go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity

fix: update code_verifier to use recommended method (#2620)

Browse Source 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
This commit is contained in:
Vish (Ishaya) Abrams
2024-11-06 06:16:39 -08:00
committed by GitHub
parent 3ceef0cff4
commit 4e2013e6ba
4 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -802,7 +802,7 @@ func (p *OAuthProxy) doOAuthStart(rw http.ResponseWriter, req *http.Request, ove
)
if p.provider.Data().CodeChallengeMethod != "" {
codeChallengeMethod = p.provider.Data().CodeChallengeMethod
codeVerifier, err = encryption.GenerateRandomASCIIString(96)
codeVerifier, err = encryption.GenerateCodeVerifierString(96)
if err != nil {
logger.Errorf("Unable to build random ASCII string for code verifier: %v", err)
p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())