cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(op): Add mitigation for PKCE Downgrade Attack (#741)

Browse source 
* fix(op): Add mitigation for PKCE downgrade attack

* chore(op): add test for PKCE verification
This commit is contained in:
Ayato 2025-04-29 23:33:31 +09:00 committed by GitHub
parent 5913c5a074
commit 4f0ed79c0a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 88 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/op/token_code.go
View file

@ -80,12 +80,9 @@ func AuthorizeCodeClient(ctx context.Context, tokenReq *oidc.AccessTokenRequest,
}
codeChallenge := request.GetCodeChallenge()
if codeChallenge != nil {
err = AuthorizeCodeChallenge(tokenReq.CodeVerifier, codeChallenge)
if err != nil {
return nil, nil, err
}
err = AuthorizeCodeChallenge(tokenReq.CodeVerifier, codeChallenge)
if err != nil {
return nil, nil, err
}
if tokenReq.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {