1606 - added support of PKCE for OAuth2 (#1611)

opendatadiscovery · Feb 7, 2024 · 1f4a0a8 · 1f4a0a8
1 parent 256ee82
commit 1f4a0a8
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/...latform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java b/...latform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java
@@ -49,5 +49,6 @@ public static class OAuth2Provider {
         private Set<String> adminPrincipals;
         private String organizationName;
         private String allowedDomain;
+        private Boolean pkce;
     }
 }
diff --git a/...pi/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java b/...pi/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java
@@ -1,8 +1,10 @@
 package org.opendatadiscovery.oddplatform.auth;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 public final class ODDOAuth2PropertiesConverter {
 
@@ -14,11 +16,19 @@ public static OAuth2ClientProperties convertOddProperties(final ODDOAuth2Propert
         properties.getClient().forEach((key, provider) -> {
             final OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
             registration.setClientId(provider.getClientId());
-            registration.setClientSecret(provider.getClientSecret());
+
+            if (BooleanUtils.isTrue(provider.getPkce()) && StringUtils.isBlank(provider.getClientSecret())) {
+                registration.setClientAuthenticationMethod(ClientAuthenticationMethod.NONE.getValue());
+            } else {
+                registration.setClientSecret(provider.getClientSecret());
+            }
+
             if (StringUtils.isNotEmpty(provider.getClientName())) {
                 registration.setClientName(provider.getClientName());
             }
+
             registration.setScope(provider.getScope());
+
             if (StringUtils.isNotEmpty(provider.getRedirectUri())) {
                 registration.setRedirectUri(provider.getRedirectUri());
             }

diff --git a/odd-platform-api/src/main/resources/application.yml b/odd-platform-api/src/main/resources/application.yml
@@ -113,6 +113,7 @@ auth:
 #        user-name-attribute:
 #        admin-attribute:
 #        admin-principals:
+#        pkce:
 #      azure:
 #        provider: 'azure'
 #        client-id: