feat: Phase 1 — config, auth, OAuth2 PKCE, CLI scaffold, token store

2026-04-01 21:25:49 +02:00
parent 514372fa6b
commit 10db895ada
14 changed files with 977 additions and 29 deletions
--- a/internal/auth/pkce.go
+++ b/internal/auth/pkce.go
@@ -0,0 +1,33 @@
+package auth
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+)
+
+type PKCEChallenge struct {
+	Verifier  string
+	Challenge string
+	Method    string
+}
+
+func NewPKCEChallenge() (*PKCEChallenge, error) {
+	b := make([]byte, 32)
+	if _, err := rand.Read(b); err != nil {
+		return nil, fmt.Errorf("generate pkce verifier: %w", err)
+	}
+	verifier := base64.RawURLEncoding.EncodeToString(b)
+	challenge := computeChallenge(verifier)
+	return &PKCEChallenge{
+		Verifier:  verifier,
+		Challenge: challenge,
+		Method:    "S256",
+	}, nil
+}
+
+func computeChallenge(verifier string) string {
+	h := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(h[:])
+}