• #dev 2020-12-28
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2020-12-28 UTC
# 03:19
[dmitshur]
Assuming I only support the S256 code_challenge_method, I wonder if there'd be any problem with doing the code_verifier check by base64-decoding the code_challenge to precompute the expected sha256 sum of the code_verifier, then doing a sha256(code_verifier) == wantsum check. (It relies on base64 encoding/decoding being 1:1.) https://tools.ietf.org/html/rfc7636#section-4.6 doesn't go into low-level details about how the comparison should be