Skip to content

Commit

Permalink
fix: base64url-encoded nonce
Browse files Browse the repository at this point in the history
verification API expects the nonce to be b64url-encoded

Signed-off-by: Thomas Fossati <[email protected]>
  • Loading branch information
thomas-fossati committed Aug 22, 2024
1 parent 9141ad3 commit 6f8f294
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion verification/challengeresponse.go
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ func (cfg ChallengeResponseConfig) newSessionRequest() (*http.Response, error) {
// nonceSize=32)
q := req.URL.Query()
if len(cfg.Nonce) > 0 {
q.Set("nonce", base64.StdEncoding.EncodeToString(cfg.Nonce))
q.Set("nonce", base64.URLEncoding.EncodeToString(cfg.Nonce))
} else if cfg.NonceSz > 0 {
q.Set("nonceSize", fmt.Sprint(cfg.NonceSz))
}
Expand Down
6 changes: 3 additions & 3 deletions verification/challengeresponse_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func TestChallengeResponseConfig_NewSession_ok(t *testing.T) {

h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPost, r.Method)
assert.Equal(t, "3q2+7w==", r.URL.Query().Get("nonce"))
assert.Equal(t, "3q2-7w==", r.URL.Query().Get("nonce"))
assert.Equal(t, "application/vnd.veraison.challenge-response-session+json", r.Header.Get("Accept"))

w.Header().Set("Location", expectedSessionURI)
Expand Down Expand Up @@ -251,7 +251,7 @@ func TestChallengeResponseConfig_NewSession_relative_location_ok(t *testing.T) {
relativeSessionURI := testRelSessionURI
h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPost, r.Method)
assert.Equal(t, "3q2+7w==", r.URL.Query().Get("nonce"))
assert.Equal(t, "3q2-7w==", r.URL.Query().Get("nonce"))
assert.Equal(t, "application/vnd.veraison.challenge-response-session+json", r.Header.Get("Accept"))

w.Header().Set("Location", relativeSessionURI)
Expand Down Expand Up @@ -821,7 +821,7 @@ func synthesizeSession(mt string, ev []byte) []string {
}
}`,
}
evs := base64.StdEncoding.EncodeToString(ev)
evs := base64.URLEncoding.EncodeToString(ev)
s[1] = fmt.Sprintf(s[1], mt, evs)
s[2] = fmt.Sprintf(s[2], evs)
return s
Expand Down

0 comments on commit 6f8f294

Please sign in to comment.