diff options
author | Mario <mario@mariovavti.com> | 2023-10-05 11:33:28 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2023-10-05 11:33:28 +0000 |
commit | 6920fb2793265e5c9cdcdc8325398b07f216f184 (patch) | |
tree | bfd9458aa25c602b2e1c63740fa14e1b6002b15e /vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php | |
parent | 3d1171de8d72d9c400c76fed6e947fef80fa9804 (diff) | |
download | volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.gz volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.tar.bz2 volse-hubzilla-6920fb2793265e5c9cdcdc8325398b07f216f184.zip |
composer update oauth2 server
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php')
-rw-r--r-- | vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php index 784f6b3a3..5bcb4f253 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/GrantType/AuthorizationCode.php @@ -84,6 +84,41 @@ class AuthorizationCode implements GrantTypeInterface return false; } + if (isset($authCode['code_challenge']) && $authCode['code_challenge']) { + if (!($code_verifier = $request->request('code_verifier'))) { + $response->setError(400, 'code_verifier_missing', "The PKCE code verifier parameter is required."); + + return false; + } + // Validate code_verifier according to RFC-7636 + // @see: https://tools.ietf.org/html/rfc7636#section-4.1 + if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_verifier) !== 1) { + $response->setError(400, 'code_verifier_invalid', "The PKCE code verifier parameter is invalid."); + + return false; + } + $code_verifier = $request->request('code_verifier'); + switch ($authCode['code_challenge_method']) { + case 'S256': + $code_verifier_hashed = strtr(rtrim(base64_encode(hash('sha256', $code_verifier, true)), '='), '+/', '-_'); + break; + + case 'plain': + $code_verifier_hashed = $code_verifier; + break; + + default: + $response->setError(400, 'code_challenge_method_invalid', "Unknown PKCE code challenge method."); + + return FALSE; + } + if ($code_verifier_hashed !== $authCode['code_challenge']) { + $response->setError(400, 'code_verifier_mismatch', "The PKCE code verifier parameter does not match the code challenge."); + + return FALSE; + } + } + if (!isset($authCode['code'])) { $authCode['code'] = $code; // used to expire the code after the access token is granted } |