Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit code_challenge to shouldExchangeAuthCode only #305

Merged
merged 1 commit into from
Jul 1, 2024

Conversation

mohssenfathi
Copy link
Contributor

Description

This PR fixes a bug where we send code_challenge in the authorize request when we shouldn't be. We should only be sending a codeChallenge to the authorize endpoint in cases where we want to exchange auth code for auth token on device.

Changes

  • Made AuthorizeRequest's codeChallenge property optional
  • Changed AuthorizeRequest's payload to only set code_challenge_method if codeChallenge is non-nil
  • From AuthorizationCodeAuthProvider, only send pace.codeChallenge if shouldExchangeAuthCode is true

Testing

  • Added unit tests to verify code_challenge and code_challenge_method are not being sent for both inApp and native login destinations

@mohssenfathi mohssenfathi marked this pull request as ready for review July 1, 2024 20:49
@mohssenfathi mohssenfathi merged commit 735c180 into uber:2.x Jul 1, 2024
3 of 4 checks passed
@mohssenfathi mohssenfathi deleted the authorize-code-challenge branch July 1, 2024 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants