Clarify requirement to base64 encode binary hash

725a92fc · Justin Farmiloe · Evan Read · 99832169 · 725a92fc
Commit 725a92fc authored Sep 07, 2021 by Justin Farmiloe Committed by Evan Read Sep 07, 2021
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

doc/api/oauth2.md doc/api/oauth2.md +4 -0

No files found.
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -82,7 +82,11 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
  which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`.
 - The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the
  `CODE_VERIFIER`
+  - The SHA256 hash must be in binary format before encoding.
  - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`.
+  - For reference, a `CODE_VERIFIER` string of `ks02i3jdikdo2k0dkfodf3m39rjfjsdk0wk349rj3jrhf` when hashed 
+    and encoded using the Ruby snippet above produces a `CODE_CHALLENGE` string 
+    of `2i0WFA-0AerkjQm4X4oDEhqA17QIAKNjXpagHBXmO_U`.

 1. Request authorization code. To do that, you should redirect the user to the
   `/oauth/authorize` page with the following query parameters: