diff --git a/config/config.go b/config/config.go index 8fa1b79b..707b44de 100644 --- a/config/config.go +++ b/config/config.go @@ -69,6 +69,7 @@ type HomerSettingServer struct { Method string `default:"GET"` ResponseType string `default:"code"` GrantType string `default:"authorization_code"` + UsePkce bool `default:"true"` UserToken string `default:"randommin43characterstringisneededasusertoken"` ServiceProviderName string `default:"google"` ServiceProviderImage string `default:""` diff --git a/controller/v1/user.go b/controller/v1/user.go index a9c768cc..054a67b4 100644 --- a/controller/v1/user.go +++ b/controller/v1/user.go @@ -421,10 +421,17 @@ func (uc *UserController) RedirecToSericeAuth(c echo.Context) error { logger.Debug("Doing URL for provider:", providerName) - u := config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue, + options := []oauth2.AuthCodeOption{ oauth2.SetAuthURLParam("response_type", config.Setting.OAUTH2_SETTINGS.ResponseType), - oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)), - oauth2.SetAuthURLParam("code_challenge_method", "S256")) + } + + if config.Setting.OAUTH2_SETTINGS.UsePkce { + options = append(options, + oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)), + oauth2.SetAuthURLParam("code_challenge_method", "S256")) + } + + u := config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue, options...) logger.Debug("RedirecToSericeAuth Redirecting URL :", u) @@ -494,7 +501,10 @@ func (uc *UserController) AuthSericeRequest(c echo.Context) error { oauth2.SetAuthURLParam("client_id", config.Setting.OAUTH2_SETTINGS.ClientID)) } - options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken)) + if config.Setting.OAUTH2_SETTINGS.UsePkce == true { + options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken)) + } + logger.Debug("Options for token exchange in AuthSericeRequest : ", options) token, err := config.Setting.MAIN_SETTINGS.OAuth2Config.Exchange(context.Background(), code, options...) diff --git a/etc/webapp_config.json b/etc/webapp_config.json index c0bfbe33..ecc6ba81 100644 --- a/etc/webapp_config.json +++ b/etc/webapp_config.json @@ -176,6 +176,7 @@ "grant_type": "authorization_code", "response_type": "code", "auth_style": 1, + "use_pkce": true, "user_token": "RandomURLSafeStringWithAMinimumLengthOf43Characters", "scope": [ "email", diff --git a/main.go b/main.go index 0556b5d8..32d7bc31 100644 --- a/main.go +++ b/main.go @@ -391,6 +391,9 @@ func configureServiceObjects() { if viper.IsSet("oauth2.response_type") { config.Setting.OAUTH2_SETTINGS.ResponseType = viper.GetString("oauth2.response_type") } + if viper.IsSet("oauth2.use_pkce") { + config.Setting.OAUTH2_SETTINGS.UsePkce = viper.GetBool("oauth2.use_pkce") + } if viper.IsSet("oauth2.user_token") { config.Setting.OAUTH2_SETTINGS.UserToken = viper.GetString("oauth2.user_token") }