| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
- // SPDX-License-Identifier: Apache-2.0
- package oauth2 // import "miniflux.app/v2/internal/oauth2"
- import (
- "crypto/sha256"
- "encoding/base64"
- "golang.org/x/oauth2"
- "miniflux.app/v2/internal/crypto"
- )
- // Authorization holds the OAuth2 authorization URL, state parameter, and PKCE code verifier.
- type Authorization struct {
- url string
- state string
- codeVerifier string
- }
- // RedirectURL returns the OAuth2 authorization URL to redirect the user to.
- func (a *Authorization) RedirectURL() string {
- return a.url
- }
- // State returns the random state parameter used for CSRF protection.
- func (a *Authorization) State() string {
- return a.state
- }
- // CodeVerifier returns the PKCE code verifier associated with this authorization.
- func (a *Authorization) CodeVerifier() string {
- return a.codeVerifier
- }
- // GenerateAuthorization creates a new Authorization with a random state and PKCE code challenge
- // derived from the given OAuth2 configuration.
- func GenerateAuthorization(config *oauth2.Config) *Authorization {
- codeVerifier := crypto.GenerateRandomStringHex(32)
- sum := sha256.Sum256([]byte(codeVerifier))
- state := crypto.GenerateRandomStringHex(24)
- authURL := config.AuthCodeURL(
- state,
- oauth2.SetAuthURLParam("code_challenge_method", "S256"),
- oauth2.SetAuthURLParam("code_challenge", base64.RawURLEncoding.EncodeToString(sum[:])),
- )
- return &Authorization{
- url: authURL,
- state: state,
- codeVerifier: codeVerifier,
- }
- }
|
