diff options
Diffstat (limited to 'vendor/golang.org/x/oauth2/pkce.go')
| -rw-r--r-- | vendor/golang.org/x/oauth2/pkce.go | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go deleted file mode 100644 index cea8374d5..000000000 --- a/vendor/golang.org/x/oauth2/pkce.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2023 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package oauth2 - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "net/url" -) - -const ( - codeChallengeKey = "code_challenge" - codeChallengeMethodKey = "code_challenge_method" - codeVerifierKey = "code_verifier" -) - -// GenerateVerifier generates a PKCE code verifier with 32 octets of randomness. -// This follows recommendations in RFC 7636. -// -// A fresh verifier should be generated for each authorization. -// The resulting verifier should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] -// with [S256ChallengeOption], and to [Config.Exchange] or [Config.DeviceAccessToken] -// with [VerifierOption]. -func GenerateVerifier() string { - // "RECOMMENDED that the output of a suitable random number generator be - // used to create a 32-octet sequence. The octet sequence is then - // base64url-encoded to produce a 43-octet URL-safe string to use as the - // code verifier." - // https://datatracker.ietf.org/doc/html/rfc7636#section-4.1 - data := make([]byte, 32) - if _, err := rand.Read(data); err != nil { - panic(err) - } - return base64.RawURLEncoding.EncodeToString(data) -} - -// VerifierOption returns a PKCE code verifier [AuthCodeOption]. It should only be -// passed to [Config.Exchange] or [Config.DeviceAccessToken]. -func VerifierOption(verifier string) AuthCodeOption { - return setParam{k: codeVerifierKey, v: verifier} -} - -// S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256. -// -// Prefer to use [S256ChallengeOption] where possible. -func S256ChallengeFromVerifier(verifier string) string { - sha := sha256.Sum256([]byte(verifier)) - return base64.RawURLEncoding.EncodeToString(sha[:]) -} - -// S256ChallengeOption derives a PKCE code challenge derived from verifier with -// method S256. It should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] -// only. -func S256ChallengeOption(verifier string) AuthCodeOption { - return challengeOption{ - challenge_method: "S256", - challenge: S256ChallengeFromVerifier(verifier), - } -} - -type challengeOption struct{ challenge_method, challenge string } - -func (p challengeOption) setValue(m url.Values) { - m.Set(codeChallengeMethodKey, p.challenge_method) - m.Set(codeChallengeKey, p.challenge) -} |