vinder.federation.webapi/Source/Vinder.Federation.Application/Utilities/PkceCodeVerifier.cs at 02ef3828d9850e956d057dea2630add7e957b43e · vinder-io/vinder.federation.webapi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
namespace Vinder.Federation.Application.Utilities;

public static class PkceCodeVerifier
{
    public static bool Validate(string codeVerifier, string codeChallenge, string method)
    {
        if (string.IsNullOrWhiteSpace(codeVerifier) || string.IsNullOrWhiteSpace(codeChallenge))
        {
            return false;
        }

        // according to pkce spec (RFC 7636, section 4.6):
        // https://datatracker.ietf.org/doc/html/rfc7636#section-4.6

        return method switch
        {
            SupportedPkceMethods.PkceS256 => PkceCodeVerifier.ValidateS256(codeVerifier, codeChallenge),
            SupportedPkceMethods.PkcePlain => codeVerifier == codeChallenge,

            _ => false
        };
    }

    private static bool ValidateS256(string codeVerifier, string codeChallenge)
    {
        var bytes = SHA256.HashData(System.Text.Encoding.ASCII.GetBytes(codeVerifier));
        var hashed = Base64UrlEncoder.Encode(bytes);

        return hashed == codeChallenge;
    }
}