MCPcopy Index your code
hub / github.com/coder/coder / ValidatePKCECodeChallengeMethod

Function ValidatePKCECodeChallengeMethod

codersdk/oauth2_validation.go:238–254  ·  view source on GitHub ↗

ValidatePKCECodeChallengeMethod validates PKCE code_challenge_method parameter. Per OAuth 2.1, only S256 is supported; plain is rejected for security reasons.

(method string)

Source from the content-addressed store, hash-verified

236// ValidatePKCECodeChallengeMethod validates PKCE code_challenge_method parameter.
237// Per OAuth 2.1, only S256 is supported; plain is rejected for security reasons.
238func ValidatePKCECodeChallengeMethod(method string) error {
239 if method == "" {
240 return nil // Optional, defaults to S256 if code_challenge is provided
241 }
242
243 m := OAuth2PKCECodeChallengeMethod(method)
244
245 if m == OAuth2PKCECodeChallengeMethodPlain {
246 return xerrors.New("code_challenge_method 'plain' is not supported; use 'S256'")
247 }
248
249 if m != OAuth2PKCECodeChallengeMethodS256 {
250 return xerrors.Errorf("unsupported code_challenge_method: %s", method)
251 }
252
253 return nil
254}
255
256// validateURIField validates a URI field
257func validateURIField(uriStr, fieldName string) error {

Callers 2

ProcessAuthorizeFunction · 0.92

Calls 3

NewMethod · 0.65
ErrorfMethod · 0.45

Tested by 1