-
Jacopo Gasparetto authored
Implements basic OAuth2/OpenID client for the INDIGO-IAM v1.8.0 Authorization server. This is a custom implementation since it relies on the provided service backend to request an access token. In an ideal situation, the Authorization Code w/PKCE flow will be used to securely exchange the access token without storing the client secret key inside the public frontend code. Since the current version of INDIGO-IAM appears to have the PKCE functionality broken, this implentation relies on the backend service to inject the client secret to the POST, which is then forwarded to IAM. At this point, the access token is returned to the backend service and eventually back to the front end client. When IAM will support the Authorization Code w/PKCE flow functionality, the usage of a better library is recommended.
Jacopo Gasparetto authoredImplements basic OAuth2/OpenID client for the INDIGO-IAM v1.8.0 Authorization server. This is a custom implementation since it relies on the provided service backend to request an access token. In an ideal situation, the Authorization Code w/PKCE flow will be used to securely exchange the access token without storing the client secret key inside the public frontend code. Since the current version of INDIGO-IAM appears to have the PKCE functionality broken, this implentation relies on the backend service to inject the client secret to the POST, which is then forwarded to IAM. At this point, the access token is returned to the backend service and eventually back to the front end client. When IAM will support the Authorization Code w/PKCE flow functionality, the usage of a better library is recommended.
