feat(core): Add PKCE for OAuth2 (#6324)

* Remove authorization header when empty * Import pkce * Add OAuth2 with new grant type to Twitter * Add pkce logic auto assign authorization code if pkce not defined * Add pkce to ui and interfaces * Fix scopes for Oauth2 twitter * Deubg + pass it through header * Add debug console, add airtable cred * Remove all console.logs, make PKCE in th body only when it exists * Remove invalid character ~ * Remove more console.logs * remove body inside query * Remove useless grantype check * Hide oauth2 twitter waiting for overhaul * Remove redundant header removal * Remove more console.logs * Add comment for code verifier * Remove uneeded scopes * Restore client id in callback * Revert "Add OAuth2 with new grant type to Twitter" This reverts commit 1c3b331aa1974159d1ffe1a4fbf2050722f0f24c. * Remove oauth2 from twitter * Remove properties linked to oauth2 * Fix lodash imports * remove redundant check * remove redundant codeVerifier * patch pkce-challenge to avoid generating `code_verifier` with `~` * store `codeVerifier` on the DB like `csrfSecret` * remove unrelated changes --------- Co-authored-by: Marcus <marcus@n8n.io> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2025-12-17 01:56:46 +00:00 · 2023-06-21 10:54:32 +02:00
parent 4b0e0b7970
commit fc7261aca6
12 changed files with 130 additions and 12 deletions
--- a/packages/nodes-base/credentials/AirtableOAuth2Api.credentials.ts
+++ b/packages/nodes-base/credentials/AirtableOAuth2Api.credentials.ts
@@ -0,0 +1,52 @@
+import type { ICredentialType, INodeProperties } from 'n8n-workflow';
+
+const scopes = ['schema.bases:read', 'data.records:read', 'data.records:write'];
+
+export class AirtableOAuth2Api implements ICredentialType {
+	name = 'airtableOAuth2Api';
+
+	extends = ['oAuth2Api'];
+
+	displayName = 'Airtable OAuth2 API';
+
+	documentationUrl = 'airtable';
+
+	properties: INodeProperties[] = [
+		{
+			displayName: 'Grant Type',
+			name: 'grantType',
+			type: 'hidden',
+			default: 'pkce',
+		},
+		{
+			displayName: 'Authorization URL',
+			name: 'authUrl',
+			type: 'hidden',
+			default: 'https://airtable.com/oauth2/v1/authorize',
+		},
+		{
+			displayName: 'Access Token URL',
+			name: 'accessTokenUrl',
+			type: 'hidden',
+			default: 'https://airtable.com/oauth2/v1/token',
+		},
+		{
+			displayName: 'Scope',
+			name: 'scope',
+			type: 'hidden',
+			default: `${scopes.join(' ')}`,
+		},
+		{
+			displayName: 'Auth URI Query Parameters',
+			name: 'authQueryParameters',
+			type: 'hidden',
+			default: '',
+		},
+		{
+			displayName: 'Authentication',
+			name: 'authentication',
+			type: 'hidden',
+			default: 'header',
+		},
+	];
+}
--- a/packages/nodes-base/credentials/OAuth2Api.credentials.ts
+++ b/packages/nodes-base/credentials/OAuth2Api.credentials.ts
@@ -23,6 +23,10 @@ export class OAuth2Api implements ICredentialType {
 					name: 'Client Credentials',
 					value: 'clientCredentials',
 				},
+				{
+					name: 'PKCE',
+					value: 'pkce',
+				},
 			],
 			default: 'authorizationCode',
 		},
@@ -32,7 +36,7 @@ export class OAuth2Api implements ICredentialType {
 			type: 'string',
 			displayOptions: {
 				show: {
-					grantType: ['authorizationCode'],
+					grantType: ['authorizationCode', 'pkce'],
 				},
 			},
 			default: '',
@@ -74,7 +78,7 @@ export class OAuth2Api implements ICredentialType {
 			type: 'string',
 			displayOptions: {
 				show: {
-					grantType: ['authorizationCode'],
+					grantType: ['authorizationCode', 'pkce'],
 				},
 			},
 			default: '',