🔒 Fixed Validate method of CodeChallengeMethod domain

This commit is contained in:
Maxim Lebedev 2022-02-03 02:16:44 +05:00
parent 3e65b2864c
commit d2ff43d4a3
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
1 changed files with 8 additions and 1 deletions

View File

@ -127,5 +127,12 @@ func (ccm CodeChallengeMethod) Validate(codeChallenge, verifier string) bool {
return codeChallenge == verifier
}
return codeChallenge == base64.RawURLEncoding.EncodeToString(ccm.hash.Sum([]byte(verifier)))
h := ccm.hash
h.Reset() // WARN(toby3d): even hash.New contains something.
if _, err := h.Write([]byte(verifier)); err != nil {
return false
}
return codeChallenge == base64.RawURLEncoding.EncodeToString(h.Sum(nil))
}