A specification compliant implementation of RFC7636 - Proof Key for Code Exchange (PKCE) for Go

pkce

Go Reference Go Report Card Go Test golangci-lint

pkce implements the client side of RFC 7636 "Proof Key for Code Exchange by OAuth Public Clients" (PKCE) to enable the generation of cryptographically secure and specification compliant code verifiers and code challenges. With no external dependencies .

Getting Started

pkce makes use of go mod, you can install it by using go get:

go get github.com/matthewhartstonge/pkce

Examples

Structs

For those that like abstractions, feel free to enjoy "safety ™️ ":

package main

import (
	"fmt"

	"github.com/matthewhartstonge/pkce"
)

func main() {
	// Generate a secure proof key! 
	// Make sure yo do this each time you want a new proof key - it's stateful.
	key, err := pkce.New()
	if err != nil {
		panic(err)
	}

	fmt.Println("my generated code verifier is:", key.CodeVerifier())
	fmt.Println("my generated plain code challenge is:", key.CodeChallenge())

	// Finally - on the server-side side, we can verify the received code 
	// verifier:
	receivedCodeVerifier := "#yolo-cant-verify-me-mr-mcbaggins"
	isValid := key.VerifyCodeVerifier(receivedCodeVerifier)
	fmt.Println("is the received code verifier valid?", isValid)
}

Okay, so that was a bit easy... But, what can I configure?!?

package main

import (
	"fmt"

	"github.com/matthewhartstonge/pkce"
)

func main() {
	// Generate a ... proof key!
	key, err := pkce.New(
		// pkce.WithCodeVerifierLength enables increasing entropy for 
		// super-duper securities!
		pkce.WithCodeVerifierLength(9001),

		// pkce.WithChallengeMethod enables setting the PKCE mode, which is 
		// really code name for setting the method to "plain" for, you know, if
		// you've got a non-compliant OAuth PKCE accepting server that may 
		// require backwards compatibility. #SnarkIntended
		pkce.WithChallengeMethod(pkce.Plain),

		// pkce.WithCodeVerifier enables BYO code verifier.
		//
		// ... I hope you use a secure implementation ...
		//
		// This is mainly useful if you like the struct style of encapsulation, 
		// or if loading the verifier from a datastore.
		//
		// Using this option will disable code verifier generation, therefore 
		// `pkce.WithCodeVerifierLength` will be redundant if specified.
		pkce.WithCodeVerifier([]byte("#YOLO")),
	)
	if err != nil {
		// hah, yeah, there's gonna be an error or two...
		panic(err)
	}

	// ... otherwise, it's business as usual ...

Functional

For those that like functions, you can fight against your own "to err == programmer"

package main

import (
	"fmt"

	"github.com/matthewhartstonge/pkce"
)

func main() {
	// Generate a secure code verifier!
	codeVerifier, err := pkce.GenerateCodeVerifier(50)
	if err != nil {
		panic(err)
	}

	// OR, lawd forbid, you can generate and send in your own code verifier...
	//    ... don't do this ...

	// Then we can generate a code challenge based on the incoming code 
	// challenge method
	codeChallenge, err := pkce.GenerateCodeChallenge(pkce.S256, codeVerifier)
	if err != nil {
		panic(err)
	}

	fmt.Println("my manually generated code verifier is:", codeVerifier)
	fmt.Println("my manually generated code challenge is:", codeChallenge)

	// Finally - on the server-side side, we can verify the received code 
	// verifier:
	incomingCodeVerifier := "#yolo-cant-verify-me-mr-mcbaggins"
	isValid := pkce.VerifyCodeVerifier(pkce.S256, incomingCodeVerifier, codeChallenge)
	fmt.Println("is the received code verifier valid?", isValid)
}

What is PKCE?

Great Question!

For more information on "Proof Key for Code Exchange (PKCE) by OAuth Public Clients" (or for some light bedtime reading) check out the following links:

Owner
Matthew Hartstonge
Lead Dev @ LINC-ED. I love being able to build human centric software that enables people to do magic! (oh, and building massive cloud scale infrastructure!)
Matthew Hartstonge
Similar Resources

Platform-Agnostic Security Tokens implementation in GO (Golang)

Golang implementation of PASETO: Platform-Agnostic Security Tokens This is a 100% compatible pure Go (Golang) implementation of PASETO tokens. PASETO

Jan 2, 2023

[NO LONGER MAINTAINED} oauth 2 server implementation in Go

hero hero is a feature rich oauth 2 server implementation in Go. Features User account management Client management oauth 2 rfc 6749 compliant Configu

Nov 18, 2022

OAuth 1.0a implementation in Go

Package oauth1a Summary An implementation of OAuth 1.0a in Go1. API reference Installing Run: go get github.com/kurrik/oauth1a Include in your source

Aug 23, 2022

OAuth 1.0 implementation in go (golang).

OAuth 1.0 Library for Go (If you need an OAuth 2.0 library, check out: https://godoc.org/golang.org/x/oauth2) Developing your own apps, with this libr

Nov 22, 2022

A go implementation of JSON Web Tokens

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

Jan 7, 2023

A fast and simple JWT implementation for Go

A fast and simple JWT implementation for Go

JWT Fast and simple JWT implementation written in Go. This package was designed with security, performance and simplicity in mind, it protects your to

Jan 5, 2023

backend implementation demonstration in go with JWT, MongoDB and etc.

backend implementation demonstration in go with JWT, MongoDB and etc.

Nov 19, 2022

Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider

dispans Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider. The name comes from the Swedish word dispen

Dec 22, 2021

Golang implementation of JWT and Refresh Token

Fiber and JWT with Refresh Token Repo ini adalah demostrasi JWT support refresh token tanpa menggunakan storage Branch Main: unlimited refresh token R

Dec 18, 2022
stark key authentication library, signature generator for dydx exchange

stark key authentication library, signature generator for dydx exchange for the following operations: Place an order Withdraw funds link : https://doc

Nov 10, 2022
A set of tests to check compliance with the Prometheus Remote Write specification

Prometheus Compliance Tests This repo contains code to test compliance with various Prometheus standards. PromQL The promql directory contains code to

Dec 4, 2022
Key-Checker - Go scripts for checking API key / access token validity
Key-Checker - Go scripts for checking API key / access token validity

Key-Checker Go scripts for checking API key / access token validity Update V1.0.0 ?? Added 37 checkers! Screenshoot ?? How to Install go get github.co

Dec 19, 2022
:key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.

branca branca is a secure alternative to JWT, This implementation is written in pure Go (no cgo dependencies) and implements the branca token specific

Dec 29, 2022
fiber api key authentication middleware

fiber-key-auth Secure your fiber endpoints using API keys. Report Bug · Request Feature Table of Contents About The Project Built With Getting Started

Dec 14, 2022
Advent of Code Input Loader, provide a session cookie and a problem date, returns a string or []byte of the input

Advent of Code Get (aocget) A small lib to download your puzzle input for a given day. Uses your session token to authenticate to obtain your personal

Dec 9, 2021
An implementation of JOSE standards (JWE, JWS, JWT) in Go

Go JOSE Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSO

Dec 18, 2022
goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

goRBAC goRBAC provides a lightweight role-based access control implementation in Golang. For the purposes of this package: * an identity has one or mo

Dec 29, 2022
This is an implementation of JWT in golang!

jwt This is a minimal implementation of JWT designed with simplicity in mind. What is JWT? Jwt is a signed JSON object used for claims based authentic

Oct 25, 2022
Golang implementation of JSON Web Tokens (JWT)

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

Jan 6, 2023