oauth2.0 如何使用PKCE为Spotify实现授权码

jvlzgdj9  于 2023-04-29  发布在  其他
关注(0)|答案(3)|浏览(143)

编辑:澄清一下,获取授权码的工作如预期。这纯粹是将授权代码交换为令牌的步骤失败。
我试图用PKCE流实现授权代码,用于使用Spotify API进行身份验证。我知道有很多库可以实现这个功能,但我真的很想自己实现它。我说的流程是这样的: www.example.com 。但是,当我尝试将此代码交换为令牌时,我收到一个400 Bad Request,并显示消息“invalid client_secret”。这让我相信Spotify假设我正在尝试使用常规的授权代码流,因为客户端密钥根本不是PKCE流的一部分。我怀疑我对code_verifier或code_challenge的编码有误。我在SO(如何计算PCKE的code_verifier?)并将其翻译成C#,生成Base64编码的哈希值相同的结果,但它仍然不起作用。
下面是生成code_verifier和code_challenge的代码,以及请求交换代码的代码。
CodeVerifier:

private string GenerateNonce()
{
    const string chars = "abcdefghijklmnopqrstuvwxyz123456789";
    var random = new Random();
    var nonce = new char[100];
    for (int i = 0; i < nonce.Length; i++)
    {
        nonce[i] = chars[random.Next(chars.Length)];
    }
    return new string(nonce);
}

CodeChallenge:

private string GenerateCodeChallenge(string codeVerifier)
    {
        using var sha256 = SHA256.Create();
        var hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
        return Convert.ToBase64String(hash).Replace("+/", "-_").Replace("=", "");
    }

兑换令牌:

var parameters = new List<KeyValuePair<string, string>>
        {
            new KeyValuePair<string, string>("client_id", ClientId ),
            new KeyValuePair<string, string>("grant_type", "authorization_code"),
            new KeyValuePair<string, string>("code", authCode),
            new KeyValuePair<string, string>("redirect_uri", "http://localhost:5000"),
            new KeyValuePair<string, string>("code_verifier", codeVerifier)
        };

        var content = new FormUrlEncodedContent(parameters );
        var response = await HttpClient.PostAsync($"https://accounts.spotify.com/api/token", content);
oauth-2.0

3条答案

按热度按时间
w6lpcovy

w6lpcovy1#

我复制了代码,并能够使其工作。下面是Github上的一个工作项目:https://github.com/michaeldisaro/TestSpotifyPkce
我所做的改变:

public class Code
{

    public static string CodeVerifier;

    public static string CodeChallenge;

    public static void Init()
    {
        CodeVerifier = GenerateNonce();
        CodeChallenge = GenerateCodeChallenge(CodeVerifier);
    }

    private static string GenerateNonce()
    {
        const string chars = "abcdefghijklmnopqrstuvwxyz123456789";
        var random = new Random();
        var nonce = new char[128];
        for (int i = 0; i < nonce.Length; i++)
        {
            nonce[i] = chars[random.Next(chars.Length)];
        }

        return new string(nonce);
    }

    private static string GenerateCodeChallenge(string codeVerifier)
    {
        using var sha256 = SHA256.Create();
        var hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
        var b64Hash = Convert.ToBase64String(hash);
        var code = Regex.Replace(b64Hash, "\\+", "-");
        code = Regex.Replace(code, "\\/", "_");
        code = Regex.Replace(code, "=+$", "");
        return code;
    }

}

我在重定向到/authorize之前调用Init,在重定向URL上我有:

public async Task OnGet(string code,
                        string state,
                        string error)
{
    var httpClient = _httpClientFactory.CreateClient();

    var parameters = new Dictionary<string, string>
    {
        {"client_id", "*****************"},
        {"grant_type", "authorization_code"},
        {"code", code},
        {"redirect_uri", "https://localhost:5001/SpotifyResponse"},
        {"code_verifier", Code.CodeVerifier}
    };

    var urlEncodedParameters = new FormUrlEncodedContent(parameters);
    var req = new HttpRequestMessage(HttpMethod.Post, "https://accounts.spotify.com/api/token") { Content = urlEncodedParameters };
    var response = await httpClient.SendAsync(req);
    var content = response.Content;
}

