[NXJS-204] Make the OAuth2 authentication flow work for a client configured with a secret - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: Node.js

Tags:
- SupCom
- nxplatform
Backlog priority:
600
Team:
PLATFORM
Sprint:
nxplatform #81, nxplatform #82
Story Points:
3

Description

Currently, the OAuth 2.0 code does not handle any client secret. A workaround is to pass it as a param to the fetchAccessTokenFromAuthorizationCode method:

const tokens = await Nuxeo.oauth2.fetchAccessTokenFromAuthorizationCode(
    NUXEO_BASE_URL,
    NUXEO_OAUTH_CLIENT_ID,
    code,
    { client_secret: NUXEO_OAUTH_CLIENT_SECRET },
  );

However, the automatic refresh of the token won't work as the JS Client does not handle the secret.

We need to rework the OAuth 2.0 methods to handle an optional client secret in all cases.

Attachments

Activity

People

Assignee:

Thomas Roger

Reporter:

Thomas Roger

Participants:

Jenkins, Thomas Roger

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2023-01-25 13:25

Updated:

2023-03-01 09:20

Resolved:

2023-02-28 10:08