kurlyk/Pkce_8hpp_source.html

#pragma once

#ifndef _KURLYK_UTILS_PKCE_HPP_INCLUDED

#define _KURLYK_UTILS_PKCE_HPP_INCLUDED


#include "Base64Url.hpp"

#include <hmac_cpp/sha256.hpp>

#include <hmac_cpp/hmac_utils.hpp>

#include <string>

#include <vector>

#include <cstdint>

#include <algorithm>


namespace kurlyk {

namespace utils {


    struct PkcePair {

        std::string code_verifier;

        std::string code_challenge;

        std::string code_challenge_method = "S256";

    };


    inline std::string generate_code_verifier(std::size_t length = 64) {

        static const char allowed[] =

            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~";

        if (length < 43) length = 43;

        if (length > 128) length = 128;


        std::vector<uint8_t> random_bytes = hmac_cpp::random_bytes(length);

        std::string verifier;

        verifier.reserve(length);


        const std::size_t allowed_count = sizeof(allowed) - 1; // exclude null terminator

        for (std::size_t i = 0; i < length; ++i) {

            verifier.push_back(allowed[random_bytes[i] % allowed_count]);

        }

        return verifier;

    }


    inline std::string make_s256_code_challenge(const std::string& verifier) {

        std::vector<uint8_t> digest = hmac_hash::sha256(

            reinterpret_cast<const uint8_t*>(verifier.data()),

            verifier.size());

        return base64url_encode(digest.data(), digest.size());

    }


    inline PkcePair make_pkce_pair() {

        PkcePair pair;

        pair.code_verifier = generate_code_verifier();

        pair.code_challenge = make_s256_code_challenge(pair.code_verifier);

        return pair;

    }


} // namespace utils

} // namespace kurlyk


#endif // _KURLYK_UTILS_PKCE_HPP_INCLUDED

Base64Url.hpp
Provides Base64url encoding and decoding (RFC 4648, no padding).

kurlyk::utils::base64url_encode
std::string base64url_encode(const uint8_t *data, std::size_t length)
Encodes a byte buffer using Base64url (RFC 4648) without padding.
Definition Base64Url.hpp:19

kurlyk::utils::make_s256_code_challenge
std::string make_s256_code_challenge(const std::string &verifier)
Creates an S256 code challenge from a verifier.
Definition Pkce.hpp:50

kurlyk::utils::make_pkce_pair
PkcePair make_pkce_pair()
Creates a PKCE pair with a freshly generated verifier.
Definition Pkce.hpp:59

kurlyk::utils::generate_code_verifier
std::string generate_code_verifier(std::size_t length=64)
Generates a cryptographically strong PKCE code verifier.
Definition Pkce.hpp:30

kurlyk
Primary namespace for the Kurlyk library, encompassing initialization, request management,...

kurlyk::utils::PkcePair
Stores PKCE verifier and challenge values.
Definition Pkce.hpp:21

kurlyk::utils::PkcePair::code_challenge_method
std::string code_challenge_method
Challenge method, always "S256".
Definition Pkce.hpp:24

kurlyk::utils::PkcePair::code_verifier
std::string code_verifier
Randomly generated code verifier.
Definition Pkce.hpp:22

kurlyk::utils::PkcePair::code_challenge
std::string code_challenge
Derived S256 code challenge.
Definition Pkce.hpp:23