diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 8d824296..c39679b6 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -144,7 +144,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant case 'S256': if ( hash_equals( - urlencode(base64_encode(hash('sha256', $codeVerifier))), + strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'), $authCodePayload->code_challenge ) === false ) { diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php index 9ce035c0..80a95c31 100644 --- a/tests/Grant/AuthCodeGrantTest.php +++ b/tests/Grant/AuthCodeGrantTest.php @@ -767,7 +767,7 @@ class AuthCodeGrantTest extends TestCase 'user_id' => 123, 'scopes' => ['foo'], 'redirect_uri' => 'http://foo/bar', - 'code_challenge' => urlencode(base64_encode(hash('sha256', 'foobar'))), + 'code_challenge' => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'), 'code_challenge_method' => 'S256', ] )