providers/oauth2: inconsistent client secret generation (#5241)

* use simpler char set for client secret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also adjust radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use similar logic in web to generate ids and secrets

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont use math.random

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

web/src/common/utils.ts

@@ -83,10 +83,23 @@ export function hexEncode(buf: Uint8Array): string {
         .join("");
 }
 
-export function randomString(len: number): string {
-    const arr = new Uint8Array(len / 2);
-    window.crypto.getRandomValues(arr);
-    return hexEncode(arr);
+// Taken from python's string module
+export const ascii_lowercase = "abcdefghijklmnopqrstuvwxyz";
+export const ascii_uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+export const ascii_letters = ascii_lowercase + ascii_uppercase;
+export const digits = "0123456789";
+export const hexdigits = digits + "abcdef" + "ABCDEF";
+export const octdigits = "01234567";
+export const punctuation = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+export function randomString(len: number, charset: string): string {
+    const chars = [];
+    const array = new Uint8Array(len);
+    self.crypto.getRandomValues(array);
+    for (let index = 0; index < len; index++) {
+        chars.push(charset[Math.floor(charset.length * (array[index] / Math.pow(2, 8)))]);
+    }
+    return chars.join("");
 }
 
 export function dateTimeLocal(date: Date): string {