Skip to content

Add PKCE parameters to relevant OAuth methods #536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 23, 2025
Merged

Add PKCE parameters to relevant OAuth methods #536

merged 5 commits into from
Mar 23, 2025

Conversation

bocops
Copy link
Collaborator

@bocops bocops commented Mar 14, 2025

Description

This adds parameters necessary for PKCE (Proof Key for Code Exchange) during OAuth authorization flow (see https://docs.joinmastodon.org/spec/oauth/#pkce). Specifically:

  • adds parameters state, codeChallenge, codeChallengeMethod to getOAuthUrl()
  • adds parameter codeVerifier to getUserAccessTokenWithAuthorizationCodeGrant()
  • same for Rx methods
  • modifies Kotlin+Java samples to make use of these parameters

Closes #531.

Type of Change

  • New feature

Breaking Changes

  • Changed parameter order in getUserAccessTokenWithAuthorizationCodeGrant(). Java users of the library will need to add a null parameter (as codeVerifier) before a non-null scope parameter if not using PKCE.

How Has This Been Tested?

See below. Also ran modified samples against live Mastodon servers to confirm that PKCE parameters are used and correct.

Mandatory Checklist

  • I ran gradle check and there were no errors reported
  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • All tests pass locally with my changes
  • I have added KDoc documentation to all public methods

Unit tests not possible, but samples do work.

Optional checks

  • In case you worked on a new feature: Did you also implement the reactive endpoint (bigbone-rx)?
  • Did you also update the documentation in the /docs folder (e.g. API Coverage page)?

Documentation was not yet changed back from "fully supported".

@bocops
Add PKCE parameters to relevant OAuth methods
f061102 
This adds parameters necessary for PKCE (Proof Key for Code Exchange) during OAuth authorization flow (see https://docs.joinmastodon.org/spec/oauth/#pkce). Specifically:

- adds parameters state, codeChallenge, codeChallengeMethod to getOAuthUrl()
- adds parameter codeVerifier to getUserAccessTokenWithAuthorizationCodeGrant()
- same for Rx methods
- modifies Kotlin+Java samples to make use of these parameters

Closes PattaFeuFeu#531.
@bocops
Copy link
Collaborator Author

bocops commented Mar 14, 2025

Note regarding the changed parameter order mentioned as a breaking change: I could have added the new parameter to the end, but expect PKCE to eventually become mandatory (or at least best practice), so that a non-null codeVerifier will be more common than a non-null scope.

@bocops bocops requested a review from PattaFeuFeu March 14, 2025 12:48
@codecov Codecov
Copy link

codecov bot commented Mar 14, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 31.81818% with 15 lines in your changes missing coverage. Please review.

Project coverage is 48.30%. Comparing base (8b34209) to head (44160b1).
Report is 79 commits behind head on master.

Files with missing lines Patch % Lines
...rc/main/kotlin/social/bigbone/rx/RxOAuthMethods.kt 0.00% 8 Missing ⚠️
...n/kotlin/social/bigbone/api/method/OAuthMethods.kt 50.00% 0 Missing and 7 partials ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master     #536      +/-   ##
============================================
- Coverage     49.99%   48.30%   -1.69%     
- Complexity      774      819      +45     
============================================
  Files           176      183       +7     
  Lines          5107     5370     +263     
  Branches        327      289      -38     
============================================
+ Hits           2553     2594      +41     
- Misses         2275     2600     +325     
+ Partials        279      176     -103
Files with missing lines Coverage Δ
...n/kotlin/social/bigbone/api/method/OAuthMethods.kt 86.36% <50.00%> (-8.38%) ⬇️
...rc/main/kotlin/social/bigbone/rx/RxOAuthMethods.kt 0.00% <0.00%> (ø)

... and 142 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@PattaFeuFeu PattaFeuFeu added breaking Incompatible with previous versions enhancement Improvement of an existing feature, request, entity labels Mar 23, 2025
PattaFeuFeu
PattaFeuFeu approved these changes Mar 23, 2025
View reviewed changes
Copy link
Owner

@PattaFeuFeu PattaFeuFeu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven’t tested this myself but trust your checks using the samples.

New parameter order is not ideal for Java users but as long as we’re in non-stable SNAPSHOT mode, that’s fine by me.

@PattaFeuFeu PattaFeuFeu merged commit 2885d31 into PattaFeuFeu:master Mar 23, 2025
3 checks passed
@bocops bocops deleted the 531_add_pkce_parameters branch March 23, 2025 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PattaFeuFeu PattaFeuFeu PattaFeuFeu approved these changes

Assignees

@bocops bocops

Labels
breaking Incompatible with previous versions enhancement Improvement of an existing feature, request, entity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for new OAuth parameters
2 participants
@bocops @PattaFeuFeu