cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

Browse source
This commit is contained in:
Stephen Andary 2023-12-05 14:15:41 -05:00
parent 3a4d44cae7
commit af0de4632e
No known key found for this signature in database
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/op/server_legacy.go
View file

@ -205,10 +205,15 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
if err != nil { if err != nil {
return nil, err return nil, err
} }
if r.Client.AuthMethod() == oidc.AuthMethodNone { if r.Client.AuthMethod() == oidc.AuthMethodNone {
if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil { if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
return nil, err return nil, err
} }
} else if r.Data.CodeVerifier != "" {
if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
return nil, err
}
} }
resp, err := CreateTokenResponse(ctx, authReq, r.Client, s.provider, true, r.Data.Code, "") resp, err := CreateTokenResponse(ctx, authReq, r.Client, s.provider, true, r.Data.Code, "")
if err != nil { if err != nil {