Главная Обзор Помощь
Вход
SMusatov
/
ydb
зеркало из https://github.com/ydb-platform/ydb.git
1
0
Ответвить 0
Файлы
Дерево: c1fd9ca198
Ветки Метки
ydb
/
contrib
/
python
/
oauth2client
/
py3
/
oauth2client
/
_pkce.py

_pkce.py 2.1 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. # Copyright 2016 Google Inc. All rights reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. 

  15. """
    16. 

  16. Utility functions for implementing Proof Key for Code Exchange (PKCE) by OAuth
    17. 

  17. Public Clients
    18. 

  18. 

  19. See RFC7636.
    20. 

  20. """
    21. 

  21. 

  22. import base64
    23. 

  23. import hashlib
    24. 

  24. import os
    25. 

  25. 

  26. 

  27. def code_verifier(n_bytes=64):
    28. 

  28.     """
    29. 

  29.     Generates a 'code_verifier' as described in section 4.1 of RFC 7636.
    30. 

  30. 

  31.     This is a 'high-entropy cryptographic random string' that will be
    32. 

  32.     impractical for an attacker to guess.
    33. 

  33. 

  34.     Args:
    35. 

  35.         n_bytes: integer between 31 and 96, inclusive. default: 64
    36. 

  36.             number of bytes of entropy to include in verifier.
    37. 

  37. 

  38.     Returns:
    39. 

  39.         Bytestring, representing urlsafe base64-encoded random data.
    40. 

  40.     """
    41. 

  41.     verifier = base64.urlsafe_b64encode(os.urandom(n_bytes)).rstrip(b'=')
    42. 

  42.     # https://tools.ietf.org/html/rfc7636#section-4.1
    43. 

  43.     # minimum length of 43 characters and a maximum length of 128 characters.
    44. 

  44.     if len(verifier) < 43:
    45. 

  45.         raise ValueError("Verifier too short. n_bytes must be > 30.")
    46. 

  46.     elif len(verifier) > 128:
    47. 

  47.         raise ValueError("Verifier too long. n_bytes must be < 97.")
    48. 

  48.     else:
    49. 

  49.         return verifier
    50. 

  50. 

  51. 

  52. def code_challenge(verifier):
    53. 

  53.     """
    54. 

  54.     Creates a 'code_challenge' as described in section 4.2 of RFC 7636
    55. 

  55.     by taking the sha256 hash of the verifier and then urlsafe
    56. 

  56.     base64-encoding it.
    57. 

  57. 

  58.     Args:
    59. 

  59.         verifier: bytestring, representing a code_verifier as generated by
    60. 

  60.             code_verifier().
    61. 

  61. 

  62.     Returns:
    63. 

  63.         Bytestring, representing a urlsafe base64-encoded sha256 hash digest,
    64. 

  64.             without '=' padding.
    65. 

  65.     """
    66. 

  66.     digest = hashlib.sha256(verifier).digest()
    67. 

  67.     return base64.urlsafe_b64encode(digest).rstrip(b'=')
    68.