Record Class PkceChallenge
java.lang.Object
java.lang.Record
cloud.opencode.base.oauth2.pkce.PkceChallenge
PKCE (Proof Key for Code Exchange) Challenge
PKCE 挑战
Implements RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.
实现 RFC 7636 - OAuth 公共客户端的代码交换证明密钥。
Features | 主要功能:
- Secure verifier generation - 安全验证器生成
- S256 challenge method - S256 挑战方法
- Base64 URL-safe encoding - Base64 URL 安全编码
Usage Examples | 使用示例:
// Generate PKCE challenge
PkceChallenge pkce = PkceChallenge.generate();
// Use in authorization request
String authUrl = authEndpoint
+ "?code_challenge=" + pkce.challenge()
+ "&code_challenge_method=" + pkce.method();
// Use verifier in token exchange
tokenRequest.put("code_verifier", pkce.verifier());
Security | 安全性:
- Uses SecureRandom for cryptographic randomness - 使用 SecureRandom 生成加密随机数
- SHA-256 for challenge generation - 使用 SHA-256 生成挑战
- 43 character verifier (recommended minimum) - 43 字符验证器(推荐最小值)
- Since:
- JDK 25, opencode-base-oauth2 V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionPkceChallenge(String verifier, String challenge, String method) Creates an instance of aPkceChallengerecord class. -
Method Summary
Modifier and TypeMethodDescriptionstatic StringcalculateS256Challenge(String verifier) Calculate S256 challenge from verifier 从验证器计算 S256 挑战Returns the value of thechallengerecord component.final booleanIndicates whether some other object is "equal to" this one.static PkceChallengegenerate()Generate a new PKCE challenge with S256 method 使用 S256 方法生成新的 PKCE 挑战static PkceChallengegenerate(int verifierBytes) Generate a new PKCE challenge with custom verifier length 使用自定义验证器长度生成新的 PKCE 挑战final inthashCode()Returns a hash code value for this object.booleanisPlain()Check if this challenge uses plain method 检查此挑战是否使用 plain 方法booleanisS256()Check if this challenge uses S256 method 检查此挑战是否使用 S256 方法method()Returns the value of themethodrecord component.static PkceChallengeCreate a plain PKCE challenge (not recommended, use S256 instead) 创建 plain PKCE 挑战(不推荐,请使用 S256)final StringtoString()Returns a string representation of this record class.verifier()Returns the value of theverifierrecord component.static booleanVerify that the verifier matches the challenge using constant-time comparison 使用恒定时间比较验证验证器是否匹配挑战
-
Field Details
-
METHOD_S256
-
METHOD_PLAIN
PKCE plain method name (not recommended) PKCE plain 方法名称(不推荐)- See Also:
-
-
Constructor Details
-
PkceChallenge
-
-
Method Details
-
generate
Generate a new PKCE challenge with S256 method 使用 S256 方法生成新的 PKCE 挑战- Returns:
- the PKCE challenge | PKCE 挑战
- Throws:
OAuth2Exception- if SHA-256 is not available | 如果 SHA-256 不可用
-
generate
Generate a new PKCE challenge with custom verifier length 使用自定义验证器长度生成新的 PKCE 挑战- Parameters:
verifierBytes- the number of random bytes (32-96 recommended) | 随机字节数(推荐 32-96)- Returns:
- the PKCE challenge | PKCE 挑战
- Throws:
OAuth2Exception- if SHA-256 is not available | 如果 SHA-256 不可用IllegalArgumentException- if verifierBytes is less than 32 | 如果 verifierBytes 小于 32
-
plain
Create a plain PKCE challenge (not recommended, use S256 instead) 创建 plain PKCE 挑战(不推荐,请使用 S256)- Parameters:
verifier- the verifier | 验证器- Returns:
- the PKCE challenge | PKCE 挑战
-
calculateS256Challenge
Calculate S256 challenge from verifier 从验证器计算 S256 挑战- Parameters:
verifier- the verifier | 验证器- Returns:
- the challenge | 挑战
- Throws:
OAuth2Exception- if SHA-256 is not available | 如果 SHA-256 不可用
-
verify
Verify that the verifier matches the challenge using constant-time comparison 使用恒定时间比较验证验证器是否匹配挑战- Parameters:
verifier- the verifier to check | 要检查的验证器challenge- the expected challenge | 预期的挑战method- the challenge method | 挑战方法- Returns:
- true if valid | 有效返回 true
-
isS256
public boolean isS256()Check if this challenge uses S256 method 检查此挑战是否使用 S256 方法- Returns:
- true if S256 | 如果是 S256 返回 true
-
isPlain
public boolean isPlain()Check if this challenge uses plain method 检查此挑战是否使用 plain 方法- Returns:
- true if plain | 如果是 plain 返回 true
-
toString
-
hashCode
-
equals
Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared withObjects::equals(Object,Object). -
verifier
Returns the value of theverifierrecord component.- Returns:
- the value of the
verifierrecord component
-
challenge
Returns the value of thechallengerecord component.- Returns:
- the value of the
challengerecord component
-
method
Returns the value of themethodrecord component.- Returns:
- the value of the
methodrecord component
-