in fxa/oauth.py [0:0]
def generate_pkce_challenge(self):
"""Ramdomly generate parameters for a PKCE challenge.
This method returns a two-tuple (challenge, response) where the first
item contains request parameters for a PKCE challenge, and the second
item contains the corresponding parameters for a verification.
"""
code_verifier = base64.urlsafe_b64encode(os.urandom(32)).decode('utf-8').rstrip("=")
raw_challenge = hashlib.sha256(code_verifier.encode('utf-8')).digest()
code_challenge = base64.urlsafe_b64encode(raw_challenge).decode('utf-8').rstrip("=")
return ({
"code_challenge": code_challenge,
"code_challenge_method": "S256",
}, {
"code_verifier": code_verifier,
})