From c756bcf6552f03c2b0416d43b7fcde59759108fc Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Tue, 9 Jun 2020 16:02:30 +0000 Subject: [PATCH 1/6] Added code verifier as a parameter. This allows using PKCE with the client libs. --- src/main/api/exchangeOAuthCodeForAccessToken.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main/api/exchangeOAuthCodeForAccessToken.json b/src/main/api/exchangeOAuthCodeForAccessToken.json index c24c3526..64d48f9a 100644 --- a/src/main/api/exchangeOAuthCodeForAccessToken.json +++ b/src/main/api/exchangeOAuthCodeForAccessToken.json @@ -51,6 +51,14 @@ ], "type": "form", "javaType": "String" + }, + { + "name": "code_verifier", + "comments": [ + "(Optional) The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows your OAuth provider to authenticate your app." + ], + "type": "form", + "javaType": "String" } ] -} \ No newline at end of file +} From 7a2b774cceacb5e42a0022702ac12c6682d216ba Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Wed, 10 Jun 2020 15:41:21 +0000 Subject: [PATCH 2/6] Revert "Added code verifier as a parameter." This reverts commit c756bcf6552f03c2b0416d43b7fcde59759108fc. --- src/main/api/exchangeOAuthCodeForAccessToken.json | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/main/api/exchangeOAuthCodeForAccessToken.json b/src/main/api/exchangeOAuthCodeForAccessToken.json index 64d48f9a..c24c3526 100644 --- a/src/main/api/exchangeOAuthCodeForAccessToken.json +++ b/src/main/api/exchangeOAuthCodeForAccessToken.json @@ -51,14 +51,6 @@ ], "type": "form", "javaType": "String" - }, - { - "name": "code_verifier", - "comments": [ - "(Optional) The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows your OAuth provider to authenticate your app." - ], - "type": "form", - "javaType": "String" } ] -} +} \ No newline at end of file From 6c23f4c7af97b890c2c21b068c682fd3fb95c53b Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Wed, 10 Jun 2020 15:41:45 +0000 Subject: [PATCH 3/6] Added code verifier as a parameter. This allows using PKCE with the client libs. --- ...hangeOAuthCodeForAccessTokenUsingPKCE.json | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json diff --git a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json new file mode 100644 index 00000000..64d48f9a --- /dev/null +++ b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json @@ -0,0 +1,64 @@ +{ + "uri": "/oauth2/token", + "comments": [ + "Exchanges an OAuth authorization code for an access token.", + "If you will be using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token." + ], + "method": "post", + "methodName": "exchangeOAuthCodeForAccessToken", + "successResponse": "AccessToken", + "errorResponse": "OAuthError", + "anonymous": true, + "params": [ + { + "name": "code", + "comments": [ + "The authorization code returned on the /oauth2/authorize response." + ], + "type": "form", + "javaType": "String" + }, + { + "name": "client_id", + "comments": [ + "(Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided." + ], + "type": "form", + "javaType": "String" + }, + { + "name": "client_secret", + "comments": [ + "(Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header." + ], + "type": "form", + "javaType": "String" + }, + { + "name": "grant_type", + "comments": [ + "The grant type to be used. This value must be set to authorization_code" + ], + "type": "form", + "javaType": "String", + "constant": true, + "value": "authorization_code" + }, + { + "name": "redirect_uri", + "comments": [ + "The URI to redirect to upon a successful request." + ], + "type": "form", + "javaType": "String" + }, + { + "name": "code_verifier", + "comments": [ + "(Optional) The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows your OAuth provider to authenticate your app." + ], + "type": "form", + "javaType": "String" + } + ] +} From e0dc757954d2d0780fa805d69f0104615b7aecf5 Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Wed, 10 Jun 2020 15:43:49 +0000 Subject: [PATCH 4/6] Tweaked the comment on the code_verifier parameter. --- src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json index 64d48f9a..fd418911 100644 --- a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json +++ b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json @@ -55,7 +55,7 @@ { "name": "code_verifier", "comments": [ - "(Optional) The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows your OAuth provider to authenticate your app." + "The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows the OAuth provider to authenticate your app." ], "type": "form", "javaType": "String" From ea09c68a340d0fa2ac4d7a61157bcf48b7b1f58b Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Thu, 5 Nov 2020 14:51:04 -0700 Subject: [PATCH 5/6] Feedback from Daniel. Also made the comments better. --- src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json index fd418911..fad9ceff 100644 --- a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json +++ b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json @@ -2,10 +2,10 @@ "uri": "/oauth2/token", "comments": [ "Exchanges an OAuth authorization code for an access token.", - "If you will be using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token." + "If using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token." ], "method": "post", - "methodName": "exchangeOAuthCodeForAccessToken", + "methodName": "exchangeOAuthCodeForAccessTokenUsingPKCE", "successResponse": "AccessToken", "errorResponse": "OAuthError", "anonymous": true, @@ -55,7 +55,7 @@ { "name": "code_verifier", "comments": [ - "The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows the OAuth provider to authenticate your app." + "The random string generated previously. Will be compared with the code_challenge sent previously, which allows the OAuth provider to authenticate your app." ], "type": "form", "javaType": "String" From 309f7ec927eb215720c77a9775b16b7a428c0e5f Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Thu, 5 Nov 2020 15:11:03 -0700 Subject: [PATCH 6/6] Improve comments. No need to mention the authorization code grant. If you are using this method, you know you are using this grant. Also made it clear what the difference is in the first comment between the two similarly named methods. --- src/main/api/exchangeOAuthCodeForAccessToken.json | 4 ++-- src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/api/exchangeOAuthCodeForAccessToken.json b/src/main/api/exchangeOAuthCodeForAccessToken.json index ee0b298d..e5ab59c8 100644 --- a/src/main/api/exchangeOAuthCodeForAccessToken.json +++ b/src/main/api/exchangeOAuthCodeForAccessToken.json @@ -2,7 +2,7 @@ "uri": "/oauth2/token", "comments": [ "Exchanges an OAuth authorization code for an access token.", - "If you will be using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token." + "Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token." ], "method": "post", "methodName": "exchangeOAuthCodeForAccessToken", @@ -53,4 +53,4 @@ "javaType": "String" } ] -} \ No newline at end of file +} diff --git a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json index fad9ceff..4efa624f 100644 --- a/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json +++ b/src/main/api/exchangeOAuthCodeForAccessTokenUsingPKCE.json @@ -1,8 +1,8 @@ { "uri": "/oauth2/token", "comments": [ - "Exchanges an OAuth authorization code for an access token.", - "If using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token." + "Exchanges an OAuth authorization code and code_verifier for an access token.", + "Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token." ], "method": "post", "methodName": "exchangeOAuthCodeForAccessTokenUsingPKCE",