Limit code_challenge to shouldExchangeAuthCode only

uber · Jul 1, 2024 · b8bb8f4 · b8bb8f4
1 parent 5d6cf94
commit b8bb8f4
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 5 deletions.
diff --git a/Sources/UberAuth/Authorize/AuthorizationCodeAuthProvider.swift b/Sources/UberAuth/Authorize/AuthorizationCodeAuthProvider.swift
@@ -194,7 +194,7 @@ public final class AuthorizationCodeAuthProvider: AuthProviding {
         let request = AuthorizeRequest(
             app: nil,
             clientID: clientID,
-            codeChallenge: pkce.codeChallenge,
+            codeChallenge: shouldExchangeAuthCode ? pkce.codeChallenge : nil,
             redirectURI: redirectURI,
             requestURI: requestURI,
             scopes: scopes
@@ -297,7 +297,7 @@ public final class AuthorizationCodeAuthProvider: AuthProviding {
         let request = AuthorizeRequest(
             app: app,
             clientID: clientID,
-            codeChallenge: pkce.codeChallenge,
+            codeChallenge: shouldExchangeAuthCode ? pkce.codeChallenge : nil,
             redirectURI: redirectURI,
             requestURI: requestURI,
             scopes: scopes

diff --git a/Sources/UberAuth/Authorize/AuthorizeRequest.swift b/Sources/UberAuth/Authorize/AuthorizeRequest.swift
@@ -15,7 +15,7 @@ struct AuthorizeRequest: NetworkRequest {
     // MARK: Private Properties
 
     private let app: UberApp?
-    private let codeChallenge: String
+    private let codeChallenge: String?
     private let clientID: String
     private let redirectURI: String
     private let requestURI: String?
@@ -25,7 +25,7 @@ struct AuthorizeRequest: NetworkRequest {
 
     init(app: UberApp?,
          clientID: String,
-         codeChallenge: String,
+         codeChallenge: String?,
          redirectURI: String,
          requestURI: String?,
          scopes: [String] = []) {
@@ -46,7 +46,7 @@ struct AuthorizeRequest: NetworkRequest {
             "response_type": "code",
             "client_id": clientID,
             "code_challenge": codeChallenge,
-            "code_challenge_method": "S256",
+            "code_challenge_method": codeChallenge != nil ? "S256" : nil,
             "redirect_uri": redirectURI,
             "request_uri": requestURI,
             "scope": scopes.joined(separator: " ")

diff --git a/examples/UberSDK/UberSDKTests/UberAuth/AuthorizationCodeAuthProviderTests.swift b/examples/UberSDK/UberSDKTests/UberAuth/AuthorizationCodeAuthProviderTests.swift
@@ -48,6 +48,44 @@ final class AuthorizationCodeAuthProviderTests: XCTestCase {
 
         XCTAssertEqual(authSession.startCallCount, 0)
     }
+
+    func test_executeInAppLogin_noTokenExchange_doesNotIncludeCodeChallenge() {
+
+        configurationProvider.isInstalledHandler = { _, _ in
+            true
+        }
+
+        let applicationLauncher = ApplicationLaunchingMock()
+        applicationLauncher.openHandler = { _, _, completion in
+            completion?(true)
+        }
+
+        var hasCalledAuthenticationSessionBuilder: Bool = false
+
+        let authenticationSessionBuilder: AuthorizationCodeAuthProvider.AuthenticationSessionBuilder = { _, _, url, _ in
+            XCTAssertFalse(url.absoluteString.contains("code_challenge"))
+            XCTAssertFalse(url.absoluteString.contains("code_challenge_method"))
+            hasCalledAuthenticationSessionBuilder = true
+            return AuthenticationSessioningMock()
+        }
+
+        let provider = AuthorizationCodeAuthProvider(
+            authenticationSessionBuilder: authenticationSessionBuilder,
+            shouldExchangeAuthCode: false,
+            configurationProvider: configurationProvider,
+            applicationLauncher: applicationLauncher
+        )
+
+        provider.execute(
+            authDestination: .inApp,
+            completion: { result in }
+        )
+
+        let url = URL(string: "test://app?code=123")!
+        _ = provider.handle(response: url)
+
+        XCTAssertTrue(hasCalledAuthenticationSessionBuilder)
+    }
 
     func test_execute_existingSession_returnsExistingAuthSessionError() {
         let provider = AuthorizationCodeAuthProvider(
@@ -257,6 +295,47 @@ final class AuthorizationCodeAuthProviderTests: XCTestCase {
         XCTAssertEqual(authenticationSession.startCallCount, 1)
     }
 
+    func test_executeNativeLogin_noTokenExchange_doesNotIncludeCodeChallenge() {
+
+        let applicationLauncher = ApplicationLaunchingMock()
+        applicationLauncher.openHandler = { url, _, completion in
+            XCTAssertFalse(url.absoluteString.contains("code_challenge"))
+            XCTAssertFalse(url.absoluteString.contains("code_challenge_method"))
+            completion?(false)
+        }
+
+        configurationProvider.isInstalledHandler = { _, _ in
+            true
+        }
+
+        let expectation = XCTestExpectation()
+
+        let authenticationSession = AuthenticationSessioningMock()
+        let authenticationSessionBuilder: AuthorizationCodeAuthProvider.AuthenticationSessionBuilder = { _, _, _, _ in
+            expectation.fulfill()
+            return authenticationSession
+        }
+
+        let provider = AuthorizationCodeAuthProvider(
+            authenticationSessionBuilder: authenticationSessionBuilder,
+            shouldExchangeAuthCode: false,
+            configurationProvider: configurationProvider,
+            applicationLauncher: applicationLauncher
+        )
+
+        XCTAssertEqual(applicationLauncher.openCallCount, 0)
+
+        provider.execute(
+            authDestination: .native(appPriority: [.eats]),
+            prefill: nil,
+            completion: { _ in }
+        )
+
+        wait(for: [expectation], timeout: 0.2)
+
+        XCTAssertEqual(applicationLauncher.openCallCount, 1)
+    }
+
     func test_handleResponse_true_callsResponseParser() {
 
         let responseParser = AuthorizationCodeResponseParsingMock()