Essent · geertrutten · Jun 9, 2023 · Jun 9, 2023 · Jun 9, 2023
diff --git a/src/index.d.ts b/src/index.d.ts
@@ -43,13 +43,12 @@ export declare class TnsOAuthClient {
   tokenResult: ITnsOAuthTokenResult;
   codeVerifier?: string;
   pkce?: boolean;
-  constructor(providerType: TnsOaProviderType, ecid: string, pkce?: boolean);
+  constructor(providerType: TnsOaProviderType, pkce?: boolean);
   loginWithCompletion(completion?: TnsOAuthClientLoginBlock): void;
   logoutWithCompletion(completion?: TnsOAuthResponseBlock): void;
   refreshTokenWithCompletion(completion?: TnsOAuthClientLoginBlock): void;
   resumeWithUrl(url: string): void;
   logout(successPage?: string): void;
-  getEcid(): string;
 }
 
 export const configureTnsOAuth = function(providers: TnsOaProvider[]): void{};

diff --git a/src/index.ts b/src/index.ts
@@ -42,13 +42,12 @@ export declare class TnsOAuthClient {
   tokenResult: ITnsOAuthTokenResult;
   codeVerifier?: string;
   pkce?: boolean;
-  constructor(providerType: TnsOaProviderType, ecid: string, pkce?: boolean);
+  constructor(providerType: TnsOaProviderType, pkce?: boolean);
   loginWithCompletion(completion?: TnsOAuthClientLoginBlock): void;
   logoutWithCompletion(completion?: TnsOAuthResponseBlock): void;
   refreshTokenWithCompletion(completion?: TnsOAuthClientLoginBlock): void;
   resumeWithUrl(url: string): void;
   logout(successPage?: string): void;
-  getEcid(): string;
 }
 
 export const configureTnsOAuth = function(providers: TnsOaProvider[]): void{};

diff --git a/src/oauth.ts b/src/oauth.ts
@@ -1,5 +1,4 @@
 import { Frame, HttpResponse } from "@nativescript/core";
-
 import {
   TnsOAuthClientLoginBlock,
   ITnsOAuthLoginController,
@@ -39,7 +38,7 @@ export class TnsOAuthClient {
   private loginController: ITnsOAuthLoginController;
   public tokenResult: ITnsOAuthTokenResult;
 
-  public constructor(providerType: TnsOaProviderType, private ecid: string, public pkce: boolean = true) {
+  public constructor(providerType: TnsOaProviderType, public pkce: boolean = true) {
     this.provider = tnsOauthProviderMap.providerMap.get(providerType);
     if (this.provider) {
       switch (this.provider.options.openIdSupport) {
@@ -66,10 +65,6 @@ export class TnsOAuthClient {
     }
   }
 
-  public getEcid() {
-    return this.ecid;
-  }
-
   public loginWithCompletion(completion?: TnsOAuthClientLoginBlock) {
     if (this.provider) {
       this.loginController.loginWithParametersFrameCompletion(

diff --git a/src/package.json b/src/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@essent/nativescript-oauth2",
-  "version": "3.1.1",
+  "version": "3.2.0",
   "description": "OAuth 2 generic authorization plugin for NativeScript that doesn't install third party native libraries",
   "main": "oauth",
   "typings": "index.d.ts",

diff --git a/src/pkce-util.android.ts b/src/pkce-util.android.ts
@@ -1,7 +1,6 @@
 const DEFAULT_CODE_VERIFIER_ENTROPY = 64;
 const PKCE_BASE64_ENCODE_SETTINGS = android.util.Base64.NO_WRAP | android.util.Base64.NO_PADDING | android.util.Base64.URL_SAFE;
 
