PKCE extension expects non-base64-urlencoded code_verifier/code_challenge

Haufe-Lexware / wicked.haufe.io

An API Management system based on Mashape Kong

http://wicked.haufe.io

Other

121 stars 37 forks source link

PKCE extension expects non-base64-urlencoded code_verifier/code_challenge #219

Closed DonMartin76 closed 4 years ago

DonMartin76 commented 4 years ago

When verifying the code_challenge/code_verifier for the OAuth2 PKCE extension, wicked's authorization server does not base64-urlencode encode the expected output. This means that the check is sometimes valid, sometimes not.