From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 27 Jul 2021 15:25:21 +0000 (+0200)
Subject: Merge branch '5.4'
X-Git-Tag: 5.5.0_Alpha_1~512
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=817c9b1991573a4ca068a8b736ee828bbb5b30f0;p=GitHub%2FWoltLab%2FWCF.git

Merge branch '5.4'
---

817c9b1991573a4ca068a8b736ee828bbb5b30f0
diff --cc wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
index f03c2fc019,5ac9397644..b837e90b73
--- a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
+++ b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
@@@ -137,8 -145,21 +145,21 @@@ abstract class AbstractOauth2Action ext
              'client_id' => $this->getClientId(),
              'client_secret' => $this->getClientSecret(),
              'redirect_uri' => $this->getCallbackUrl(),
 -            'code' => $_GET['code'],
 +            'code' => $code,
-         ], '', '&', \PHP_QUERY_RFC1738));
+         ];
+ 
+         if ($this->usePkce()) {
+             if (!($verifier = WCF::getSession()->getVar(self::PKCE))) {
+                 throw new StateValidationException('Missing PKCE verifier in session');
+             }
+ 
+             $payload['code_verifier'] = $verifier;
+         }
+ 
+         $request = new Request('POST', $this->getTokenEndpoint(), [
+             'Accept' => 'application/json',
+             'Content-Type' => 'application/x-www-form-urlencoded',
+         ], \http_build_query($payload, '', '&', \PHP_QUERY_RFC1738));
  
          try {
              $response = $this->getHttpClient()->send($request);