Skip to content

Commit

Permalink
[MNT-22836] - support PKCE code flow in SSO
Browse files Browse the repository at this point in the history
  • Loading branch information
dominikiwanekhyland committed Nov 17, 2023
1 parent d2623b1 commit 4580975
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 6 deletions.
1 change: 1 addition & 0 deletions demo-shell/src/app.config.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
"clientId": "alfresco",
"scope": "openid profile email",
"secret": "",
"implicitFlow": false,
"codeFlow": true,
"silentLogin": true,
"redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
Expand Down
5 changes: 5 additions & 0 deletions docker/docker-entrypoint.d/30-sed-on-appconfig.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
Expand Down
1 change: 1 addition & 0 deletions docker/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ docker run --rm -it \
--env APP_CONFIG_IDENTITY_HOST=$APP_CONFIG_IDENTITY_HOST \
--env APP_CONFIG_OAUTH2_HOST=$APP_CONFIG_OAUTH2_HOST \
--env APP_CONFIG_OAUTH2_CLIENTID=$APP_CONFIG_OAUTH2_CLIENTID \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_IMPLICIT_FLOW \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_CODE_FLOW \
--env APP_CONFIG_OAUTH2_SILENT_LOGIN=$APP_CONFIG_OAUTH2_SILENT_LOGIN \
--env APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI=$APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI \
Expand Down
2 changes: 1 addition & 1 deletion lib/core/src/lib/auth/oidc/auth-config.service.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ describe('AuthConfigService', () => {
const expectedConfig = {
oidc: true,
issuer: 'http://localhost:3000/auth/realms/alfresco',
redirectUri: 'http://localhost:3000/#/view/authentication-confirmation',
redirectUri: 'http://localhost:3000/#/view/authentication-confirmation/?',
silentRefreshRedirectUri: 'http://localhost:3000/assets/silent-refresh.html',
postLogoutRedirectUri: 'http://localhost:3000/#/logout',
clientId: 'fakeClientId',
Expand Down
4 changes: 2 additions & 2 deletions lib/core/src/lib/auth/oidc/auth-config.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ export class AuthConfigService {
const redirectUri = this.getRedirectUri();

const authConfig: AuthConfig = {
oidc: oauth2.codeFlow || false,
oidc: oauth2.implicitFlow || oauth2.codeFlow || false,
issuer: oauth2.host,
redirectUri,
silentRefreshRedirectUri: oauth2.redirectSilentIframeUri,
Expand Down Expand Up @@ -85,7 +85,7 @@ export class AuthConfigService {

// handle issue from the OIDC library with hashStrategy and implicitFlow, with would append &state to the url with would lead to error
// `cannot match any routes`, and displaying the wildcard ** error page
return oauth2.codeFlow && useHash ? `${redirectUri}/?` : redirectUri;
return (oauth2.codeFlow || oauth2.implicitFlow) && useHash ? `${redirectUri}/?` : redirectUri;
}

private getLocationOrigin() {
Expand Down
6 changes: 3 additions & 3 deletions lib/core/src/lib/login/components/login.component.ts
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ export class LoginComponent implements OnInit, OnDestroy {
@Output()
executeSubmit = new EventEmitter<LoginSubmitEvent>();

implicitFlow: boolean = false;
ssoLogin: boolean = false;

form: UntypedFormGroup;
isError: boolean = false;
Expand Down Expand Up @@ -155,8 +155,8 @@ export class LoginComponent implements OnInit, OnDestroy {
const oauth = this.appConfig.oauth2;
if (oauth?.silentLogin) {
this.redirectToImplicitLogin();
} else if (oauth?.implicitFlow) {
this.implicitFlow = true;
} else if (oauth?.implicitFlow || oauth?.codeFlow) {
this.ssoLogin = true;
}
}

Expand Down

0 comments on commit 4580975

Please sign in to comment.