From 1a95652830ae2cbcda31728bc5725df5865e1cd1 Mon Sep 17 00:00:00 2001
From: thomas-welch <thomas.welch@lockwood-publishing.com>
Date: Tue, 14 Sep 2021 16:02:55 +0100
Subject: [PATCH] allow UDF PKCE challenge code generators to error

---
 pkg/client/rp/relaying_party.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkg/client/rp/relaying_party.go b/pkg/client/rp/relaying_party.go
index e2c8a0a..2d4fd8e 100644
--- a/pkg/client/rp/relaying_party.go
+++ b/pkg/client/rp/relaying_party.go
@@ -64,14 +64,14 @@ type RelyingParty interface {
 }
 
 type ErrorHandler func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string)
-type PKCECodeGenerator func() string
+type PKCECodeGenerator func() (string, error)
 
 var (
 	DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) {
 		http.Error(w, errorType+": "+errorDesc, http.StatusInternalServerError)
 	}
-	DefaultPKCECodeGenerator PKCECodeGenerator = func() string {
-		return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String()))
+	DefaultPKCECodeGenerator PKCECodeGenerator = func() (string, error) {
+		return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String())), nil
 	}
 )
 
@@ -311,7 +311,10 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty) http.HandlerFunc {
 
 //GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie
 func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) {
-	codeVerifier := rp.PKCECodeGenerator()()
+	codeVerifier, err := rp.PKCECodeGenerator()()
+	if err != nil {
+		return "", err
+	}
 	if err := rp.CookieHandler().SetCookie(w, pkceCode, codeVerifier); err != nil {
 		return "", err
 	}