diff --git a/dev-helpers/index.html b/dev-helpers/index.html
index 2b92c403..5d3837c7 100644
--- a/dev-helpers/index.html
+++ b/dev-helpers/index.html
@@ -59,6 +59,7 @@
scopeSeparator: " ",
scopes: "openid profile email phone address",
additionalQueryStringParams: {},
+ useBasicAuthenticationWithAccessCodeGrant: false,
usePkceWithAuthorizationCodeGrant: false
})
}
diff --git a/docker/configurator/oauth.js b/docker/configurator/oauth.js
index 46c17441..44c12236 100644
--- a/docker/configurator/oauth.js
+++ b/docker/configurator/oauth.js
@@ -31,6 +31,10 @@ const oauthBlockSchema = {
type: "object",
name: "additionalQueryStringParams"
},
+ OAUTH_USE_BASIC_AUTH: {
+ type: "boolean",
+ name: "useBasicAuthenticationWithAccessCodeGrant"
+ },
OAUTH_USE_PKCE: {
type: "boolean",
name: "usePkceWithAuthorizationCodeGrant"
diff --git a/docs/usage/oauth2.md b/docs/usage/oauth2.md
index 5e5d9657..5c14f7b5 100644
--- a/docs/usage/oauth2.md
+++ b/docs/usage/oauth2.md
@@ -10,7 +10,7 @@ appName | `OAUTH_APP_NAME` |application name, displayed in authorization popup.
scopeSeparator | `OAUTH_SCOPE_SEPARATOR` |scope separator for passing scopes, encoded before calling, default value is a space (encoded value `%20`). MUST be a string
scopes | `OAUTH_SCOPES` |string array or scope separator (i.e. space) separated string of initially selected oauth scopes, default is empty array
additionalQueryStringParams | `OAUTH_ADDITIONAL_PARAMS` |Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
-useBasicAuthenticationWithAccessCodeGrant | _Unavailable_ |Only activated for the `accessCode` flow. During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`). The default is `false`
+useBasicAuthenticationWithAccessCodeGrant | `OAUTH_USE_BASIC_AUTH` |Only activated for the `accessCode` flow. During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`). The default is `false`
usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `authorizatonCode` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false`
```javascript
@@ -25,6 +25,7 @@ ui.initOAuth({
scopeSeparator: " ",
scopes: "openid profile",
additionalQueryStringParams: {test: "hello"},
+ useBasicAuthenticationWithAccessCodeGrant: true,
usePkceWithAuthorizationCodeGrant: true
})
```
diff --git a/test/unit/docker/oauth.js b/test/unit/docker/oauth.js
index a251bdb8..6aa9bcd2 100644
--- a/test/unit/docker/oauth.js
+++ b/test/unit/docker/oauth.js
@@ -22,6 +22,7 @@ describe("docker: env translator - oauth block", function() {
OAUTH_APP_NAME: ``,
OAUTH_SCOPE_SEPARATOR: "",
OAUTH_ADDITIONAL_PARAMS: ``,
+ OAUTH_USE_BASIC_AUTH: false,
OAUTH_USE_PKCE: false
}
@@ -33,6 +34,7 @@ describe("docker: env translator - oauth block", function() {
appName: "",
scopeSeparator: "",
additionalQueryStringParams: undefined,
+ useBasicAuthenticationWithAccessCodeGrant: false,
usePkceWithAuthorizationCodeGrant: false,
})`))
})
@@ -45,6 +47,7 @@ describe("docker: env translator - oauth block", function() {
OAUTH_APP_NAME: `myAppName`,
OAUTH_SCOPE_SEPARATOR: "%21",
OAUTH_ADDITIONAL_PARAMS: `{ "a": 1234, "b": "stuff" }`,
+ OAUTH_USE_BASIC_AUTH: true,
OAUTH_USE_PKCE: true
}
@@ -56,6 +59,7 @@ describe("docker: env translator - oauth block", function() {
appName: "myAppName",
scopeSeparator: "%21",
additionalQueryStringParams: { "a": 1234, "b": "stuff" },
+ useBasicAuthenticationWithAccessCodeGrant: true,
usePkceWithAuthorizationCodeGrant: true,
})`))
})