fix: make code_challenge optional

lakhansamani · lakhansamani · commit 252cd1fa2d25 · 2022-10-18T23:14:24.000+05:30
diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
@@ -64,7 +64,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 
 		if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
 			log.Debug("invalid authorization request: ", err)
-			gc.JSON(http.StatusBadRequest, gin.H{"error": err})
+			gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			return
 		}
 
@@ -270,10 +270,6 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC
 		return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)
 	}
 
-	if responseType == constants.ResponseTypeCode && strings.TrimSpace(codeChallenge) == "" {
-		return fmt.Errorf("code_challenge is required for %s '%s'", responseType, constants.ResponseTypeCode)
-	}
-
 	if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
 		return fmt.Errorf("invalid client_id %s", clientID)
 	}

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ func AuthorizeHandler() gin.HandlerFunc {`
`64`	`64`
`65`	`65`	`if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {`
`66`	`66`	`log.Debug("invalid authorization request: ", err)`
`67`		`- gc.JSON(http.StatusBadRequest, gin.H{"error": err})`
	`67`	`+ gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})`
`68`	`68`	`return`
`69`	`69`	`}`
`70`	`70`
`@@ -270,10 +270,6 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC`
`270`	`270`	`return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)`
`271`	`271`	`}`
`272`	`272`
`273`		`- if responseType == constants.ResponseTypeCode && strings.TrimSpace(codeChallenge) == "" {`
`274`		`- return fmt.Errorf("code_challenge is required for %s '%s'", responseType, constants.ResponseTypeCode)`
`275`		`- }`
`276`		`-`
`277`	`273`	`if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID \|\| err != nil {`
`278`	`274`	`return fmt.Errorf("invalid client_id %s", clientID)`
`279`	`275`	`}`