Remove padding on example client PKCE

Removes padding so the client example can be used against oauth servers
that require padding to be removed.

Author: coryschwartz

example/client/client.go

@@ -1,141 +1,141 @@
-package main
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"time"
-
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/clientcredentials"
-)
-
-const (
-	authServerURL = "http://localhost:9096"
-)
-
-var (
-	config = oauth2.Config{
-		ClientID:     "222222",
-		ClientSecret: "22222222",
-		Scopes:       []string{"all"},
-		RedirectURL:  "http://localhost:9094/oauth2",
-		Endpoint: oauth2.Endpoint{
-			AuthURL:  authServerURL + "/oauth/authorize",
-			TokenURL: authServerURL + "/oauth/token",
-		},
-	}
-	globalToken *oauth2.Token // Non-concurrent security
-)
-
-func main() {
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		u := config.AuthCodeURL("xyz",
-			oauth2.SetAuthURLParam("code_challenge", genCodeChallengeS256("s256example")),
-			oauth2.SetAuthURLParam("code_challenge_method", "S256"))
-		http.Redirect(w, r, u, http.StatusFound)
-	})
-
-	http.HandleFunc("/oauth2", func(w http.ResponseWriter, r *http.Request) {
-		r.ParseForm()
-		state := r.Form.Get("state")
-		if state != "xyz" {
-			http.Error(w, "State invalid", http.StatusBadRequest)
-			return
-		}
-		code := r.Form.Get("code")
-		if code == "" {
-			http.Error(w, "Code not found", http.StatusBadRequest)
-			return
-		}
-		token, err := config.Exchange(context.Background(), code, oauth2.SetAuthURLParam("code_verifier", "s256example"))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		globalToken = token
-
-		e := json.NewEncoder(w)
-		e.SetIndent("", "  ")
-		e.Encode(token)
-	})
-
-	http.HandleFunc("/refresh", func(w http.ResponseWriter, r *http.Request) {
-		if globalToken == nil {
-			http.Redirect(w, r, "/", http.StatusFound)
-			return
-		}
-
-		globalToken.Expiry = time.Now()
-		token, err := config.TokenSource(context.Background(), globalToken).Token()
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		globalToken = token
-		e := json.NewEncoder(w)
-		e.SetIndent("", "  ")
-		e.Encode(token)
-	})
-
-	http.HandleFunc("/try", func(w http.ResponseWriter, r *http.Request) {
-		if globalToken == nil {
-			http.Redirect(w, r, "/", http.StatusFound)
-			return
-		}
-
-		resp, err := http.Get(fmt.Sprintf("%s/test?access_token=%s", authServerURL, globalToken.AccessToken))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-		defer resp.Body.Close()
-
-		io.Copy(w, resp.Body)
-	})
-
-	http.HandleFunc("/pwd", func(w http.ResponseWriter, r *http.Request) {
-		token, err := config.PasswordCredentialsToken(context.Background(), "test", "test")
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		globalToken = token
-		e := json.NewEncoder(w)
-		e.SetIndent("", "  ")
-		e.Encode(token)
-	})
-
-	http.HandleFunc("/client", func(w http.ResponseWriter, r *http.Request) {
-		cfg := clientcredentials.Config{
-			ClientID:     config.ClientID,
-			ClientSecret: config.ClientSecret,
-			TokenURL:     config.Endpoint.TokenURL,
-		}
-
-		token, err := cfg.Token(context.Background())
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		e := json.NewEncoder(w)
-		e.SetIndent("", "  ")
-		e.Encode(token)
-	})
-
-	log.Println("Client is running at 9094 port.Please open http://localhost:9094")
-	log.Fatal(http.ListenAndServe(":9094", nil))
-}
-
-func genCodeChallengeS256(s string) string {
-	s256 := sha256.Sum256([]byte(s))
-	return base64.URLEncoding.EncodeToString(s256[:])
-}
+package main
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"time"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/clientcredentials"
+)
+
+const (
+	authServerURL = "http://localhost:9096"
+)
+
+var (
+	config = oauth2.Config{
+		ClientID:     "222222",
+		ClientSecret: "22222222",
+		Scopes:       []string{"all"},
+		RedirectURL:  "http://localhost:9094/oauth2",
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  authServerURL + "/oauth/authorize",
+			TokenURL: authServerURL + "/oauth/token",
+		},
+	}
+	globalToken *oauth2.Token // Non-concurrent security
+)
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		u := config.AuthCodeURL("xyz",
+			oauth2.SetAuthURLParam("code_challenge", genCodeChallengeS256("s256example")),
+			oauth2.SetAuthURLParam("code_challenge_method", "S256"))
+		http.Redirect(w, r, u, http.StatusFound)
+	})
+
+	http.HandleFunc("/oauth2", func(w http.ResponseWriter, r *http.Request) {
+		r.ParseForm()
+		state := r.Form.Get("state")
+		if state != "xyz" {
+			http.Error(w, "State invalid", http.StatusBadRequest)
+			return
+		}
+		code := r.Form.Get("code")
+		if code == "" {
+			http.Error(w, "Code not found", http.StatusBadRequest)
+			return
+		}
+		token, err := config.Exchange(context.Background(), code, oauth2.SetAuthURLParam("code_verifier", "s256example"))
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		globalToken = token
+
+		e := json.NewEncoder(w)
+		e.SetIndent("", "  ")
+		e.Encode(token)
+	})
+
+	http.HandleFunc("/refresh", func(w http.ResponseWriter, r *http.Request) {
+		if globalToken == nil {
+			http.Redirect(w, r, "/", http.StatusFound)
+			return
+		}
+
+		globalToken.Expiry = time.Now()
+		token, err := config.TokenSource(context.Background(), globalToken).Token()
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		globalToken = token
+		e := json.NewEncoder(w)
+		e.SetIndent("", "  ")
+		e.Encode(token)
+	})
+
+	http.HandleFunc("/try", func(w http.ResponseWriter, r *http.Request) {
+		if globalToken == nil {
+			http.Redirect(w, r, "/", http.StatusFound)
+			return
+		}
+
+		resp, err := http.Get(fmt.Sprintf("%s/test?access_token=%s", authServerURL, globalToken.AccessToken))
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		defer resp.Body.Close()
+
+		io.Copy(w, resp.Body)
+	})
+
+	http.HandleFunc("/pwd", func(w http.ResponseWriter, r *http.Request) {
+		token, err := config.PasswordCredentialsToken(context.Background(), "test", "test")
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		globalToken = token
+		e := json.NewEncoder(w)
+		e.SetIndent("", "  ")
+		e.Encode(token)
+	})
+
+	http.HandleFunc("/client", func(w http.ResponseWriter, r *http.Request) {
+		cfg := clientcredentials.Config{
+			ClientID:     config.ClientID,
+			ClientSecret: config.ClientSecret,
+			TokenURL:     config.Endpoint.TokenURL,
+		}
+
+		token, err := cfg.Token(context.Background())
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		e := json.NewEncoder(w)
+		e.SetIndent("", "  ")
+		e.Encode(token)
+	})
+
+	log.Println("Client is running at 9094 port.Please open http://localhost:9094")
+	log.Fatal(http.ListenAndServe(":9094", nil))
+}
+
+func genCodeChallengeS256(s string) string {
+	s256 := sha256.Sum256([]byte(s))
+	return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(s256[:])
+}