ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-30 02:33:14 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #842 from sgomez/fix-challenge-pkce

Browse Source 
Fix S256 code challenge method
This commit is contained in:
Andrew Millington 2018-01-25 23:16:15 +00:00 committed by GitHub
commit 8bbd218856
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Grant/AuthCodeGrant.php
View File

@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
case 'S256': case 'S256':
if ( if (
hash_equals( hash_equals(
hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')), strtr(rtrim(base64_encode(hash('sha256', $codeVerifier, true)), '='), '+/', '-_'),
$authCodePayload->code_challenge $authCodePayload->code_challenge
) === false ) === false
) { ) {

8
tests/Grant/AuthCodeGrantTest.php
View File

@ -744,6 +744,10 @@ class AuthCodeGrantTest extends TestCase
$grant->setRefreshTokenRepository($refreshTokenRepositoryMock); $grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
$grant->setEncryptionKey($this->cryptStub->getKey()); $grant->setEncryptionKey($this->cryptStub->getKey());
// [RFC 7636] Appendix B. Example for the S256 code_challenge_method
$codeVerifier = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk';
$codeChallenge = 'E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM';
$request = new ServerRequest( $request = new ServerRequest(
[], [],
[], [],
@ -757,7 +761,7 @@ class AuthCodeGrantTest extends TestCase
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
'client_id' => 'foo', 'client_id' => 'foo',
'redirect_uri' => 'http://foo/bar', 'redirect_uri' => 'http://foo/bar',
'code_verifier' => 'foobar', 'code_verifier' => $codeVerifier,
'code' => $this->cryptStub->doEncrypt( 'code' => $this->cryptStub->doEncrypt(
json_encode( json_encode(
[ [
@ -767,7 +771,7 @@ class AuthCodeGrantTest extends TestCase
'user_id' => 123, 'user_id' => 123,
'scopes' => ['foo'], 'scopes' => ['foo'],
'redirect_uri' => 'http://foo/bar', 'redirect_uri' => 'http://foo/bar',
'code_challenge' => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')), 'code_challenge' => $codeChallenge,
'code_challenge_method' => 'S256', 'code_challenge_method' => 'S256',
] ]
) )