VerifyPKCE verifies that the code_verifier matches the code_challenge using the S256 method as specified in RFC 7636.
(challenge, verifier string)
| 9 | // VerifyPKCE verifies that the code_verifier matches the code_challenge |
| 10 | // using the S256 method as specified in RFC 7636. |
| 11 | func VerifyPKCE(challenge, verifier string) bool { |
| 12 | if challenge == "" || verifier == "" { |
| 13 | return false |
| 14 | } |
| 15 | |
| 16 | // S256: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge |
| 17 | h := sha256.Sum256([]byte(verifier)) |
| 18 | computed := base64.RawURLEncoding.EncodeToString(h[:]) |
| 19 | return subtle.ConstantTimeCompare([]byte(challenge), []byte(computed)) == 1 |
| 20 | } |
no outgoing calls