-declare const org;
 export function getCodeVerifier(): string {
   const randomBytes = Array.create("byte", DEFAULT_CODE_VERIFIER_ENTROPY);
   new java.security.SecureRandom().nextBytes(randomBytes);
@@ -10,25 +9,7 @@ export function getCodeVerifier(): string {
 
 export function sha256base64encoded(codeVerifier: string): string {
   const sha256Digester = java.security.MessageDigest.getInstance("SHA-256");
-  sha256Digester.update(
-    new java.lang.String(codeVerifier).getBytes("ISO_8859_1")
-  );
-  let digestBytes;
-  if (
-    typeof sha256Digester.digest !== "function" &&
-    sha256Digester.digest instanceof
-      org.bouncycastle.crypto.digests.SHA256Digest
-  ) {
-    const digest = sha256Digester.digest;
-    const size = digest.getDigestSize();
-    digestBytes = Array.create("byte", size);
-    digest.doFinal(digestBytes, 0);
-  } else {
-    digestBytes = sha256Digester.digest();
-  }
-
-  return android.util.Base64.encodeToString(
-    digestBytes,
-    PKCE_BASE64_ENCODE_SETTINGS
-  );
+  sha256Digester.update(new java.lang.String(codeVerifier).getBytes("ISO_8859_1"));
+  const digestBytes = sha256Digester.digest();
+  return android.util.Base64.encodeToString(digestBytes, PKCE_BASE64_ENCODE_SETTINGS);
 }
diff --git a/src/pkce-util.ios.ts b/src/pkce-util.ios.ts
@@ -1,18 +1,28 @@
-import * as CryptoJS from 'crypto-js';
-
 const SHA256_DIGEST_LENGTH = 32;
 
 export function getCodeVerifier(): string {
-  return encodeBase64urlNoPadding(CryptoJS.lib.WordArray.random(SHA256_DIGEST_LENGTH));
+  const randomData = NSMutableData.dataWithLength(SHA256_DIGEST_LENGTH);
+  const result: number = SecRandomCopyBytes(kSecRandomDefault, randomData.length, randomData.mutableBytes);
+  if (result !== 0) {
+    return null;
+  } else {
+    return encodeBase64urlNoPadding(randomData);
+  }
 }
 
 export function sha256base64encoded(inputString: string): string {
-  return encodeBase64urlNoPadding(CryptoJS.SHA256(inputString));
+  const verifierData: NSData = NSString.stringWithString(inputString).dataUsingEncoding(NSUTF8StringEncoding);
+  const sha256Verifier: NSMutableData = NSMutableData.dataWithLength(SHA256_DIGEST_LENGTH);
+  CC_SHA256(verifierData.bytes, verifierData.length, <string><unknown>sha256Verifier.mutableBytes);
+  return encodeBase64urlNoPadding(sha256Verifier);
 }
 
-function encodeBase64urlNoPadding(data: any): string {
-  return data.toString(CryptoJS.enc.Base64)
-    .replace(/=/g, '')
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_');
-}
+function encodeBase64urlNoPadding(data: NSData): string {
+  let base64string = data.base64EncodedStringWithOptions(0);
+  // converts base64 to base64url
+  base64string = base64string.replace(/\+/g, "-");
+  base64string = base64string.replace(/\//g, "_");
+  // strips padding
+  base64string = base64string.replace(/=/g, "");
+  return base64string;
+}
diff --git a/src/tns-oauth-login-sub-controller.ts b/src/tns-oauth-login-sub-controller.ts
@@ -55,7 +55,7 @@ export class TnsOAuthLoginSubController {
       completion
     );
 
-    return getAuthUrlStr(this.client.provider, this.client.getEcid(), codeChallenge);
+    return getAuthUrlStr(this.client.provider, codeChallenge);
   }
 
   public preLogoutSetup(

diff --git a/src/tns-oauth-utils.ts b/src/tns-oauth-utils.ts
@@ -17,7 +17,6 @@ function addCustomQueryParams(params: object, provider: TnsOaProvider): void {
 
 export function getAuthUrlStr(
   provider: TnsOaProvider,
-  ecid: string,
   codeChallenge?: string
 ): string {
 
@@ -32,7 +31,6 @@ export function getAuthUrlStr(
     provider.options.scopes && provider.options.scopes.join(" ");
   params["response_mode"] = "query";
   params["state"] = "abcd";
-  params["ecid"] = ecid;
 
   if (codeChallenge) {
     params["code_challenge"] = codeChallenge;