From 787f6cfc071be0559f690697d6354b91217bd5e3 Mon Sep 17 00:00:00 2001
From: Andreas Falk <andreas.falk@novatec-gmbh.de>
Date: Thu, 6 Jan 2022 17:37:41 +0100
Subject: [PATCH] Use PKCE instead of client secret

---
 README.md                                      | 6 +++---
 solution/ui/src/main/resources/application.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 05f3f7a..f40a149 100755
--- a/README.md
+++ b/README.md
@@ -560,8 +560,8 @@ identity provider.
   identity provider.
 * The property ```spring.security.oauth2.client.registration.auth0.client-id``` specifies 
 the _client id_ as it is has been registered at the _Auth0_ identity provider.
-* The property ```spring.security.oauth2.client.registration.auth0.client-secret``` specifies 
-the _client secret_ to authorize the application to act as a registered at the _Auth0_ identity provider.
+* The property ```spring.security.oauth2.client.registration.auth0.clientAuthenticationMethod``` specifies 
+the authentication method to use when calling the token endpoint at the _Auth0_ identity provider. The value of _NONE_ specifies that no _client_secret_ is specified, instead the dynamic _Proof Key for Key Exchange (PKCE)_ is used instead. 
 * The property ```spring.security.oauth2.client.registration.auth0.authorizationGrantType``` specifies 
 which OAuth2/OIDC grant flow should be used for the client.
 * The property ```spring.security.oauth2.client.registration.auth0.redirect-uri``` specifies 
@@ -585,8 +585,8 @@ spring:
         registration:
           auth0:
             client-id: 'v13BSQLEZnw4N96V36dDdsGRd022isKe'
-            client-secret: 'Rf9cHEZge0LLbMsAPIEDPhdVZ4OeDFU-DSxfcacUh2lvxuzYGmYLaH54ZX1-cmNL'
             authorizationGrantType: authorization_code
+            clientAuthenticationMethod: NONE
             redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
             scope:
               - openid
diff --git a/solution/ui/src/main/resources/application.yml b/solution/ui/src/main/resources/application.yml
index e848f67..f6feead 100755
--- a/solution/ui/src/main/resources/application.yml
+++ b/solution/ui/src/main/resources/application.yml
@@ -13,8 +13,8 @@ spring:
         registration:
           auth0:
             client-id: 'v13BSQLEZnw4N96V36dDdsGRd022isKe'
-            client-secret: 'Rf9cHEZge0LLbMsAPIEDPhdVZ4OeDFU-DSxfcacUh2lvxuzYGmYLaH54ZX1-cmNL'
             authorizationGrantType: authorization_code
+            clientAuthenticationMethod: NONE
             redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
             scope:
               - openid