stynx_code_auth/infrastructure/oauth/
pkce.rs1use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
2use sha2::{Digest, Sha256};
3
4pub struct PkceChallenge {
5 pub code_verifier: String,
6 pub code_challenge: String,
7}
8
9pub fn generate_pkce() -> PkceChallenge {
10 let verifier_bytes = generate_random_bytes();
11 let code_verifier = URL_SAFE_NO_PAD.encode(&verifier_bytes);
12
13 let mut hasher = Sha256::new();
14 hasher.update(code_verifier.as_bytes());
15 let hash = hasher.finalize();
16 let code_challenge = URL_SAFE_NO_PAD.encode(hash);
17
18 PkceChallenge {
19 code_verifier,
20 code_challenge,
21 }
22}
23
24fn generate_random_bytes() -> [u8; 32] {
25 let mut bytes = [0u8; 32];
26 getrandom::getrandom(&mut bytes)
27 .expect("OS CSPRNG unavailable — cannot generate PKCE verifier safely");
28 bytes
29}