Closed jarlandre closed 1 year ago
☝️ @LyricTian
quote:
code_verifier — The code verifier should be a high-entropy cryptographic random string with a minimum of 43 characters and a maximum of 128 characters.
./go.test.sh
ok github.com/go-oauth2/oauth2/v4 0.203s coverage: 42.9% of statements
? github.com/go-oauth2/oauth2/v4/errors [no test files]
? github.com/go-oauth2/oauth2/v4/example/client [no test files]
? github.com/go-oauth2/oauth2/v4/example/server [no test files]
ok github.com/go-oauth2/oauth2/v4/generates 0.219s coverage: 77.8% of statements
ok github.com/go-oauth2/oauth2/v4/manage 0.211s coverage: 61.8% of statements
? github.com/go-oauth2/oauth2/v4/models [no test files]
ok github.com/go-oauth2/oauth2/v4/server 0.237s coverage: 53.6% of statements
ok github.com/go-oauth2/oauth2/v4/store 2.314s coverage: 87.2% of statements
@jarlandre why was this not merged?
because it war replaced by another PR .. see mentions
should have rebased and kept it in this PR i guess .. live and learn
here is a tip: how to work with pcke , you need change the ClientInfoHandler to resolve invalid_client
error
srv.SetClientInfoHandler(server.ClientFormHandler)
the pkce spec states that code verifier should be minimum 43 chars (https://github.com/go-oauth2/oauth2/pull/230#issuecomment-1396556389), should this be verified earlier in the process?