Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.

Random string generator

AusMarkBAusMarkB
in SRP Utilities
I had a quick scan through the utilities and didn't see one but thought I'd throw it out there in case I've missed it.
In your little bag of tricks do you have a function that can create a random string of a given length and ideally with some input over which characters can be used?

I could write one, but I've done that sort of thing before, only to stumble over your better version later.

Comments

  • KevinFournierKevinFournier
    No, we haven't done anything like this. Nothing to stumble upon here. Would this be for a password generator or something?
  • AusMarkBAusMarkB

    Code verifier for Xero API's

    Generating a code verifier and code challenge
    The first thing your app must do before starting an authorization request is generate a “code verifier”. A code verifier is a random string between 43 and 128 characters long that consists of the characters A-Z, a-z, 0-9, and the punctuation -._~ (hyphen, period, underscore, and tilde).

    The “code challenge” is created by performing a SHA256 hash on the code verifier and then Base64url encoding the hash


    I know you've got the hash and the encoding; I just need to generate the string to hash and encode.
  • AusMarkBAusMarkB
    Hhhmmmm, I forgot that I've already got something that probably fits the bill with a couple of tweaks.
    Don't mind me. Nothing to see here.
  • Opto_WillOpto_Will
    Are you doing a proper Published App @AusMarkB?

    We are trying to fly under the radar with the allowed 25 unique accesses to our OAUTH2 App.
    Definately kicking the can down the road before we have to dive into the world of red tape and full compliance!

  • AusMarkBAusMarkB
    We're doing the same. We won't have 25 customers needing the facility.
    Just one asking for it. Others will no doubt jump on board once we have something, but not 25.
  • Opto_WillOpto_Will
    edited 4:10AM
    A tip for you , if you don't already know.

    I manage our accesses and had to cull the 23 we had (getting too close to the 25 for comfort!) and got it down to 14 by removing the 'No longer clients' as well as perusing the last 2 months of our App access hisotry via our Xero Dev Portal and noting all the users that hadnt accessed in that timeframe.

    I set up a Postman collection which allows me to revoke access but I needed their unique company UID.
    Easy to get from a current client during the authentication process, not so much from an ex-Client.

    I approached Xero who , after much to-ing and fro-ing, gave me the definative list of UIDs I needed but they made it clear they wouldnt do that again for me.

    Now, when implementing a Xero instance we store the UID in our records so if they go off our system, or migrate to another package like MYOB, I can easily revoke that access with a couple of Postman calls to free up another slot.

    Edit. My Postman collection are seperate calls because you need to do the OAuth2 process as a non-tenant to be able to revoke those UIDs (ConnectionIDs) from your App
  • AusMarkBAusMarkB

Sign In or Register to comment.