ff14-mitigator/auth/start.php

<?php
require_once __DIR__ . '/../config.php';
session_start_safe();

$verifier  = rtrim(strtr(base64_encode(random_bytes(32)), '+/', '-_'), '=');
$challenge = rtrim(strtr(base64_encode(hash('sha256', $verifier, true)), '+/', '-_'), '=');
$state     = bin2hex(random_bytes(16));

$_SESSION['pkce_verifier'] = $verifier;
$_SESSION['oauth_state']   = $state;
$_SESSION['oauth_return']  = safe_return_path($_GET['return'] ?? null);

$params = http_build_query([
    'response_type'         => 'code',
    'client_id'             => CLIENT_ID,
    'redirect_uri'          => REDIRECT_URI,
    'state'                 => $state,
    'code_challenge'        => $challenge,
    'code_challenge_method' => 'S256',
]);

header('Location: ' . AUTHORIZE_URI . '?' . $params);
exit;