pub fn sign_state(state: &OAuthState, secret: &[u8]) -> Result<String, Error>Expand description
Sign OAuth state parameter with HMAC-SHA256 to prevent tampering
Returns: base64url(state_json).base64url(hmac_signature)
§Arguments
state- The OAuth state to signsecret- Secret key for HMAC (recommended: 32 bytes)
§Example
use micromegas_auth::oauth_state::{OAuthState, sign_state};
let state = OAuthState {
nonce: "random-nonce".to_string(),
return_url: "/dashboard".to_string(),
pkce_verifier: "pkce-verifier".to_string(),
};
let secret = b"your-32-byte-secret-key-here!!!";
let signed = sign_state(&state, secret).expect("signing failed");