Module pkce

Structs

CodeChallenge

Stored PKCE code_challenge.

CodeVerifier

Validated PKCE code_verifier (RFC 7636).

Enums

PkceError

Errors constructing/validating PKCE values.

PkceMethod

Re-export PkceMethod from models (it’s used in SQL queries, so must stay in models crate) PKCE method (RFC 7636 §4.3). Mirrors Postgres enum: pkce_method = ('plain','S256').

Constants

VERIFIER_MAX_LEN

VERIFIER_MIN_LEN

RFC 7636: code_verifier length MUST be between 43 and 128 characters.

Functions

constant_time_eq 🔒

Constant-time equality on ASCII strings (safe for our base64url/plain outputs).

parse_authorize_pkce

Validate PKCE parameters during /authorize.

validate_verifier 🔒

Strict RFC 7636 validator: length 43–128 and only unreserved characters.

verify_token_pkce

Verify PKCE bindings during /token.