🔥 Amazon PKCE 中的 code_verifier 基于 state 缓存

2025-12-06 08:48:27 +08:00 · 2024-08-04 23:28:55 +08:00 · 2024-08-04 23:28:55 +08:00 · 6859b8a949
commit 6859b8a949
parent b01704ff78
1 changed files with 4 additions and 3 deletions
--- a/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
@ -50,15 +50,16 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
     */
    @Override
    public String authorize(String state) {
+        String realState = getRealState(state);
        UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize())
            .queryParam("client_id", config.getClientId())
            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values())))
            .queryParam("redirect_uri", config.getRedirectUri())
            .queryParam("response_type", "code")
-            .queryParam("state", getRealState(state));
+            .queryParam("state", realState);

        if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
            String codeVerifier = PkceUtil.generateCodeVerifier();
            String codeChallengeMethod = "S256";
            String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
@ -86,7 +87,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
        form.put("client_secret", config.getClientSecret());

        if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
            String codeVerifier = this.authStateCache.get(cacheKey);
            form.put("code_verifier", codeVerifier);
        }