pkce

package

v0.229.0 Latest Latest Go to latest Published: May 27, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sergiught/auth0-mock

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pkce implements the in-memory store of PKCE challenges that link a /authorize redirect to its later /oauth/token exchange.

Auth0 (and OAuth 2.1 generally) requires SPAs and native clients to send a code_challenge + code_challenge_method on /authorize and the matching code_verifier on /oauth/token. The server stores the challenge keyed by the generated code; when the client exchanges that code it must present a verifier that hashes back to the stored challenge.

Index ¶

Constants
type Entry
- func (e *Entry) Verify(verifier string) error
type Method
type Option
- func WithNow(now func() time.Time) Option
type Store
- func NewStore(opts ...Option) *Store

Constants ¶

View Source

const DefaultTTL = 10 * time.Minute

DefaultTTL is how long a stored challenge is valid before the matching code becomes unredeemable.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Entry ¶

type Entry struct {
	Challenge string
	Method    Method
	ClientID  string
	Redirect  string
	// contains filtered or unexported fields
}

Entry is the data stashed at /authorize and consulted at /oauth/token.

func (*Entry) Verify ¶

func (e *Entry) Verify(verifier string) error

Verify reports whether the supplied verifier matches the entry's challenge per the entry's Method. Returns a descriptive error on mismatch.

type Method ¶

type Method string

Method is the code_challenge_method value the client used at /authorize.

const (
	// MethodS256 hashes the verifier with SHA-256.
	MethodS256 Method = "S256"
	// MethodPlain accepts the verifier as-is. Discouraged; supported for parity.
	MethodPlain Method = "plain"
)

type Option ¶ added in v0.227.0

type Option func(*Store)

Option configures a Store at construction.

func WithNow ¶ added in v0.227.0

func WithNow(now func() time.Time) Option

WithNow overrides the time source used for entry expiry. Wire to a clock.Controlled.Now to give tests runtime control over PKCE-code expiry windows. Nil is silently ignored.

type Store ¶

type Store struct {
	// contains filtered or unexported fields
}

Store maps the random code returned by /authorize to its PKCE Entry. Entries expire after DefaultTTL. Safe for concurrent use.

func NewStore ¶

func NewStore(opts ...Option) *Store

NewStore returns an empty Store with the default TTL.

func (*Store) Consume ¶

func (s *Store) Consume(code string) (Entry, bool)

Consume returns the Entry registered against code and removes it. Returns false if the code is unknown or its entry has expired.

func (*Store) Put ¶

func (s *Store) Put(code string, e Entry)

Put records a challenge for the given code. The entry is single-use and expires after DefaultTTL.

func (*Store) Reset ¶

func (s *Store) Reset()

Reset drops every stored challenge.

Source Files ¶

View all Source files

pkce.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL