Add new configurtion option to configure for which grant types we do …

…not require a client basic auth Fix also cors error in template
ging · Oct 12, 2020 · 48e6a15 · 48e6a15
1 parent 37ce170
commit 48e6a15
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -123,6 +123,7 @@ HEALTHCHECK  --interval=30s --timeout=3s --start-period=60s \
 # ENV IDM_OAUTH_ASK_AUTH true
 # ENV IDM_OAUTH_REFR_LIFETIME "1209600"
 # ENV IDM_OAUTH_UNIQUE_URL false
+# ENV IDM_OAUTH_NOT_REQUIRE_CLIENT_AUTH_GRANT_TYPE undefined
 
 # ENV IDM_API_LIFETIME "3600"
 
@@ -182,4 +183,4 @@ HEALTHCHECK  --interval=30s --timeout=3s --start-period=60s \
 # ENV IDM_ADMIN_ID    "admin"
 # ENV IDM_ADMIN_USER  "admin"
 # ENV IDM_ADMIN_EMAIL "admin@test.com"
-# ENV IDM_ADMIN_PASS  "1234"
+# ENV IDM_ADMIN_PASS  "1234"
diff --git a/config.js.template b/config.js.template
@@ -38,7 +38,7 @@ config.cors = {
   enabled: false,
   options: {
     /* eslint-disable snakecase/snakecase */
-    origin: ['*'],
+    origin: '*',
     methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
     allowedHeaders: '*',
     exposedHeaders: undefined,
@@ -59,6 +59,8 @@ config.oauth2 = {
   unique_url: false, // This parameter allows to verify that an application with the same url
   // does not exist when creating or editing it. If there are already applications
   // with the same URL, they should be changed manually
+  not_require_client_authentication_grant_type: undefined // Define grant types that do not require a client authentication
+
 };
 
 // Config api parameters

diff --git a/controllers/oauth2/oauth2.js b/controllers/oauth2/oauth2.js
@@ -26,8 +26,19 @@ exports.token = function (req, res) {
   const request = new Request(req);
   const response = new Response(res);
 
+  const grant_type = config_oauth2.not_require_client_authentication_grant_type;
+
+  const options = {
+    // eslint-disable-next-line snakecase/snakecase
+    requireClientAuthentication: grant_type
+      ? {
+          [grant_type]: false
+        }
+      : {}
+  };
+
   oauth_server
-    .token(request, response)
+    .token(request, response, options)
     .then(function (token) {
       if (token.scope.includes('jwt')) {
         response.body.token_type = 'jwt';

diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile
@@ -160,7 +160,7 @@ HEALTHCHECK  --interval=30s --timeout=3s --start-period=60s \
 # ENV IDM_OAUTH_ASK_AUTH true
 # ENV IDM_OAUTH_REFR_LIFETIME "1209600"
 # ENV IDM_OAUTH_UNIQUE_URL false
-
+# IDM_OAUTH_NOT_REQUIRE_CLIENT_AUTH_GRANT_TYPE undefined
 # ENV IDM_API_LIFETIME "3600"
 
 # ENV IDM_ENCRYPTION_KEY "nodejs_idm"

diff --git a/lib/configService.js b/lib/configService.js
@@ -102,6 +102,7 @@ function process_environment_variables(verbose) {
     'IDM_OAUTH_ASK_AUTH',
     'IDM_OAUTH_REFR_LIFETIME',
     'IDM_OAUTH_UNIQUE_URL',
+    'IDM_OAUTH_NOT_REQUIRE_CLIENT_AUTH_GRANT_TYPE',
     // Config api parameters
     'IDM_API_LIFETIME',
     // Configure Policy Decision Point (PDP)
@@ -280,6 +281,10 @@ function process_environment_variables(verbose) {
   if (process.env.IDM_OAUTH_UNIQUE_URL) {
     config.oauth2.unique_url = to_boolean(process.env.IDM_OAUTH_UNIQUE_URL, false);
   }
+  if (process.env.IDM_OAUTH_NOT_REQUIRE_CLIENT_AUTH_GRANT_TYPE) {
+    config.oauth2.not_require_client_authentication_grant_type =
+      process.env.IDM_OAUTH_NOT_REQUIRE_CLIENT_AUTH_GRANT_TYPE;
+  }
 
   // Config api parameters
   if (process.env.IDM_API_LIFETIME) {