Remove b64 padding from PKCE values, per RFC7636 (#683)

author: Brendan McCollam <brendan@mccoll.am> 2016-12-06 18:42:20 +0100
committer: Jon Wayne Parrott <jonwayne@google.com> 2016-12-06 09:42:20 -0800
commit: f75203e64cafa2ca63fe383bd99e6a0ac0373dae (patch)
tree: d0e19ade998912e1734d1f833d78523cdf5fc9c1 /oauth2client
parent: f7f656d6aa0ac111a6692ded3eaaa7b1caf1fedc (diff)
download: oauth2client-f75203e64cafa2ca63fe383bd99e6a0ac0373dae.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/oauth2client/_pkce.py b/oauth2client/_pkce.py
index 8f22f57..e4952d8 100644
--- a/oauth2client/_pkce.py
+++ b/oauth2client/_pkce.py
@@ -38,7 +38,7 @@ def code_verifier(n_bytes=64):
     Returns:
         Bytestring, representing urlsafe base64-encoded random data.
     """
-    verifier = base64.urlsafe_b64encode(os.urandom(n_bytes))
+    verifier = base64.urlsafe_b64encode(os.urandom(n_bytes)).rstrip(b'=')
     # https://tools.ietf.org/html/rfc7636#section-4.1
     # minimum length of 43 characters and a maximum length of 128 characters.
     if len(verifier) < 43:
@@ -60,6 +60,8 @@ def code_challenge(verifier):
             code_verifier().
 
     Returns:
-        Bytestring, representing a urlsafe base64-encoded sha256 hash digest.
+        Bytestring, representing a urlsafe base64-encoded sha256 hash digest,
+            without '=' padding.
     """
-    return base64.urlsafe_b64encode(hashlib.sha256(verifier).digest())
+    digest = hashlib.sha256(verifier).digest()
+    return base64.urlsafe_b64encode(digest).rstrip(b'=')
author	Brendan McCollam <brendan@mccoll.am>	2016-12-06 18:42:20 +0100
committer	Jon Wayne Parrott <jonwayne@google.com>	2016-12-06 09:42:20 -0800
commit	f75203e64cafa2ca63fe383bd99e6a0ac0373dae (patch)
tree	d0e19ade998912e1734d1f833d78523cdf5fc9c1 /oauth2client
parent	f7f656d6aa0ac111a6692ded3eaaa7b1caf1fedc (diff)
download	oauth2client-f75203e64cafa2ca63fe383bd99e6a0ac0373dae.tar.gz