fix(pkce): get code challenge and method from either body or query (r…

…edo #197)
node-oauth · Nov 1, 2023 · ca43d4a · ca43d4a
1 parent b97f6c7
commit ca43d4a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js
@@ -367,7 +367,7 @@ class  AuthorizeHandler {
   }
 
   getCodeChallenge (request) {
-    return request.body.code_challenge;
+    return request.body.code_challenge || request.query.code_challenge;
   }
 
   /**
@@ -378,7 +378,7 @@ class  AuthorizeHandler {
    *  (see https://www.rfc-editor.org/rfc/rfc7636#section-4.4)
    */
   getCodeChallengeMethod (request) {
-    const algorithm = request.body.code_challenge_method;
+    const algorithm = request.body.code_challenge_method || request.query.code_challenge_method;
 
     if (algorithm && !pkce.isValidMethod(algorithm)) {
       throw new InvalidRequestError(`Invalid request: transform algorithm '${algorithm}' not supported`);