From 625a8ce35db0e6210f80029e35f9cc700eba5ec5 Mon Sep 17 00:00:00 2001 From: Zoljargal Jargalsaikhan Date: Wed, 7 Jun 2023 02:01:35 +0900 Subject: [PATCH] add pkce required attributes --- docs/resources/client.md | 2 ++ internal/provider/client.go | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/docs/resources/client.md b/docs/resources/client.md index f459dddd..2feeaab2 100644 --- a/docs/resources/client.md +++ b/docs/resources/client.md @@ -73,6 +73,8 @@ The provider will not check the complexity of the secret, nor the min or max siz - `authorization_sign_alg` (String) - `authorization_encryption_alg` (String) - `authorization_encryption_enc` (String) +- `pkce_required` (Boolean) +- `pkce_s256_required` (Boolean) #### Token endpoint - `token_auth_method` (String) diff --git a/internal/provider/client.go b/internal/provider/client.go index 6410c8dc..0c2665a7 100644 --- a/internal/provider/client.go +++ b/internal/provider/client.go @@ -60,6 +60,8 @@ func client() *schema.Resource { "derived_sector_identifier": {Type: schema.TypeString, Required: false, Optional: true, Computed: true}, "sector_identifier_uri": {Type: schema.TypeString, Required: false, Optional: true}, "subject_type": createSubjectTypeSchema(), + "pkce_required": {Type: schema.TypeBool, Required: false, Optional: true}, + "pkce_s256_required": {Type: schema.TypeBool, Required: false, Optional: true}, "id_token_sign_alg": createJWSAlgSchema(), "id_token_encryption_alg": createJWEAlgSchema(), "id_token_encryption_enc": createJWEEncSchema(), @@ -337,6 +339,12 @@ func clientUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) existingClient.SubjectType = nil } } + if d.HasChange("pkce_required") { + existingClient.SetPkceRequired(d.Get("pkce_required").(bool)) + } + if d.HasChange("pkce_s256_required") { + existingClient.SetPkceRequired(d.Get("pkce_s256_required").(bool)) + } if d.HasChange("id_token_sign_alg") { if NotZeroString(d, "id_token_sign_alg") { existingClient.SetIdTokenSignAlg(mapJWSAlg(d.Get("id_token_sign_alg"))) @@ -685,6 +693,12 @@ func dataToClient(d *schema.ResourceData, diags diag.Diagnostics) *authlete.Clie if NotZeroString(d, "client_uri") { newClient.SetClientUri(d.Get("client_uri").(string)) } + if NotZeroString(d, "pkce_required") { + newClient.SetPkceRequired(d.Get("pkce_required").(bool)) + } + if NotZeroString(d, "pkce_s256_required") { + newClient.SetPkceS256Required(d.Get("pkce_s256_required").(bool)) + } newClient.SetClientUris(mapTaggedValuesToDTO(d.Get("client_uris").(*schema.Set).List())) if NotZeroString(d, "policy_uri") { newClient.SetPolicyUri(d.Get("policy_uri").(string)) @@ -857,7 +871,8 @@ func updateResourceFromClient(d *schema.ResourceData, client *authlete.Client) { jwk, _ := mapJWKFromDTO(d.Get("jwk").(*schema.Set).List(), client.GetJwks()) _ = d.Set("jwk", jwk) - + _ = d.Set("pkce_required", client.GetPkceRequired()) + _ = d.Set("pkce_s256_required", client.GetPkceS256Required()) _ = d.Set("derived_sector_identifier", client.GetDerivedSectorIdentifier()) _ = d.Set("sector_identifier_uri", client.GetSectorIdentifierUri()) _ = d.Set("subject_type", client.GetSubjectType())