diff --git a/lib/doorkeeper/config.rb b/lib/doorkeeper/config.rb index 26771f7d7..277d427d0 100644 --- a/lib/doorkeeper/config.rb +++ b/lib/doorkeeper/config.rb @@ -113,9 +113,8 @@ def revoke_previous_authorization_code_token @config.instance_variable_set(:@revoke_previous_authorization_code_token, true) end - # Require non-confidential apps to use PKCE (send a code_challenge and - # code_verifier) when requesting an access_token using an authorization code - # (disabled by default) + # Require non-confidential apps to use PKCE (send a code_verifier) when requesting + # an access_token using an authorization code (disabled by default) def force_pkce @config.instance_variable_set(:@force_pkce, true) end diff --git a/lib/doorkeeper/oauth/authorization_code_request.rb b/lib/doorkeeper/oauth/authorization_code_request.rb index c5f7ac293..4043552ed 100644 --- a/lib/doorkeeper/oauth/authorization_code_request.rb +++ b/lib/doorkeeper/oauth/authorization_code_request.rb @@ -10,8 +10,8 @@ class AuthorizationCodeRequest < BaseRequest validate :redirect_uri, error: Errors::InvalidGrant validate :code_verifier, error: Errors::InvalidGrant - attr_reader :grant, :client, :redirect_uri, :access_token, :code_challenge, - :code_verifier, :invalid_request_reason, :missing_param + attr_reader :grant, :client, :redirect_uri, :access_token, :code_verifier, + :invalid_request_reason, :missing_param def initialize(server, grant, client, parameters = {}) @server = server @@ -67,8 +67,8 @@ def validate_params @missing_param = if grant&.uses_pkce? && code_verifier.blank? :code_verifier - elsif !confidential? && Doorkeeper.config.force_pkce? && code_challenge.blank? - :code_challenge + elsif !confidential? && Doorkeeper.config.force_pkce? && code_verifier.blank? + :code_verifier elsif redirect_uri.blank? :redirect_uri end