cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(op): PKCE Verification in Legacy Server when AuthMethod is not NONE and CodeVerifier is not Empty (#496)

Browse source 
* add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

* update per Tim's direction
This commit is contained in:
Stephen Andary 2023-12-07 10:36:03 -05:00 committed by GitHub
parent ed21cdd4ce
commit 9d12d1d900
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/op/server_legacy.go
View file

@ -205,7 +205,7 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
if err != nil {
return nil, err
}
if r.Client.AuthMethod() == oidc.AuthMethodNone {
if r.Client.AuthMethod() == oidc.AuthMethodNone || r.Data.CodeVerifier != "" {
if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
return nil, err
}