Remove PKCE implementation from oauth2params package (#262)

* Replace PKCE with oauth2 Verifier

* Fix comment

Author: int128

example/main.go

@@ -9,7 +9,6 @@ import (
 	"strings"
 
 	"github.com/int128/oauth2cli"
-	"github.com/int128/oauth2cli/oauth2params"
 	"github.com/pkg/browser"
 	"golang.org/x/oauth2"
 	"golang.org/x/sync/errgroup"
@@ -51,12 +50,9 @@ Then set the following options:`)
 		log.Printf("Using the TLS certificate: %s", o.localServerCert)
 	}
 
-	pkce, err := oauth2params.NewPKCE()
-	if err != nil {
-		log.Fatalf("error: %s", err)
-	}
 	ready := make(chan string, 1)
 	defer close(ready)
+	pkceVerifier := oauth2.GenerateVerifier()
 	cfg := oauth2cli.Config{
 		OAuth2Config: oauth2.Config{
 			ClientID:     o.clientID,
@@ -67,8 +63,8 @@ Then set the following options:`)
 			},
 			Scopes: strings.Split(o.scopes, ","),
 		},
-		AuthCodeOptions:      pkce.AuthCodeOptions(),
-		TokenRequestOptions:  pkce.TokenRequestOptions(),
+		AuthCodeOptions:      []oauth2.AuthCodeOption{oauth2.S256ChallengeOption(pkceVerifier)},
+		TokenRequestOptions:  []oauth2.AuthCodeOption{oauth2.VerifierOption(pkceVerifier)},
 		LocalServerReadyChan: ready,
 		LocalServerCertFile:  o.localServerCert,
 		LocalServerKeyFile:   o.localServerKey,

oauth2cli.go

@@ -54,10 +54,10 @@ type Config struct {
 	OAuth2Config oauth2.Config
 
 	// Options for an authorization request.
-	// You can set oauth2.AccessTypeOffline and the PKCE options here.
+	// You can set oauth2.AccessTypeOffline or oauth2.S256ChallengeOption.
 	AuthCodeOptions []oauth2.AuthCodeOption
 	// Options for a token request.
-	// You can set the PKCE options here.
+	// You can set oauth2.VerifierOption.
 	TokenRequestOptions []oauth2.AuthCodeOption
 	// State parameter in the authorization request.
 	// Default to a string of random 32 bytes.

oauth2params/params.go

@@ -3,12 +3,9 @@ package oauth2params
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
 	"encoding/base64"
 	"encoding/binary"
 	"fmt"
-
-	"golang.org/x/oauth2"
 )
 
 // NewState returns a state parameter.
@@ -21,51 +18,6 @@ func NewState() (string, error) {
 	return base64URLEncode(b), nil
 }
 
-// PKCE represents a set of PKCE parameters.
-// See https://tools.ietf.org/html/rfc7636.
-type PKCE struct {
-	CodeChallenge       string
-	CodeChallengeMethod string
-	CodeVerifier        string
-}
-
-// AuthCodeOptions returns options for oauth2.Config.AuthCodeURL().
-func (pkce *PKCE) AuthCodeOptions() []oauth2.AuthCodeOption {
-	return []oauth2.AuthCodeOption{
-		oauth2.SetAuthURLParam("code_challenge_method", pkce.CodeChallengeMethod),
-		oauth2.SetAuthURLParam("code_challenge", pkce.CodeChallenge),
-	}
-}
-
-// TokenRequestOptions returns options for oauth2.Config.Exchange().
-func (pkce *PKCE) TokenRequestOptions() []oauth2.AuthCodeOption {
-	return []oauth2.AuthCodeOption{
-		oauth2.SetAuthURLParam("code_verifier", pkce.CodeVerifier),
-	}
-}
-
-// NewPKCE returns a PKCE parameter.
-// This generates 256 bits of random bytes.
-func NewPKCE() (*PKCE, error) {
-	b, err := random(32)
-	if err != nil {
-		return nil, fmt.Errorf("could not generate a random: %w", err)
-	}
-	s := computeS256(b)
-	return &s, nil
-}
-
-func computeS256(b []byte) PKCE {
-	v := base64URLEncode(b)
-	s := sha256.New()
-	_, _ = s.Write([]byte(v))
-	return PKCE{
-		CodeChallenge:       base64URLEncode(s.Sum(nil)),
-		CodeChallengeMethod: "S256",
-		CodeVerifier:        v,
-	}
-}
-
 func random(bits int) ([]byte, error) {
 	b := make([]byte, bits)
 	if err := binary.Read(rand.Reader, binary.LittleEndian, b); err != nil {