Add code challenge support

src/data/code_challenge.rs

@@ -0,0 +1,70 @@
+use base64::URL_SAFE_NO_PAD;
+
+use crate::utils::crypt_utils::sha256;
+
+/// Code challenge, as specified in <https://datatracker.ietf.org/doc/rfc7636/>
+///
+/// See some implementation help in <https://docs.hidglobal.com/activid-as-v8.5/api/openid/leverage-pkce-auth-code-grant-flow.htm>
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct CodeChallenge {
+    pub code_challenge: String,
+    pub code_challenge_method: String,
+}
+
+impl CodeChallenge {
+    pub fn verify_code(&self, code_verifer: &str) -> bool {
+        match self.code_challenge_method.as_str() {
+            "plain" => code_verifer.eq(&self.code_challenge),
+            "S256" => {
+                let encoded = base64::encode_config(
+                    sha256(code_verifer.as_bytes()),
+                    URL_SAFE_NO_PAD,
+                );
+
+                encoded.eq(&self.code_challenge)
+            }
+            s => {
+                log::error!("Unknown code challenge method: {}", s);
+                false
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use crate::data::code_challenge::CodeChallenge;
+
+    #[test]
+    fn test_plain() {
+        let chal = CodeChallenge {
+            code_challenge_method: "plain".to_string(),
+            code_challenge: "text1".to_string(),
+        };
+
+        assert_eq!(true, chal.verify_code("text1"));
+        assert_eq!(false, chal.verify_code("text2"));
+    }
+
+    #[test]
+    fn test_s256() {
+        let chal = CodeChallenge {
+            code_challenge_method: "S256".to_string(),
+            code_challenge: "uSOvC48D8TMh6RgW-36XppMlMgys-6KAE_wEIev9W2g".to_string(),
+        };
+
+        assert_eq!(true, chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA=="));
+        assert_eq!(false, chal.verify_code("text1"));
+    }
+
+    #[test]
+    fn test_s256_2() {
+        let chal = CodeChallenge {
+            code_challenge_method: "S256".to_string(),
+            code_challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM".to_string(),
+        };
+
+        assert_eq!(true, chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"));
+        assert_eq!(false, chal.verify_code("text1"));
+    }
+}

src/data/mod.rs

@@ -7,4 +7,5 @@ pub mod remote_ip;
 pub mod current_user;
 pub mod openid_config;
 pub mod jwt_signer;
-pub mod id_token;
+pub mod id_token;
+pub mod code_challenge;