From af3a497b6d7b00166977f6758f8be8ce33c064a5 Mon Sep 17 00:00:00 2001
From: Timo Volkmann <git@timovolkmann.de>
Date: Thu, 9 Sep 2021 14:31:31 +0200
Subject: [PATCH] fix: make pkce code_verifier spec compliant #125

follow recommendations for code_verifier: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
---
 pkg/client/rp/relaying_party.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/client/rp/relaying_party.go b/pkg/client/rp/relaying_party.go
index c9c7a8c..a72fa21 100644
--- a/pkg/client/rp/relaying_party.go
+++ b/pkg/client/rp/relaying_party.go
@@ -2,6 +2,7 @@ package rp
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"net/http"
 	"strings"
@@ -288,7 +289,7 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty) http.HandlerFunc {
 
 //GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie
 func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) {
-	codeVerifier := uuid.New().String()
+	codeVerifier := base64.URLEncoding.EncodeToString([]byte(uuid.New().String()))
 	if err := rp.CookieHandler().SetCookie(w, pkceCode, codeVerifier); err != nil {
 		return "", err
 	}