(cxf) 02/02: CXF-9216 - Switch default OAuth2 code verifier to Digest

Thu, 21 May 2026 02:01:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch coheigea/oauth2-verifiers
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit d362892db877f3c86e615046308f831143ae66bc
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu May 21 10:00:55 2026 +0100

    CXF-9216 - Switch default OAuth2 code verifier to Digest
---
 .../rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index b4cd8e93cfb..0d2e7111102 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -173,9 +173,9 @@ public class AuthorizationCodeGrantHandler extends 
AbstractGrantHandler {
                     return false;
                 }
             }
-            // Fall back to plain
+            // Fall back to digest
             if (codeVerifierTransformer == null) {
-                codeVerifierTransformer = new PlainCodeVerifier();
+                codeVerifierTransformer = new DigestCodeVerifier();
             }
             String transformedCodeVerifier = 
codeVerifierTransformer.transformCodeVerifier(clientCodeVerifier);
             return clientCodeChallenge.equals(transformedCodeVerifier);

Reply via email to