Skip to content

Commit

Permalink
Enables optional handling of PKCE
Browse files Browse the repository at this point in the history
  • Loading branch information
skyreginag committed Oct 2, 2024
1 parent 87b8ec6 commit e098204
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 5 deletions.
1 change: 1 addition & 0 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ type HomerSettingServer struct {
Method string `default:"GET"`
ResponseType string `default:"code"`
GrantType string `default:"authorization_code"`
UsePkce bool `default:"true"`
UserToken string `default:"randommin43characterstringisneededasusertoken"`
ServiceProviderName string `default:"google"`
ServiceProviderImage string `default:""`
Expand Down
19 changes: 14 additions & 5 deletions controller/v1/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -421,10 +421,16 @@ func (uc *UserController) RedirecToSericeAuth(c echo.Context) error {

logger.Debug("Doing URL for provider:", providerName)

u := config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue,
oauth2.SetAuthURLParam("response_type", config.Setting.OAUTH2_SETTINGS.ResponseType),
oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)),
oauth2.SetAuthURLParam("code_challenge_method", "S256"))
u := ""
if config.Setting.OAUTH2_SETTINGS.UsePkce == true {
u = config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue,
oauth2.SetAuthURLParam("response_type", config.Setting.OAUTH2_SETTINGS.ResponseType),
oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)),
oauth2.SetAuthURLParam("code_challenge_method", "S256"))
} else {
u = config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue,
oauth2.SetAuthURLParam("response_type", config.Setting.OAUTH2_SETTINGS.ResponseType))
}

logger.Debug("RedirecToSericeAuth Redirecting URL :", u)

Expand Down Expand Up @@ -494,7 +500,10 @@ func (uc *UserController) AuthSericeRequest(c echo.Context) error {
oauth2.SetAuthURLParam("client_id", config.Setting.OAUTH2_SETTINGS.ClientID))
}

options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken))
if config.Setting.OAUTH2_SETTINGS.UsePkce == true {
options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken))
}

logger.Debug("Options for token exchange in AuthSericeRequest : ", options)

token, err := config.Setting.MAIN_SETTINGS.OAuth2Config.Exchange(context.Background(), code, options...)
Expand Down
1 change: 1 addition & 0 deletions etc/webapp_config.json
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@
"grant_type": "authorization_code",
"response_type": "code",
"auth_style": 1,
"use_pkce": true,
"user_token": "RandomURLSafeStringWithAMinimumLengthOf43Characters",
"scope": [
"email",
Expand Down
3 changes: 3 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,9 @@ func configureServiceObjects() {
if viper.IsSet("oauth2.response_type") {
config.Setting.OAUTH2_SETTINGS.ResponseType = viper.GetString("oauth2.response_type")
}
if viper.IsSet("oauth2.use_pkce") {
config.Setting.OAUTH2_SETTINGS.UsePkce = viper.GetBool("oauth2.use_pkce")
}
if viper.IsSet("oauth2.user_token") {
config.Setting.OAUTH2_SETTINGS.UserToken = viper.GetString("oauth2.user_token")
}
Expand Down

0 comments on commit e098204

Please sign in to comment.