25 lines
623 B
Go
25 lines
623 B
Go
package pkce
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
)
|
|
|
|
const verifierLength = 43
|
|
|
|
// Generate creates a PKCE code verifier and its S256 challenge.
|
|
func Generate() (verifier, challenge string, err error) {
|
|
// Generate random bytes and encode to URL-safe base64 (no padding)
|
|
buf := make([]byte, 32)
|
|
if _, err := rand.Read(buf); err != nil {
|
|
return "", "", err
|
|
}
|
|
verifier = base64.RawURLEncoding.EncodeToString(buf)
|
|
|
|
// Derive challenge: base64url(sha256(verifier))
|
|
h := sha256.Sum256([]byte(verifier))
|
|
challenge = base64.RawURLEncoding.EncodeToString(h[:])
|
|
|
|
return verifier, challenge, nil
|
|
}
|