Revert "feat(op): always verify code challenge when available (#721)"

Breaks OIDC for some not yet updated applications, that we use. This reverts commit c51628ea27.
2025-06-20 08:44:27 +02:00 · 2025-06-20 08:44:27 +02:00 · 154fbe6420
commit 154fbe6420
parent d6e37fa741
6 changed files with 15 additions and 42 deletions
--- a/example/server/exampleop/templates/login.html
+++ b/example/server/exampleop/templates/login.html
@ -25,5 +25,5 @@
            <button type="submit">Login</button>
        </form>
    </body>
-</html>
-{{- end }}
+</html>`
+{{- end }}
--- a/example/server/storage/oidc.go
+++ b/example/server/storage/oidc.go
@ -18,7 +18,7 @@ const (
 	// CustomClaim is an example for how to return custom claims with this library
 	CustomClaim = "custom_claim"

-	// CustomScopeImpersonatePrefix is an example scope prefix for passing user id to impersonate using token exchange
+	// CustomScopeImpersonatePrefix is an example scope prefix for passing user id to impersonate using token exchage
 	CustomScopeImpersonatePrefix = "custom_scope:impersonate:"
 )

@ -143,14 +143,6 @@ func MaxAgeToInternal(maxAge *uint) *time.Duration {
 }

 func authRequestToInternal(authReq *oidc.AuthRequest, userID string) *AuthRequest {
-	var codeChallenge *OIDCCodeChallenge
-	if authReq.CodeChallenge != "" {
-		codeChallenge = &OIDCCodeChallenge{
-			Challenge: authReq.CodeChallenge,
-			Method:    string(authReq.CodeChallengeMethod),
-		}
-	}
-
 	return &AuthRequest{
 		CreationDate:  time.Now(),
 		ApplicationID: authReq.ClientID,
@ -165,7 +157,10 @@ func authRequestToInternal(authReq *oidc.AuthRequest, userID string) *AuthReques
 		ResponseType:  authReq.ResponseType,
 		ResponseMode:  authReq.ResponseMode,
 		Nonce:         authReq.Nonce,
-		CodeChallenge: codeChallenge,
+		CodeChallenge: &OIDCCodeChallenge{
+			Challenge: authReq.CodeChallenge,
+			Method:    string(authReq.CodeChallengeMethod),
+		},
 	}
 }