🐛 Fixed PKCE support in token UseCase

This commit is contained in:
Maxim Lebedev 2022-02-03 02:13:46 +05:00
parent 236775fec7
commit 6cb8845cfe
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
2 changed files with 5 additions and 5 deletions

View File

@ -34,12 +34,12 @@ var (
ErrMismatchClientID error = domain.NewError(
domain.ErrorCodeInvalidRequest,
"client's URL MUST match the client_id used in the authentication request",
"",
"https://indieauth.net/source/#request",
)
ErrMismatchRedirectURI error = domain.NewError(
domain.ErrorCodeInvalidRequest,
"client's redirect URL MUST match the initial authentication request",
"",
"https://indieauth.net/source/#request",
)
ErrEmptyScope error = domain.NewError(
domain.ErrorCodeInvalidScope,
@ -49,7 +49,7 @@ var (
ErrMismatchPKCE error = domain.NewError(
domain.ErrorCodeInvalidRequest,
"code_verifier is not hashes to the same value as given in the code_challenge in the original "+
" authorization request",
"",
"authorization request",
"https://indieauth.net/source/#request",
)
)

View File

@ -44,7 +44,7 @@ func (useCase *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOp
return nil, nil, token.ErrMismatchRedirectURI
}
if session.CodeChallenge != "" &&
if session.CodeChallenge != "" && session.CodeChallengeMethod != domain.CodeChallengeMethodUndefined &&
!session.CodeChallengeMethod.Validate(session.CodeChallenge, opts.CodeVerifier) {
return nil, nil, token.ErrMismatchPKCE
}