platform/packages/oauth2/lib/src/pkce.dart

import 'dart:convert';
import 'package:crypto/crypto.dart';
import 'exception.dart';

/// A class that facilitates verification of challenges for
/// [Proof Key for Code Exchange](https://oauth.net/2/pkce/).
class Pkce {
  /// A [String] defining how to handle the [codeChallenge].
  final String codeChallengeMethod;

  /// The proof key that is used to secure public clients.
  final String? codeChallenge;

  Pkce(this.codeChallengeMethod, this.codeChallenge) {
    assert(codeChallengeMethod == 'plain' || codeChallengeMethod == 's256',
        "The `code_challenge_method` parameter must be either 'plain' or 's256'.");
  }

  /// Attempts to parse a [codeChallenge] and [codeChallengeMethod] from a [Map].
  factory Pkce.fromJson(Map data, {String? state, Uri? uri}) {
    var codeChallenge = data['code_challenge']?.toString();
    var codeChallengeMethod =
        data['code_challenge_method']?.toString() ?? 'plain';

    if (codeChallengeMethod != 'plain' && codeChallengeMethod != 's256') {
      throw AuthorizationException(ErrorResponse(
          ErrorResponse.invalidRequest,
          "The `code_challenge_method` parameter must be either 'plain' or 's256'.",
          state,
          uri: uri));
    } else if (codeChallenge?.isNotEmpty != true) {
      throw AuthorizationException(ErrorResponse(ErrorResponse.invalidRequest,
          'Missing `code_challenge` parameter.', state,
          uri: uri));
    }

    return Pkce(codeChallengeMethod, codeChallenge);
  }

  /// Returns [true] if the [codeChallengeMethod] is `plain`.
  bool get isPlain => codeChallengeMethod == 'plain';

  /// Returns [true] if the [codeChallengeMethod] is `s256`.
  bool get isS256 => codeChallengeMethod == 's256';

  /// Determines if a given [codeVerifier] is valid.
  void validate(String codeVerifier, {String? state, Uri? uri}) {
    String foreignChallenge;

    if (isS256) {
      foreignChallenge =
          base64Url.encode(sha256.convert(ascii.encode(codeVerifier)).bytes);
    } else {
      foreignChallenge = codeVerifier;
    }

    if (foreignChallenge != codeChallenge) {
      throw AuthorizationException(
        ErrorResponse(ErrorResponse.invalidGrant,
            'The given `code_verifier` parameter is invalid.', state,
            uri: uri),
      );
    }
  }

  /// Creates a JSON-serializable representation of this instance.
  Map<String, dynamic> toJson() {
    return {
      'code_challenge': codeChallenge,
      'code_challenge_method': codeChallengeMethod
    };
  }
}
add pkce class 2018-12-15 07:45:40 +00:00			`import 'dart:convert';`
			`import 'package:crypto/crypto.dart';`
			`import 'exception.dart';`

			`/// A class that facilitates verification of challenges for`
			`/// [Proof Key for Code Exchange](https://oauth.net/2/pkce/).`
			`class Pkce {`
			`/// A [String] defining how to handle the [codeChallenge].`
			`final String codeChallengeMethod;`

			`/// The proof key that is used to secure public clients.`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`final String? codeChallenge;`
add pkce class 2018-12-15 07:45:40 +00:00
			`Pkce(this.codeChallengeMethod, this.codeChallenge) {`
			`assert(codeChallengeMethod == 'plain' \|\| codeChallengeMethod == 's256',`
			"The `code_challenge_method` parameter must be either 'plain' or 's256'.");
			`}`

			`/// Attempts to parse a [codeChallenge] and [codeChallengeMethod] from a [Map].`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`factory Pkce.fromJson(Map data, {String? state, Uri? uri}) {`
add pkce class 2018-12-15 07:45:40 +00:00			`var codeChallenge = data['code_challenge']?.toString();`
			`var codeChallengeMethod =`
			`data['code_challenge_method']?.toString() ?? 'plain';`

			`if (codeChallengeMethod != 'plain' && codeChallengeMethod != 's256') {`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`throw AuthorizationException(ErrorResponse(`
add pkce class 2018-12-15 07:45:40 +00:00			`ErrorResponse.invalidRequest,`
			"The `code_challenge_method` parameter must be either 'plain' or 's256'.",
			`state,`
			`uri: uri));`
			`} else if (codeChallenge?.isNotEmpty != true) {`
Format 2019-05-02 07:28:48 +00:00			`throw AuthorizationException(ErrorResponse(ErrorResponse.invalidRequest,`
			'Missing `code_challenge` parameter.', state,
add pkce class 2018-12-15 07:45:40 +00:00			`uri: uri));`
			`}`

Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`return Pkce(codeChallengeMethod, codeChallenge);`
add pkce class 2018-12-15 07:45:40 +00:00			`}`

			/// Returns [true] if the [codeChallengeMethod] is `plain`.
			`bool get isPlain => codeChallengeMethod == 'plain';`

			/// Returns [true] if the [codeChallengeMethod] is `s256`.
			`bool get isS256 => codeChallengeMethod == 's256';`

			`/// Determines if a given [codeVerifier] is valid.`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`void validate(String codeVerifier, {String? state, Uri? uri}) {`
add pkce class 2018-12-15 07:45:40 +00:00			`String foreignChallenge;`

			`if (isS256) {`
			`foreignChallenge =`
add example 2018-12-15 08:39:04 +00:00			`base64Url.encode(sha256.convert(ascii.encode(codeVerifier)).bytes);`
add pkce class 2018-12-15 07:45:40 +00:00			`} else {`
add example 2018-12-15 08:39:04 +00:00			`foreignChallenge = codeVerifier;`
add pkce class 2018-12-15 07:45:40 +00:00			`}`

			`if (foreignChallenge != codeChallenge) {`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`throw AuthorizationException(`
			`ErrorResponse(ErrorResponse.invalidGrant,`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			'The given `code_verifier` parameter is invalid.', state,
add pkce class 2018-12-15 07:45:40 +00:00			`uri: uri),`
			`);`
			`}`
			`}`
pkce factories injected 2018-12-15 07:48:34 +00:00
			`/// Creates a JSON-serializable representation of this instance.`
			`Map<String, dynamic> toJson() {`
			`return {`
			`'code_challenge': codeChallenge,`
			`'code_challenge_method': codeChallengeMethod`
			`};`
			`}`
add pkce class 2018-12-15 07:45:40 +00:00			`}`