Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use a CSPRNG to generate the code verifier (#99)
The PKCE for OAuth spec requires that the code verifier be a "high-entropy cryptographic random string": https://datatracker.ietf.org/doc/html/rfc7636#section-4.1 Previously, the ``GenerateNonce`` function was using ``System.Random`` to generate the code verifier, which is not cryptographically secure. TargetFramework has been bumped to netstandard2.1 in order to get access to ``RandomNumberGenerator.GetInt32``.
- Loading branch information