Class: XeroKiwi::OAuth::PKCE

Inherits:

Object

• Object
• XeroKiwi::OAuth::PKCE

Defined in:

lib/xero_kiwi/oauth/pkce.rb

Overview

Implementation of PKCE (Proof Key for Code Exchange — RFC 7636).

PKCE binds the auth code to the original authorisation request: the client generates a random verifier, hashes it into a challenge, sends the challenge with the authorise call, then proves possession of the original verifier when exchanging the code. An attacker that intercepts the auth code can’t redeem it without the verifier.

Required for public OAuth clients (mobile, SPA), recommended for confidential server-side clients as defence in depth.

Constant Summary

CHALLENGE_METHOD =

"S256"

Instance Attribute Summary

• #challenge ⇒ Object readonly

  Returns the value of attribute challenge.

• #verifier ⇒ Object readonly

  Returns the value of attribute verifier.

Class Method Summary

• .generate ⇒ Object

Instance Method Summary

• #initialize(verifier:) ⇒ PKCE constructor

  A new instance of PKCE.

• #to_h ⇒ Object

Constructor Details

#initialize(verifier:) ⇒ PKCE

Returns a new instance of PKCE.

# File 'lib/xero_kiwi/oauth/pkce.rb', line 28

def initialize(verifier:)
  @verifier  = verifier
  @challenge = compute_challenge(verifier)
end

Instance Attribute Details

#challenge ⇒ Object (readonly)

Returns the value of attribute challenge.

# File 'lib/xero_kiwi/oauth/pkce.rb', line 22

def challenge
  @challenge
end

#verifier ⇒ Object (readonly)

Returns the value of attribute verifier.

# File 'lib/xero_kiwi/oauth/pkce.rb', line 22

def verifier
  @verifier
end

Class Method Details

.generate ⇒ Object

# File 'lib/xero_kiwi/oauth/pkce.rb', line 24

def self.generate
  new(verifier: SecureRandom.urlsafe_base64(32))
end

Instance Method Details

#to_h ⇒ Object

# File 'lib/xero_kiwi/oauth/pkce.rb', line 33

def to_h
  {
    code_verifier:         verifier,
    code_challenge:        challenge,
    code_challenge_method: CHALLENGE_METHOD
  }
end