diff options
| author |  tobi <tobi.smethurst@protonmail.com> | 2025-06-05 11:29:36 +0200 |
|---|---|---|
| committer |  tobi <kipvandenbos@noreply.codeberg.org> | 2025-06-05 11:29:36 +0200 |
| commit | 118d4e4d0361c7bc52c3092ba34273a31122c0db (patch) | |
| tree | 5688c50659b77a9440a9dd49c53a103d1599ed83 /vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go | |
| parent | [feature] Add config option to expose custom emojis without auth (#4233) (diff) | |
| download | gotosocial-118d4e4d0361c7bc52c3092ba34273a31122c0db.tar.xz | |
[bugfix] Assume default code challenge method of s256 (#4241)
Bumps our oauth2 dependency, and uses *default* code challenge method of S256 instead of plain.
Fixes https://codeberg.org/superseriousbusiness/gotosocial/issues/4238
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4241
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>
Diffstat (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go')
| -rw-r--r-- | vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go b/vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go index 82f6ff8c3..91b9effb7 100644 --- a/vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go +++ b/vendor/code.superseriousbusiness.org/oauth2/v4/server/server.go @@ -1,6 +1,7 @@ package server import ( + "cmp" "context" "encoding/json" "fmt" @@ -176,7 +177,10 @@ func (s *Server) ValidationAuthorizeRequest(r *http.Request) (*AuthorizeRequest, ccm := oauth2.CodeChallengeMethod(r.FormValue("code_challenge_method")) // set default if ccm == "" { - ccm = oauth2.CodeChallengePlain + ccm = cmp.Or( + s.Config.DefaultCodeChallengeMethod, + oauth2.CodeChallengePlain, + ) } if ccm.String() != "" && !s.CheckCodeChallengeMethod(ccm) { return nil, errors.ErrUnsupportedCodeChallengeMethod |