AuthorizeCodeChallenge authorizes a client by validating the code_verifier against the previously sent code_challenge of the auth request (PKCE)
(codeVerifier string, challenge *oidc.CodeChallenge)
| 132 | // AuthorizeCodeChallenge authorizes a client by validating the code_verifier against the previously sent |
| 133 | // code_challenge of the auth request (PKCE) |
| 134 | func AuthorizeCodeChallenge(codeVerifier string, challenge *oidc.CodeChallenge) error { |
| 135 | if challenge == nil { |
| 136 | if codeVerifier != "" { |
| 137 | return oidc.ErrInvalidRequest().WithDescription("code_verifier unexpectedly provided") |
| 138 | } |
| 139 | |
| 140 | return nil |
| 141 | } |
| 142 | |
| 143 | if codeVerifier == "" { |
| 144 | return oidc.ErrInvalidRequest().WithDescription("code_verifier required") |
| 145 | } |
| 146 | if !oidc.VerifyCodeChallenge(challenge, codeVerifier) { |
| 147 | return oidc.ErrInvalidGrant().WithDescription("invalid code_verifier") |
| 148 | } |
| 149 | return nil |
| 150 | } |
| 151 | |
| 152 | // AuthorizePrivateJWTKey authorizes a client by validating the client_assertion's signature with a previously |
| 153 | // registered public key (JWT Profile) |
searching dependent graphs…