Merge pull request #189 from docusign/feature/pkce-auth

Add PKCE authorization

Author: raileendr

index.js

@@ -12,7 +12,7 @@
   "author": "DocuSign, Inc",
   "license": "ISC",
   "dependencies": {
-    "docusign-esign": "^8.0.0",
+    "docusign-esign": "^8.0.1",
     "fs": "^0.0.1-security",
     "fs-extra": "^11.2.0",
     "path": "^0.12.7",

jwt_console_project/package-lock.json

@@ -60,14 +60,35 @@ DSAuthCodeGrant.prototype.login = function(req, res, next) {
     // Reset
     this.internalLogout(req, res);
     req.session.authMethod = 'grand-auth';
-    passport.authenticate('docusign')(req, res, next);
+
+    if (req.session?.pkceFailed) {
+        passport.authenticate('docusign')(req, res, next);
+    } else {
+        passport.authenticate('docusign_pkce')(req, res, next);
+    }
 };
 
 DSAuthCodeGrant.prototype.oauth_callback1 = (req, res, next) => {
     // This callback URL is used for the login flow
-    passport.authenticate('docusign', { failureRedirect: '/ds/login' })(req, res, next);
+    if (req.session?.pkceFailed) {
+        passport.authenticate('docusign', { failureRedirect: '/ds/login' })(req, res, next);
+    } else {
+        passport.authenticate('docusign_pkce', { failureRedirect: '/ds/login' }, (err, user, _info) => {
+            if (err || !user) { return next(); }
+
+            req.logIn(user, function(err) {
+              if (err) { return next(err); }
+              return next();
+            });
+        })(req, res, next);
+    }
 };
 DSAuthCodeGrant.prototype.oauth_callback2 = function _oauth_callback2(req, res, next) {
+    if (!req.session.pkceFailed && !req?.user?.accessToken) {
+        req.session.pkceFailed = true;
+        return res.redirect('/ds/login');
+    }
+
     this._accessToken = req.user.accessToken;
     console.log(`Received access_token: |${req.user.accessToken}|`);
     console.log(`Expires at ${req.user.tokenExpirationTimestamp.format('dddd, MMMM Do YYYY, h:mm:ss a')}`);