A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.
This little utility is intended to help people using Oauth2 with PKCE in PHP. It provides a simple way to generate a code verifier, a code challenge and to validate a code verifier with a code challenge.
- Generate a code verifier
- Generate a code challenge from a given code verifier
- Generate a pair of code verifier and code challenge
- Verify a code verifier with a code challenge
Note: All the code complies to the RFC 7636.
Using composer:
composer require adriengras/pkce-php// import with composer autoloader
use AdrienGras\PKCE\PKCE;
// ...
// generate a code verifier
$verifier = PKCEUtils::generateCodeVerifier();
// generate a code challenge from the code verifier
$challenge = PKCEUtils::generateCodeChallenge($verifier);
// you can also use the plain text challenge method for testing purpose
// WARNING: this method is not secure and should not be used in production
$challenge = PKCEUtils::generateCodeChallenge($verifier, PKCEUtils::CODE_CHALLENGE_METHOD_PLAIN);
// alternatively, generate a pair of code verifier and code challenge
$pair = PKCEUtils::generateCodePair();
$verifier = $pair['code_verifier'];
$challenge = $pair['code_challenge'];
// or with destructuring
['code_verifier' => $verifier, 'code_challenge' => $challenge] = PKCEUtils::generateCodePair();
// validate a code verifier with a code challenge
$isValid = PKCEUtils::validate($verifier, $challenge);Note You can also use the test case suite as a full example on how to use this utility. You can find it in the tests folder.
This project is licensed under the MIT License - see the LICENSE file for details.