[bugfix] Assume default code challenge method of s256 (#4241)

Bumps our oauth2 dependency, and uses *default* code challenge method of S256 instead of plain. Fixes https://codeberg.org/superseriousbusiness/gotosocial/issues/4238 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4241 Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-12-18 00:13:03 -06:00 · 2025-06-05 11:29:36 +02:00 · 2025-06-05 11:29:36 +02:00 · 118d4e4d03
commit 118d4e4d03
parent 43f1c6d872
6 changed files with 30 additions and 12 deletions
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go
@ -9,12 +9,27 @@ import (

 // Config configuration parameters
 type Config struct {
-	TokenType                   string                // token type
-	AllowGetAccessRequest       bool                  // to allow GET requests for the token
-	AllowedResponseTypes        []oauth2.ResponseType // allow the authorization type
-	AllowedGrantTypes           []oauth2.GrantType    // allow the grant type
+	// token type
+	TokenType string
+
+	// to allow GET requests for the token
+	AllowGetAccessRequest bool
+
+	// allow the authorization type
+	AllowedResponseTypes []oauth2.ResponseType
+
+	// allow the grant type
+	AllowedGrantTypes []oauth2.GrantType
+
+	// Allowed values for "code_challenge_method".
 	AllowedCodeChallengeMethods []oauth2.CodeChallengeMethod
-	ForcePKCE                   bool
+
+	// Default to fall back to
+	// if "code_challenge_method"
+	// was not set in the request.
+	DefaultCodeChallengeMethod oauth2.CodeChallengeMethod
+
+	ForcePKCE bool
 }

 // NewConfig create to configuration instance