keycloak.pkce_utils#

PKCE utility functions for code verifier and code challenge generation.

Functions#

`generate_code_verifier`(→ str)	Generate a high-entropy cryptographic random string for PKCE code_verifier.
`generate_code_challenge`(→ tuple[str, str])	Generate a code_challenge from the code_verifier using the specified method.

keycloak.pkce_utils.generate_code_verifier(length: int = 128) → str[source]#

Generate a high-entropy cryptographic random string for PKCE code_verifier.

RFC 7636 recommends a length between 43 and 128 characters.

keycloak.pkce_utils.generate_code_challenge(code_verifier: str, method: str = 'S256') → tuple[str, str][source]#

Generate a code_challenge from the code_verifier using the specified method.

Supported methods: “S256” (default), “plain”. Returns (code_challenge, code_challenge_method).