GenerateSecret generates a secret to be used as a client secret, refresh token, or authorization code.
()
| 60 | // GenerateSecret generates a secret to be used as a client secret, refresh |
| 61 | // token, or authorization code. |
| 62 | func GenerateSecret() (HashedAppSecret, error) { |
| 63 | // 40 characters matches the length of GitHub's client secrets. |
| 64 | secret, hashedSecret, err := apikey.GenerateSecret(40) |
| 65 | if err != nil { |
| 66 | return HashedAppSecret{}, err |
| 67 | } |
| 68 | |
| 69 | // This ID is prefixed to the secret so it can be used to look up the secret |
| 70 | // when the user provides it, since we cannot just re-hash it to match as we |
| 71 | // will not have the salt. |
| 72 | prefix, err := cryptorand.String(10) |
| 73 | if err != nil { |
| 74 | return HashedAppSecret{}, err |
| 75 | } |
| 76 | |
| 77 | return HashedAppSecret{ |
| 78 | AppSecret: AppSecret{ |
| 79 | Formatted: fmt.Sprintf("%s_%s_%s", SecretIdentifier, prefix, secret), |
| 80 | Secret: secret, |
| 81 | Prefix: prefix, |
| 82 | }, |
| 83 | Hashed: hashedSecret, |
| 84 | }, nil |
| 85 | } |