Fix authZ code flow with PKCE (#653)

- code_verifier parameter missed in the token request
- code challenge method is configurable

iam-test-client/src/main/java/it/infn/mw/tc/IamClientApplicationProperties.java

@@ -2,6 +2,7 @@
 
 import java.util.List;
 
+import org.mitre.oauth2.model.PKCEAlgorithm;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
@@ -14,6 +15,7 @@ public static class OidcClientProperties {
     String clientSecret;
     List<String> redirectUris;
     String scope;
+    PKCEAlgorithm codeChallengeMethod;
 
     public String getClientId() {
       return clientId;
@@ -46,6 +48,14 @@ public String getScope() {
     public void setScope(String scope) {
       this.scope = scope;
     }
+
+    public PKCEAlgorithm getCodeChallengeMethod() {
+      return codeChallengeMethod;
+    }
+
+    public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) {
+      this.codeChallengeMethod = codeChallengeMethod;
+    }
   }
 
 

iam-test-client/src/main/java/it/infn/mw/tc/IamOIDCClientFilter.java

@@ -121,6 +121,11 @@ private MultiValueMap<String, String> initTokenRequestParameters(HttpServletRequ
     form.setAll(getAuthRequestOptionsService().getTokenOptions(config.serverConfig,
         config.clientConfig, request));
 
+    String codeVerifier = getStoredCodeVerifier(request.getSession());
+    if (codeVerifier != null) {
+        form.add("code_verifier", codeVerifier);
+    }
+
     String redirectUri = getStoredSessionString(request.getSession(), REDIRECT_URI_SESION_VARIABLE);
 
     if (redirectUri != null) {

iam-test-client/src/main/java/it/infn/mw/tc/IamTestClientConfiguration.java

@@ -122,6 +122,7 @@ private StaticClientConfigurationService staticClientConfiguration() {
     cde.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
     cde.setClientId(iamClientConfig.getClient().getClientId());
     cde.setClientSecret(iamClientConfig.getClient().getClientSecret());
+    cde.setCodeChallengeMethod(iamClientConfig.getClient().getCodeChallengeMethod());
 
     if (Strings.isNotBlank(iamClientConfig.getClient().getScope())) {
       cde.setScope(