pkce_code_verifier.go

Documentation: github.com/okta/okta-jwt-verifier-golang/utils

     1  /*******************************************************************************
     2   * Copyright 2022 - Present Okta, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *      http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   ******************************************************************************/
    16  
    17  // based on https://datatracker.ietf.org/doc/html/rfc7636
    18  package utils
    19  
    20  import (
    21  	"crypto/sha256"
    22  	"encoding/base64"
    23  	"fmt"
    24  	"math/rand"
    25  	"strings"
    26  )
    27  
    28  const (
    29  	MinLength = 32
    30  	MaxLength = 96
    31  )
    32  
    33  type PKCECodeVerifier struct {
    34  	CodeVerifier string
    35  }
    36  
    37  func (v *PKCECodeVerifier) String() string {
    38  	return v.CodeVerifier
    39  }
    40  
    41  // CodeChallengePlain generates a plain code challenge from a code verifier
    42  func (v *PKCECodeVerifier) CodeChallengePlain() string {
    43  	return v.CodeVerifier
    44  }
    45  
    46  // CodeChallengeS256 generates a Sha256 code challenge from a code verifier
    47  func (v *PKCECodeVerifier) CodeChallengeS256() string {
    48  	h := sha256.New()
    49  	h.Write([]byte(v.CodeVerifier))
    50  	return encode(h.Sum(nil))
    51  }
    52  
    53  // GenerateCodeVerifier generates a code verifier with the minimum length
    54  func GenerateCodeVerifier() (*PKCECodeVerifier, error) {
    55  	return GenerateCodeVerifierWithLength(MinLength)
    56  }
    57  
    58  // GenerateCodeVerifierWithLength generates a code verifier with the specified length
    59  func GenerateCodeVerifierWithLength(length int) (*PKCECodeVerifier, error) {
    60  	if length < MinLength || length > MaxLength {
    61  		return nil, fmt.Errorf("invalid length: %v", length)
    62  	}
    63  	// create random bytes
    64  	b, err := bytes(length)
    65  	if err != nil {
    66  		return nil, err
    67  	}
    68  	return &PKCECodeVerifier{
    69  		CodeVerifier: encode(b),
    70  	}, nil
    71  }
    72  
    73  // bytes generates n random bytes
    74  func bytes(n int) ([]byte, error) {
    75  	b := make([]byte, n)
    76  	_, err := rand.Read(b)
    77  	return b, err
    78  }
    79  
    80  // encode encodes a byte array to a base64 string with no padding
    81  func encode(b []byte) string {
    82  	encoded := base64.StdEncoding.EncodeToString(b)
    83  	encoded = strings.Replace(encoded, "+", "-", -1)
    84  	encoded = strings.Replace(encoded, "/", "_", -1)
    85  	encoded = strings.Replace(encoded, "=", "", -1)
    86  	return encoded
    87  }
    88
View as plain text