func codeChallengeParams()

in auth/login.go [202:218]

• 9 lines of code
• 2 McCabe index (conditional complexity)

func codeChallengeParams() (verifier, challenge, method string, err error) {
	// A `code_verifier` is a high-entropy cryptographic random string using the unreserved characters
	// [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
	// with a minimum length of 43 characters and a maximum length of 128 characters.
	verifier, err = makeRandString(32)
	if err != nil {
		return "", "", "", err
	}

	// https://tools.ietf.org/html/rfc7636#section-4.2
	// If the client is capable of using "S256", it MUST use "S256":
	// code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))
	sha := sha256.Sum256([]byte(verifier))
	challenge = base64.RawURLEncoding.EncodeToString(sha[:])

	return verifier, challenge, "S256", nil
}