kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: support OAuth2 PKCE when using the OIDC authorization_code flow (#6914)

Browse Source 
* Previous checks only supported the OAuth2 authorizationCode flow and missed the equivalent OIDC flow.
This commit is contained in:
Chad Killingsworth
2021-02-10 11:52:35 -06:00
committed by GitHub
parent 710b9d16a3
commit 5e69d3c4f2
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/oauth2-authorize.js
View File

@@ -77,7 +77,7 @@ export default function authorize ( { auth, authActions, errActions, configs, au
query.push("realm=" + encodeURIComponent(authConfigs.realm)) query.push("realm=" + encodeURIComponent(authConfigs.realm))
} }
if ((flow === "authorizationCode" || flow === "accessCode") && authConfigs.usePkceWithAuthorizationCodeGrant) { if ((flow === "authorizationCode" || flow === "authorization_code" || flow === "accessCode") && authConfigs.usePkceWithAuthorizationCodeGrant) {
const codeVerifier = generateCodeVerifier() const codeVerifier = generateCodeVerifier()
const codeChallenge = createCodeChallenge(codeVerifier) const codeChallenge = createCodeChallenge(codeVerifier)

32
test/unit/core/oauth2-authorize.js
View File

@@ -112,6 +112,38 @@ describe("oauth2", () => {
createCodeChallengeSpy.mockReset() createCodeChallengeSpy.mockReset()
}) })
it("should send code_challenge when using authorization_code flow with usePkceWithAuthorizationCodeGrant enabled", () => {
const windowOpenSpy = jest.spyOn(win, "open")
mockSchema.flow = "authorization_code"
const expectedCodeVerifier = "mock_code_verifier"
const expectedCodeChallenge = "mock_code_challenge"
const generateCodeVerifierSpy = jest.spyOn(utils, "generateCodeVerifier").mockImplementation(() => expectedCodeVerifier)
const createCodeChallengeSpy = jest.spyOn(utils, "createCodeChallenge").mockImplementation(() => expectedCodeChallenge)
authConfig.authConfigs.usePkceWithAuthorizationCodeGrant = true
oauth2Authorize(authConfig)
expect(win.open.mock.calls.length).toEqual(1)
const actualUrl = new URLSearchParams(win.open.mock.calls[0][0])
expect(actualUrl.get("code_challenge")).toBe(expectedCodeChallenge)
expect(actualUrl.get("code_challenge_method")).toBe("S256")
expect(createCodeChallengeSpy.mock.calls.length).toEqual(1)
expect(createCodeChallengeSpy.mock.calls[0][0]).toBe(expectedCodeVerifier)
// The code_verifier should be stored to be able to send in
// on the TokenUrl call
expect(authConfig.auth.codeVerifier).toBe(expectedCodeVerifier)
// Restore spies
windowOpenSpy.mockReset()
generateCodeVerifierSpy.mockReset()
createCodeChallengeSpy.mockReset()
})
it("should add list of scopes to authorizeUrl", () => { it("should add list of scopes to authorizeUrl", () => {
const windowOpenSpy = jest.spyOn(win, "open") const windowOpenSpy = jest.spyOn(win, "open")
mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1" mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1"