Record Class PkceChallenge

java.lang.Object
java.lang.Record
cloud.opencode.base.oauth2.pkce.PkceChallenge

public record PkceChallenge(String verifier, String challenge, String method) extends Record
PKCE (Proof Key for Code Exchange) Challenge PKCE 挑战

Implements RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.

实现 RFC 7636 - OAuth 公共客户端的代码交换证明密钥。

Features | 主要功能:

  • Secure verifier generation - 安全验证器生成
  • S256 challenge method - S256 挑战方法
  • Base64 URL-safe encoding - Base64 URL 安全编码

Usage Examples | 使用示例:

// Generate PKCE challenge
PkceChallenge pkce = PkceChallenge.generate();

// Use in authorization request
String authUrl = authEndpoint
    + "?code_challenge=" + pkce.challenge()
    + "&code_challenge_method=" + pkce.method();

// Use verifier in token exchange
tokenRequest.put("code_verifier", pkce.verifier());

Security | 安全性:

  • Uses SecureRandom for cryptographic randomness - 使用 SecureRandom 生成加密随机数
  • SHA-256 for challenge generation - 使用 SHA-256 生成挑战
  • 43 character verifier (recommended minimum) - 43 字符验证器(推荐最小值)
Since:
JDK 25, opencode-base-oauth2 V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PKCE plain method name (not recommended) PKCE plain 方法名称(不推荐)
    static final String
    PKCE S256 method name PKCE S256 方法名称
  • Constructor Summary

    Constructors
    Constructor
    Description
    PkceChallenge(String verifier, String challenge, String method)
    Creates an instance of a PkceChallenge record class.
  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    Calculate S256 challenge from verifier 从验证器计算 S256 挑战
    Returns the value of the challenge record component.
    final boolean
    Indicates whether some other object is "equal to" this one.
    Generate a new PKCE challenge with S256 method 使用 S256 方法生成新的 PKCE 挑战
    generate(int verifierBytes)
    Generate a new PKCE challenge with custom verifier length 使用自定义验证器长度生成新的 PKCE 挑战
    final int
    Returns a hash code value for this object.
    boolean
    Check if this challenge uses plain method 检查此挑战是否使用 plain 方法
    boolean
    Check if this challenge uses S256 method 检查此挑战是否使用 S256 方法
    Returns the value of the method record component.
    plain(String verifier)
    Create a plain PKCE challenge (not recommended, use S256 instead) 创建 plain PKCE 挑战(不推荐,请使用 S256)
    final String
    Returns a string representation of this record class.
    Returns the value of the verifier record component.
    static boolean
    verify(String verifier, String challenge, String method)
    Verify that the verifier matches the challenge using constant-time comparison 使用恒定时间比较验证验证器是否匹配挑战

    Methods inherited from class Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait
  • Field Details

    • METHOD_S256

      public static final String METHOD_S256
      PKCE S256 method name PKCE S256 方法名称
      See Also:
    • METHOD_PLAIN

      public static final String METHOD_PLAIN
      PKCE plain method name (not recommended) PKCE plain 方法名称(不推荐)
      See Also:
  • Constructor Details

    • PkceChallenge

      public PkceChallenge(String verifier, String challenge, String method)
      Creates an instance of a PkceChallenge record class.
      Parameters:
      verifier - the value for the verifier record component
      challenge - the value for the challenge record component
      method - the value for the method record component
  • Method Details

    • generate

      public static PkceChallenge generate()
      Generate a new PKCE challenge with S256 method 使用 S256 方法生成新的 PKCE 挑战
      Returns:
      the PKCE challenge | PKCE 挑战
      Throws:
      OAuth2Exception - if SHA-256 is not available | 如果 SHA-256 不可用
    • generate

      public static PkceChallenge generate(int verifierBytes)
      Generate a new PKCE challenge with custom verifier length 使用自定义验证器长度生成新的 PKCE 挑战
      Parameters:
      verifierBytes - the number of random bytes (32-96 recommended) | 随机字节数(推荐 32-96)
      Returns:
      the PKCE challenge | PKCE 挑战
      Throws:
      OAuth2Exception - if SHA-256 is not available | 如果 SHA-256 不可用
      IllegalArgumentException - if verifierBytes is less than 32 | 如果 verifierBytes 小于 32
    • plain

      public static PkceChallenge plain(String verifier)
      Create a plain PKCE challenge (not recommended, use S256 instead) 创建 plain PKCE 挑战(不推荐,请使用 S256)
      Parameters:
      verifier - the verifier | 验证器
      Returns:
      the PKCE challenge | PKCE 挑战
    • calculateS256Challenge

      public static String calculateS256Challenge(String verifier)
      Calculate S256 challenge from verifier 从验证器计算 S256 挑战
      Parameters:
      verifier - the verifier | 验证器
      Returns:
      the challenge | 挑战
      Throws:
      OAuth2Exception - if SHA-256 is not available | 如果 SHA-256 不可用
    • verify

      public static boolean verify(String verifier, String challenge, String method)
      Verify that the verifier matches the challenge using constant-time comparison 使用恒定时间比较验证验证器是否匹配挑战
      Parameters:
      verifier - the verifier to check | 要检查的验证器
      challenge - the expected challenge | 预期的挑战
      method - the challenge method | 挑战方法
      Returns:
      true if valid | 有效返回 true
    • isS256

      public boolean isS256()
      Check if this challenge uses S256 method 检查此挑战是否使用 S256 方法
      Returns:
      true if S256 | 如果是 S256 返回 true
    • isPlain

      public boolean isPlain()
      Check if this challenge uses plain method 检查此挑战是否使用 plain 方法
      Returns:
      true if plain | 如果是 plain 返回 true
    • toString

      public final String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object
    • hashCode

      public final int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object
    • equals

      public final boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared with Objects::equals(Object,Object).
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.
    • verifier

      public String verifier()
      Returns the value of the verifier record component.
      Returns:
      the value of the verifier record component
    • challenge

      public String challenge()
      Returns the value of the challenge record component.
      Returns:
      the value of the challenge record component
    • method

      public String method()
      Returns the value of the method record component.
      Returns:
      the value of the method record component