Warning: Due to various recent migrations, viewing non-HEAD refs may be broken.

/pkce.go (raw)

package main

import (
	"fmt"
	"strings"
)

const (
	pkceRequirementNone  = ""
	pkceRequirementPlain = pkceMethodPlain
	pkceRequirementS256  = pkceMethodS256
)

func normalizeClientPKCERequirement(value string) (string, error) {
	switch strings.ToUpper(strings.TrimSpace(value)) {
	case "", "NONE":
		return pkceRequirementNone, nil
	case strings.ToUpper(pkceRequirementPlain):
		return pkceRequirementPlain, nil
	case pkceRequirementS256:
		return pkceRequirementS256, nil
	default:
		return "", fmt.Errorf("invalid PKCE requirement")
	}
}

func allowPKCERequirement(method, requirement string) bool {
	requirement = strings.ToUpper(requirement)
	method = strings.ToUpper(method)
	switch requirement {
	case "", "NONE":
		return true
	case strings.ToUpper(pkceRequirementPlain):
		return method == strings.ToUpper(pkceMethodPlain) || method == strings.ToUpper(pkceMethodS256)
	case pkceRequirementS256:
		return method == strings.ToUpper(pkceMethodS256)
	default:
		return false
	}
}