pub fn verify_state(
signed_state: &str,
secret: &[u8],
) -> Result<OAuthState, Error>Expand description
Verify and decode signed OAuth state parameter
Validates HMAC signature and returns the decoded state
§Arguments
signed_state- The signed state string (base64url(json).base64url(signature))secret- Secret key used for HMAC (must match signing secret)
§Example
use micromegas_auth::oauth_state::{OAuthState, sign_state, verify_state};
let state = OAuthState {
nonce: "random-nonce".to_string(),
return_url: "/dashboard".to_string(),
pkce_verifier: "pkce-verifier".to_string(),
};
let secret = b"your-32-byte-secret-key-here!!!";
let signed = sign_state(&state, secret).expect("signing failed");
let verified = verify_state(&signed, secret).expect("verification failed");
assert_eq!(verified.nonce, "random-nonce");
assert_eq!(verified.return_url, "/dashboard");