OIDC tests use incorrect PKCE code_challenge computation #5991

aaronpk · 2022-02-23T20:15:25Z

I noticed that all the OpenID Connect tests use the incorrect base64 encoding for the code challenge. For example:

identity-idp/spec/features/openid_connect/openid_connect_spec.rb

Line 343 in 4e96f3c

code_challenge = Digest::SHA256.base64digest(code_verifier)

Digest::SHA256.base64digest

This is the traditional base64 encoding with URL-unsafe characters. Instead, the tests should use the URL-safe base64 encoding that is required by PKCE.

The text was updated successfully, but these errors were encountered:

**Why**: adheres to OIDC spec better Fixes #5991

**Why**: adheres to OIDC spec better Fixes #5991 changelog: Internal, Encoding, Use URL-safe encoding of SHA256 digests to better match OIDC spec

zachmargolis added a commit that referenced this issue Apr 15, 2022

Use URL-safe base64 encoding of SHA256 digest

33ff369

**Why**: adheres to OIDC spec better Fixes #5991

zachmargolis mentioned this issue Apr 15, 2022

Use URL-safe base64 encoding of SHA256 digest in examples #6210

Merged

zachmargolis closed this as completed in #6210 Apr 15, 2022

zachmargolis added a commit that referenced this issue Apr 15, 2022

Use URL-safe base64 encoding of SHA256 digest in examples (#6210)

e03a691

**Why**: adheres to OIDC spec better Fixes #5991 changelog: Internal, Encoding, Use URL-safe encoding of SHA256 digests to better match OIDC spec

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OIDC tests use incorrect PKCE code_challenge computation #5991

OIDC tests use incorrect PKCE code_challenge computation #5991

aaronpk commented Feb 23, 2022

OIDC tests use incorrect PKCE code_challenge computation #5991

OIDC tests use incorrect PKCE code_challenge computation #5991

Comments

aaronpk commented Feb 23, 2022