Skip to content

Commit

Permalink
[MNT-22836] - support PKCE code flow in SSO
Browse files Browse the repository at this point in the history
  • Loading branch information
dominikiwanekhyland committed Nov 17, 2023
1 parent cf62196 commit d2623b1
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 17 deletions.
2 changes: 1 addition & 1 deletion demo-shell/src/app.config.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"clientId": "alfresco",
"scope": "openid profile email",
"secret": "",
"implicitFlow": true,
"codeFlow": true,
"silentLogin": true,
"redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
"redirectUri": "/",
Expand Down
4 changes: 2 additions & 2 deletions docker/docker-entrypoint.d/30-sed-on-appconfig.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

Expand Down
2 changes: 1 addition & 1 deletion docker/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ docker run --rm -it \
--env APP_CONFIG_IDENTITY_HOST=$APP_CONFIG_IDENTITY_HOST \
--env APP_CONFIG_OAUTH2_HOST=$APP_CONFIG_OAUTH2_HOST \
--env APP_CONFIG_OAUTH2_CLIENTID=$APP_CONFIG_OAUTH2_CLIENTID \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_IMPLICIT_FLOW \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_CODE_FLOW \
--env APP_CONFIG_OAUTH2_SILENT_LOGIN=$APP_CONFIG_OAUTH2_SILENT_LOGIN \
--env APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI=$APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI \
--env APP_CONFIG_BPM_HOST=$APP_CONFIG_BPM_HOST \
Expand Down
6 changes: 3 additions & 3 deletions lib/core/src/lib/auth/oidc/auth-config.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import { Inject, Injectable } from '@angular/core';
import { AuthConfig } from 'angular-oauth2-oidc';
import { take } from 'rxjs/operators';
import { AppConfigService } from '../../app-config/app-config.service';
import { AuthModuleConfig, AUTH_MODULE_CONFIG } from './auth-config';
import { AUTH_MODULE_CONFIG, AuthModuleConfig } from './auth-config';

/**
* Create auth configuration factory
Expand Down Expand Up @@ -55,7 +55,7 @@ export class AuthConfigService {
const redirectUri = this.getRedirectUri();

const authConfig: AuthConfig = {
oidc: oauth2.implicitFlow || oauth2.codeFlow || false,
oidc: oauth2.codeFlow || false,
issuer: oauth2.host,
redirectUri,
silentRefreshRedirectUri: oauth2.redirectSilentIframeUri,
Expand Down Expand Up @@ -85,7 +85,7 @@ export class AuthConfigService {

// handle issue from the OIDC library with hashStrategy and implicitFlow, with would append &state to the url with would lead to error
// `cannot match any routes`, and displaying the wildcard ** error page
return oauth2.implicitFlow && useHash ? `${redirectUri}/?` : redirectUri;
return oauth2.codeFlow && useHash ? `${redirectUri}/?` : redirectUri;
}

private getLocationOrigin() {
Expand Down
16 changes: 8 additions & 8 deletions lib/core/src/lib/login/components/login.component.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="adf-ie11FixerChild">

<mat-card class="adf-login-card-wide">
<form
<form
id="adf-login-form"
[formGroup]="form"
autocomplete="off"
Expand All @@ -12,13 +12,13 @@
<mat-card-title>
<div class="adf-alfresco-logo">
<!--HEADER TEMPLATE-->
<ng-template
<ng-template
*ngIf="headerTemplate"
ngFor
[ngForOf]="[data]"
[ngForTemplate]="headerTemplate">
</ng-template>
<img
<img
*ngIf="!headerTemplate"
id="adf-login-img-logo"
class="adf-img-logo"
Expand All @@ -44,10 +44,10 @@
</div>
</div>

<div *ngIf="!implicitFlow">
<div *ngIf="!ssoLogin">

<!--USERNAME FIELD-->
<div
<div
class="adf-login__field"
[ngClass]="{'adf-is-invalid': isErrorStyle(form.controls.username)}">
<mat-form-field
Expand Down Expand Up @@ -137,14 +137,14 @@
class="adf-login-button-label">
{{'LOGIN.BUTTON.LOGIN' | translate }}
</span>
<div
<div
*ngIf="actualLoginStep === LoginSteps.Checking"
class="adf-interactive-login-label">
<span class="adf-login-button-label">
{{ 'LOGIN.BUTTON.CHECKING' | translate}}
</span>
<div class="adf-login-spinner-container">
<mat-spinner
<mat-spinner
id="checking-spinner"
class="adf-login-checking-spinner"
[diameter]="25">
Expand All @@ -169,7 +169,7 @@
</mat-checkbox>
</div>
</div>
<div *ngIf="implicitFlow">
<div *ngIf="ssoLogin">
<button
type="button"
(click)="implicitLogin()"
Expand Down
4 changes: 2 additions & 2 deletions lib/core/src/lib/login/components/login.component.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -721,7 +721,7 @@ describe('LoginComponent', () => {
fixture.detectChanges();

fixture.whenStable().then(() => {
expect(component.implicitFlow).toBe(false);
expect(component.ssoLogin).toBe(false);
expect(component.redirectToImplicitLogin).toHaveBeenCalled();
});

Expand All @@ -734,7 +734,7 @@ describe('LoginComponent', () => {
fixture.detectChanges();

fixture.whenStable().then(() => {
expect(component.implicitFlow).toBe(true);
expect(component.ssoLogin).toBe(true);
});

}));
Expand Down

0 comments on commit d2623b1

Please sign in to comment.