[MNT-22836] - support of pkce o auth grant type by aims (#3422)

* [MNT-22836] - support PKCE code flow in SSO
2025-05-12 17:04:46 +00:00 · 2023-11-21 15:02:24 +01:00 · 2023-11-21 15:02:24 +01:00 · 207410c44c
commit 207410c44c
parent 23957d7999
5 changed files with 14 additions and 3 deletions
--- a/app/src/app.config.json
+++ b/app/src/app.config.json
@ -19,7 +19,8 @@
    "clientId": "alfresco",
    "scope": "openid",
    "secret": "",
-    "implicitFlow": true,
+    "implicitFlow": false,
+    "codeFlow": true,
    "silentLogin": true,
    "publicUrls": ["**/preview/s/*", "**/settings", "**/blank"],
    "redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
--- a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
+++ b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@ -50,6 +50,13 @@ if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
    -i "$APP_CONFIG_FILE"
 fi

+if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
+  echo "SET APP_CONFIG_OAUTH2_CODE_FLOW"
+
+  sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
+    -i "$APP_CONFIG_FILE"
+fi
+
 if [ -n "${APP_CONFIG_OAUTH2_SILENT_LOGIN}" ]; then
  echo "SET APP_CONFIG_OAUTH2_SILENT_LOGIN"

--- a/docs/getting-started/docker.md
+++ b/docs/getting-started/docker.md
@ -74,6 +74,7 @@ docker run --rm -it \
 | APP_CONFIG_OAUTH2_HOST                       | `oauth2.host`                    |
 | APP_CONFIG_OAUTH2_CLIENTID                   | `oauth2.clientId`                |
 | APP_CONFIG_OAUTH2_IMPLICIT_FLOW              | `oauth2.implicitFlow`            |
+| APP_CONFIG_OAUTH2_CODE_FLOW                  | `oauth2.codeFlow`                |
 | APP_CONFIG_OAUTH2_SILENT_LOGIN               | `oauth2.silentLogin`             |
 | APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | `oauth2.redirectSilentIframeUri` |
 | APP_CONFIG_OAUTH2_REDIRECT_LOGIN             | `oauth2.redirectUri`             |
--- a/docs/getting-started/sso.md
+++ b/docs/getting-started/sso.md
@ -22,7 +22,8 @@ You can find the settings in the `app.config.json` file, and they look similar t
    "clientId": "alfresco",
    "scope": "openid",
    "secret": "",
-    "implicitFlow": true,
+    "implicitFlow": false,
+    "codeFlow": true,
    "silentLogin": true,
    "redirectSilentIframeUri": "./assets/silent-refresh.html",
    "redirectUri": "/",
--- a/docs/ja/getting-started/sso.md
+++ b/docs/ja/getting-started/sso.md
@ -23,7 +23,8 @@ Basic 認証に加えて、Content Application を以下で使用できます:
    "clientId": "alfresco",
    "scope": "openid",
    "secret": "",
-    "implicitFlow": true,
+    "implicitFlow": false,
+    "codeFlow": true,
    "silentLogin": true,
    "redirectSilentIframeUri": "./assets/silent-refresh.html",
    "redirectUri": "/",