替换正确的正则表达式就可以完成这项工作。似乎问题出在“=”,只有最后一个必须替换。
这个函数并不完整,我只是看了一下内容变量,里面有一个令牌。拿着这个做你想做的事吧

赞(0)分享  回复(0)举报  2023-04-29
2nbm6dog

2nbm6dog2#

下面是GenerateNonce(现在是GenerateCodeVerifier)和GenerateCodeChallenge的重构,它符合rfc-7636标准,集成到一个类中,既可以示例化,也可以用于静态方法。

/// <summary>
/// Provides a randomly generating PKCE code verifier and it's corresponding code challenge.
/// </summary>
public class Pkce
{
    /// <summary>
    /// The randomly generating PKCE code verifier.
    /// </summary>
    public string CodeVerifier;

    /// <summary>
    /// Corresponding PKCE code challenge.
    /// </summary>
    public string CodeChallenge;

    /// <summary>
    /// Initializes a new instance of the Pkce class.
    /// </summary>
    /// <param name="size">The size of the code verifier (43 - 128 charters).</param>
    public Pkce(uint size = 128)
    {
        CodeVerifier = GenerateCodeVerifier(size);
        CodeChallenge = GenerateCodeChallenge(CodeVerifier);
    }

    /// <summary>
    /// Generates a code_verifier based on rfc-7636.
    /// </summary>
    /// <param name="size">The size of the code verifier (43 - 128 charters).</param>
    /// <returns>A code verifier.</returns>
    /// <remarks> 
    /// code_verifier = high-entropy cryptographic random STRING using the 
    /// unreserved characters[A - Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
    /// from Section 2.3 of[RFC3986], with a minimum length of 43 characters
    /// and a maximum length of 128 characters.
    ///    
    /// ABNF for "code_verifier" is as follows.
    ///    
    /// code-verifier = 43*128unreserved
    /// unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
    /// ALPHA = %x41-5A / %x61-7A
    /// DIGIT = % x30 - 39 
    ///    
    /// Reference: rfc-7636 https://datatracker.ietf.org/doc/html/rfc7636#section-4.1     
    ///</remarks>
    public static string GenerateCodeVerifier(uint size = 128)
    {
        if (size < 43 || size > 128)
            size = 128;

        const string unreservedCharacters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
        Random random = new Random();
        char[] highEntropyCryptograph = new char[size];

        for (int i = 0; i < highEntropyCryptograph.Length; i++)
        {
            highEntropyCryptograph[i] = unreservedCharacters[random.Next(unreservedCharacters.Length)];
        }

        return new string(highEntropyCryptograph);
    }

    /// <summary>
    /// Generates a code_challenge based on rfc-7636.
    /// </summary>
    /// <param name="codeVerifier">The code verifier.</param>
    /// <returns>A code challenge.</returns>
    /// <remarks> 
    /// plain
    ///    code_challenge = code_verifier
    ///    
    /// S256
    ///    code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))
    ///    
    /// If the client is capable of using "S256", it MUST use "S256", as
    /// "S256" is Mandatory To Implement(MTI) on the server.Clients are
    /// permitted to use "plain" only if they cannot support "S256" for some
    /// technical reason and know via out-of-band configuration that the
    /// server supports "plain".
    /// 
    /// The plain transformation is for compatibility with existing
    /// deployments and for constrained environments that can't use the S256
    /// transformation.
    ///    
    /// ABNF for "code_challenge" is as follows.
    ///    
    /// code-challenge = 43 * 128unreserved
    /// unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
    /// ALPHA = % x41 - 5A / %x61-7A
    /// DIGIT = % x30 - 39
    /// 
    /// Reference: rfc-7636 https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
    /// </remarks>
    public static string GenerateCodeChallenge(string codeVerifier)
    {
        using (var sha256 = SHA256.Create())
        {
            var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
            return Base64UrlEncoder.Encode(challengeBytes);
        }
    }
}

