KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
This commit is contained in:
parent
8d40ee17f1
commit
acd78ee407
2 changed files with 7 additions and 15 deletions
|
@ -543,13 +543,9 @@ public class TokenEndpoint {
|
|||
// https://tools.ietf.org/html/rfc7636#section-4.6
|
||||
private String generateS256CodeChallenge(String codeVerifier) throws Exception {
|
||||
MessageDigest md = MessageDigest.getInstance("SHA-256");
|
||||
md.update(codeVerifier.getBytes());
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (byte b : md.digest()) {
|
||||
String hex = String.format("%02x", b);
|
||||
sb.append(hex);
|
||||
}
|
||||
String codeVerifierEncoded = Base64Url.encode(sb.toString().getBytes());
|
||||
md.update(codeVerifier.getBytes("ISO_8859_1"));
|
||||
byte[] digestBytes = md.digest();
|
||||
String codeVerifierEncoded = Base64Url.encode(digestBytes);
|
||||
return codeVerifierEncoded;
|
||||
}
|
||||
|
||||
|
|
|
@ -444,13 +444,9 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
|
|||
|
||||
private String generateS256CodeChallenge(String codeVerifier) throws Exception {
|
||||
MessageDigest md = MessageDigest.getInstance("SHA-256");
|
||||
md.update(codeVerifier.getBytes());
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (byte b : md.digest()) {
|
||||
String hex = String.format("%02x", b);
|
||||
sb.append(hex);
|
||||
}
|
||||
String codeChallenge = Base64Url.encode(sb.toString().getBytes());
|
||||
md.update(codeVerifier.getBytes("ISO_8859_1"));
|
||||
byte[] digestBytes = md.digest();
|
||||
String codeChallenge = Base64Url.encode(digestBytes);
|
||||
return codeChallenge;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue