[PR #1047] [MERGED] fix: use constant time comparisons when validating PKCE challenges #1033

New Issue

Closed

opened 2026-02-04 21:12:11 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-04 21:12:11 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/pocket-id/pocket-id/pull/1047
Author: @ItalyPaleAle
Created: 10/24/2025
Status: ✅ Merged
Merged: 10/24/2025
Merged by: @stonith404

Base: main ← Head: pkce-constant-time

---

📝 Commits (1)

• 9af6455 fix: use constant time comparisons when validating PKCE challenges

📊 Changes

2 files changed (+39 additions, -7 deletions)

View changed files

📝 backend/internal/service/oidc_service.go (+12 -7)
📝 backend/internal/service/oidc_service_test.go (+27 -0)

📄 Description

This fixes a small potential timing attack

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/pocket-id/pocket-id/pull/1047 **Author:** [@ItalyPaleAle](https://github.com/ItalyPaleAle) **Created:** 10/24/2025 **Status:** ✅ Merged **Merged:** 10/24/2025 **Merged by:** [@stonith404](https://github.com/stonith404) **Base:** `main` ← **Head:** `pkce-constant-time` --- ### 📝 Commits (1) - [`9af6455`](https://github.com/pocket-id/pocket-id/commit/9af6455edc8c73ff3cadd6b379c888226d3feabc) fix: use constant time comparisons when validating PKCE challenges ### 📊 Changes **2 files changed** (+39 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/service/oidc_service.go` (+12 -7) 📝 `backend/internal/service/oidc_service_test.go` (+27 -0) </details> ### 📄 Description This fixes a small potential timing attack --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-04 21:12:11 +03:00

OVERLORD closed this issue 2026-02-04 21:12:15 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#1033