deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

aid debugging code challenge

Browse source
This commit is contained in:
Niklas Fiekas 2021-06-16 16:35:57 +02:00
parent 74a8a2bd98
commit 517f30b2da
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/oauth/src/main/AuthorizationApi.scala
View file

@ -33,7 +33,7 @@ final class AuthorizationApi(val coll: Coll)(implicit ec: scala.concurrent.Execu
.ensure(Protocol.Error.AuthorizationCodeExpired)(_.expires.isAfter(DateTime.now()))
.ensure(Protocol.Error.MismatchingRedirectUri)(_.redirectUri.matches(request.redirectUri))
.ensure(Protocol.Error.MismatchingClient)(_.clientId == request.clientId)
.ensure(Protocol.Error.MismatchingCodeVerifier)(_.codeChallenge.matches(request.codeVerifier))
.ensure(Protocol.Error.MismatchingCodeVerifier(request.codeVerifier))(_.codeChallenge.matches(request.codeVerifier))
.map { pending =>
AccessTokenRequest.Granted(pending.userId, pending.scopes, pending.redirectUri)
}

11
modules/oauth/src/main/Protocol.scala
View file

@ -33,8 +33,7 @@ object Protocol {
case class State(value: String) extends AnyVal
case class CodeChallenge(value: String) extends AnyVal {
def matches(challenge: CodeVerifier) =
Base64.getUrlEncoder().withoutPadding().encodeToString(Algo.sha256(challenge.value).bytes) == value
def matches(verifier: CodeVerifier) = verifier.challenge == this
}
case class CodeChallengeMethod()
@ -46,7 +45,9 @@ object Protocol {
}
}
case class CodeVerifier(value: String) extends AnyVal
case class CodeVerifier(value: String) extends AnyVal {
def challenge = CodeChallenge(Base64.getUrlEncoder().withoutPadding().encodeToString(Algo.sha256(value).bytes))
}
case class ResponseType()
object ResponseType {
@ -148,6 +149,8 @@ object Protocol {
extends InvalidGrant("authorization code was issued for a different redirect_uri")
case object MismatchingClient
extends InvalidGrant("authorization code was issued for a different client_Id")
case object MismatchingCodeVerifier extends InvalidGrant("hash of code_verifier does not match code_challenge")
case class MismatchingCodeVerifier(val verifier: CodeVerifier) extends Error("invalid_grant") {
def description = s"hash '${verifier.challenge.value}' of code_verifier does not match code_challenge"
}
}
}