Skip to content

Commit

Permalink
feat: add PKCE support for OAuth2 Authorization Code flows (swagger-a…
Browse files Browse the repository at this point in the history
…pi#5361)

* Add PKCE support.

* Fix tests

* Update oauth2.md

* Rename usePkce

* Fix the BrokenComponent error

* Update oauth2.md

* Remove isCode variable. Remove uuid4 dependency.

* Remove utils functions

* Import crypto

* Fix tests

* Fix the tests

* Cleanup

* Fix code_challenge generation

* Move code challenge and verifier to utils for mocks. Update tests.

* Mock the PKCE methods in the utils file properly.

* Add missing expect

* use target-method spies

* Add comments to explain test values.

* Get rid of jsrsasign.
  • Loading branch information
poveilleux authored and shockey committed Oct 8, 2019
1 parent 8cabcff commit 139592e
Show file tree
Hide file tree
Showing 12 changed files with 13,917 additions and 18,056 deletions.
3 changes: 2 additions & 1 deletion dev-helpers/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@
realm: "your-realms",
appName: "your-app-name",
scopeSeparator: " ",
additionalQueryStringParams: {}
additionalQueryStringParams: {},
usePkceWithAuthorizationCodeGrant: false
})
}
</script>
Expand Down
6 changes: 5 additions & 1 deletion docker/configurator/oauth.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
const translator = require("./translator")
const indent = require("./helpers").indent

const oauthBlockSchema = {
const oauthBlockSchema = {
OAUTH_CLIENT_ID: {
type: "string",
name: "clientId"
Expand All @@ -26,6 +26,10 @@ const oauthBlockSchema = {
OAUTH_ADDITIONAL_PARAMS: {
type: "object",
name: "additionalQueryStringParams"
},
OAUTH_USE_PKCE: {
type: "boolean",
name: "usePkceWithAuthorizationCodeGrant"
}
}

Expand Down
4 changes: 3 additions & 1 deletion docs/usage/oauth2.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ appName | `OAUTH_APP_NAME` |application name, displayed in authorization popup.
scopeSeparator | `OAUTH_SCOPE_SEPARATOR` |scope separator for passing scopes, encoded before calling, default value is a space (encoded value `%20`). MUST be a string
additionalQueryStringParams | `OAUTH_ADDITIONAL_PARAMS` |Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
useBasicAuthenticationWithAccessCodeGrant | _Unavailable_ |Only activated for the `accessCode` flow. During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`). The default is `false`
usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `authorizatonCode` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false`

```javascript
const ui = SwaggerUI({...})
Expand All @@ -21,6 +22,7 @@ ui.initOAuth({
realm: "your-realms",
appName: "your-app-name",
scopeSeparator: " ",
additionalQueryStringParams: {test: "hello"}
additionalQueryStringParams: {test: "hello"},
usePkceWithAuthorizationCodeGrant: true
})
```
Loading

0 comments on commit 139592e

Please sign in to comment.