cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: make pkce code_verifier spec compliant #125

Browse source 
follow recommendations for code_verifier: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
This commit is contained in:
Timo Volkmann 2021-09-09 14:31:31 +02:00
parent 3574b211c8
commit af3a497b6d
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/client/rp/relaying_party.go
View file

@ -2,6 +2,7 @@ package rp
import ( import (
"context" "context"
"encoding/base64"
"errors" "errors"
"net/http" "net/http"
"strings" "strings"
@ -288,7 +289,7 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty) http.HandlerFunc {
//GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie //GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie
func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) { func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) {
codeVerifier := uuid.New().String() codeVerifier := base64.URLEncoding.EncodeToString([]byte(uuid.New().String()))
if err := rp.CookieHandler().SetCookie(w, pkceCode, codeVerifier); err != nil { if err := rp.CookieHandler().SetCookie(w, pkceCode, codeVerifier); err != nil {
return "", err return "", err
} }