From 5cad5e7c9d1db63e57570a8387b14d295965e055 Mon Sep 17 00:00:00 2001 From: Mark Laing Date: Wed, 4 Jun 2025 10:24:21 +0100 Subject: [PATCH] pkg/client/rp: Add `GenerateAndStoreCodeChallengeWithRequest` function. It's not possible to add a `http.Request` argument to `GenerateAndStoreCodeChallenge` as this would be a breaking change. Instead, add a new function that accepts a request argument and call `SetRequestAwareCookie` here. Signed-off-by: Mark Laing --- pkg/client/rp/relying_party.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/client/rp/relying_party.go b/pkg/client/rp/relying_party.go index 9efc893..3cd8db1 100644 --- a/pkg/client/rp/relying_party.go +++ b/pkg/client/rp/relying_party.go @@ -436,6 +436,15 @@ func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (stri return oidc.NewSHACodeChallenge(codeVerifier), nil } +// GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie +func GenerateAndStoreCodeChallengeWithRequest(r *http.Request, w http.ResponseWriter, rp RelyingParty) (string, error) { + codeVerifier := base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String())) + if err := rp.CookieHandler().SetRequestAwareCookie(r, w, pkceCode, codeVerifier); err != nil { + return "", err + } + return oidc.NewSHACodeChallenge(codeVerifier), nil +} + // ErrMissingIDToken is returned when an id_token was expected, // but not received in the token response. var ErrMissingIDToken = errors.New("id_token missing")