• #dev 2020-12-28
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2020-12-28 UTC
# 12:47
Zegnat
[dmitshur] there should not be any reason why that should not work. I think I would mostly just find it unneccessary to do any processing on the originally provided code_challenge value. Especially since both inputs code_challenge and code_verifier are untrusted. I would say it is better to SHA-hash an untrusted value, than to (try to) decode an untrusted value.