From ae4a8eacde4e599d9f3aa11bd95ca01156d6e868 Mon Sep 17 00:00:00 2001
From: D3an1el <96570135+D3an1el@users.noreply.github.com>
Date: Sat, 7 Sep 2024 09:48:09 +1000
Subject: [PATCH 1/5] add option for PKCE

---
 config/initializers/omniauth.rb | 1 +
 lib/postal/config_schema.rb     | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 6c5af17c..d52596fc 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -18,6 +18,7 @@
                               scope: config.scopes.map(&:to_sym),
                               uid_field: config.uid_field,
                               issuer: config.issuer,
+                              pkce: config.pkce?,
                               discovery: config.discovery?,
                               client_options: client_options
   end
diff --git a/lib/postal/config_schema.rb b/lib/postal/config_schema.rb
index af3c7330..a4ce8cd6 100644
--- a/lib/postal/config_schema.rb
+++ b/lib/postal/config_schema.rb
@@ -539,6 +539,11 @@ module Postal
         description "The OIDC issuer URL"
       end
 
+      boolean :pkce do
+        description "set pkce option to true if OIDC provider has this option"
+        default false
+      end
+
       string :identifier do
         description "The client ID for OIDC"
       end

From 50040c13c93fdb0cf9f4cb0f56a4be52594625dc Mon Sep 17 00:00:00 2001
From: D3an1el <96570135+D3an1el@users.noreply.github.com>
Date: Sat, 7 Sep 2024 09:50:54 +1000
Subject: [PATCH 2/5] update example yaml file for pkce option

---
 doc/config/yaml.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/config/yaml.yml b/doc/config/yaml.yml
index 1035ec99..5c7fc735 100644
--- a/doc/config/yaml.yml
+++ b/doc/config/yaml.yml
@@ -233,6 +233,8 @@ oidc:
   name: OIDC Provider
   # The OIDC issuer URL
   issuer: 
+  # Set pkce option to true if OIDC provider has this option
+  pkce: 
   # The client ID for OIDC
   identifier: 
   # The client secret for OIDC

From 1736f425524b6a39fac5c459e4bf0a57cf5e0e3a Mon Sep 17 00:00:00 2001
From: D3an1el <96570135+D3an1el@users.noreply.github.com>
Date: Sat, 7 Sep 2024 10:11:42 +1000
Subject: [PATCH 3/5] update pkce description

---
 lib/postal/config_schema.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/postal/config_schema.rb b/lib/postal/config_schema.rb
index a4ce8cd6..ad6e8b98 100644
--- a/lib/postal/config_schema.rb
+++ b/lib/postal/config_schema.rb
@@ -540,7 +540,7 @@ module Postal
       end
 
       boolean :pkce do
-        description "set pkce option to true if OIDC provider has this option"
+        description "Option to enable Proof Key for Code Exchange by OAuth Public Clients"
         default false
       end
 

From 3abcc343fcd6f222ef5366fc57fd6552b97df949 Mon Sep 17 00:00:00 2001
From: D3an1el <96570135+D3an1el@users.noreply.github.com>
Date: Sat, 7 Sep 2024 11:25:47 +1000
Subject: [PATCH 4/5] add pkce to environment variables

---
 doc/config/environment-variables.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/config/environment-variables.md b/doc/config/environment-variables.md
index 1b6e0dda..2fb0e3e8 100644
--- a/doc/config/environment-variables.md
+++ b/doc/config/environment-variables.md
@@ -103,6 +103,7 @@ This document contains all the environment variables which are available for thi
 | `OIDC_LOCAL_AUTHENTICATION_ENABLED` | Boolean | When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available. | true |
 | `OIDC_NAME` | String | The name of the OIDC provider as shown in the UI | OIDC Provider |
 | `OIDC_ISSUER` | String | The OIDC issuer URL |  |
+| `OIDC_PKCE` | Boolean | Option to enable Proof Key for Code Exchange by OAuth Public Clients |
 | `OIDC_IDENTIFIER` | String | The client ID for OIDC |  |
 | `OIDC_SECRET` | String | The client secret for OIDC |  |
 | `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid,email |

From 7e1357380c02e7c0a69f2959136fc91a1eabe91e Mon Sep 17 00:00:00 2001
From: D3an1el <96570135+D3an1el@users.noreply.github.com>
Date: Sat, 7 Sep 2024 11:27:44 +1000
Subject: [PATCH 5/5] update pkce to environment variables

---
 doc/config/environment-variables.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/config/environment-variables.md b/doc/config/environment-variables.md
index 2fb0e3e8..04ed613d 100644
--- a/doc/config/environment-variables.md
+++ b/doc/config/environment-variables.md
@@ -103,7 +103,7 @@ This document contains all the environment variables which are available for thi
 | `OIDC_LOCAL_AUTHENTICATION_ENABLED` | Boolean | When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available. | true |
 | `OIDC_NAME` | String | The name of the OIDC provider as shown in the UI | OIDC Provider |
 | `OIDC_ISSUER` | String | The OIDC issuer URL |  |
-| `OIDC_PKCE` | Boolean | Option to enable Proof Key for Code Exchange by OAuth Public Clients |
+| `OIDC_PKCE` | Boolean | Option to enable Proof Key for Code Exchange by OAuth Public Clients | false |
 | `OIDC_IDENTIFIER` | String | The client ID for OIDC |  |
 | `OIDC_SECRET` | String | The client secret for OIDC |  |
 | `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid,email |