Adjust OAuth grant validation limits (no code changes yet) (#3261)

* Initial plan * Increase OAuth state limit Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com> * Default PKCE method when missing Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com>
5 days ago · 1f580f0d8a
parent 87d48ac4a7
commit 1f580f0d8a
1 changed files with 5 additions and 2 deletions
--- a/service/oauth/oauth.go
+++ b/service/oauth/oauth.go
@ -48,10 +48,10 @@ type (
 		ClientID            string `json:"client_id" binding:"required"`
 		ResponseType        string `json:"response_type" binding:"required,eq=code"`
 		RedirectURI         string `json:"redirect_uri" binding:"required"`
-		State               string `json:"state" binding:"max=255"`
+		State               string `json:"state" binding:"max=4096"`
 		Scope               string `json:"scope" binding:"required"`
 		CodeChallenge       string `json:"code_challenge" binding:"max=255"`
-		CodeChallengeMethod string `json:"code_challenge_method" binding:"eq=S256,omitempty"`
+		CodeChallengeMethod string `json:"code_challenge_method" binding:"omitempty,eq=S256"`
 	}
 )

@ -60,6 +60,9 @@ func (s *GrantService) Get(c *gin.Context) (*GrantResponse, error) {
 	user := inventory.UserFromContext(c)
 	kv := dep.KV()
 	oAuthClient := dep.OAuthClientClient()
+	if s.CodeChallenge != "" && s.CodeChallengeMethod == "" {
+		s.CodeChallengeMethod = "S256"
+	}

 	// 1. Get app registration and grant
 	app, err := oAuthClient.GetByGUIDWithGrants(c, s.ClientID, user.ID)