Add OAuth2 PKCE support

internal/oauth2/authorization.go

@@ -0,0 +1,54 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package oauth2 // import "miniflux.app/v2/internal/oauth2"
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"io"
+
+	"golang.org/x/oauth2"
+
+	"miniflux.app/v2/internal/crypto"
+)
+
+type Authorization struct {
+	url          string
+	state        string
+	codeVerifier string
+}
+
+func (u *Authorization) RedirectURL() string {
+	return u.url
+}
+
+func (u *Authorization) State() string {
+	return u.state
+}
+
+func (u *Authorization) CodeVerifier() string {
+	return u.codeVerifier
+}
+
+func GenerateAuthorization(config *oauth2.Config) *Authorization {
+	codeVerifier := crypto.GenerateRandomStringHex(32)
+
+	sha2 := sha256.New()
+	io.WriteString(sha2, codeVerifier)
+	codeChallenge := base64.RawURLEncoding.EncodeToString(sha2.Sum(nil))
+
+	state := crypto.GenerateRandomStringHex(24)
+
+	authUrl := config.AuthCodeURL(
+		state,
+		oauth2.SetAuthURLParam("code_challenge_method", "S256"),
+		oauth2.SetAuthURLParam("code_challenge", codeChallenge),
+	)
+
+	return &Authorization{
+		url:          authUrl,
+		state:        state,
+		codeVerifier: codeVerifier,
+	}
+}