oidc-provider
Version:
OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect
31 lines (25 loc) • 747 B
JavaScript
import * as crypto from 'node:crypto';
import { InvalidGrant } from './errors.js';
import checkFormat from './pkce_format.js';
import constantEquals from './constant_equals.js';
export default function checkPKCE(verifier, challenge, method) {
if (verifier) {
checkFormat(verifier, 'code_verifier');
}
if (verifier || challenge) {
try {
let expected = verifier;
if (!expected) throw new Error();
if (method === 'S256') {
expected = crypto.hash('sha256', expected, 'base64url');
} else {
throw new Error();
}
if (!constantEquals(challenge, expected)) {
throw new Error();
}
} catch (err) {
throw new InvalidGrant('PKCE verification failed');
}
}
}