From 8e78172c927730caaea9c712215ae62daa0ffbbd Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Thu, 16 Jul 2020 18:50:36 +0200
Subject: [PATCH] Added OAuth PKCE support

https://oauth.net/2/pkce/
---
 app/src/main/java/eu/faircode/email/EmailProvider.java | 2 ++
 app/src/main/java/eu/faircode/email/FragmentOAuth.java | 4 ++++
 app/src/main/res/xml/providers.xml                     | 1 +
 3 files changed, 7 insertions(+)

diff --git a/app/src/main/java/eu/faircode/email/EmailProvider.java b/app/src/main/java/eu/faircode/email/EmailProvider.java
index 953a03da93..ca6a682cc8 100644
--- a/app/src/main/java/eu/faircode/email/EmailProvider.java
+++ b/app/src/main/java/eu/faircode/email/EmailProvider.java
@@ -159,6 +159,7 @@ public class EmailProvider {
                         provider.oauth.askAccount = xml.getAttributeBooleanValue(null, "askAccount", false);
                         provider.oauth.clientId = xml.getAttributeValue(null, "clientId");
                         provider.oauth.clientSecret = xml.getAttributeValue(null, "clientSecret");
+                        provider.oauth.pcke = xml.getAttributeBooleanValue(null, "pcke", false);
                         provider.oauth.scopes = xml.getAttributeValue(null, "scopes").split(",");
                         provider.oauth.authorizationEndpoint = xml.getAttributeValue(null, "authorizationEndpoint");
                         provider.oauth.tokenEndpoint = xml.getAttributeValue(null, "tokenEndpoint");
@@ -687,6 +688,7 @@ public class EmailProvider {
         boolean askAccount;
         String clientId;
         String clientSecret;
+        boolean pcke;
         String[] scopes;
         String authorizationEndpoint;
         String tokenEndpoint;
diff --git a/app/src/main/java/eu/faircode/email/FragmentOAuth.java b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
index 2f9d49b118..0fa867e429 100644
--- a/app/src/main/java/eu/faircode/email/FragmentOAuth.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOAuth.java
@@ -55,6 +55,7 @@ import net.openid.appauth.AuthorizationService;
 import net.openid.appauth.AuthorizationServiceConfiguration;
 import net.openid.appauth.ClientAuthentication;
 import net.openid.appauth.ClientSecretPost;
+import net.openid.appauth.CodeVerifierUtil;
 import net.openid.appauth.NoClientAuthentication;
 import net.openid.appauth.ResponseTypeValues;
 import net.openid.appauth.TokenResponse;
@@ -282,6 +283,9 @@ public class FragmentOAuth extends FragmentBase {
             if (askAccount)
                 authRequestBuilder.setLoginHint(etEmail.getText().toString().trim());
 
+            if (provider.oauth.pcke)
+                authRequestBuilder.setCodeVerifier(CodeVerifierUtil.generateRandomCodeVerifier());
+
             // For offline access
             if ("gmail".equals(provider.id))
                 authRequestBuilder.setPrompt("consent");
diff --git a/app/src/main/res/xml/providers.xml b/app/src/main/res/xml/providers.xml
index f79c44b63b..2718646b9e 100644
--- a/app/src/main/res/xml/providers.xml
+++ b/app/src/main/res/xml/providers.xml
@@ -102,6 +102,7 @@
             clientId="dj0yJmk9MUFMR2dpdnllTHdZJmQ9WVdrOWRraFJNVGwwTkcwbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWFl"
             clientSecret="054ceb7cc001a322126dd51b3399785604543f83"
             enabled="false"
+            pcke="true"
             redirectUri="https://oauth.faircode.eu/"
             scopes="mail-w"
             tokenEndpoint="https://api.login.yahoo.com/oauth2/get_token" />