feat(auth): NbOAuth2AuthStrategy add basic authentication scheme agai…

…nst token endpoints (#582) #### What it resolves NbOAuth2Strategy now implements client authentication as specified in [RFC 6749 section 2-3](https://tools.ietf.org/html/rfc6749#section-2.3) There is a new optional parameter of `NbOAuth2StrategyOption`. The parameter is `clientAuthMethod`, and is a member of `NbOAuth2ClientAuthMethod ` enum: - `NONE` (default) : no credentials are sent => No breaking change, - `BASIC` : credentials are sent in the authorization header - `REQUEST_BODY`: credentials are sent in the request body AuthMethod is used (credentials are sent) when accessing to the authServer for : - Getting token with `authorization_code` grant_type - Getting token with `password` grant-type - Getting token with `refresh_token` grant-type RFC6749 says the client must not authenticate when hitting authorize endpoints, even if asking for a token. So nothing changed here, only clientId is sent in the url. Closes #581
akveo · Jul 30, 2018 · 4360a18 · 4360a18
1 parent 13014d4
commit 4360a18
Show file tree

Hide file tree

Showing 4 changed files with 351 additions and 80 deletions.
diff --git a/src/framework/auth/strategies/oauth2/oauth2-strategy.options.ts b/src/framework/auth/strategies/oauth2/oauth2-strategy.options.ts
@@ -18,11 +18,18 @@ export enum NbOAuth2GrantType {
  REFRESH_TOKEN = 'refresh_token',
 }
 
+export enum NbOAuth2ClientAuthMethod {
+ NONE = 'none',
+ BASIC = 'basic',
+ REQUEST_BODY = 'request-body',
+}
+
 export class NbOAuth2AuthStrategyOptions {
  name: string;
  baseEndpoint?: string = '';
  clientId: string = '';
- clientSecret: string = '';
+ clientSecret?: string = '';
+ clientAuthMethod?: string = NbOAuth2ClientAuthMethod.NONE;
  redirect?: { success?: string; failure?: string } = {
  success: '/',
  failure: null,