mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-28 07:50:23 +05:30
Fix PKCE code verifier encoding to match specification
The current implementation of PKCE does not follow the specification correctly regarding the encoding of the code verifier. This patch correctly encodes the hash of the code verifier according to Appenix A of RFC 7636.
This commit is contained in:
parent
0da70c916a
commit
6426e597a3
@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
|||||||
case 'S256':
|
case 'S256':
|
||||||
if (
|
if (
|
||||||
hash_equals(
|
hash_equals(
|
||||||
urlencode(base64_encode(hash('sha256', $codeVerifier))),
|
strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'),
|
||||||
$authCodePayload->code_challenge
|
$authCodePayload->code_challenge
|
||||||
) === false
|
) === false
|
||||||
) {
|
) {
|
||||||
|
@ -630,7 +630,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
|
|||||||
'user_id' => 123,
|
'user_id' => 123,
|
||||||
'scopes' => ['foo'],
|
'scopes' => ['foo'],
|
||||||
'redirect_uri' => 'http://foo/bar',
|
'redirect_uri' => 'http://foo/bar',
|
||||||
'code_challenge' => urlencode(base64_encode(hash('sha256', 'foobar'))),
|
'code_challenge' => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'),
|
||||||
'code_challenge_method' => 'S256',
|
'code_challenge_method' => 'S256',
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user