# File lib/rack/oauth2/server/extension/pkce.rb, line 19 def self.included(klass) klass.send :attr_optional, :code_verifier end
# File lib/rack/oauth2/server/extension/pkce.rb, line 23 def initialize(env) super @code_verifier = params['code_verifier'] end
# File lib/rack/oauth2/server/extension/pkce.rb, line 28 def verify_code_verifier!(code_challenge, code_challenge_method = :S256) if code_verifier.present? || code_challenge.present? case code_challenge_method.try(:to_sym) when :S256 code_challenge == Util.urlsafe_base64_encode( OpenSSL::Digest::SHA256.digest(code_verifier.to_s) ) or invalid_grant! when :plain code_challenge == code_verifier or invalid_grant! else invalid_grant! end end end