This PR moves the index/home page into the oauth2client package so that the PKCE code_verifier + code_challenge requirements were scoped into the one package, otherwise it got a bit messy injecting the code_verifier+code_challenge between main+oauth2client.
Overview:
code_verifier + code_challenge is generated when loading the index/home page.
The generated code_challenge is pushed into the "Authorize code grant (with OpenID Connect) with PKCE" link
A isPKCE cookie gets set on clicking the "Authorize code grant (with OpenID Connect) with PKCE" link.
When hitting the callback route, the client detects if the isPKCE cookie is set and if so will send code_verifier when requesting the access token.
Loading the callback page will always remove the isPKCE cookie.
Loading the index/home page will always remove the isPKCE cookie.
Coverage remained the same at 0.0% when pulling 01fed55e162313c58102405735dc7b6481b38248 on matthewhartstonge:feature/add-support-for-authorization-code-openid-and-pkce into 6be55555b0268c60c2fc8afa1838a71a26e15fa8 on ory:master.
This PR moves the index/home page into the
oauth2client
package so that the PKCEcode_verifier
+code_challenge
requirements were scoped into the one package, otherwise it got a bit messy injecting thecode_verifier
+code_challenge
betweenmain
+oauth2client
.Overview:
code_verifier
+code_challenge
is generated when loading the index/home page.code_challenge
is pushed into the "Authorize code grant (with OpenID Connect) with PKCE
" linkisPKCE
cookie gets set on clicking the "Authorize code grant (with OpenID Connect) with PKCE
" link.isPKCE
cookie is set and if so will sendcode_verifier
when requesting the access token.isPKCE
cookie.isPKCE
cookie.