# `Immich.API.PKCE`

Generates PKCE parameters for the Immich OAuth flow.

# `t`

```elixir
@type t() :: %Immich.API.PKCE{
  code_challenge: String.t(),
  code_verifier: String.t(),
  state: String.t()
}
```

# `challenge`

```elixir
@spec challenge(String.t()) :: String.t()
```

Generates the PKCE code challenge by applying the `S256` transformation
(`base64url(SHA256(verifier))`) recommended by RFC 7636 §4.2 for public
clients. The same guidance is echoed by the OWASP OAuth 2.0 cheat sheet, so
this helper always uses SHA-256 plus URL-safe base64 encoding.

# `new`

```elixir
@spec new(keyword()) :: t()
```

Generates a fresh PKCE triple.

Options:
  * `:verifier_length` - target length for the code verifier (default: 64)
  * `:state_length` - target length for the state token (default: 32)
  * `:rand_fun` - function that receives a positive integer and returns that many random bytes

---

*Consult [api-reference.md](api-reference.md) for complete listing*