From 1f4a0a88fa105595587f8cf7db51456196a76edd Mon Sep 17 00:00:00 2001
From: Vladysl <45620393+Vladysl@users.noreply.github.com>
Date: Wed, 7 Feb 2024 15:39:25 +0200
Subject: [PATCH] 1606 - added support of PKCE for OAuth2 (#1611)

---
 .../oddplatform/auth/ODDOAuth2Properties.java        |  1 +
 .../auth/ODDOAuth2PropertiesConverter.java           | 12 +++++++++++-
 odd-platform-api/src/main/resources/application.yml  |  1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java b/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java
index 0776513de..2be8e2c43 100644
--- a/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java
+++ b/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2Properties.java
@@ -49,5 +49,6 @@ public static class OAuth2Provider {
         private Set<String> adminPrincipals;
         private String organizationName;
         private String allowedDomain;
+        private Boolean pkce;
     }
 }
diff --git a/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java b/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java
index 918722764..7ccb8549c 100644
--- a/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java
+++ b/odd-platform-api/src/main/java/org/opendatadiscovery/oddplatform/auth/ODDOAuth2PropertiesConverter.java
@@ -1,8 +1,10 @@
 package org.opendatadiscovery.oddplatform.auth;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 public final class ODDOAuth2PropertiesConverter {
 
@@ -14,11 +16,19 @@ public static OAuth2ClientProperties convertOddProperties(final ODDOAuth2Propert
         properties.getClient().forEach((key, provider) -> {
             final OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
             registration.setClientId(provider.getClientId());
-            registration.setClientSecret(provider.getClientSecret());
+
+            if (BooleanUtils.isTrue(provider.getPkce()) && StringUtils.isBlank(provider.getClientSecret())) {
+                registration.setClientAuthenticationMethod(ClientAuthenticationMethod.NONE.getValue());
+            } else {
+                registration.setClientSecret(provider.getClientSecret());
+            }
+
             if (StringUtils.isNotEmpty(provider.getClientName())) {
                 registration.setClientName(provider.getClientName());
             }
+
             registration.setScope(provider.getScope());
+
             if (StringUtils.isNotEmpty(provider.getRedirectUri())) {
                 registration.setRedirectUri(provider.getRedirectUri());
             }
diff --git a/odd-platform-api/src/main/resources/application.yml b/odd-platform-api/src/main/resources/application.yml
index dd05d2cfb..f1f386e9d 100644
--- a/odd-platform-api/src/main/resources/application.yml
+++ b/odd-platform-api/src/main/resources/application.yml
@@ -113,6 +113,7 @@ auth:
 #        user-name-attribute:
 #        admin-attribute:
 #        admin-principals:
+#        pkce:
 #      azure:
 #        provider: 'azure'
 #        client-id: