[MNT-22836] - support PKCE code flow in SSO

Alfresco · Nov 17, 2023 · 8028d70 · 8028d70
1 parent 99d3e08
commit 8028d70
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 0 deletions.
diff --git a/app/src/app.config.json b/app/src/app.config.json
@@ -19,6 +19,7 @@
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "publicUrls": ["**/preview/s/*", "**/settings", "**/blank"],

diff --git a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@@ -43,6 +43,13 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
     -i "$APP_CONFIG_FILE"
 fi
 
+if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
+  echo "SET APP_CONFIG_OAUTH2_IMPLICIT_FLOW"
+
+  sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
+    -i "$APP_CONFIG_FILE"
+fi
+
 if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
   echo "SET APP_CONFIG_OAUTH2_CODE_FLOW"
 

diff --git a/docs/getting-started/docker.md b/docs/getting-started/docker.md
@@ -73,6 +73,7 @@ docker run --rm -it \
 | APP_BASE_SHARE_URL                           | `baseShareUrl`                   |
 | APP_CONFIG_OAUTH2_HOST                       | `oauth2.host`                    |
 | APP_CONFIG_OAUTH2_CLIENTID                   | `oauth2.clientId`                |
+| APP_CONFIG_OAUTH2_IMPLICIT_FLOW              | `oauth2.implicitFlow`            |
 | APP_CONFIG_OAUTH2_CODE_FLOW                  | `oauth2.codeFlow`                |
 | APP_CONFIG_OAUTH2_SILENT_LOGIN               | `oauth2.silentLogin`             |
 | APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | `oauth2.redirectSilentIframeUri` |

diff --git a/docs/getting-started/sso.md b/docs/getting-started/sso.md
@@ -22,6 +22,7 @@ You can find the settings in the `app.config.json` file, and they look similar t
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",

diff --git a/docs/ja/getting-started/sso.md b/docs/ja/getting-started/sso.md
@@ -23,6 +23,7 @@ Basic 認証に加えて、Content Application を以下で使用できます:
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",