Skip to content

Commit

Permalink
fix code_verifier length (#319)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mamico
mamico authored Jun 7, 2024
1 parent 585cc88 commit 1c69e61
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions spid_cie_oidc/relying_party/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,8 @@
import json
import hashlib
import logging
import os
import random
import re
import secrets
import string
import urllib

Expand Down Expand Up @@ -34,10 +33,11 @@ def random_string(n=32):
def get_pkce(code_challenge_method: str = "S256", code_challenge_length: int = 64):
hashers = {"S256": hashlib.sha256}

code_verifier_length = random.randint(43, 128) # nosec - B311
code_verifier = base64.urlsafe_b64encode(os.urandom(code_verifier_length)).decode("utf-8")
code_verifier = re.sub("[^a-zA-Z0-9]+", "", code_verifier)

# https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
code_verifier_length = secrets.choice(range(43, 128 + 1))
alpha = string.ascii_letters + string.digits + "-._~"
code_verifier = "".join([secrets.choice(alpha) for _ in range(code_verifier_length)])

code_challenge = hashers.get(code_challenge_method)(
code_verifier.encode("utf-8")
).digest()
Expand Down

0 comments on commit 1c69e61

Please sign in to comment.