Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation

# Conflicts: # src/Grant/AuthCodeGrant.php # tests/Grant/AuthCodeGrantTest.php
2025-05-31 14:12:07 +05:30 · 2017-07-07 12:06:32 -05:00
parent 4710743b87 317f46b7ae
commit fbb3586cae
32 changed files with 497 additions and 285 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -275,6 +275,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                throw OAuthServerException::invalidRequest('code_challenge');
            }

+            if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $codeChallenge) !== 1) {
+                throw OAuthServerException::invalidRequest(
+                    'code_challenge',
+                    'The code_challenge must be between 43 and 128 characters'
+                );
+            }
+
            $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');
            if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) {
                throw OAuthServerException::invalidRequest(
@ -326,6 +333,17 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                $authorizationRequest->getScopes()
            );

+            $payload = [
+                'client_id'               => $authCode->getClient()->getIdentifier(),
+                'redirect_uri'            => $authCode->getRedirectUri(),
+                'auth_code_id'            => $authCode->getIdentifier(),
+                'scopes'                  => $authCode->getScopes(),
+                'user_id'                 => $authCode->getUserIdentifier(),
+                'expire_time'             => (new \DateTime())->add($this->authCodeTTL)->format('U'),
+                'code_challenge'          => $authorizationRequest->getCodeChallenge(),
+                'code_challenge_method'   => $authorizationRequest->getCodeChallengeMethod(),
+            ];
+
            $response = new RedirectResponse();
            $response->setRedirectUri(
                $this->makeRedirectUri(
@ -333,16 +351,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                    [
                        'code'  => $this->encrypt(
                            json_encode(
-                                [
-                                    'client_id'               => $authCode->getClient()->getIdentifier(),
-                                    'redirect_uri'            => $authCode->getRedirectUri(),
-                                    'auth_code_id'            => $authCode->getIdentifier(),
-                                    'scopes'                  => $authCode->getScopes(),
-                                    'user_id'                 => $authCode->getUserIdentifier(),
-                                    'expire_time'             => (new \DateTime())->add($this->authCodeTTL)->format('U'),
-                                    'code_challenge'          => $authorizationRequest->getCodeChallenge(),
-                                    'code_challenge_method'   => $authorizationRequest->getCodeChallengeMethod(),
-                                ]
+                                $payload
                            )
                        ),
                        'state' => $authorizationRequest->getState(),