🐛 Fixed PKCE support in token UseCase
This commit is contained in:
parent
236775fec7
commit
6cb8845cfe
|
@ -34,12 +34,12 @@ var (
|
|||
ErrMismatchClientID error = domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
"client's URL MUST match the client_id used in the authentication request",
|
||||
"",
|
||||
"https://indieauth.net/source/#request",
|
||||
)
|
||||
ErrMismatchRedirectURI error = domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
"client's redirect URL MUST match the initial authentication request",
|
||||
"",
|
||||
"https://indieauth.net/source/#request",
|
||||
)
|
||||
ErrEmptyScope error = domain.NewError(
|
||||
domain.ErrorCodeInvalidScope,
|
||||
|
@ -49,7 +49,7 @@ var (
|
|||
ErrMismatchPKCE error = domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
"code_verifier is not hashes to the same value as given in the code_challenge in the original "+
|
||||
" authorization request",
|
||||
"",
|
||||
"authorization request",
|
||||
"https://indieauth.net/source/#request",
|
||||
)
|
||||
)
|
||||
|
|
|
@ -44,7 +44,7 @@ func (useCase *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOp
|
|||
return nil, nil, token.ErrMismatchRedirectURI
|
||||
}
|
||||
|
||||
if session.CodeChallenge != "" &&
|
||||
if session.CodeChallenge != "" && session.CodeChallengeMethod != domain.CodeChallengeMethodUndefined &&
|
||||
!session.CodeChallengeMethod.Validate(session.CodeChallenge, opts.CodeVerifier) {
|
||||
return nil, nil, token.ErrMismatchPKCE
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue