Merge pull request #1009 from iansltx/skip-s256-if-not-installed

Skip SHA256 verifier if system doesn't support sha256
This commit is contained in:
Andrew Millington 2019-05-14 14:55:39 +01:00 committed by GitHub
commit 1bbcb57d63
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -58,14 +58,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
$this->authCodeTTL = $authCodeTTL;
$this->refreshTokenTTL = new DateInterval('P1M');
// SHOULD ONLY DO THIS IS SHA256 is supported
$s256Verifier = new S256Verifier();
$plainVerifier = new PlainVerifier();
if (in_array('sha256', hash_algos(), true)) {
$s256Verifier = new S256Verifier();
$this->codeChallengeVerifiers[$s256Verifier->getMethod()] = $s256Verifier;
}
$this->codeChallengeVerifiers = [
$s256Verifier->getMethod() => $s256Verifier,
$plainVerifier->getMethod() => $plainVerifier,
];
$plainVerifier = new PlainVerifier();
$this->codeChallengeVerifiers[$plainVerifier->getMethod()] = $plainVerifier;
}
/**