Skip to content

Commit 5b3140d

Browse files
lcrillylcrilly
committed
Added PKCE support
1 parent 60ea2c2 commit 5b3140d

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

configure.sh

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,11 @@ if [ $# -lt 1 ]; then
1111
echo ""
1212
echo " URL typically ends with '/openid-configuration'"
1313
echo " Options:"
14-
echo " -h | --host <server_name> # Configure for specific host (server FQDN)"
14+
echo " -h | --host <server_name> # Configure for specific host (server FQDN)"
1515
echo " -k | --auth_jwt_key <file|request> # Use auth_jwt_key_file (default) or auth_jwt_key_request"
1616
echo " -i | --client_id <id> # Client ID as obtained from OpenID Connect Provider"
1717
echo " -s | --client_secret <secret> # Client secret as obtained from OpenID Connect Provider"
18+
echo " -p | --pkce_enable # Enable PKCE for this client"
1819
echo " -x | --insecure # Do not verify IdP's SSL certificate"
1920
echo ""
2021
exit 1
@@ -25,6 +26,7 @@ fi
2526
DO_JWKS_URI=0
2627
CLIENT_ID=""
2728
CLIENT_SECRET=""
29+
PKCE=0
2830
HOSTNAME="default"
2931
SED_BAK=".ORIG"
3032
while [ $# -gt 1 ]; do
@@ -46,6 +48,10 @@ while [ $# -gt 1 ]; do
4648
CLIENT_SECRET=$2
4749
shift; shift
4850
;;
51+
"-p" | "--pkce_enable" | "--pkce-enable" | "--enable_pkce" | "--enable-pkce")
52+
PKCE=1
53+
shift
54+
;;
4955
"-h" | "--host" )
5056
HOSTNAME=$2
5157
shift; shift
@@ -129,6 +135,10 @@ if [ "$CLIENT_SECRET" != "" ]; then
129135
echo "\$oidc_client_secret $CLIENT_SECRET" >> /tmp/${COMMAND}_$$_conf
130136
fi
131137

138+
# Add PKCE configuration
139+
PKCE_ENABLE_VAR=\$oidc_pkce_enable
140+
echo "\$oidc_pkce_enable $PKCE" >> /tmp/${COMMAND}_$$_conf
141+
132142
# Fetch or configure the JWK file depending on configuration input
133143
# Also apply appropriate auth_jwt_key_ configuration directive.
134144
#
@@ -168,7 +178,7 @@ fi
168178

169179
# Loop through each configuration variable
170180
echo "$COMMAND: NOTICE: Configuring $CONFDIR/openid_connect_configuration.conf"
171-
for OIDC_VAR in \$oidc_authz_endpoint \$oidc_token_endpoint \$oidc_jwt_keyfile \$oidc_hmac_key $CLIENT_ID_VAR $CLIENT_SECRET_VAR; do
181+
for OIDC_VAR in \$oidc_authz_endpoint \$oidc_token_endpoint \$oidc_jwt_keyfile \$oidc_hmac_key $CLIENT_ID_VAR $CLIENT_SECRET_VAR $PKCE_ENABLE_VAR; do
172182
# Pull the configuration value from the intermediate file
173183
VALUE=`grep "^$OIDC_VAR " /tmp/${COMMAND}_$$_conf | cut -f2 -d' '`
174184
echo -n "$COMMAND: NOTICE: - $OIDC_VAR ..."

0 commit comments

Comments
 (0)