ultisuite-backend/internal/migration/pkce.go

package migration

import (
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
)

func base64URLEncode(b []byte) string {
	return base64.RawURLEncoding.EncodeToString(b)
}

func sha256Sum(input string) ([]byte, error) {
	sum := sha256.Sum256([]byte(input))
	return sum[:], nil
}

func newPKCE() (verifier, challenge string, err error) {
	b := make([]byte, 32)
	if _, err := rand.Read(b); err != nil {
		return "", "", err
	}
	verifier = base64.RawURLEncoding.EncodeToString(b)
	sum, err := sha256Sum(verifier)
	if err != nil {
		return "", "", err
	}
	challenge = base64.RawURLEncoding.EncodeToString(sum)
	return verifier, challenge, nil
}