fix: overweight dependencies in PKCE implementation (#5658)

Author: shockey

package-lock.json

@@ -65,6 +65,7 @@
     "lodash": "^4.17.15",
     "memoizee": "^0.4.12",
     "prop-types": "^15.7.2",
+    "randombytes": "^2.1.0",
     "react": "^15.6.2",
     "react-debounce-input": "^3.2.0",
     "react-dom": "^15.6.2",
@@ -78,6 +79,7 @@
     "remarkable": "^1.7.4",
     "reselect": "^2.5.4",
     "serialize-error": "^2.1.0",
+    "sha.js": "^2.4.11",
     "swagger-client": "^3.9.4",
     "url-parse": "^1.4.7",
     "xml-but-prettier": "^1.0.1",

package.json

@@ -22,7 +22,9 @@ import { memoizedSampleFromSchema, memoizedCreateXMLExample } from "core/plugins
 import win from "./window"
 import cssEscape from "css.escape"
 import getParameterSchema from "../helpers/get-parameter-schema"
-import crypto from "crypto"
+import randomBytes from "randombytes"
+import shaJs from "sha.js"
+
 
 const DEFAULT_RESPONSE_KEY = "default"
 
@@ -868,21 +870,20 @@ export function paramToValue(param, paramValues) {
 
 // adapted from https://auth0.com/docs/flows/guides/auth-code-pkce/includes/create-code-verifier
 export function generateCodeVerifier() {
-  return toBase64UrlEncoded(
-    crypto.randomBytes(32)
-    .toString("base64")
+  return b64toB64UrlEncoded(
+    randomBytes(32).toString("base64")
   )
 }
 
 export function createCodeChallenge(codeVerifier) {
-  return toBase64UrlEncoded(
-    crypto.createHash("sha256")
-    .update(codeVerifier, "ascii")
-    .digest("base64")
-  )
+  return b64toB64UrlEncoded(
+      shaJs("sha256")
+      .update(codeVerifier)
+      .digest("base64")
+    )
 }
 
-function toBase64UrlEncoded(str) {
+function b64toB64UrlEncoded(str) {
   return str
     .replace(/\+/g, "-")
     .replace(/\//g, "_")