Sign Up ›
  • Ian Ratcliffe
  • NEWBIE
  • 5 Points
  • Member since 2016
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 2
    Replies
SOLVED
3 replies

Generating OAuth Code Challenge and Code Verifier in PHP

I've successfully gone through the process for Web Server OAuth Authentication Flow outlined below to aquire an access and request token:

https://developer.salesforce.com/docs/atlas.en-us.200.0.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm

However I'm having difficulty adding in the optional additional security measure of adding a code_challenge and code_verifier in the requests.

I have tried... 
$random = openssl_random_pseudo_bytes(128);
$verifier = base64_encode($random);
$challenge = base64_encode(hash('sha256', $verifier));
Or maybe don't encode the verifier before applying the hash 
$random = openssl_random_pseudo_bytes(128);
$verifier = base64_encode($random);
$challenge = base64_encode(hash('sha256', $random));
Or maybe they want 128 chars instead of bytes 
$random = bin2hex(openssl_random_pseudo_bytes(64));
Or maybe the encoding needs to be url safe: 
function base64url_encode($data) {
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

No luck so far. Has anyone manged to do the sucecssfuly in PHP or otherwise, or could spot a glaring mistake I'm making, who could offer some advice? 


 
SOLVED
3 replies

Generating OAuth Code Challenge and Code Verifier in PHP

I've successfully gone through the process for Web Server OAuth Authentication Flow outlined below to aquire an access and request token:

https://developer.salesforce.com/docs/atlas.en-us.200.0.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm

However I'm having difficulty adding in the optional additional security measure of adding a code_challenge and code_verifier in the requests.

I have tried... 
$random = openssl_random_pseudo_bytes(128);
$verifier = base64_encode($random);
$challenge = base64_encode(hash('sha256', $verifier));
Or maybe don't encode the verifier before applying the hash 
$random = openssl_random_pseudo_bytes(128);
$verifier = base64_encode($random);
$challenge = base64_encode(hash('sha256', $random));
Or maybe they want 128 chars instead of bytes 
$random = bin2hex(openssl_random_pseudo_bytes(64));
Or maybe the encoding needs to be url safe: 
function base64url_encode($data) {
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

No luck so far. Has anyone manged to do the sucecssfuly in PHP or otherwise, or could spot a glaring mistake I'm making, who could offer some advice?