feat: do not ask for client secret when using auth code with PKCE (#7438)

Co-authored-by: Ignacio Lozano <nacholozano@gmail.com> Co-authored-by: Vladimir Gorej <vladimir.gorej@gmail.com> Refs #6290
2022-01-26 10:56:09 +01:00
parent 64345a39f3
commit c6d8d779d0
3 changed files with 79 additions and 3 deletions
--- a/test/e2e-cypress/static/documents/features/auth-code-flow-pkce-without-secret.yaml
+++ b/test/e2e-cypress/static/documents/features/auth-code-flow-pkce-without-secret.yaml
@@ -0,0 +1,25 @@
+openapi: 3.0.0
+
+info:
+  version: "1.0"
+  title: PKCE Flow
+
+paths:
+  /:
+    get:
+      summary: dummy operation
+      responses:
+        "200":
+          description: OK
+
+components:
+  securitySchemes:
+    testAuthCodeFlow:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: /oauth/authorize
+          tokenUrl: /oauth/token
+          scopes:
+            read: read whatever you want
+            write: write whatever you want