Categorygithub.com/arylatt/go-pkce
modulepackage
1.0.0
Repository: https://github.com/arylatt/go-pkce.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
6
Dependents
1
Files
87 SLOC

# README

PKCE Library for Go

go-pkce provides a PKCE library for Go, implementing the S256 challenge method.

Functions are provided for generating verifiers, challenges from verifiers, and validating a challenge matches a verifier.

Additionally a wrapper around golang.org/x/oauth2.Config has been provided, which adds the additional parameters to be sent to the server.

Usage

Some usage examples.

Generate a new code verifier, challenge, and send to the server

func ExampleConfig() {
  ctx := context.Background()
  conf := &pkce.Config{
    oauth2.Config{
      ClientID:     "YOUR_CLIENT_ID",
      ClientSecret: "YOUR_CLIENT_SECRET",
      Scopes:       []string{"SCOPE1", "SCOPE2"},
      Endpoint: oauth2.Endpoint{
        AuthURL:  "https://provider.com/o/oauth2/auth",
        TokenURL: "https://provider.com/o/oauth2/token",
      },
    },
  }

  verifier, _ := pkce.NewCodeVerifier(32)
  challenge, _ := pkce.CodeChallenge(verifier)

  url := conf.AuthCodeURL("state", challenge, oauth2.AccessTypeOffline)

  fmt.Printf("Visit the URL and log in: %s\n", url)
  fmt.Print("Enter code from return URI: ")

  code := ""
  if _, err := fmt.Scan(&code); err != nil {
    log.Fatal(err)
  }
  tok, err := conf.Exchange(ctx, code, verifier)
  if err != nil {
    log.Fatal(err)
  }

  client := conf.Client(ctx, tok)
}

# Functions

CodeChallenge takes a verifier, ensures it is within acceptable length, and generates the challenge to be sent to the server.
NewCodeVerifier returns a Base64 encoded string of random bytes of the given length.
VerifyChallenge is the same as VerifyChallengeErr, but errors are ignored and a single boolean value will be returned.
VerifyChallengeErr takes a given verifier and challenge and returns if they match.

# Constants

MethodS256 is the value to send with ParamCodeChallengeMethod to indicate we are using the S256 encoding method for our challenge.
ParamCodeChallenge is the key used to send the challenge value to the server.
ParamCodeChallengeMethod is the key used to send the challenge method to the server.
ParamCodeVerifier is the key used to send the code verifier to the server.

# Variables

ErrCodeVerifierByteLengthInvalid is returned when calling NewCodeVerifier with a byte length that is outside the permitted value (32-96 bytes).
ErrCodeVerifierLengthInvalid is returned when calling CodeChallenge with a verifier that is outside the permitted length (43-128 characters).

# Structs

Config is a wrapper around oauth2.Config.