From 70fe93db5dabdb1c45c5bd29822eb6feaee842f2 Mon Sep 17 00:00:00 2001 From: Matias Seniquiel Date: Fri, 30 Sep 2022 14:03:30 +0200 Subject: [PATCH 1/3] Hotfix- CODE_CHALLENGE instead of CODE_VERIFIER in docs --- docs/getting_started.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/getting_started.rst b/docs/getting_started.rst index 75feaa4c2..af5584b95 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -305,7 +305,7 @@ Export it as an environment variable: Now that you have the user authorization is time to get an access token:: - curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "code_verifier=${CODE_VERIFIER}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code" + curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "code_verifier=${CODE_CHALLENGE}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code" To be more easy to visualize:: @@ -316,7 +316,7 @@ To be more easy to visualize:: -d "client_id=${ID}" \ -d "client_secret=${SECRET}" \ -d "code=${CODE}" \ - -d "code_verifier=${CODE_VERIFIER}" \ + -d "code_verifier=${CODE_CHALLENGE}" \ -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" \ -d "grant_type=authorization_code" From 3f48fe25583439093708202d303768b6a07d226c Mon Sep 17 00:00:00 2001 From: Matias Seniquiel Date: Mon, 3 Oct 2022 13:19:16 +0200 Subject: [PATCH 2/3] HotFix- code_challenge_method added for authorization call in docs --- docs/getting_started.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/getting_started.rst b/docs/getting_started.rst index af5584b95..91e523794 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -275,12 +275,13 @@ Take note of ``code_challenge`` since we will include it in the code flow URL. I To start the Authorization code flow go to this `URL`_ which is the same as shown below:: - http://127.0.0.1:8000/o/authorize/?response_type=code&code_challenge=XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback + http://127.0.0.1:8000/o/authorize/?response_type=code&code_challenge=XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM&code_challenge_method=S256&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback Note the parameters we pass: * **response_type**: ``code`` * **code_challenge**: ``XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM`` +* **code_challenge_method**: ``S256`` * **client_id**: ``vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8`` * **redirect_uri**: ``http://127.0.0.1:8000/noexist/callback`` @@ -305,7 +306,7 @@ Export it as an environment variable: Now that you have the user authorization is time to get an access token:: - curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "code_verifier=${CODE_CHALLENGE}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code" + curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "code_verifier=${CODE_VERIFIER}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code" To be more easy to visualize:: @@ -316,7 +317,7 @@ To be more easy to visualize:: -d "client_id=${ID}" \ -d "client_secret=${SECRET}" \ -d "code=${CODE}" \ - -d "code_verifier=${CODE_CHALLENGE}" \ + -d "code_verifier=${CODE_VERIFIER}" \ -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" \ -d "grant_type=authorization_code" From d95d21865aac267fd5e32c4bb1d77d309b39b451 Mon Sep 17 00:00:00 2001 From: Matias Seniquiel Date: Tue, 4 Oct 2022 15:45:53 +0200 Subject: [PATCH 3/3] Fix: mandatory documentation to submit PR added --- AUTHORS | 1 + CHANGELOG.md | 3 +++ 2 files changed, 4 insertions(+) diff --git a/AUTHORS b/AUTHORS index 9b73935e9..87335bf8b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -53,6 +53,7 @@ Julien Palard Jun Zhou Kaleb Porter Kristian Rune Larsen +Matias Seniquiel Michael Howitz Paul Dekkers Paul Oswald diff --git a/CHANGELOG.md b/CHANGELOG.md index b11d7537f..3ef0a37f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +### Added +* Add 'code_challenge_method' parameter to authorization call in documentation + ### Added * Add 'code_verifier' parameter to token requests in documentation