ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-08 21:14:00 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fix bug: hash_hmac() should output raw binary data, not hexits

Browse Source
This commit is contained in:
Michael Hogg 2015-08-28 12:46:53 +01:00
parent 2496653968
commit eeaa68400f
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/TokenType/MAC.php
View File

@ -114,7 +114,14 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
$calculatedSignatureParts[] = $params->get('ext'); $calculatedSignatureParts[] = $params->get('ext');
} }
$calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), $macKey)); $calculatedSignature = base64_encode(
hash_hmac(
'sha256',
implode("\n", $calculatedSignatureParts),
$macKey,
true // raw_output: outputs raw binary data
)
);
// Return the access token if the signature matches // Return the access token if the signature matches
return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null; return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;