Spike: Add PKCE support to invoke command

zapier · Oct 29, 2024 · 5d5dd8a · 5d5dd8a
1 parent e8b49e0
commit 5d5dd8a
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/packages/cli/src/oclif/commands/invoke.js b/packages/cli/src/oclif/commands/invoke.js
@@ -418,6 +418,7 @@ class InvokeCommand extends BaseCommand {
     startSpinner('Invoking authentication.oauth2Config.authorizeUrl');
 
     const stateParam = crypto.randomBytes(20).toString('hex');
+    const codeChallenge = crypto.randomBytes(64).toString('hex').slice(0, 43);
     let authorizeUrl = await localAppCommand({
       command: 'execute',
       method: 'authentication.oauth2Config.authorizeUrl',
@@ -426,6 +427,7 @@ class InvokeCommand extends BaseCommand {
           response_type: 'code',
           redirect_uri: redirectUri,
           state: stateParam,
+          code_challenge: codeChallenge,
         },
       },
     });
@@ -440,16 +442,19 @@ class InvokeCommand extends BaseCommand {
     endSpinner();
     startSpinner('Starting local HTTP server');
 
-    let resolveCode;
-    const codePromise = new Promise((resolve) => {
-      resolveCode = resolve;
+    let resolveParams;
+    const paramsPromise = new Promise((resolve) => {
+      resolveParams = resolve;
     });
 
     const server = http.createServer((req, res) => {
       // Parse the request URL to extract the query parameters
-      const code = new URL(req.url, redirectUri).searchParams.get('code');
+      // const code = new URL(req.url, redirectUri).searchParams.get('code');
+      const params = new URL(req.url, redirectUri).searchParams;
+      const code = params.get('code');
       if (code) {
-        resolveCode(code);
+        resolveParams(params);
+        // resolveCode(code);
         debug(`Received code '${code}' from ${req.headers.referer}`);
 
         res.writeHead(200, { 'Content-Type': 'text/plain' });
@@ -478,7 +483,7 @@ class InvokeCommand extends BaseCommand {
     const { default: open } = await import('open');
     open(authorizeUrl);
 
-    const code = await codePromise;
+    const params = await paramsPromise;
     endSpinner();
 
     startSpinner('Closing local HTTP server');
@@ -495,7 +500,8 @@ class InvokeCommand extends BaseCommand {
       method: 'authentication.oauth2Config.getAccessToken',
       bundle: {
         inputData: {
-          code,
+          code: params.get('code'),
+          code_verifier: params.get('code_verifier'),
           redirect_uri: redirectUri,
         },
       },