Hi all,
I appreciate this idea, simple and powerful to achieve proof of possession.
But, I have some questions against the scheme.
Sorry if these ware already discussed.
I worry about using a hash function in simple way.
I mean, a simple use of random as code_verifier may cause that malicious client
can have any code_verifier and code_challenge.
All combinations of random and its hash can be obtained, it may not be risk?
So, we should use:
S256 "code_challenge" = BASE64URL(SHA256("code_verifier" + “client ID”))
or
S256 "code_challenge" = BASE64URL(SHA256("code_verifier" + “client ID” +
“server ID”))
Where, you know that client ID is client’s unique name.
Other problem is the following, using Nat’s slide:
http://www.slideshare.net/nat_sakimura/1112-spoppresso .
0. Attacker prepares own code_verifier and code_challenge.
1. replage legitimate challenge with malicious code_challenge.
5. Attacker can submits own code_verifier.
It may be out of the draft, I think.
Best regards,
;; takamixhi saito
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
