From 1405378b05469841a3683bc914f47b92437abcfc Mon Sep 17 00:00:00 2001
From: Carl Lundin <108372512+clundin25@users.noreply.github.com>
Date: Thu, 14 Mar 2024 11:05:00 -0700
Subject: [PATCH] fix: Remove Base64 padding in DefaultPKCEProvider (#1375)

* fix: Remove Base64 padding in DefaultPKCEProvider

Fixes
https://github.com/googleapis/google-auth-library-java/issues/1373.
---
 .../com/google/auth/oauth2/DefaultPKCEProvider.java    |  2 +-
 .../google/auth/oauth2/DefaultPKCEProviderTest.java    | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java b/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java
index d4671dbe2..33e3a3fc7 100644
--- a/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java
+++ b/oauth2_http/java/com/google/auth/oauth2/DefaultPKCEProvider.java
@@ -90,7 +90,7 @@ private class CodeChallenge {
 
         byte[] digest = md.digest();
 
-        this.codeChallenge = Base64.getUrlEncoder().encodeToString(digest);
+        this.codeChallenge = Base64.getUrlEncoder().encodeToString(digest).replace("=", "");
         this.codeChallengeMethod = "S256";
       } catch (NoSuchAlgorithmException e) {
         this.codeChallenge = codeVerifier;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java
index e56739aad..5f452bfd7 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java
@@ -32,6 +32,7 @@
 package com.google.auth.oauth2;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -52,10 +53,17 @@ public void testPkceExpected() throws NoSuchAlgorithmException {
 
     byte[] digest = md.digest();
 
-    String expectedCodeChallenge = Base64.getUrlEncoder().encodeToString(digest);
+    String expectedCodeChallenge = Base64.getUrlEncoder().encodeToString(digest).replace("=", "");
     String expectedCodeChallengeMethod = "S256";
 
     assertEquals(pkce.getCodeChallenge(), expectedCodeChallenge);
     assertEquals(pkce.getCodeChallengeMethod(), expectedCodeChallengeMethod);
   }
+
+  @Test
+  public void testNoBase64Padding() throws NoSuchAlgorithmException {
+    PKCEProvider pkce = new DefaultPKCEProvider();
+    assertFalse(pkce.getCodeChallenge().endsWith("="));
+    assertFalse(pkce.getCodeChallenge().contains("="));
+  }
 }