Module pkce

Expand description

PKCE (Proof Key for Code Exchange) implementation for OAuth 2.0 security. PKCE (Proof Key for Code Exchange) implementation.

RFC 7636 compliant PKCE for OAuth 2.0 authorization code flow security with SHA256 challenge generation. 2. Authorize: Send the code challenge with the authorization request 3. Exchange: Send the original code verifier when exchanging the authorization code for tokens

§Example

use atproto_oauth::pkce;

// Generate PKCE parameters
let (code_verifier, code_challenge) = pkce::generate();

// Use code_challenge in authorization URL
println!("Authorization URL: https://auth.example.com/oauth/authorize?code_challenge={}", code_challenge);

// Later, use code_verifier when exchanging authorization code for tokens
println!("Token exchange: code_verifier={}", code_verifier);

§Security

Code verifiers are generated using cryptographically secure random number generation
Challenges use SHA256 hashing with base64url encoding (without padding)
Implements the S256 code challenge method as specified in RFC 7636

Functions§

challenge: Creates a PKCE code challenge from a code verifier.
generate: Generates a PKCE code verifier and code challenge pair.

Module pkce

Module pkce Copy item path

§Example

§Security

Functions§

Module pkce