34 lines
682 B
Go
34 lines
682 B
Go
package auth
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"fmt"
|
|
)
|
|
|
|
type PKCEChallenge struct {
|
|
Verifier string
|
|
Challenge string
|
|
Method string
|
|
}
|
|
|
|
func NewPKCEChallenge() (*PKCEChallenge, error) {
|
|
b := make([]byte, 32)
|
|
if _, err := rand.Read(b); err != nil {
|
|
return nil, fmt.Errorf("generate pkce verifier: %w", err)
|
|
}
|
|
verifier := base64.RawURLEncoding.EncodeToString(b)
|
|
challenge := computeChallenge(verifier)
|
|
return &PKCEChallenge{
|
|
Verifier: verifier,
|
|
Challenge: challenge,
|
|
Method: "S256",
|
|
}, nil
|
|
}
|
|
|
|
func computeChallenge(verifier string) string {
|
|
h := sha256.Sum256([]byte(verifier))
|
|
return base64.RawURLEncoding.EncodeToString(h[:])
|
|
}
|