fix: make user code creation configurable

Author: nsklikas

config.go

@@ -51,6 +51,12 @@ type DeviceAndUserCodeLifespanProvider interface {
 	GetDeviceAndUserCodeLifespan(ctx context.Context) time.Duration
 }
 
+// DeviceAndUserCodeLifespanProvider returns the provider for configuring the device and user code lifespan
+type UserCodeProvider interface {
+	GetUserCodeLength(ctx context.Context) int
+	GetUserCodeSymbols(ctx context.Context) []rune
+}
+
 // ScopeStrategyProvider returns the provider for configuring the scope strategy.
 type ScopeStrategyProvider interface {
 	// GetScopeStrategy returns the scope strategy.

config_default.go

@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/go-retryablehttp"
 
 	"github.com/ory/fosite/token/jwt"
+	"github.com/ory/x/randx"
 
 	"github.com/ory/fosite/i18n"
 )
@@ -229,6 +230,12 @@ type Config struct {
 
 	// IsPushedAuthorizeEnforced enforces pushed authorization request for /authorize
 	IsPushedAuthorizeEnforced bool
+
+	// UserCodeLength defines the length of the user_code
+	UserCodeLength int
+
+	// UserCodeSymbols defines the symbols that will be used to construct the user_code
+	UserCodeSymbols []rune
 }
 
 func (c *Config) GetGlobalSecret(ctx context.Context) ([]byte, error) {
@@ -540,3 +547,19 @@ func (c *Config) GetDeviceAuthTokenPollingInterval(ctx context.Context) time.Dur
 	}
 	return c.DeviceAuthTokenPollingInterval
 }
+
+// GetUserCodeLength returns configured user_code length
+func (c *Config) GetUserCodeLength(ctx context.Context) int {
+	if c.UserCodeLength == 0 {
+		return 8
+	}
+	return c.UserCodeLength
+}
+
+// GetDeviceAuthTokenPollingInterval returns configured user_code allowed symbols
+func (c *Config) GetUserCodeSymbols(ctx context.Context) []rune {
+	if c.UserCodeSymbols == nil {
+		return []rune(randx.AlphaUpper)
+	}
+	return c.UserCodeSymbols
+}

fosite.go

@@ -148,6 +148,7 @@ type Configurator interface {
 	RevocationHandlersProvider
 	UseLegacyErrorFormatProvider
 	DeviceEndpointHandlersProvider
+	UserCodeProvider
 	DeviceProvider
 }
 

handler/rfc8628/strategy_hmacsha.go

@@ -103,14 +103,15 @@ type DefaultDeviceStrategy struct {
 	Config interface {
 		fosite.DeviceProvider
 		fosite.DeviceAndUserCodeLifespanProvider
+		fosite.UserCodeProvider
 	}
 }
 
 var _ RFC8628CodeStrategy = (*DefaultDeviceStrategy)(nil)
 
 // GenerateUserCode generates a user_code
 func (h *DefaultDeviceStrategy) GenerateUserCode(ctx context.Context) (string, string, error) {
-	seq, err := randx.RuneSequence(8, []rune(randx.AlphaUpper))
+	seq, err := randx.RuneSequence(h.Config.GetUserCodeLength(ctx), h.Config.GetUserCodeSymbols(ctx))
 	if err != nil {
 		return "", "", err
 	}