docusign
diff --git a/‎index.js‎
Lines changed: 29 additions & 22 deletions b/‎index.js‎
Lines changed: 29 additions & 22 deletions
diff --git a/‎jwt_console_project/package-lock.json‎
Lines changed: 13 additions & 13 deletions b/‎jwt_console_project/package-lock.json‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎jwt_console_project/package.json‎
Lines changed: 1 addition & 1 deletion b/‎jwt_console_project/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/DSAuthCodeGrant.js‎
Lines changed: 23 additions & 2 deletions b/‎lib/DSAuthCodeGrant.js‎
Lines changed: 23 additions & 2 deletions
@@ -344,28 +344,34 @@ const WEBFORMS_SCOPES = [
 const scope = [...ROOM_SCOPES, ...CLICK_SCOPES, ...MONITOR_SCOPES, ...ADMIN_SCOPES, ...SCOPES, ...WEBFORMS_SCOPES, ...MAESTRO_SCOPES];
 
 // Configure passport for DocusignStrategy
-let docusignStrategy = new DocusignStrategy({
-    production: dsConfig.production,
-    clientID: dsConfig.dsClientId,
-    scope: scope.join(' '),
-    clientSecret: dsConfig.dsClientSecret,
-    callbackURL: hostUrl + '/ds/callback',
-    state: true // automatic CSRF protection.
-      // See https://github.com/jaredhanson/passport-oauth2/blob/master/lib/state/session.js
+const docusignStrategyOptions = {
+  production: dsConfig.production,
+  clientID: dsConfig.dsClientId,
+  scope: scope.join(' '),
+  clientSecret: dsConfig.dsClientSecret,
+  callbackURL: hostUrl + '/ds/callback',
+  state: true // automatic CSRF protection.
+    // See https://github.com/jaredhanson/passport-oauth2/blob/master/lib/state/session.js
+};
+function processDsResult(accessToken, refreshToken, params, profile, done) {
+  // The params arg will be passed additional parameters of the grant.
+  // See https://github.com/jaredhanson/passport-oauth2/pull/84
+  //
+  // Here we're just assigning the tokens to the account object
+  // We store the data in DSAuthCodeGrant.getDefaultAccountInfo
+  let user = profile;
+  user.accessToken = accessToken;
+  user.refreshToken = refreshToken;
+  user.expiresIn = params.expires_in;
+  user.tokenExpirationTimestamp = moment().add(user.expiresIn, 's'); // The dateTime when the access token will expire
+  return done(null, user);
+}
+const docusignStrategy = new DocusignStrategy(docusignStrategyOptions, processDsResult);
+const docusignStrategyPKCE = new DocusignStrategy({
+    ...docusignStrategyOptions,
+    pkce: true
   },
-  function _processDsResult(accessToken, refreshToken, params, profile, done) {
-    // The params arg will be passed additional parameters of the grant.
-    // See https://github.com/jaredhanson/passport-oauth2/pull/84
-    //
-    // Here we're just assigning the tokens to the account object
-    // We store the data in DSAuthCodeGrant.getDefaultAccountInfo
-    let user = profile;
-    user.accessToken = accessToken;
-    user.refreshToken = refreshToken;
-    user.expiresIn = params.expires_in;
-    user.tokenExpirationTimestamp = moment().add(user.expiresIn, 's'); // The dateTime when the access token will expire
-    return done(null, user);
-  }
+  processDsResult
 );
 
 /**
@@ -378,4 +384,5 @@ if (!dsConfig.allowSilentAuthentication) {
     return { prompt: 'login' };
   };
 }
-passport.use(docusignStrategy);
+passport.use('docusign', docusignStrategy);
+passport.use('docusign_pkce', docusignStrategyPKCE);
@@ -12,7 +12,7 @@
   "author": "DocuSign, Inc",
   "license": "ISC",
   "dependencies": {
-    "docusign-esign": "^8.0.0",
+    "docusign-esign": "^8.0.1",
     "fs": "^0.0.1-security",
     "fs-extra": "^11.2.0",
     "path": "^0.12.7",
 
@@ -60,14 +60,35 @@ DSAuthCodeGrant.prototype.login = function(req, res, next) {
     // Reset
     this.internalLogout(req, res);
     req.session.authMethod = 'grand-auth';
-    passport.authenticate('docusign')(req, res, next);
+
+    if (req.session?.pkceFailed) {
+        passport.authenticate('docusign')(req, res, next);
+    } else {
+        passport.authenticate('docusign_pkce')(req, res, next);
+    }
 };
 
 DSAuthCodeGrant.prototype.oauth_callback1 = (req, res, next) => {
     // This callback URL is used for the login flow
-    passport.authenticate('docusign', { failureRedirect: '/ds/login' })(req, res, next);
+    if (req.session?.pkceFailed) {
+        passport.authenticate('docusign', { failureRedirect: '/ds/login' })(req, res, next);
+    } else {
+        passport.authenticate('docusign_pkce', { failureRedirect: '/ds/login' }, (err, user, _info) => {
+            if (err || !user) { return next(); }
+
+            req.logIn(user, function(err) {
+              if (err) { return next(err); }
+              return next();
+            });
+        })(req, res, next);
+    }
 };
 DSAuthCodeGrant.prototype.oauth_callback2 = function _oauth_callback2(req, res, next) {
+    if (!req.session.pkceFailed && !req?.user?.accessToken) {
+        req.session.pkceFailed = true;
+        return res.redirect('/ds/login');
+    }
+
     this._accessToken = req.user.accessToken;
     console.log(`Received access_token: |${req.user.accessToken}|`);
     console.log(`Expires at ${req.user.tokenExpirationTimestamp.format('dddd, MMMM Do YYYY, h:mm:ss a')}`);