From 4ecd3131c1e06d08d4405bd8ad72cefdd571fd51 Mon Sep 17 00:00:00 2001
From: Ian Littman <iansltx@gmail.com>
Date: Sat, 11 May 2019 13:44:58 -0500
Subject: [PATCH] Skip SHA256 verifier if system doesn't support sha256

---
 src/Grant/AuthCodeGrant.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index a26ea6ec..4a11b59e 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -58,14 +58,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
         $this->authCodeTTL = $authCodeTTL;
         $this->refreshTokenTTL = new DateInterval('P1M');
 
-        // SHOULD ONLY DO THIS IS SHA256 is supported
-        $s256Verifier = new S256Verifier();
-        $plainVerifier = new PlainVerifier();
+        if (in_array('sha256', hash_algos(), true)) {
+            $s256Verifier = new S256Verifier();
+            $this->codeChallengeVerifiers[$s256Verifier->getMethod()] = $s256Verifier;
+        }
 
-        $this->codeChallengeVerifiers = [
-            $s256Verifier->getMethod() => $s256Verifier,
-            $plainVerifier->getMethod() => $plainVerifier,
-        ];
+        $plainVerifier = new PlainVerifier();
+        $this->codeChallengeVerifiers[$plainVerifier->getMethod()] = $plainVerifier;
     }
 
     /**