const codeChallengeKey … const codeChallengeMethodKey … const codeVerifierKey … // GenerateVerifier generates a PKCE code verifier with 32 octets of randomness. // This follows recommendations in RFC 7636. // // A fresh verifier should be generated for each authorization. // S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL // (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange // (or Config.DeviceAccessToken). func GenerateVerifier() string { … } // VerifierOption returns a PKCE code verifier AuthCodeOption. It should be // passed to Config.Exchange or Config.DeviceAccessToken only. func VerifierOption(verifier string) AuthCodeOption { … } // S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256. // // Prefer to use S256ChallengeOption where possible. func S256ChallengeFromVerifier(verifier string) string { … } // S256ChallengeOption derives a PKCE code challenge derived from verifier with // method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess // only. func S256ChallengeOption(verifier string) AuthCodeOption { … } type challengeOption … func (p challengeOption) setValue(m url.Values) { … }