Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions Project/Sources/Classes/OAuth2Provider.4dm
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ property loginHint : Text
property prompt : Text
property clientEmail : Text // clientMail used by Google services account used
property privateKey : Text // privateKey may be used used to sign JWT token
property privateKeyId : Text // Private key ID (kid in JWT header) used by Google service accounts
property PKCEEnabled : Boolean // if true, PKCE is used for OAuth 2.0 authentication and token requests (false by default)
property PKCEMethod : Text // If S256: code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))), if Plain: code_challenge = code_verifier (S256 by default)

Expand Down Expand Up @@ -65,6 +66,7 @@ Class constructor($inParams : Object)
* - `prompt` {Text} — `"none"`, `"consent"`, or `"select_account"`
* - `clientEmail` {Text} — Service account email (Google service accounts)
* - `privateKey` {Text} — PEM private key for JWT signing
* - `privateKeyId` {Text} — Private key ID from service account JSON (sets `kid` in JWT header)
* - `thumbprint` {Text} — Certificate thumbprint hex string (sets `x5t` in JWT)
* - `clientAssertionType` {Text} — Overrides default assertion type URI
* - `PKCEEnabled` {Boolean} — Enable PKCE (default `False`)
Expand Down Expand Up @@ -236,6 +238,12 @@ Class constructor($inParams : Object)
*/
This.privateKey:=String($inParams.privateKey)

/*
privateKeyId used for Google services account in JWT header (kid field)
Founds in the service account JSON file as "private_key_id"
*/
This.privateKeyId:=String($inParams.privateKeyId)

/*
_grantType used in Service mode to determine if we use a JWT or client_credentials
If empty value is "urn:ietf:params:oauth:grant-type:jwt-bearer" for Google services,
Expand Down Expand Up @@ -735,6 +743,9 @@ Function _getToken_Service() : Object
: (This._useJWTBearer())

$options:={header: {alg: "RS256"; typ: "JWT"}}
If (Length(String(This.privateKeyId))>0)
$options.header.kid:=This.privateKeyId
End if
$options.payload:={}
$options.payload.iss:=This.clientEmail
$options.payload.scope:=This.scope
Expand Down
Loading