fix: update code_verifier to use recommended method (#2620)

The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1) says that a code verifier just uses unreserved characters, but the recommended method is that it is a base64-urlencoded 32-octet url. Some implementations of PKCE (most notably the one used by salesforce) require that this is a valid base64 encoded string[1], so this patch switches to using the recommended approach to make it more compatible. [1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
2025-06-15 00:15:00 +02:00 · 2024-11-06 06:16:39 -08:00
parent 3ceef0cff4
commit 4e2013e6ba
4 changed files with 14 additions and 17 deletions
--- a/pkg/encryption/utils_test.go
+++ b/pkg/encryption/utils_test.go
@ -130,12 +130,12 @@ func TestValidate(t *testing.T) {
 	assert.Equal(t, validValue, expectedValue)
 }

-func TestGenerateRandomASCIIString(t *testing.T) {
-	randomString, err := GenerateRandomASCIIString(96)
+func TestGenerateCodeVerifierString(t *testing.T) {
+	randomString, err := GenerateCodeVerifierString(96)
 	assert.NoError(t, err)

-	// Only 8-bit characters
-	assert.Equal(t, 96, len([]byte(randomString)))
+	// Should be 128 characters long
+	assert.Equal(t, 128, len([]byte(randomString)))

 	// All non-ascii characters removed should still be the original string
 	removedChars := strings.Map(func(r rune) rune {