[bugfix] Assume default code challenge method of s256 (#4241)

Bumps our oauth2 dependency, and uses *default* code challenge method of S256 instead of plain.

Fixes https://codeberg.org/superseriousbusiness/gotosocial/issues/4238

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4241
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>

1 files changed, 20 insertions, 5 deletions

diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go b/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go
index 7894f4003..4e3b1a475 100644
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/server/config.go
@@ -9,12 +9,27 @@ import (
 
 // Config configuration parameters
 type Config struct {
-	TokenType                   string                // token type
-	AllowGetAccessRequest       bool                  // to allow GET requests for the token
-	AllowedResponseTypes        []oauth2.ResponseType // allow the authorization type
-	AllowedGrantTypes           []oauth2.GrantType    // allow the grant type
+	// token type
+	TokenType string
+
+	// to allow GET requests for the token
+	AllowGetAccessRequest bool
+
+	// allow the authorization type
+	AllowedResponseTypes []oauth2.ResponseType
+
+	// allow the grant type
+	AllowedGrantTypes []oauth2.GrantType
+
+	// Allowed values for "code_challenge_method".
 	AllowedCodeChallengeMethods []oauth2.CodeChallengeMethod
-	ForcePKCE                   bool
+
+	// Default to fall back to
+	// if "code_challenge_method"
+	// was not set in the request.
+	DefaultCodeChallengeMethod oauth2.CodeChallengeMethod
+
+	ForcePKCE bool
 }
 
 // NewConfig create to configuration instance