Merge pull request #46 from deblasis/fix/gitea_oauth2_app_confidential_client

Support `gitea_oauth2_app` `confidential_client` flag
10 months ago · 340bcd48fe
parent ed32470b17 2d7147442b
commit 340bcd48fe
3 changed files with 39 additions and 18 deletions
--- a/docs/resources/oauth2_app.md
+++ b/docs/resources/oauth2_app.md
@ -20,6 +20,10 @@ Handling [gitea oauth application](https://docs.gitea.io/en-us/oauth2-provider/)
 - `name` (String) OAuth Application name
 - `redirect_uris` (Set of String) Accepted redirect URIs

+### Optional
+
+- `confidential_client` (Boolean) If set to false, it will be a public client (PKCE will be required)
+
 ### Read-Only

 - `client_id` (String) OAuth2 Application client id
--- a/gitea/resource_gitea_oauth_app.go
+++ b/gitea/resource_gitea_oauth_app.go
@ -9,6 +9,7 @@ import (

 const (
 	oauth2KeyName               string = "name"
+	oauth2KeyConfidentialClient string = "confidential_client"
 	oauth2KeyRedirectURIs       string = "redirect_uris"
 	oauth2KeyClientId           string = "client_id"
 	oauth2KeyClientSecret       string = "client_secret"
@ -37,6 +38,12 @@ func resourceGiteaOauthApp() *schema.Resource {
 				},
 				Description: "Accepted redirect URIs",
 			},
+			oauth2KeyConfidentialClient: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "If set to false, it will be a public client (PKCE will be required)",
+			},
 			oauth2KeyClientId: {
 				Type:        schema.TypeString,
 				Computed:    true,
@ -89,8 +96,15 @@ func resourceOauth2AppUpcreate(d *schema.ResourceData, meta interface{}) (err er
 		return fmt.Errorf("attribute %s must be set and must be a string", oauth2KeyName)
 	}

+	confidentialClient, confidentialClientOk := d.Get(oauth2KeyConfidentialClient).(bool)
+
+	if !confidentialClientOk {
+		return fmt.Errorf("attribute %s must be set and must be a bool", oauth2KeyConfidentialClient)
+	}
+
 	opts := gitea.CreateOauth2Option{
 		Name:               name,
+		ConfidentialClient: confidentialClient,
 		RedirectURIs:       redirectURIs,
 	}

@ -99,7 +113,7 @@ func resourceOauth2AppUpcreate(d *schema.ResourceData, meta interface{}) (err er
 	if d.IsNewResource() {
 		oauth2, _, err = client.CreateOauth2(opts)
 	} else {
-		oauth2, err := searchOauth2AppByClientId(client, d.Id())
+		oauth2, err = searchOauth2AppByClientId(client, d.Id())

 		if err != nil {
 			return err
@ -177,6 +191,7 @@ func setOAuth2ResourceData(app *gitea.Oauth2, d *schema.ResourceData) (err error

 	for k, v := range map[string]interface{}{
 		oauth2KeyName:               app.Name,
+		oauth2KeyConfidentialClient: app.ConfidentialClient,
 		oauth2KeyRedirectURIs:       schema.NewSet(schema.HashString, CollapseStringList(app.RedirectURIs)),
 		oauth2KeyClientId:           app.ClientID,
 	} {
--- a/vendor/code.gitea.io/sdk/gitea/oauth2.go
+++ b/vendor/code.gitea.io/sdk/gitea/oauth2.go
@ -18,6 +18,7 @@ type Oauth2 struct {
 	ClientID           string    `json:"client_id"`
 	ClientSecret       string    `json:"client_secret"`
 	RedirectURIs       []string  `json:"redirect_uris"`
+	ConfidentialClient bool      `json:"confidential_client"`
 	Created            time.Time `json:"created"`
 }

@ -29,6 +30,7 @@ type ListOauth2Option struct {
 // CreateOauth2Option required options for creating an Application
 type CreateOauth2Option struct {
 	Name               string   `json:"name"`
+	ConfidentialClient bool     `json:"confidential_client"`
 	RedirectURIs       []string `json:"redirect_uris"`
 }