Skip to content
This repository has been archived by the owner on Jan 18, 2025. It is now read-only.

Commit

Permalink
Remove b64 padding from PKCE values, per RFC7636 (#683)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bjmc
bjmc authored and Jon Wayne Parrott committed Dec 6, 2016
1 parent f7f656d commit f75203e
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
8 changes: 5 additions & 3 deletions oauth2client/_pkce.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def code_verifier(n_bytes=64):
Returns:
Bytestring, representing urlsafe base64-encoded random data.
"""
verifier = base64.urlsafe_b64encode(os.urandom(n_bytes))
verifier = base64.urlsafe_b64encode(os.urandom(n_bytes)).rstrip(b'=')
# https://tools.ietf.org/html/rfc7636#section-4.1
# minimum length of 43 characters and a maximum length of 128 characters.
if len(verifier) < 43:
Expand All @@ -60,6 +60,8 @@ def code_challenge(verifier):
code_verifier().
Returns:
Bytestring, representing a urlsafe base64-encoded sha256 hash digest.
Bytestring, representing a urlsafe base64-encoded sha256 hash digest,
without '=' padding.
"""
return base64.urlsafe_b64encode(hashlib.sha256(verifier).digest())
digest = hashlib.sha256(verifier).digest()
return base64.urlsafe_b64encode(digest).rstrip(b'=')
4 changes: 2 additions & 2 deletions tests/test__pkce.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def test_verifier(self, fake_urandom):
fake_urandom.return_value = canned_randomness
expected = (
b'mBBEN_O3qvzd003ioywGoLCptI_L0PWGTjJwjF0hV5rt'
b'NTSZnY12XKcvgfNKmMOQ7rCMt1pjIwVNME8I2gkfBw=='
b'NTSZnY12XKcvgfNKmMOQ7rCMt1pjIwVNME8I2gkfBw'
)
result = _pkce.code_verifier()
self.assertEqual(result, expected)
Expand All @@ -50,5 +50,5 @@ def test_verifier_too_short(self):

def test_challenge(self):
result = _pkce.code_challenge(b'SOME_VERIFIER')
expected = b'6xJCQsjTtS3zjUwd8_ZqH0SyviGHnp5PsHXWKOCqDuI='
expected = b'6xJCQsjTtS3zjUwd8_ZqH0SyviGHnp5PsHXWKOCqDuI'
self.assertEqual(result, expected)

0 comments on commit f75203e

Please sign in to comment.