adriengras / pkce-php
A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.
Installs: 2 690
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 2
Requires
- php: >=7.4
Requires (Dev)
- symfony/test-pack: ^1.1
README
A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.
This little utility is intended to help people using Oauth2 with PKCE in PHP. It provides a simple way to generate a code verifier, a code challenge and to validate a code verifier with a code challenge.
Summary
Features
- Generate a code verifier
- Generate a code challenge from a given code verifier
- Generate a pair of code verifier and code challenge
- Verify a code verifier with a code challenge
Note: All the code complies to the RFC 7636.
Installation
Using composer:
composer require adriengras/pkce-php
Usage
// import with composer autoloader use AdrienGras\PKCE\PKCE; // ... // generate a code verifier $verifier = PKCEUtils::generateCodeVerifier(); // generate a code challenge from the code verifier $challenge = PKCEUtils::generateCodeChallenge($verifier); // you can also use the plain text challenge method for testing purpose // WARNING: this method is not secure and should not be used in production $challenge = PKCEUtils::generateCodeChallenge($verifier, PKCEUtils::CODE_CHALLENGE_METHOD_PLAIN); // alternatively, generate a pair of code verifier and code challenge $pair = PKCEUtils::generateCodePair(); $verifier = $pair['code_verifier']; $challenge = $pair['code_challenge']; // or with destructuring [$verifier, $challenge] = PKCEUtils::generateCodePair(); // validate a code verifier with a code challenge $isValid = PKCEUtils::validate($verifier, $challenge);
Note You can also use the test case suite as a full example on how to use this utility. You can find it in the tests folder.
License
This project is licensed under the MIT License - see the LICENSE file for details.