From e578793287a3d6053a0b512c1fab4e294c2b76a1 Mon Sep 17 00:00:00 2001
From: DominikIwanek <dominik.iwanek@hyland.com>
Date: Tue, 5 Sep 2023 13:52:05 +0200
Subject: [PATCH 1/3] [ACS-5107] - Fix failing unit test on CI

---
 app/src/app.config.json                           | 2 +-
 docker/docker-entrypoint.d/30-sed-on-appconfig.sh | 4 ++--
 docs/getting-started/docker.md                    | 2 +-
 docs/getting-started/sso.md                       | 2 +-
 docs/ja/getting-started/sso.md                    | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/src/app.config.json b/app/src/app.config.json
index 6fbceff50a..630293beca 100644
--- a/app/src/app.config.json
+++ b/app/src/app.config.json
@@ -19,7 +19,7 @@
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
-    "implicitFlow": true,
+    "codeFlow": true,
     "silentLogin": true,
     "publicUrls": ["**/preview/s/*", "**/settings", "**/blank"],
     "redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
diff --git a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
index 2fd0a52568..5394af8dd0 100755
--- a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
+++ b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@@ -43,10 +43,10 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
     -i "$APP_CONFIG_FILE"
 fi
 
-if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
+if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
   echo "SET APP_CONFIG_OAUTH2_IMPLICIT_FLOW"
 
-  sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
+  sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
     -i "$APP_CONFIG_FILE"
 fi
 
diff --git a/docs/getting-started/docker.md b/docs/getting-started/docker.md
index f9d115ed8f..01de80e726 100644
--- a/docs/getting-started/docker.md
+++ b/docs/getting-started/docker.md
@@ -73,7 +73,7 @@ docker run --rm -it \
 | APP_BASE_SHARE_URL                           | `baseShareUrl`                   |
 | APP_CONFIG_OAUTH2_HOST                       | `oauth2.host`                    |
 | APP_CONFIG_OAUTH2_CLIENTID                   | `oauth2.clientId`                |
-| APP_CONFIG_OAUTH2_IMPLICIT_FLOW              | `oauth2.implicitFlow`            |
+| APP_CONFIG_OAUTH2_CODE_FLOW                  | `oauth2.codeFlow`                |
 | APP_CONFIG_OAUTH2_SILENT_LOGIN               | `oauth2.silentLogin`             |
 | APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | `oauth2.redirectSilentIframeUri` |
 | APP_CONFIG_OAUTH2_REDIRECT_LOGIN             | `oauth2.redirectUri`             |
diff --git a/docs/getting-started/sso.md b/docs/getting-started/sso.md
index c0f02b363d..18ecf92c61 100644
--- a/docs/getting-started/sso.md
+++ b/docs/getting-started/sso.md
@@ -22,7 +22,7 @@ You can find the settings in the `app.config.json` file, and they look similar t
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
-    "implicitFlow": true,
+    "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",
     "redirectUri": "/",
diff --git a/docs/ja/getting-started/sso.md b/docs/ja/getting-started/sso.md
index 203ec75b3e..e19c332a1e 100644
--- a/docs/ja/getting-started/sso.md
+++ b/docs/ja/getting-started/sso.md
@@ -23,7 +23,7 @@ Basic 認証に加えて、Content Application を以下で使用できます:
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
-    "implicitFlow": true,
+    "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",
     "redirectUri": "/",

From 32a0e1d4193e3b424cd8f4a01ef4fb0b8585d39e Mon Sep 17 00:00:00 2001
From: DominikIwanek <dominik.iwanek@hyland.com>
Date: Tue, 5 Sep 2023 13:53:53 +0200
Subject: [PATCH 2/3] [MNT-22836] - support PKCE code flow in SSO

---
 docker/docker-entrypoint.d/30-sed-on-appconfig.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
index 5394af8dd0..3956caf319 100755
--- a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
+++ b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@@ -44,7 +44,7 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
 fi
 
 if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
-  echo "SET APP_CONFIG_OAUTH2_IMPLICIT_FLOW"
+  echo "SET APP_CONFIG_OAUTH2_CODE_FLOW"
 
   sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
     -i "$APP_CONFIG_FILE"

From 1174beb6872130c4d61c5b67ade29c9a2f59077e Mon Sep 17 00:00:00 2001
From: DominikIwanek <dominik.iwanek@hyland.com>
Date: Fri, 17 Nov 2023 09:10:37 +0100
Subject: [PATCH 3/3] [MNT-22836] - support PKCE code flow in SSO

---
 app/src/app.config.json                           | 1 +
 docker/docker-entrypoint.d/30-sed-on-appconfig.sh | 7 +++++++
 docs/getting-started/docker.md                    | 1 +
 docs/getting-started/sso.md                       | 1 +
 docs/ja/getting-started/sso.md                    | 1 +
 5 files changed, 11 insertions(+)

diff --git a/app/src/app.config.json b/app/src/app.config.json
index 630293beca..d7cfd1e774 100644
--- a/app/src/app.config.json
+++ b/app/src/app.config.json
@@ -19,6 +19,7 @@
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "publicUrls": ["**/preview/s/*", "**/settings", "**/blank"],
diff --git a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
index 3956caf319..603719d4c4 100755
--- a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
+++ b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@@ -43,6 +43,13 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
     -i "$APP_CONFIG_FILE"
 fi
 
+if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
+  echo "SET APP_CONFIG_OAUTH2_IMPLICIT_FLOW"
+
+  sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
+    -i "$APP_CONFIG_FILE"
+fi
+
 if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
   echo "SET APP_CONFIG_OAUTH2_CODE_FLOW"
 
diff --git a/docs/getting-started/docker.md b/docs/getting-started/docker.md
index 01de80e726..fd8483982c 100644
--- a/docs/getting-started/docker.md
+++ b/docs/getting-started/docker.md
@@ -73,6 +73,7 @@ docker run --rm -it \
 | APP_BASE_SHARE_URL                           | `baseShareUrl`                   |
 | APP_CONFIG_OAUTH2_HOST                       | `oauth2.host`                    |
 | APP_CONFIG_OAUTH2_CLIENTID                   | `oauth2.clientId`                |
+| APP_CONFIG_OAUTH2_IMPLICIT_FLOW              | `oauth2.implicitFlow`            |
 | APP_CONFIG_OAUTH2_CODE_FLOW                  | `oauth2.codeFlow`                |
 | APP_CONFIG_OAUTH2_SILENT_LOGIN               | `oauth2.silentLogin`             |
 | APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | `oauth2.redirectSilentIframeUri` |
diff --git a/docs/getting-started/sso.md b/docs/getting-started/sso.md
index 18ecf92c61..61a6d14583 100644
--- a/docs/getting-started/sso.md
+++ b/docs/getting-started/sso.md
@@ -22,6 +22,7 @@ You can find the settings in the `app.config.json` file, and they look similar t
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",
diff --git a/docs/ja/getting-started/sso.md b/docs/ja/getting-started/sso.md
index e19c332a1e..b46076a031 100644
--- a/docs/ja/getting-started/sso.md
+++ b/docs/ja/getting-started/sso.md
@@ -23,6 +23,7 @@ Basic 認証に加えて、Content Application を以下で使用できます:
     "clientId": "alfresco",
     "scope": "openid",
     "secret": "",
+    "implicitFlow": false,
     "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "./assets/silent-refresh.html",