From a29858c03724423f584ae4c89b6d84f22201a3d7 Mon Sep 17 00:00:00 2001
From: Matej Labas <m.labas@ixopay.com>
Date: Wed, 27 Aug 2025 14:32:51 +0200
Subject: [PATCH 1/3] - Fixes generatePKCECodeVerifier() to never generate
 strings < 43 or > 128 in length - adds pkceCodeVerifierLength to customize
 the code_verifier length

---
 src/OAuth2/AbstractProvider.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/OAuth2/AbstractProvider.php b/src/OAuth2/AbstractProvider.php
index f392ca57..fd8041fc 100644
--- a/src/OAuth2/AbstractProvider.php
+++ b/src/OAuth2/AbstractProvider.php
@@ -27,6 +27,8 @@ abstract class AbstractProvider extends AbstractBaseProvider
 
     protected bool $pkce = false;
 
+    protected int $pkceCodeVerifierLength = 96;
+
     /**
      * @return string
      */
@@ -50,7 +52,7 @@ public function getAuthUrlParameters(): array
         $parameters['response_type'] = 'code';
 
         if ($this->pkce) {
-            $codeVerifier = $this->generatePKCECodeVerifier();
+            $codeVerifier = $this->generatePKCECodeVerifier($this->pkceCodeVerifierLength);
             $this->session->set('code_verifier', $codeVerifier);
 
             $parameters['code_challenge'] = $this->generatePKCECodeChallenge($codeVerifier);
@@ -60,10 +62,12 @@ public function getAuthUrlParameters(): array
         return $parameters;
     }
 
-    private function generatePKCECodeVerifier(int $length = 128)
+    private function generatePKCECodeVerifier(int $length = 96): string
     {
-        if ($length < 43 || $length > 128) {
-            throw new \Exception("Length must be between 43 and 128");
+        if ($length < 32 || $length > 96) {
+            throw new \Exception(
+                "Final length must be between 43 and 128, so the number of random bytes must be between 32 and 96"
+            );
         }
 
         $randomBytes = random_bytes($length);
@@ -151,7 +155,7 @@ protected function makeAccessTokenRequest(string $code): RequestInterface
         return $this->httpStack->createRequest($this->requestHttpMethod, $this->getRequestTokenUri())
             ->withHeader('Content-Type', 'application/x-www-form-urlencoded')
             ->withBody($this->httpStack->createStream(http_build_query($parameters, '', '&')))
-        ;
+            ;
     }
 
     /**

From a34c276a8458ceea367fe61106c7eeea79b2e5d1 Mon Sep 17 00:00:00 2001
From: Matej Labas <m.labas@ixopay.com>
Date: Wed, 27 Aug 2025 14:49:28 +0200
Subject: [PATCH 2/3] Space

---
 src/OAuth2/AbstractProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OAuth2/AbstractProvider.php b/src/OAuth2/AbstractProvider.php
index fd8041fc..a9499f7b 100644
--- a/src/OAuth2/AbstractProvider.php
+++ b/src/OAuth2/AbstractProvider.php
@@ -155,7 +155,7 @@ protected function makeAccessTokenRequest(string $code): RequestInterface
         return $this->httpStack->createRequest($this->requestHttpMethod, $this->getRequestTokenUri())
             ->withHeader('Content-Type', 'application/x-www-form-urlencoded')
             ->withBody($this->httpStack->createStream(http_build_query($parameters, '', '&')))
-            ;
+        ;
     }
 
     /**

From 5dbe1c8878a54b5bba33f91a1667df63c3cdf0cb Mon Sep 17 00:00:00 2001
From: Matej Labas <m.labas@ixopay.com>
Date: Thu, 28 Aug 2025 09:16:30 +0200
Subject: [PATCH 3/3] Rename length to byteLength

---
 src/OAuth2/AbstractProvider.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/OAuth2/AbstractProvider.php b/src/OAuth2/AbstractProvider.php
index a9499f7b..7eb9500d 100644
--- a/src/OAuth2/AbstractProvider.php
+++ b/src/OAuth2/AbstractProvider.php
@@ -27,7 +27,7 @@ abstract class AbstractProvider extends AbstractBaseProvider
 
     protected bool $pkce = false;
 
-    protected int $pkceCodeVerifierLength = 96;
+    protected int $pkceCodeVerifierByteLength = 96;
 
     /**
      * @return string
@@ -52,7 +52,7 @@ public function getAuthUrlParameters(): array
         $parameters['response_type'] = 'code';
 
         if ($this->pkce) {
-            $codeVerifier = $this->generatePKCECodeVerifier($this->pkceCodeVerifierLength);
+            $codeVerifier = $this->generatePKCECodeVerifier($this->pkceCodeVerifierByteLength);
             $this->session->set('code_verifier', $codeVerifier);
 
             $parameters['code_challenge'] = $this->generatePKCECodeChallenge($codeVerifier);
@@ -62,15 +62,15 @@ public function getAuthUrlParameters(): array
         return $parameters;
     }
 
-    private function generatePKCECodeVerifier(int $length = 96): string
+    private function generatePKCECodeVerifier(int $byteLength = 96): string
     {
-        if ($length < 32 || $length > 96) {
+        if ($byteLength < 32 || $byteLength > 96) {
             throw new \Exception(
                 "Final length must be between 43 and 128, so the number of random bytes must be between 32 and 96"
             );
         }
 
-        $randomBytes = random_bytes($length);
+        $randomBytes = random_bytes($byteLength);
         return rtrim(strtr(base64_encode($randomBytes), '+/', '-_'), '=');
     }