Solved - Generating PKCE Code Verifier and Code Challenger in flutter/dart

15 Aug 2023 • flutter

Solved - Generating PKCE Code Verifier and Code Challenger in flutter/dart

PKCE PKCE, or Proof Key for Code Exchange, is an extension to the OAuth 2.0 authorization framework that enhances the security of authorization code-based flows, particularly those used by native and mobile applications. The primary purpose of PKCE is to mitigate certain security vulnerabilities that can arise during the authorization process.

In simple terms, the code verifier and code challenge are like a secret code that mobile and native apps use to securely ask for permission, while the client secret is like a password that web applications use to identify themselves to a server. The key difference is that the code verifier and code challenge are designed for situations where apps might not be as secure as web servers.

Code Verifier: Since the code verifier is generated locally and is used only once, it's more difficult for attackers to predict or intercept it.

 Code Challenge: The challenge, even if intercepted, should be useless to attackers without knowledge of the original code verifier. The transformation makes it harder to reverse-engineer the verifier from the challenge.

PKCE in flutter apps - Generating Code verifier and code challenge - Simple function

import 'dart:convert';
import 'package:crypto/crypto.dart';

void main() {
  final codePair = generateCodeVerifierAndChallenge();
  print('Code Verifier: ${codePair.codeVerifier}');
  print('Code Challenge: ${codePair.codeChallenge}');
}

class PKCECodePair {
  final String codeVerifier;
  final String codeChallenge;

  PKCECodePair({required this.codeVerifier, required this.codeChallenge});
}

PKCECodePair generateCodeVerifierAndChallenge() {
  // Generate a random code verifier
  final verifierBytes = List<int>.generate(64, (i) => i);
  final codeVerifier = base64UrlEncode(verifierBytes);

  // Calculate the code challenge
  final challengeBytes = sha256.convert(utf8.encode(codeVerifier)).bytes;
  final codeChallenge = base64UrlEncode(challengeBytes);

  return PKCECodePair(codeVerifier: codeVerifier, codeChallenge: codeChallenge);
}
 fluter  dart  pkce

Related Posts