Skip to content

Commit

Permalink
feat(op): PKCE Verification in Legacy Server when AuthMethod is not N…
Browse files Browse the repository at this point in the history 
…ONE and CodeVerifier is not Empty (#496)

* add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

* update per Tim's direction
  • Loading branch information
@andar1an
andar1an authored Dec 7, 2023
1 parent ed21cdd commit 9d12d1d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/op/server_legacy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
if err != nil {
return nil, err
}
if r.Client.AuthMethod() == oidc.AuthMethodNone {
if r.Client.AuthMethod() == oidc.AuthMethodNone || r.Data.CodeVerifier != "" {
if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
return nil, err
}
Expand Down

0 comments on commit 9d12d1d

Please sign in to comment.