/", $codeChallenge) !== 1) {
throw OAuthServerException::invalidRequest(
'code_challenge',
'The code_challenge must be between 43 and 128 characters'
);
}
$codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');
if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) {
throw OAuthServerException::invalidRequest(