Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PKCE support when Authorization Code flow is used #5361

Merged
merged 28 commits into from
Oct 8, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
7daa7a5
Add PKCE support.
poveilleux May 15, 2019
d845e1d
Fix tests
poveilleux May 19, 2019
09b383c
Merge branch 'master' into add-pkce-support
poveilleux May 19, 2019
a95004b
Update oauth2.md
poveilleux May 21, 2019
99d8abb
Rename usePkce
poveilleux May 21, 2019
537dd8a
Fix the BrokenComponent error
poveilleux May 29, 2019
8289e31
Fix conflicts
poveilleux May 29, 2019
f172982
merge
poveilleux Jun 15, 2019
edff5a7
Merge branch 'master' into add-pkce-support
poveilleux Jun 30, 2019
a5b4de6
Merge branch 'master' into add-pkce-support
poveilleux Jul 29, 2019
4a2de56
merge
poveilleux Aug 12, 2019
4039343
merge
poveilleux Sep 26, 2019
479ee7f
Update oauth2.md
shockey Oct 3, 2019
cb96176
merge
poveilleux Oct 4, 2019
d151a1b
Remove isCode variable. Remove uuid4 dependency.
poveilleux Oct 4, 2019
ff3de09
Merge branch 'add-pkce-support' of https://github.com/poveilleux/swag…
poveilleux Oct 4, 2019
1a532aa
Remove utils functions
poveilleux Oct 4, 2019
e316015
Import crypto
poveilleux Oct 4, 2019
5dde638
Fix tests
poveilleux Oct 4, 2019
d4ff202
Fix the tests
poveilleux Oct 4, 2019
ee6be53
Cleanup
poveilleux Oct 4, 2019
4ce5d42
Fix code_challenge generation
poveilleux Oct 4, 2019
b2c1a92
Move code challenge and verifier to utils for mocks. Update tests.
poveilleux Oct 4, 2019
8c8f4b8
Mock the PKCE methods in the utils file properly.
poveilleux Oct 4, 2019
509a379
Add missing expect
poveilleux Oct 4, 2019
898bfc2
use target-method spies
shockey Oct 4, 2019
b4b2376
Add comments to explain test values.
poveilleux Oct 6, 2019
9f02314
Get rid of jsrsasign.
poveilleux Oct 6, 2019
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion dev-helpers/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@
realm: "your-realms",
appName: "your-app-name",
scopeSeparator: " ",
additionalQueryStringParams: {}
additionalQueryStringParams: {},
usePkceWithAuthorizationCodeGrant: false
})
}
</script>
Expand Down
6 changes: 5 additions & 1 deletion docker/configurator/oauth.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
const translator = require("./translator")
const indent = require("./helpers").indent

const oauthBlockSchema = {
const oauthBlockSchema = {
OAUTH_CLIENT_ID: {
type: "string",
name: "clientId"
Expand All @@ -26,6 +26,10 @@ const oauthBlockSchema = {
OAUTH_ADDITIONAL_PARAMS: {
type: "object",
name: "additionalQueryStringParams"
},
OAUTH_USE_PKCE: {
type: "boolean",
name: "usePkceWithAuthorizationCodeGrant"
}
}

Expand Down
4 changes: 3 additions & 1 deletion docs/usage/oauth2.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ appName | `OAUTH_APP_NAME` |application name, displayed in authorization popup.
scopeSeparator | `OAUTH_SCOPE_SEPARATOR` |scope separator for passing scopes, encoded before calling, default value is a space (encoded value `%20`). MUST be a string
additionalQueryStringParams | `OAUTH_ADDITIONAL_PARAMS` |Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
useBasicAuthenticationWithAccessCodeGrant | _Unavailable_ |Only activated for the `accessCode` flow. During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`). The default is `false`
usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `authorizatonCode` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false`

```javascript
const ui = SwaggerUI({...})
Expand All @@ -21,6 +22,7 @@ ui.initOAuth({
realm: "your-realms",
appName: "your-app-name",
scopeSeparator: " ",
additionalQueryStringParams: {test: "hello"}
additionalQueryStringParams: {test: "hello"},
usePkceWithAuthorizationCodeGrant: true
})
```
Loading