Skip to content

GitLab

Unverified Commit 576af710 authored by Wesley Liddick's avatar Wesley Liddick Committed by GitHub
Browse files

Merge pull request #1352 from StarryKira/feat/add-file-upload-oauth-scope 

Feat/add file upload oauth scope
parents b5642bd0 81ca4f12
Hide whitespace changes
Inline Side-by-side
backend/internal/pkg/oauth/oauth.go
View file @ 576af710
...@@ -24,20 +24,18 @@ const ( ...@@ -24,20 +24,18 @@ const (
RedirectURI = "https://platform.claude.com/oauth/code/callback" RedirectURI = "https://platform.claude.com/oauth/code/callback"
// Scopes - Browser URL (includes org:create_api_key for user authorization) // Scopes - Browser URL (includes org:create_api_key for user authorization)
ScopeOAuth = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers" ScopeOAuth = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload"
// Scopes - Internal API call (org:create_api_key not supported in API) // Scopes - Internal API call (org:create_api_key not supported in API)
ScopeAPI = "user:profile user:inference user:sessions:claude_code user:mcp_servers" ScopeAPI = "user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload"
// Scopes - Setup token (inference only) // Scopes - Setup token (inference only)
ScopeInference = "user:inference" ScopeInference = "user:inference"
// Code Verifier character set (RFC 7636 compliant)
codeVerifierCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
// Session TTL // Session TTL
SessionTTL = 30 * time.Minute SessionTTL = 30 * time.Minute
) )
// OAuthSession stores OAuth flow state // OAuthSession stores OAuth flow state
type OAuthSession struct { type OAuthSession struct {
State string `json:"state"` State string `json:"state"`
CodeVerifier string `json:"code_verifier"` CodeVerifier string `json:"code_verifier"`
...@@ -147,30 +145,14 @@ func GenerateSessionID() (string, error) { ...@@ -147,30 +145,14 @@ func GenerateSessionID() (string, error) {
return hex.EncodeToString(bytes), nil return hex.EncodeToString(bytes), nil
} }
// GenerateCodeVerifier generates a PKCE code verifier using character set method // GenerateCodeVerifier generates a PKCE code verifier (RFC 7636).
// Uses 32 random bytes → base64url-no-pad, producing a 43-char verifier.
func GenerateCodeVerifier() (string, error) { func GenerateCodeVerifier() (string, error) {
const targetLen = 32 bytes, err := GenerateRandomBytes(32)
charsetLen := len(codeVerifierCharset) if err != nil {
limit := 256 - (256 % charsetLen) return "", err
result := make([]byte, 0, targetLen)
randBuf := make([]byte, targetLen*2)
for len(result) < targetLen {
if _, err := rand.Read(randBuf); err != nil {
return "", err
}
for _, b := range randBuf {
if int(b) < limit {
result = append(result, codeVerifierCharset[int(b)%charsetLen])
if len(result) >= targetLen {
break
}
}
}
} }
return base64URLEncode(bytes), nil
return base64URLEncode(result), nil
} }
// GenerateCodeChallenge generates a PKCE code challenge using S256 method // GenerateCodeChallenge generates a PKCE code challenge using S256 method
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment