Skip to content
This repository was archived by the owner on May 29, 2025. It is now read-only.

Commit 9615d3e

Browse files
gschiergschier
committed
Add audience parameter to OAuth 2
Closes https://feedback.yaak.app/p/how-do-i-send-an-audience-using-oauth2
1 parent 8c0f889 commit 9615d3e

6 files changed

Lines changed: 26 additions & 0 deletions

File tree

plugins/auth-oauth2/src/getAccessToken.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ export async function getAccessToken(
66
ctx: Context, {
77
accessTokenUrl,
88
scope,
9+
audience,
910
params,
1011
grantType,
1112
credentialsInBody,
@@ -17,6 +18,7 @@ export async function getAccessToken(
1718
grantType: string;
1819
accessTokenUrl: string;
1920
scope: string | null;
21+
audience: string | null;
2022
credentialsInBody: boolean;
2123
params: HttpUrlParameter[];
2224
}): Promise<AccessTokenRawResponse> {
@@ -39,6 +41,7 @@ export async function getAccessToken(
3941
};
4042

4143
if (scope) httpRequest.body!.form.push({ name: 'scope', value: scope });
44+
if (scope) httpRequest.body!.form.push({ name: 'audience', value: audience });
4245

4346
if (credentialsInBody) {
4447
httpRequest.body!.form.push({ name: 'client_id', value: clientId });

plugins/auth-oauth2/src/grants/authorizationCode.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ export async function getAuthorizationCode(
1919
redirectUri,
2020
scope,
2121
state,
22+
audience,
2223
credentialsInBody,
2324
pkce,
2425
}: {
@@ -29,6 +30,7 @@ export async function getAuthorizationCode(
2930
redirectUri: string | null;
3031
scope: string | null;
3132
state: string | null;
33+
audience: string | null;
3234
credentialsInBody: boolean;
3335
pkce: {
3436
challengeMethod: string | null;
@@ -53,6 +55,7 @@ export async function getAuthorizationCode(
5355
if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
5456
if (scope) authorizationUrl.searchParams.set('scope', scope);
5557
if (state) authorizationUrl.searchParams.set('state', state);
58+
if (audience) authorizationUrl.searchParams.set('audience', audience);
5659
if (pkce) {
5760
const verifier = pkce.codeVerifier || createPkceCodeVerifier();
5861
const challengeMethod = pkce.challengeMethod || DEFAULT_PKCE_METHOD;
@@ -95,6 +98,7 @@ export async function getAuthorizationCode(
9598
clientId,
9699
clientSecret,
97100
scope,
101+
audience,
98102
credentialsInBody,
99103
params: [
100104
{ name: 'code', value: code },

plugins/auth-oauth2/src/grants/clientCredentials.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,14 @@ export async function getClientCredentials(
1010
clientId,
1111
clientSecret,
1212
scope,
13+
audience,
1314
credentialsInBody,
1415
}: {
1516
accessTokenUrl: string;
1617
clientId: string;
1718
clientSecret: string;
1819
scope: string | null;
20+
audience: string | null;
1921
credentialsInBody: boolean;
2022
},
2123
) {
@@ -29,6 +31,7 @@ export async function getClientCredentials(
2931
const response = await getAccessToken(ctx, {
3032
grantType: 'client_credentials',
3133
accessTokenUrl,
34+
audience,
3235
clientId,
3336
clientSecret,
3437
scope,

plugins/auth-oauth2/src/grants/implicit.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,15 @@ export function getImplicit(
1111
redirectUri,
1212
scope,
1313
state,
14+
audience,
1415
}: {
1516
authorizationUrl: string;
1617
responseType: string;
1718
clientId: string;
1819
redirectUri: string | null;
1920
scope: string | null;
2021
state: string | null;
22+
audience: string | null;
2123
},
2224
) :Promise<AccessToken> {
2325
return new Promise(async (resolve, reject) => {
@@ -34,6 +36,7 @@ export function getImplicit(
3436
if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
3537
if (scope) authorizationUrl.searchParams.set('scope', scope);
3638
if (state) authorizationUrl.searchParams.set('state', state);
39+
if (audience) authorizationUrl.searchParams.set('audience', audience);
3740
if (responseType.includes('id_token')) {
3841
authorizationUrl.searchParams.set('nonce', String(Math.floor(Math.random() * 9999999999999) + 1));
3942
}

plugins/auth-oauth2/src/grants/password.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ export async function getPassword(
1313
username,
1414
password,
1515
credentialsInBody,
16+
audience,
1617
scope,
1718
}: {
1819
accessTokenUrl: string;
@@ -21,6 +22,7 @@ export async function getPassword(
2122
username: string;
2223
password: string;
2324
scope: string | null;
25+
audience: string | null;
2426
credentialsInBody: boolean;
2527
},
2628
): Promise<AccessToken> {
@@ -40,6 +42,7 @@ export async function getPassword(
4042
clientId,
4143
clientSecret,
4244
scope,
45+
audience,
4346
grantType: 'password',
4447
credentialsInBody,
4548
params: [

plugins/auth-oauth2/src/index.ts

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,12 @@ export const plugin: PluginDefinition = {
156156
optional: true,
157157
dynamic: hiddenIfNot(['authorization_code', 'implicit']),
158158
},
159+
{
160+
type: 'text',
161+
name: 'audience',
162+
label: 'Audience',
163+
optional: true,
164+
},
159165
{
160166
type: 'checkbox',
161167
name: 'usePkce',
@@ -258,6 +264,7 @@ export const plugin: PluginDefinition = {
258264
clientSecret: stringArg(values, 'clientSecret'),
259265
redirectUri: stringArgOrNull(values, 'redirectUri'),
260266
scope: stringArgOrNull(values, 'scope'),
267+
audience: stringArgOrNull(values, 'audience'),
261268
state: stringArgOrNull(values, 'state'),
262269
credentialsInBody,
263270
pkce: values.usePkce ? {
@@ -273,6 +280,7 @@ export const plugin: PluginDefinition = {
273280
redirectUri: stringArgOrNull(values, 'redirectUri'),
274281
responseType: stringArg(values, 'responseType'),
275282
scope: stringArgOrNull(values, 'scope'),
283+
audience: stringArgOrNull(values, 'audience'),
276284
state: stringArgOrNull(values, 'state'),
277285
});
278286
} else if (grantType === 'client_credentials') {
@@ -282,6 +290,7 @@ export const plugin: PluginDefinition = {
282290
clientId: stringArg(values, 'clientId'),
283291
clientSecret: stringArg(values, 'clientSecret'),
284292
scope: stringArgOrNull(values, 'scope'),
293+
audience: stringArgOrNull(values, 'audience'),
285294
credentialsInBody,
286295
});
287296
} else if (grantType === 'password') {
@@ -293,6 +302,7 @@ export const plugin: PluginDefinition = {
293302
username: stringArg(values, 'username'),
294303
password: stringArg(values, 'password'),
295304
scope: stringArgOrNull(values, 'scope'),
305+
audience: stringArgOrNull(values, 'audience'),
296306
credentialsInBody,
297307
});
298308
} else {

0 commit comments

Comments
 (0)