mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-29 21:02:26 -05:00
[bugfix] Assume default code challenge method of s256 (#4241)
Bumps our oauth2 dependency, and uses *default* code challenge method of S256 instead of plain. Fixes https://codeberg.org/superseriousbusiness/gotosocial/issues/4238 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4241 Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
This commit is contained in:
tobi
tobi
parent
43f1c6d872
commit
118d4e4d03
6 changed files with 30 additions and 12 deletions
6
vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go
generated
vendored
6
vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go
generated
vendored
|
|
@ -1,6 +1,7 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"cmp"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
|
@ -176,7 +177,10 @@ func (s *Server) ValidationAuthorizeRequest(r *http.Request) (*AuthorizeRequest,
|
|||
ccm := oauth2.CodeChallengeMethod(r.FormValue("code_challenge_method"))
|
||||
// set default
|
||||
if ccm == "" {
|
||||
ccm = oauth2.CodeChallengePlain
|
||||
ccm = cmp.Or(
|
||||
s.Config.DefaultCodeChallengeMethod,
|
||||
oauth2.CodeChallengePlain,
|
||||
)
|
||||
}
|
||||
if ccm.String() != "" && !s.CheckCodeChallengeMethod(ccm) {
|
||||
return nil, errors.ErrUnsupportedCodeChallengeMethod
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue