fix(pkce): code verifier requires at least 43 characters

2 files changed, 3 insertions, 1 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
index 70d8f3fc..2c09b270 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
@@ -98,7 +98,7 @@ public class Rfc7636Utils {
   }
 
   private String generateNewRandomValue() {
-    byte[] values = new byte[20];
+    byte[] values = new byte[32];
     random.nextBytes(values);
     return encodeB64(values);
 
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
index 3bedf3d0..64938d13 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
@@ -27,6 +27,8 @@ public class Rfc7636UtilsTest {
     assertEquals(Method.S256, infos.getCodeMethod());
     assertNotNull(infos.getCodeChallenge());
     assertNotNull(infos.getCodeVerifier());
+    assertTrue("CodeVerifier to short", infos.getCodeVerifier().length() >= 43);
+    assertTrue("CodeVerifier to long", infos.getCodeVerifier().length() <= 128);
     assertTrue(Rfc7636Utils.getInstance().verify(infos));
   }