mirror of
https://github.com/coder/coder.git
synced 2025-07-08 11:39:50 +00:00
# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
21 lines
571 B
Go
21 lines
571 B
Go
package oauth2provider
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
)
|
|
|
|
// VerifyPKCE verifies that the code_verifier matches the code_challenge
|
|
// using the S256 method as specified in RFC 7636.
|
|
func VerifyPKCE(challenge, verifier string) bool {
|
|
if challenge == "" || verifier == "" {
|
|
return false
|
|
}
|
|
|
|
// S256: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge
|
|
h := sha256.Sum256([]byte(verifier))
|
|
computed := base64.RawURLEncoding.EncodeToString(h[:])
|
|
return subtle.ConstantTimeCompare([]byte(challenge), []byte(computed)) == 1
|
|
}
|