Merge pull request #569 from edgar89/feature-opt-pkce

Enables optional handling of PKCE
sipcapture · Oct 2, 2024 · 86e89e2 · 86e89e2
2 parents 87b8ec6 + adcaf83
commit 86e89e2
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/config/config.go b/config/config.go
@@ -69,6 +69,7 @@ type HomerSettingServer struct {
 		Method               string   `default:"GET"`
 		ResponseType         string   `default:"code"`
 		GrantType            string   `default:"authorization_code"`
+		UsePkce              bool     `default:"true"`
 		UserToken            string   `default:"randommin43characterstringisneededasusertoken"`
 		ServiceProviderName  string   `default:"google"`
 		ServiceProviderImage string   `default:""`

diff --git a/controller/v1/user.go b/controller/v1/user.go
@@ -421,10 +421,17 @@ func (uc *UserController) RedirecToSericeAuth(c echo.Context) error {
 
 	logger.Debug("Doing URL for provider:", providerName)
 
-	u := config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue,
+	options := []oauth2.AuthCodeOption{
 		oauth2.SetAuthURLParam("response_type", config.Setting.OAUTH2_SETTINGS.ResponseType),
-		oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)),
-		oauth2.SetAuthURLParam("code_challenge_method", "S256"))
+	}
+
+	if config.Setting.OAUTH2_SETTINGS.UsePkce {
+		options = append(options,
+			oauth2.SetAuthURLParam("code_challenge", heputils.GenCodeChallengeS256(config.Setting.OAUTH2_SETTINGS.UserToken)),
+			oauth2.SetAuthURLParam("code_challenge_method", "S256"))
+	}
+
+	u := config.Setting.MAIN_SETTINGS.OAuth2Config.AuthCodeURL(config.Setting.OAUTH2_SETTINGS.StateValue, options...)
 
 	logger.Debug("RedirecToSericeAuth Redirecting URL :", u)
 
@@ -494,7 +501,10 @@ func (uc *UserController) AuthSericeRequest(c echo.Context) error {
 			oauth2.SetAuthURLParam("client_id", config.Setting.OAUTH2_SETTINGS.ClientID))
 	}
 
-	options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken))
+	if config.Setting.OAUTH2_SETTINGS.UsePkce == true {
+		options = append(options, oauth2.SetAuthURLParam("code_verifier", config.Setting.OAUTH2_SETTINGS.UserToken))
+	}
+
 	logger.Debug("Options for token exchange in AuthSericeRequest : ", options)
 
 	token, err := config.Setting.MAIN_SETTINGS.OAuth2Config.Exchange(context.Background(), code, options...)

diff --git a/etc/webapp_config.json b/etc/webapp_config.json
@@ -176,6 +176,7 @@
         "grant_type": "authorization_code",
         "response_type": "code",
         "auth_style": 1,
+        "use_pkce": true,
         "user_token": "RandomURLSafeStringWithAMinimumLengthOf43Characters",
         "scope": [
             "email",

diff --git a/main.go b/main.go
@@ -391,6 +391,9 @@ func configureServiceObjects() {
 	if viper.IsSet("oauth2.response_type") {
 		config.Setting.OAUTH2_SETTINGS.ResponseType = viper.GetString("oauth2.response_type")
 	}
+	if viper.IsSet("oauth2.use_pkce") {
+		config.Setting.OAUTH2_SETTINGS.UsePkce = viper.GetBool("oauth2.use_pkce")
+	}
 	if viper.IsSet("oauth2.user_token") {
 		config.Setting.OAUTH2_SETTINGS.UserToken = viper.GetString("oauth2.user_token")
 	}