fix: Remove Base64 padding in DefaultPKCEProvider

Fixes #1373.
googleapis · Mar 11, 2024 · e1098d2 · e1098d2
1 parent 3a546fb
commit e1098d2
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java b/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java
@@ -90,7 +90,7 @@ private class CodeChallenge {
 
         byte[] digest = md.digest();
 
-        this.codeChallenge = Base64.getUrlEncoder().encodeToString(digest);
+        this.codeChallenge = Base64.getUrlEncoder().encodeToString(digest).replace("=", "");
         this.codeChallengeMethod = "S256";
       } catch (NoSuchAlgorithmException e) {
         this.codeChallenge = codeVerifier;

diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java
@@ -32,6 +32,7 @@
 package com.google.auth.oauth2;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -58,4 +59,11 @@ public void testPkceExpected() throws NoSuchAlgorithmException {
     assertEquals(pkce.getCodeChallenge(), expectedCodeChallenge);
     assertEquals(pkce.getCodeChallengeMethod(), expectedCodeChallengeMethod);
   }
+
+  @Test
+  public void testNoBase64Padding() throws NoSuchAlgorithmException {
+    PKCEProvider pkce = new DefaultPKCEProvider();
+    assertFalse(pkce.getCodeChallenge().endsWith("="));
+    assertFalse(pkce.getCodeChallenge().contains("="));
+  }
 }