adriengras/pkce-php

A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.

v1.0.3 2023-08-25 14:40 UTC

This package is auto-updated.

Last update: 2024-11-25 17:17:25 UTC


README

GitHub GitHub workflows

A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.

This little utility is intended to help people using Oauth2 with PKCE in PHP. It provides a simple way to generate a code verifier, a code challenge and to validate a code verifier with a code challenge.

Summary

Features

  • Generate a code verifier
  • Generate a code challenge from a given code verifier
  • Generate a pair of code verifier and code challenge
  • Verify a code verifier with a code challenge

Note: All the code complies to the RFC 7636.

Installation

Using composer:

composer require adriengras/pkce-php

Usage

// import with composer autoloader
use AdrienGras\PKCE\PKCE;

// ...

// generate a code verifier
$verifier = PKCEUtils::generateCodeVerifier();

// generate a code challenge from the code verifier
$challenge = PKCEUtils::generateCodeChallenge($verifier);

// you can also use the plain text challenge method for testing purpose
// WARNING: this method is not secure and should not be used in production
$challenge = PKCEUtils::generateCodeChallenge($verifier, PKCEUtils::CODE_CHALLENGE_METHOD_PLAIN);

// alternatively, generate a pair of code verifier and code challenge
$pair = PKCEUtils::generateCodePair();
$verifier = $pair['code_verifier'];
$challenge = $pair['code_challenge'];
// or with destructuring
[$verifier, $challenge] = PKCEUtils::generateCodePair();

// validate a code verifier with a code challenge
$isValid = PKCEUtils::validate($verifier, $challenge);

Note You can also use the test case suite as a full example on how to use this utility. You can find it in the tests folder.

License

This project is licensed under the MIT License - see the LICENSE file for details.