Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: do not ask for client secret when using auth code with PKCE (#7438
) Co-authored-by: Ignacio Lozano <nacholozano@gmail.com> Co-authored-by: Vladimir Gorej <vladimir.gorej@gmail.com> Refs #6290
- Loading branch information
Showing
3 changed files
with
79 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
test/e2e-cypress/static/documents/features/auth-code-flow-pkce-without-secret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
openapi: 3.0.0 | ||
|
||
info: | ||
version: "1.0" | ||
title: PKCE Flow | ||
|
||
paths: | ||
/: | ||
get: | ||
summary: dummy operation | ||
responses: | ||
"200": | ||
description: OK | ||
|
||
components: | ||
securitySchemes: | ||
testAuthCodeFlow: | ||
type: oauth2 | ||
flows: | ||
authorizationCode: | ||
authorizationUrl: /oauth/authorize | ||
tokenUrl: /oauth/token | ||
scopes: | ||
read: read whatever you want | ||
write: write whatever you want |
47 changes: 47 additions & 0 deletions
47
test/e2e-cypress/tests/features/auth-code-flow-pkce-without-secret.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
describe("Check client_secret for OAuth2 Authorization Code flow with and without PKCE (#6290)", () => { | ||
it("should not display client_secret field for authorization code flow with PKCE", () => { | ||
cy.visit( | ||
"/?url=/documents/features/auth-code-flow-pkce-without-secret.yaml" | ||
) | ||
.window() | ||
.then(win => { | ||
// set auth config to use PKCE | ||
let authConfigs = win.ui.authSelectors.getConfigs() | ||
win.ui.authActions.configureAuth({ | ||
...authConfigs, | ||
usePkceWithAuthorizationCodeGrant: true, | ||
}) | ||
}) | ||
.get("button.authorize") | ||
.click() | ||
.get("h4") | ||
.contains("authorizationCode with PKCE") | ||
.get(".flow") | ||
.contains("authorizationCode with PKCE") | ||
.get("#client_secret") | ||
.should("not.exist") | ||
}) | ||
|
||
it("should display client_secret field for authorization code flow without PKCE", () => { | ||
cy.visit( | ||
"/?url=/documents/features/auth-code-flow-pkce-without-secret.yaml" | ||
) | ||
.window() | ||
.then(win => { | ||
// set auth config to not use PKCE | ||
let authConfigs = win.ui.authSelectors.getConfigs() | ||
win.ui.authActions.configureAuth({ | ||
...authConfigs, | ||
usePkceWithAuthorizationCodeGrant: false, | ||
}) | ||
}) | ||
.get("button.authorize") | ||
.click() | ||
.get("h4") | ||
.contains("authorizationCode") | ||
.get(".flow") | ||
.contains("authorizationCode") | ||
.get("#client_secret") | ||
.should("exist") | ||
}) | ||
}) |