Documentation
¶
Overview ¶
Package authzsig provides HMAC-SHA256 signing and verification for OAuth2 authorize request parameters. This prevents tampering with hidden form fields (scope, code_challenge, code_challenge_method, nonce) between the authorize and login/signup steps.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Sign ¶
func Sign(p AuthorizeParams) string
Sign computes an HMAC-SHA256 signature over the authorize parameters using the CSRF secret key. The signature is returned as a base64url-encoded string.
func Verify ¶
func Verify(p AuthorizeParams, signature string) bool
Verify checks that the provided signature matches the HMAC of the given authorize parameters. Returns true if valid, false if tampered.
Types ¶
type AuthorizeParams ¶
type AuthorizeParams struct {
ClientID string
RedirectURI string
Scope string
Nonce string
CodeChallenge string
CodeChallengeMethod string
State string
}
AuthorizeParams holds the security-sensitive parameters from the authorize request that must be protected against tampering.
Source Files
Click to show internal directories.
Click to hide internal directories.