diff --git a/pkg/client/rp/relaying_party.go b/pkg/client/rp/relaying_party.go index 2d4fd8e..82a2f5b 100644 --- a/pkg/client/rp/relaying_party.go +++ b/pkg/client/rp/relaying_party.go @@ -38,9 +38,6 @@ type RelyingParty interface { //IsPKCE returns if authorization is done using `Authorization Code Flow with Proof Key for Code Exchange (PKCE)` IsPKCE() bool - //PKCECodeGenerator controls how PKCE challenge codes are generated - PKCECodeGenerator() PKCECodeGenerator - //CookieHandler returns a http cookie handler used for various state transfer cookies CookieHandler() *utils.CookieHandler @@ -70,11 +67,19 @@ var ( DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) { http.Error(w, errorType+": "+errorDesc, http.StatusInternalServerError) } - DefaultPKCECodeGenerator PKCECodeGenerator = func() (string, error) { - return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String())), nil - } ) +func DefaultPKCECodeGenerator() (string, error) { + return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String() + uuid.New().String())), nil +} + +// extends the RelyingParty interface to allow custom PKCE Code generation +type RelyingPartyWithCustomPKCE interface { + RelyingParty + //PKCECodeGenerator controls how PKCE challenge codes are generated + PKCECodeGenerator() PKCECodeGenerator +} + type relyingParty struct { issuer string endpoints Endpoints @@ -311,7 +316,11 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty) http.HandlerFunc { //GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) { - codeVerifier, err := rp.PKCECodeGenerator()() + codeGenerator := DefaultPKCECodeGenerator + if rpc, ok := rp.(RelyingPartyWithCustomPKCE); ok { + codeGenerator = rpc.PKCECodeGenerator() + } + codeVerifier, err := codeGenerator() if err != nil { return "", err }