[PR #420] [MERGED] Fix pkce #443

New issue

Closed

opened 2026-02-27 20:24:45 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 20:24:45 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/ramsayleung/rspotify/pull/420
Author: @jacobmichels
Created: 5/30/2023
Status: ✅ Merged
Merged: 5/30/2023
Merged by: @ramsayleung

Base: master ← Head: fix-pkce

---

📝 Commits (5)

• c544786 bump base64 to latest
• b3ac7e3 fix usage of deprecated api
• 4360c09 properly encode challenge code
• 77fae78 changelog entry
• cb0885f change encoding alphabet

📊 Changes

4 files changed (+9 additions, -3 deletions)

View changed files

📝 CHANGELOG.md (+3 -0)
📝 Cargo.toml (+1 -1)
📝 src/auth_code_pkce.rs (+3 -1)
📝 src/lib.rs (+2 -1)

📄 Description

Description

This PR fixes the PKCE auth flow panicking during prompt_for_token. The issue was the challenge code was being base64 encoded in a url-unsafe manner. This PR simply changes the base64 encoding logic to be url safe.

I also bumped the base64 crate version and updated lib.rs to avoid using a deprecated base64 encode API.

#419

Motivation and Context

I wanted to use PKCE auth.

Dependencies

No dependencies added. base64 bumped from 0.20.0 to 0.21.2

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How has this been tested?

I didn't do any automated testing, I just ran the auth_code_pkce example to check if my changes worked. On version 0.11.7 this example panics. With my patch, the example functions as expected.

Is this change properly documented?

I added an entry to the changelog. I don't believe further documentation is needed.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ramsayleung/rspotify/pull/420 **Author:** [@jacobmichels](https://github.com/jacobmichels) **Created:** 5/30/2023 **Status:** ✅ Merged **Merged:** 5/30/2023 **Merged by:** [@ramsayleung](https://github.com/ramsayleung) **Base:** `master` ← **Head:** `fix-pkce` --- ### 📝 Commits (5) - [`c544786`](https://github.com/ramsayleung/rspotify/commit/c5447866900369a923877be0bcaff71173739e2f) bump base64 to latest - [`b3ac7e3`](https://github.com/ramsayleung/rspotify/commit/b3ac7e3f1ce56240ddb243331c8152bad6d3cdb2) fix usage of deprecated api - [`4360c09`](https://github.com/ramsayleung/rspotify/commit/4360c096f2e1d827bd52b998dc3c1bfde18c456d) properly encode challenge code - [`77fae78`](https://github.com/ramsayleung/rspotify/commit/77fae7822d37f60c62317fe06ba28f7122e0bd22) changelog entry - [`cb0885f`](https://github.com/ramsayleung/rspotify/commit/cb0885f899f4c6748ac7e08caa78d41446151409) change encoding alphabet ### 📊 Changes **4 files changed** (+9 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+3 -0) 📝 `Cargo.toml` (+1 -1) 📝 `src/auth_code_pkce.rs` (+3 -1) 📝 `src/lib.rs` (+2 -1) </details> ### 📄 Description ## Description This PR fixes the PKCE auth flow panicking during `prompt_for_token`. The issue was the challenge code was being base64 encoded in a url-unsafe manner. This PR simply changes the base64 encoding logic to be url safe. I also bumped the base64 crate version and updated lib.rs to avoid using a deprecated base64 encode API. #419 ## Motivation and Context I wanted to use PKCE auth. ## Dependencies No dependencies added. base64 bumped from 0.20.0 to 0.21.2 ## Type of change Please delete options that are not relevant. - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] This change requires a documentation update ## How has this been tested? I didn't do any automated testing, I just ran the auth_code_pkce example to check if my changes worked. On version 0.11.7 this example panics. With my patch, the example functions as expected. ## Is this change properly documented? I added an entry to the changelog. I don't believe further documentation is needed. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 20:24:45 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ramsay/upgrade-0.16.1

dependabot/cargo/sha2-0.11.0

ramsay/upgrade-to-v0.16

ramsay/deprecate-removed-renamed-field

ramsay/migrate-to-new-endpoint

ramsay/deprecate-removed-endpoints

dependabot/cargo/strum-0.28.0

dependabot/cargo/reqwest-middleware-0.5.1

dependabot/cargo/reqwest-0.13.1

ramsay/upgrade-to-0.15.3

ramsay/upgrade-to-0.15.2

dependabot/cargo/ureq-3.1.2

ramsay/upgrade-dependencies

ramsay/upgrade-to-0.15.1

ramsay/fix-malformed-json

ramsay/upgrade-to-v0.15.0

ramsay/allow-enum-unknown-variant

ramsay/upgrade-to-0.14

ramsay/add_tcplistern_for_callback

ramsay/fix-clippy-error

ramsay/update-doc

ramsay/fix-endless-sequence

ramsay/publish-crate-workflow-test

ramsay/fix-pkce-refresh-token

ramsay/pkce_auth_refresh_token

ramsay_add_test_for_collectionyourepisodes

better-webapp

ramsay_fix_token_expired

percent-search

refresh_token_rwlock

ramsay_convert_result_inside_endpoint

streaming

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.0

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.0

v0.11.7

v0.11.6

v0.10.0

v0.11.5

v0.11.5.0

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.11.5.1

v0.9

v0.9-alpha

Labels

Clear labels   

Stale

  

bug

  

discussion

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

Stale

bug

discussion

enhancement

good first issue

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/rspotify#443

No description provided.