Class: Safire::PKCE

Inherits:

Object

• Object
• Safire::PKCE

Defined in:

lib/safire/pkce.rb

Overview

PKCE (Proof Key for Code Exchange) implementation This class generates a code verifier and corresponding code challenge for use in OAuth2 authorization flows. It supports the S256 code challenge method.

See Also:

• https://datatracker.ietf.org/doc/html/rfc7636

Class Method Summary

• .generate_code_challenge(code_verifier) ⇒ String

  Generates a code challenge from the given code verifier using SHA256 and base64url encoding.

• .generate_code_verifier ⇒ Object

Class Method Details

.generate_code_challenge(code_verifier) ⇒ String

Generates a code challenge from the given code verifier using SHA256 and base64url encoding

Parameters:

• code_verifier (String) —

  the code verifier

Returns:

• (String) —

  the generated code challenge

Raises:

• (ArgumentError) —

  if the code verifier is invalid

# File 'lib/safire/pkce.rb', line 17

def generate_code_challenge(code_verifier)
  validate_verifier(code_verifier)

  digest = Digest::SHA256.digest(code_verifier)
  Base64.urlsafe_encode64(digest).tr('=', '')
end

.generate_code_verifier ⇒ Object

# File 'lib/safire/pkce.rb', line 8

def generate_code_verifier
  # Using 96 bytes will produce a 128-character URL-safe base64 string which is the max length allowed
  SecureRandom.urlsafe_base64(96).tr('=', '')
end