Skip to content

G
gitlab-ce
Commit 725a92fc authored by Justin Farmiloe's avatar Justin Farmiloe Committed by Evan Read
Browse files
Options

Clarify requirement to base64 encode binary hash

parent 99832169
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
doc/api/oauth2.md
View file @ 725a92fc
...@@ -82,7 +82,11 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD ...@@ -82,7 +82,11 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`. which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`.
- The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the - The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the
`CODE_VERIFIER` `CODE_VERIFIER`
- The SHA256 hash must be in binary format before encoding.
- In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`. - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`.
- For reference, a `CODE_VERIFIER` string of `ks02i3jdikdo2k0dkfodf3m39rjfjsdk0wk349rj3jrhf` when hashed
and encoded using the Ruby snippet above produces a `CODE_CHALLENGE` string
of `2i0WFA-0AerkjQm4X4oDEhqA17QIAKNjXpagHBXmO_U`.
1. Request authorization code. To do that, you should redirect the user to the 1. Request authorization code. To do that, you should redirect the user to the
`/oauth/authorize` page with the following query parameters: `/oauth/authorize` page with the following query parameters:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7