feat(docker): add OAUTH_USE_BASIC_AUTH env (#7474)

Makes the last `initOAuth` variable configurable via environment
variables in the swagger-ui docker image.

Co-authored-by: Christopher Giroir <chrisgiroir@improbable.io>
Co-authored-by: Tim Lai <timothy.lai@gmail.com>

Author: 3 people

dev-helpers/index.html

@@ -59,6 +59,7 @@
         scopeSeparator: " ",
         scopes: "openid profile email phone address",
         additionalQueryStringParams: {},
+        useBasicAuthenticationWithAccessCodeGrant: false,
         usePkceWithAuthorizationCodeGrant: false
       })
     }

docker/configurator/oauth.js

@@ -31,6 +31,10 @@ const oauthBlockSchema = {
     type: "object",
     name: "additionalQueryStringParams"
   },
+  OAUTH_USE_BASIC_AUTH: {
+    type: "boolean",
+    name: "useBasicAuthenticationWithAccessCodeGrant"
+  },
   OAUTH_USE_PKCE: {
     type: "boolean",
     name: "usePkceWithAuthorizationCodeGrant"

docs/usage/oauth2.md

@@ -10,7 +10,7 @@ appName | `OAUTH_APP_NAME` |application name, displayed in authorization popup.
 scopeSeparator | `OAUTH_SCOPE_SEPARATOR` |scope separator for passing scopes, encoded before calling, default value is a space (encoded value `%20`). MUST be a string
 scopes | `OAUTH_SCOPES` |string array or scope separator (i.e. space) separated string of initially selected oauth scopes, default is empty array
 additionalQueryStringParams | `OAUTH_ADDITIONAL_PARAMS` |Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
-useBasicAuthenticationWithAccessCodeGrant | _Unavailable_ |Only activated for the `accessCode` flow.  During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`).  The default is `false`
+useBasicAuthenticationWithAccessCodeGrant | `OAUTH_USE_BASIC_AUTH` |Only activated for the `accessCode` flow.  During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encode(client_id + client_secret)`).  The default is `false`
 usePkceWithAuthorizationCodeGrant | `OAUTH_USE_PKCE` | Only applies to `authorizatonCode` flows. [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636) brings enhanced security for OAuth public clients. The default is `false`
 
 ```javascript
@@ -25,6 +25,7 @@ ui.initOAuth({
     scopeSeparator: " ",
     scopes: "openid profile",
     additionalQueryStringParams: {test: "hello"},
+    useBasicAuthenticationWithAccessCodeGrant: true,
     usePkceWithAuthorizationCodeGrant: true
   })
 ```

test/unit/docker/oauth.js

@@ -22,6 +22,7 @@ describe("docker: env translator - oauth block", function() {
       OAUTH_APP_NAME: ``,
       OAUTH_SCOPE_SEPARATOR: "",
       OAUTH_ADDITIONAL_PARAMS: ``,
+      OAUTH_USE_BASIC_AUTH: false,
       OAUTH_USE_PKCE: false
     }
 
@@ -33,6 +34,7 @@ describe("docker: env translator - oauth block", function() {
       appName: "",
       scopeSeparator: "",
       additionalQueryStringParams: undefined,
+      useBasicAuthenticationWithAccessCodeGrant: false,
       usePkceWithAuthorizationCodeGrant: false,
     })`))
   })
@@ -45,6 +47,7 @@ describe("docker: env translator - oauth block", function() {
       OAUTH_APP_NAME: `myAppName`,
       OAUTH_SCOPE_SEPARATOR: "%21",
       OAUTH_ADDITIONAL_PARAMS: `{ "a": 1234, "b": "stuff" }`,
+      OAUTH_USE_BASIC_AUTH: true,
       OAUTH_USE_PKCE: true
     }
 
@@ -56,6 +59,7 @@ describe("docker: env translator - oauth block", function() {
       appName: "myAppName",
       scopeSeparator: "%21",
       additionalQueryStringParams: { "a": 1234, "b": "stuff" },
+      useBasicAuthenticationWithAccessCodeGrant: true,
       usePkceWithAuthorizationCodeGrant: true,
     })`))
   })