Module: Rack::OAuth2::Server::Extension::PKCE::TokenRequest

Included in:

Token::AuthorizationCode::Request

Defined in:

lib/rack/oauth2/server/extension/pkce.rb

Class Method Summary

• .included(klass) ⇒ Object

Instance Method Summary

• #initialize(env) ⇒ Object
• #verify_code_verifier!(code_challenge, code_challenge_method = :S256) ⇒ Object

Class Method Details

.included(klass) ⇒ Object

# File 'lib/rack/oauth2/server/extension/pkce.rb', line 19

def self.included(klass)
  klass.send :attr_optional, :code_verifier
end

Instance Method Details

#initialize(env) ⇒ Object

# File 'lib/rack/oauth2/server/extension/pkce.rb', line 23

def initialize(env)
  super
  @code_verifier = params['code_verifier']
end

#verify_code_verifier!(code_challenge, code_challenge_method = :S256) ⇒ Object

# File 'lib/rack/oauth2/server/extension/pkce.rb', line 28

def verify_code_verifier!(code_challenge, code_challenge_method = :S256)
  if code_verifier.present? || code_challenge.present?
    case code_challenge_method.try(:to_sym)
    when :S256
      code_challenge == Util.urlsafe_base64_encode(
        OpenSSL::Digest::SHA256.digest(code_verifier.to_s)
      ) or invalid_grant!
    when :plain
      code_challenge == code_verifier or invalid_grant!
    else
      invalid_grant!
    end
  end
end