-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
oauth: implement RFC 7636 PKCE in OAuth client
Implement the Proof Key for Code Exchange (RFC 7636) specification in the OAuth2 client.
- Loading branch information
1 parent
0b0752d
commit dfc2868
Showing
11 changed files
with
417 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
<wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation"> | ||
<s:String x:Key="/Default/Environment/Hierarchy/Build/SolBuilderDuo/UseMsbuildSolutionBuilder/@EntryValue">No</s:String></wpf:ResourceDictionary> | ||
<s:String x:Key="/Default/Environment/Hierarchy/Build/SolBuilderDuo/UseMsbuildSolutionBuilder/@EntryValue">No</s:String> | ||
<s:Boolean x:Key="/Default/UserDictionary/Words/=PKCE/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
...osoft.Git.CredentialManager.Tests/Authentication/OAuth2CryptographicCodeGeneratorTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
using System.Linq; | ||
using System.Security.Cryptography; | ||
using System.Text; | ||
using Microsoft.Git.CredentialManager.Authentication.OAuth; | ||
using Xunit; | ||
|
||
namespace Microsoft.Git.CredentialManager.Tests.Authentication | ||
{ | ||
public class OAuth2CryptographicCodeGeneratorTests | ||
{ | ||
private const string ValidBase64UrlCharsNoPad = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; | ||
|
||
[Fact] | ||
public void OAuth2CryptographicCodeGenerator_CreateNonce_IsUnique() | ||
{ | ||
var generator = new OAuth2CryptographicCodeGenerator(); | ||
|
||
// Create a bunch of nonce values | ||
var nonces = new string[32]; | ||
for (int i = 0; i < nonces.Length; i++) | ||
{ | ||
nonces[i] = generator.CreateNonce(); | ||
} | ||
|
||
// There should be no duplicates | ||
string[] uniqueNonces = nonces.Distinct().ToArray(); | ||
Assert.Equal(uniqueNonces, nonces); | ||
} | ||
|
||
[Fact] | ||
public void OAuth2CryptographicCodeGenerator_CreatePkceCodeVerifier_IsUniqueBase64UrlStringWithoutPaddingAndLengthBetween43And128() | ||
{ | ||
var generator = new OAuth2CryptographicCodeGenerator(); | ||
|
||
// Create a bunch of verifiers | ||
var verifiers = new string[32]; | ||
for (int i = 0; i < verifiers.Length; i++) | ||
{ | ||
string v = generator.CreatePkceCodeVerifier(); | ||
|
||
// Assert the verifier is a base64url string without padding | ||
char[] vs = v.ToCharArray(); | ||
Assert.All(vs, x => Assert.Contains(x, ValidBase64UrlCharsNoPad)); | ||
|
||
// Assert the verifier is a string of length [43, 128] (inclusive) | ||
Assert.InRange(v.Length, 43, 128); | ||
|
||
verifiers[i] = v; | ||
} | ||
|
||
// There should be no duplicates | ||
string[] uniqueVerifiers = verifiers.Distinct().ToArray(); | ||
Assert.Equal(uniqueVerifiers, verifiers); | ||
} | ||
|
||
[Fact] | ||
public void OAuth2CryptographicCodeGenerator_CreatePkceCodeChallenge_Plain_ReturnsVerifierUnchanged() | ||
{ | ||
var generator = new OAuth2CryptographicCodeGenerator(); | ||
|
||
var verifier = generator.CreatePkceCodeVerifier(); | ||
var challenge = generator.CreatePkceCodeChallenge(OAuth2PkceChallengeMethod.Plain, verifier); | ||
|
||
Assert.Equal(verifier, challenge); | ||
} | ||
|
||
[Fact] | ||
public void OAuth2CryptographicCodeGenerator_CreatePkceCodeChallenge_Sha256_ReturnsBase64UrlEncodedSha256HashOfAsciiVerifier() | ||
{ | ||
var generator = new OAuth2CryptographicCodeGenerator(); | ||
|
||
var verifier = generator.CreatePkceCodeVerifier(); | ||
|
||
byte[] verifierAsciiBytes = Encoding.ASCII.GetBytes(verifier); | ||
byte[] hashedBytes; | ||
using (var sha256 = SHA256.Create()) | ||
{ | ||
hashedBytes = sha256.ComputeHash(verifierAsciiBytes); | ||
} | ||
|
||
var expectedChallenge = Base64UrlConvert.Encode(hashedBytes, false); | ||
var actualChallenge = generator.CreatePkceCodeChallenge(OAuth2PkceChallengeMethod.Sha256, verifier); | ||
|
||
Assert.Equal(expectedChallenge, actualChallenge); | ||
} | ||
} | ||
} |
37 changes: 37 additions & 0 deletions
37
src/shared/Microsoft.Git.CredentialManager.Tests/Base64UrlConvertTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT license. | ||
using Xunit; | ||
|
||
namespace Microsoft.Git.CredentialManager.Tests | ||
{ | ||
public class Base64UrlConvertTests | ||
{ | ||
[Theory] | ||
[InlineData(new byte[0], "")] | ||
[InlineData(new byte[]{4}, "BA==")] | ||
[InlineData(new byte[]{4,5}, "BAU=")] | ||
[InlineData(new byte[]{4,5,6}, "BAUG")] | ||
[InlineData(new byte[]{4,5,6,7}, "BAUGBw==")] | ||
[InlineData(new byte[]{4,5,6,7,8}, "BAUGBwg=")] | ||
[InlineData(new byte[]{4,5,6,7,8,9}, "BAUGBwgJ")] | ||
public void Base64UrlConvert_Encode_WithPadding(byte[] data, string expected) | ||
{ | ||
string actual = Base64UrlConvert.Encode(data, includePadding: true); | ||
Assert.Equal(expected, actual); | ||
} | ||
|
||
[Theory] | ||
[InlineData(new byte[0], "")] | ||
[InlineData(new byte[]{4}, "BA")] | ||
[InlineData(new byte[]{4,5}, "BAU")] | ||
[InlineData(new byte[]{4,5,6}, "BAUG")] | ||
[InlineData(new byte[]{4,5,6,7}, "BAUGBw")] | ||
[InlineData(new byte[]{4,5,6,7,8}, "BAUGBwg")] | ||
[InlineData(new byte[]{4,5,6,7,8,9}, "BAUGBwgJ")] | ||
public void Base64UrlConvert_Encode_WithoutPadding(byte[] data, string expected) | ||
{ | ||
string actual = Base64UrlConvert.Encode(data, includePadding: false); | ||
Assert.Equal(expected, actual); | ||
} | ||
} | ||
} |
18 changes: 18 additions & 0 deletions
18
...red/Microsoft.Git.CredentialManager/Authentication/OAuth/OAuth2AuthorizationCodeResult.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT license. | ||
|
||
namespace Microsoft.Git.CredentialManager.Authentication.OAuth | ||
{ | ||
public class OAuth2AuthorizationCodeResult | ||
{ | ||
public OAuth2AuthorizationCodeResult(string code, string codeVerifier = null) | ||
{ | ||
Code = code; | ||
CodeVerifier = codeVerifier; | ||
} | ||
|
||
public string Code { get; } | ||
|
||
public string CodeVerifier { get; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.