MCPcopy
hub / github.com/zitadel/oidc / AuthorizeCodeChallenge

Function AuthorizeCodeChallenge

pkg/op/token_request.go:134–150  ·  view source on GitHub ↗

AuthorizeCodeChallenge authorizes a client by validating the code_verifier against the previously sent code_challenge of the auth request (PKCE)

(codeVerifier string, challenge *oidc.CodeChallenge)

Source from the content-addressed store, hash-verified

132// AuthorizeCodeChallenge authorizes a client by validating the code_verifier against the previously sent
133// code_challenge of the auth request (PKCE)
134func AuthorizeCodeChallenge(codeVerifier string, challenge *oidc.CodeChallenge) error {
135 if challenge == nil {
136 if codeVerifier != "" {
137 return oidc.ErrInvalidRequest().WithDescription("code_verifier unexpectedly provided")
138 }
139
140 return nil
141 }
142
143 if codeVerifier == "" {
144 return oidc.ErrInvalidRequest().WithDescription("code_verifier required")
145 }
146 if !oidc.VerifyCodeChallenge(challenge, codeVerifier) {
147 return oidc.ErrInvalidGrant().WithDescription("invalid code_verifier")
148 }
149 return nil
150}
151
152// AuthorizePrivateJWTKey authorizes a client by validating the client_assertion's signature with a previously
153// registered public key (JWT Profile)

Callers 3

AuthorizeCodeClientFunction · 0.85
CodeExchangeMethod · 0.85

Calls 2

VerifyCodeChallengeFunction · 0.92
WithDescriptionMethod · 0.80

Tested by 1

Used in the wild real call sites across dependent graphs

searching dependent graphs…