对于那些进入单元测试的人。

/// <summary>
/// Pkce unit test.
/// </summary>
/// <remarks>
/// MethodName_StateUnderTest_ExpectedBehavior
/// Arrange, Act, Assert
/// </remarks>
[TestFixture]
public class PkceUnitTests
{
    [Test]
    public void GenerateCodeVerifier_DefaultSize_Returns128CharacterLengthString()
    {
        string codeVerifier = Pkce.GenerateCodeVerifier();
        Assert.That(codeVerifier.Length, Is.EqualTo(128));
    }

    [Test]
    public void GenerateCodeVerifier_Size45_Returns45CharacterLengthString()
    {
        string codeVerifier = Pkce.GenerateCodeVerifier(45);
        Assert.That(codeVerifier.Length, Is.EqualTo(45));
    }

    [Test]
    public void GenerateCodeVerifier_SizeLessThan43_ReturnsDefault128CharacterLengthString()
    {
        string codeVerifier = Pkce.GenerateCodeVerifier(42);
        Assert.That(codeVerifier.Length, Is.EqualTo(128));
    }

    [Test]
    public void GenerateCodeVerifier_SizeGreaterThan128_ReturnsDefault128CharacterLengthString()
    {
        string codeVerifier = Pkce.GenerateCodeVerifier(42);
        Assert.That(codeVerifier.Length, Is.EqualTo(128));
    }

    [Test]
    public void GenerateCodeVerifier_DefaultSize_ReturnsLegalCharacterLengthString()
    {
        const string unreservedCharacters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";

        for (int x = 0; x < 1000; x++)
        {
            string codeVerifier = Pkce.GenerateCodeVerifier();

            for (int i = 0; i < codeVerifier.Length; i++)
            {
                Assert.That(unreservedCharacters.IndexOf(codeVerifier[i]), Is.GreaterThan(-1));
            }
        }
    }

    [Test]
    public void GenerateCodeChallenge_GivenCodeVerifier_ReturnsCorrectCodeChallenge()
    {
        string codeChallenge = Pkce.GenerateCodeChallenge("0t4Rep04AxvISWM3rMxGnyla2ceDT71oMzIK0iGEDgOt5.isAGW6~2WdGBUxaPYXA6R8vbSBcgSI-jeK_1yZgVfEXoFa1Ec3gPn~Anqwo4BgeXVppo.fjtU7y2cwq_wL");
        Assert.That(codeChallenge, Is.EqualTo("czx06cKMDaHQdro9ITfrQ4tR5JGv9Jbj7eRG63BKHlU"));
    }

    [Test]
    public void InstantiateClass_WithDefaultSize_Returns128CharacterLengthCodeVerifier()
    {
        Pkce pkce = new Pkce();
        Assert.That(pkce.CodeVerifier.Length, Is.EqualTo(128));
    }

    [Test]
    public void InstantiateClass_WithSize57_Returns57CharacterLengthCodeVerifier()
    {
        Pkce pkce = new Pkce(57);
        Assert.That(pkce.CodeVerifier.Length, Is.EqualTo(57));
    }

}
赞(0)分享  回复(0)举报  2023-04-29
hec6srdp

hec6srdp3#

另一个实现
这将为您提供从随机字符串计算出的code_challenge和code_verifier值。

var rng = RandomNumberGenerator.Create();
        var bytes = new byte[32];
        rng.GetBytes(bytes);

        // It is recommended to use a URL-safe string as code_verifier.
        // See section 4 of RFC 7636 for more details.
        var code_verifier = Convert.ToBase64String(bytes)
            .TrimEnd('=')
            .Replace('+', '-')
            .Replace('/', '_');

        var code_challenge = string.Empty;
        using (var sha256 = SHA256.Create())
        {
            var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(code_verifier));
            code_challenge = Convert.ToBase64String(challengeBytes)
                .TrimEnd('=')
                .Replace('+', '-')
                .Replace('/', '_');
        }
赞(0)分享  回复(0)举报  2023-04-29
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com