Merge pull request #828 from Sephster/master

Fixed ordering so we only hash after base64 encoding
thephpleague · Dec 23, 2017 · 0013844 · 0013844
2 parents f11e4c8 + 1c36b70
commit 0013844
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
@@ -144,7 +144,7 @@ public function respondToAccessTokenRequest(
                 case 'S256':
                     if (
                         hash_equals(
-                            strtr(rtrim(base64_encode(hash('sha256', $codeVerifier)), '='), '+/', '-_'),
+                            hash('sha256', strtr(rtrim(base64_encode($codeVerifier), '='), '+/', '-_')),
                             $authCodePayload->code_challenge
                         ) === false
                     ) {

diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
@@ -767,7 +767,7 @@ public function testRespondToAccessTokenRequestCodeChallengeS256()
                             'user_id'               => 123,
                             'scopes'                => ['foo'],
                             'redirect_uri'          => 'http://foo/bar',
-                            'code_challenge'        => strtr(rtrim(base64_encode(hash('sha256', 'foobar')), '='), '+/', '-_'),
+                            'code_challenge'        => hash('sha256', strtr(rtrim(base64_encode('foobar'), '='), '+/', '-_')),
                             'code_challenge_method' => 'S256',
                         ]
                     )