我正在编写一个脚本,它使用 auth0 通过远程 API 进行身份验证。
按照本教程: https ://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
import (
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"strings"
)
func genAuth0CodeVerifierChallance() (string, string) {
// Generate random Code Verifier
c := make([]byte, 32)
rand.Read(c)
code := base64.StdEncoding.EncodeToString(c)
code = strings.Replace(code, "+", "-", -1)
code = strings.Replace(code, "/", "_", -1)
code = strings.Replace(code, "=", "", -1)
// Generate auth0 challange
ch := sha256.Sum256([]byte(code))
challange := base64.StdEncoding.EncodeToString(ch[:])
challange = strings.Replace(challange, "+", "-", -1)
challange = strings.Replace(challange, "/", "-", -1)
challange = strings.Replace(challange, "=", "", -1)
return code, challange
}
例如,我使用该函数生成代码质询eQM2dqasJN3-gXcM0g1Se-CmAn8PyU7c5uHRKU7Exa0
我用有效载荷制作了一个 HTTP Post
p := &payloadData{
GrantType: "authorization_code",
ClientId: "...............................", (removed)
CodeVerifier: codeChallenge,
Code: code, (example: AuL3ArApgQ4QDu_9)
RedirectUri: "http://127.0.0.1:16272/oauth/token",
}
...marshal json...
req, _ := http.NewRequest("POST", "https://my-app.eu.auth0.com/oauth/token", bytes.NewBuffer(payload))
我得到错误:
{403 禁止 403...
{"error":"invalid_grant","error_description":"验证码验证失败"}
对此的其他参考表示字符在 base64 编码挑战中未正确编码/替换。
我已经尝试使用以下两种编码的 /
code = strings.Replace(code, "+", "-", -1)
code = strings.Replace(code, "/", "_", -1)
code = strings.Replace(code, "=", "", -1)
和
code = strings.Replace(code, "+", "-", -1)
code = strings.Replace(code, "/", "-", -1)
code = strings.Replace(code, "=", "", -1)
但我总是得到:
{"error":"invalid_grant","error_description":"验证码验证失败"}