simple_openid_connect.pkce

Implementation of PKCE code challenge and verifier generation.

Original code from @RomeoDespres in their pkce repository:

Examples

>>> from simple_openid_connect import pkce
>>> code_verifier, code_challenge = pkce.generate_pkce_pair()

>>> from simple_openid_connect import pkce
>>> code_verifier = pkce.generate_code_verifier(length=128)
>>> code_challenge = pkce.get_code_challenge(code_verifier)

Functions

generate_code_verifier([length])	Return a random PKCE-compliant code verifier.
generate_pkce_pair([code_verifier_length])	Return random PKCE-compliant code verifier and its corresponding code challenge.
get_code_challenge(code_verifier)	Generate the corresponding code challenge for a given verifier.

simple_openid_connect.pkce.generate_code_verifier(length: int = 128) → str

Return a random PKCE-compliant code verifier.

Parameters:

length – Code verifier length. Must be betwen 43 and 128.

Raises:

ValueError – When length is not between 43 and 128.

Returns:

A url-safe string ready to be used as a code verifier.

simple_openid_connect.pkce.generate_pkce_pair(code_verifier_length: int = 128) → Tuple[str, str]

Return random PKCE-compliant code verifier and its corresponding code challenge.

Parameters:

code_verifier_length – Length of the generated code verifier. Must be between 43 and 128.

Raises:

ValueError – When code_verifier_length is not between 43 and 128.

Returns code_verifier, code_challenge:

A tuple containing the code verifier along with its corresponding challenge.

simple_openid_connect.pkce.get_code_challenge(code_verifier: str) → str

Generate the corresponding code challenge for a given verifier.

Parameters:

code_verifier – The code verifier from which a challenge should be derived.

Raises:

ValueError – When code_verifier is not bettween 43 and 128 long.

Returns:

The url-safe challenge string that corresponds to the given verifier.