Fixup token-related comments

2026-01-11 19:58:28 +01:00 · 2023-08-01 08:26:11 -04:00 · 2023-08-01 08:26:11 -04:00 · daffb19c54
commit daffb19c54
parent a2e32f0f9a
2 changed files with 3 additions and 3 deletions
--- a/src/Yesod/Auth/OAuth2/Dispatch.hs
+++ b/src/Yesod/Auth/OAuth2/Dispatch.hs
@ -117,14 +117,14 @@ withCallbackAndState name oauth2 csrf = do
 getParentUrlRender :: MonadHandler m => m (Route (SubHandlerSite m) -> Text)
 getParentUrlRender = (.) <$> getUrlRender <*> getRouteToParent

-- | Set a random, ~30-character value in the session
+-- | Set a random, ~64-byte value in the session
 --
 -- Some (but not all) providers decode a @+@ in the state token as a space when
 -- sending it back to us. We don't expect this and fail. And if we did code for
 -- it, we'd then fail on the providers that /don't/ do that.
 --
 -- Therefore, we just exclude @+@ in our tokens, which means this function may
-- return slightly less than 30 characters.
+-- return slightly fewer than 64 bytes.
 setSessionCSRF :: MonadHandler m => Text -> m Text
 setSessionCSRF sessionKey = do
  csrfToken <- liftIO randomToken
--- a/src/Yesod/Auth/OAuth2/Random.hs
+++ b/src/Yesod/Auth/OAuth2/Random.hs
@ -13,7 +13,7 @@ import Data.Text.Encoding (decodeUtf8)
 randomText
  :: MonadRandom m
  => Int
-  -- ^ Size in Bytes (note necessarily characters)
+  -- ^ Size in Bytes (not necessarily characters)
  -> m Text
 randomText size =
  decodeUtf8 . convertToBase @ByteString Base64 <$> getRandomBytes size