adriengras/pkce-php

A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.

Installs: 14 295

Dependents: 1

Suggesters: 0

Security: 0

Stars: 9

Watchers: 1

Forks: 1

Open Issues: 0

pkg:composer/adriengras/pkce-php

1.0.4 2025-01-07 14:36 UTC

This package is auto-updated.

Last update: 2025-10-07 16:21:08 UTC


README

GitHub GitHub workflows

A simple utility to use PKCE (Proof Key for Code Exchange) in PHP.

This little utility is intended to help people using Oauth2 with PKCE in PHP. It provides a simple way to generate a code verifier, a code challenge and to validate a code verifier with a code challenge.

Summary

Features

  • Generate a code verifier
  • Generate a code challenge from a given code verifier
  • Generate a pair of code verifier and code challenge
  • Verify a code verifier with a code challenge

Note: All the code complies to the RFC 7636.

Installation

Using composer:

composer require adriengras/pkce-php

Usage

// import with composer autoloader
use AdrienGras\PKCE\PKCE;

// ...

// generate a code verifier
$verifier = PKCEUtils::generateCodeVerifier();

// generate a code challenge from the code verifier
$challenge = PKCEUtils::generateCodeChallenge($verifier);

// you can also use the plain text challenge method for testing purpose
// WARNING: this method is not secure and should not be used in production
$challenge = PKCEUtils::generateCodeChallenge($verifier, PKCEUtils::CODE_CHALLENGE_METHOD_PLAIN);

// alternatively, generate a pair of code verifier and code challenge
$pair = PKCEUtils::generateCodePair();
$verifier = $pair['code_verifier'];
$challenge = $pair['code_challenge'];
// or with destructuring
['code_verifier' => $verifier, 'code_challenge' => $challenge] = PKCEUtils::generateCodePair();

// validate a code verifier with a code challenge
$isValid = PKCEUtils::validate($verifier, $challenge);

Note You can also use the test case suite as a full example on how to use this utility. You can find it in the tests folder.

License

This project is licensed under the MIT License - see the LICENSE file for details.