From aadce7be00407dca4cead406eec1470552a7b27f Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@pretix.eu>
Date: Tue, 24 Feb 2026 13:11:02 +0100
Subject: [PATCH] Remove print statement from debugging (Z#23225586)

This was reported as a security issue, but we see no security impact or
exploitation path, as the security of PKCE relies on keeping the
verifier secret, not the challenge.
---
 src/pretix/presale/views/oidc_op.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/pretix/presale/views/oidc_op.py b/src/pretix/presale/views/oidc_op.py
index a8178545f2..e79dbb1946 100644
--- a/src/pretix/presale/views/oidc_op.py
+++ b/src/pretix/presale/views/oidc_op.py
@@ -393,7 +393,6 @@ class TokenView(View):
 
             if grant.code_challenge_method == "S256":
                 expected_challenge = base64.urlsafe_b64encode(hashlib.sha256(request.POST["code_verifier"].encode()).digest()).decode().rstrip("=")
-                print(grant.code_challenge, expected_challenge)
                 if expected_challenge != grant.code_challenge:
                     return JsonResponse({
                         "error": "invalid_grant",