5efe8a2020
Add `picoclaw auth` CLI command supporting: - OpenAI OAuth2 (PKCE + browser callback or device code flow) - Anthropic paste-token flow - Token storage at ~/.picoclaw/auth.json with 0600 permissions - Auto-refresh for expired OAuth tokens in provider Closes #18 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
30 lines
529 B
Go
30 lines
529 B
Go
package auth
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
)
|
|
|
|
type PKCECodes struct {
|
|
CodeVerifier string
|
|
CodeChallenge string
|
|
}
|
|
|
|
func GeneratePKCE() (PKCECodes, error) {
|
|
buf := make([]byte, 64)
|
|
if _, err := rand.Read(buf); err != nil {
|
|
return PKCECodes{}, err
|
|
}
|
|
|
|
verifier := base64.RawURLEncoding.EncodeToString(buf)
|
|
|
|
hash := sha256.Sum256([]byte(verifier))
|
|
challenge := base64.RawURLEncoding.EncodeToString(hash[:])
|
|
|
|
return PKCECodes{
|
|
CodeVerifier: verifier,
|
|
CodeChallenge: challenge,
|
|
}, nil
|
|
}
|