From c3169868d8296f88bf8cab391c8ce5dbef21afcb Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Fri, 28 Feb 2020 18:07:01 +0100
Subject: [PATCH] fix: code challenge

---
 pkg/oidc/code_challenge.go | 2 +-
 pkg/oidc/token.go          | 2 +-
 pkg/utils/hash.go          | 8 ++++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkg/oidc/code_challenge.go b/pkg/oidc/code_challenge.go
index e3035c2..385a907 100644
--- a/pkg/oidc/code_challenge.go
+++ b/pkg/oidc/code_challenge.go
@@ -19,7 +19,7 @@ type CodeChallenge struct {
 }
 
 func NewSHACodeChallenge(code string) string {
-	return utils.HashString(sha256.New(), code)
+	return utils.HashString(sha256.New(), code.false)
 }
 
 func VerifyCodeChallenge(c *CodeChallenge, codeVerifier string) bool {
diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
index 6f1496f..cde0885 100644
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@@ -185,7 +185,7 @@ func ClaimHash(claim string, sigAlgorithm jose.SignatureAlgorithm) (string, erro
 		return "", err
 	}
 
-	return utils.HashString(hash, claim), nil
+	return utils.HashString(hash, claim, true), nil
 }
 
 func timeToJSON(t time.Time) int64 {
diff --git a/pkg/utils/hash.go b/pkg/utils/hash.go
index bfdfacb..ce97969 100644
--- a/pkg/utils/hash.go
+++ b/pkg/utils/hash.go
@@ -23,8 +23,12 @@ func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
 	}
 }
 
-func HashString(hash hash.Hash, s string) string {
+func HashString(hash hash.Hash, s string, firstHalf bool) string {
 	hash.Write([]byte(s)) // hash documents that Write will never return an error
-	sum := hash.Sum(nil)[:hash.Size()/2]
+	size = hash.Size()
+	if firstHalf {
+		size = size / 2
+	}
+	sum := hash.Sum(nil)[:size]
 	return base64.RawURLEncoding.EncodeToString(sum)
 }