pkce

Release 2.1.0

An OAuth Proof Key for Code Exchange (PKCE) challenge and code verifier.

Homepage Repository Rubygems Ruby Documentation Download

Keywords
oauth, oauth2, pkce, pkce-authentication, security
License
Hippocratic-2.1
Install
gem install pkce -v 2.1.0

Documentation

Proof Key for Code Exchange (PKCE)

Proof Key for Code Exchange (PKCE) is an authorization code flow extension to OAuth which is necessary for mobile authentication but works well for web flows because the added security is transparent to the user. Specifically, PKCE prevents the following types of attacks:

  • Authorization code interception

  • Authorization code injection

This gem is an implementation of the RFC 7636 specification so you can leverage PKCE in your own code.

Table of Contents

Features

  • Implements the RFC 7636 specification.

  • Provides a simple object API for obtaining a challenge and verify code.

  • Provides max length security by default.

  • Answers a monad result.

Requirements

Setup

To install with security, run:

# 💡 Skip this line if you already have the public certificate installed.
gem cert --add <(curl --compressed --location https://alchemists.io/gems.pem)
gem install pkce --trust-policy HighSecurity

To install without security, run:

gem install pkce

You can also add the gem directly to your project:

bundle add pkce

Once the gem is installed, you only need to require it:

require "pkce"

Usage

The object API is simple to work with as you only need to interact with the PKCE constant. Example:

code = PKCE.call.success
code.challenge  # e2tGChTfGON-C55i0yu13-urIgDFuMCmo73F7TZmoiw
code.verify     # hYnx2WTJo7Bgu1-GqPUIYtRkb2W7pRBawkmdDi3omPdramb27Fp4rps_w6ozns-gbVCKFC2-Kno4P_b1H3FuxnlYIOd9Bo5yoTXq_xEHDJaB_fOfn2NaiCtcWQ8Bs91I

You can also pass in a custom length (default is maximum):

code = PKCE.call(length: 35).success
code.challenge  # R1b1Ka3jmrLKvQ7xW5QmP5MsCSEWtdoA2lo3r-SZDfg
code.verify     # ucKkqwoMzc9cyPcSGMbuVf3ivr4sep2mq15hGN9sVzl4X7g

In case of a failure, you’ll get a proper error message:

PKCE.call(length: 100).failure  # Invalid PKCE verifier length: 100. Must be between 32..96.

Due to the fact that PKCE answers back a monad, you have all of the power of pattern matching at your fingertips as well:

include Dry::Monads[:result]

case PKCE.call
  in Success(code) then puts code.inspect
  in Failure(message) then puts message
end

Finally, since the code answered back is a Data object that you can easily test and interact with:

PKCE.call.success
#<data PKCE::Code challenge="ROMnfvHt04xhM80WB2PyPK67GGrG35UdFEf0DEBkes0", verify="cUq917cDIROAUkew-OjIdfIz1OYyv-ERt9NnSdzlxz4XSYzdbRycVuRDD2SBIDBiKnXUamxvpxNRsUMBQ1PvBdtziGs_oYe98MDWmM8J2_NJQBVg2kP-B2OqBdMp00qh">

Development

To contribute, run:

git clone https://github.com/bkuhlmann/pkce
cd pkce
bin/setup

You can also use the IRB console for direct access to all objects:

bin/console

Architecture

The following documents the workflow used to process and build authorization codes.

Sequence Diagram

Tests

To test, run:

bin/rake

Credits

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
12
Latest release
First release
Stars
1
Forks
0
Watchers
3
Contributors
1
Repository size
124 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.1.0
2.0.0
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.2.0
See all 12 releases

Maintainers

bkuhlmann

Contributors

Brooke Kuhlmann


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-03-03 18:35:07 UTC

Login to resync this project