This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Code_challenge_method
Code_challenge_method

Version management

Difference between version and

At line 1 added 59 lines
!!! Overview
The [{$pagename}] is specified in the [Proof Key for Code Exchange by OAuth Public Clients]
!! [Example] for the S256 [{$pagename}]
The [OAuth Client] uses output of a suitable random number generator to create a 32-octet sequence. The octets representing the value in this example (using JSON array notation) are:"
%%prettify
{{{
[116, 24, 223, 180, 151, 153, 224, 37, 79, 250, 96, 125, 216, 173, 187, 186, 22, 212, 37, 77, 105, 214, 191, 240, 91, 88, 5, 88, 83, 132, 141, 121]
}}} /%
Encoding this octet sequence as a Base64url provides the value of the code_verifier:
%%prettify
{{{
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
}}} /%
The [code_verifier] is then [hashed|Hash] via the [SHA256] [hash Function] to produce:
%%prettify
{{{
[19, 211, 30, 150, 26, 26, 216, 236, 47, 22, 177, 12, 76, 152, 46, 8, 118, 168, 120, 173, 109, 241, 68, 86, 110, 225, 137, 74, 203, 112, 249, 195]
}}}
Encoding this octet sequence as a base64url provides the value of the [code_challenge]:
%%prettify
{{{
E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
}}}
The [Authorization Request] includes:
%%prettify
{{{
code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
&code_challange_method=S256
}}}
The [Authorization Server] then records the [code_challenge] and [code_challenge_method] along with the [Authorization Code] that is granted to the
[OAuth Client].
In the [Access Token Request] to the [token_endpoint] the client includes the code received in the authorization response as well as the additional paramater:
%%prettify
{{{
code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
}}}
The [Authorization Server] retrieves the information for the code grant. Based on the recorded [{$pagename}] being S256, it then hashes and base64url encodes the value of code_verifier.
BASE64URL-ENCODE(SHA256(ASCII("[code_verifier]" )))
The calculated value is then compared with the value of [code_challenge]:
%%prettify
{{{
BASE64URL-ENCODE(SHA256(ASCII("code_verifier" ))) == code_challenge
}}}
If the two values are equal then the [Authorization Server] can provide the tokens as long as there are no other errors in the request. If the values are not equal then the request must be rejected, and an [error|OAuth Error] returned.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop