From 2e79dd3d1649b52a9d913c2d1bed34fbf18ba5db Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 21 Jun 2021 22:44:37 +0800
Subject: [PATCH] Require PKCE

---
 packages/core/src/index.ts | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts
index 5c935d288..ab85c245b 100644
--- a/packages/core/src/index.ts
+++ b/packages/core/src/index.ts
@@ -9,16 +9,17 @@ const app = new Koa();
 const PORT = 3000;
 
 const oidc = new Provider(`http://localhost:${PORT}/oidc`, {
-  pkce: {
-    methods: ['S256'],
-    required: () => false,
+  cookies: {
+    // V2: Rotate this when necessary
+    // https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#cookieskeys
+    keys: ['LOGTOSEKRIT1'],
   },
   clients: [
     {
       client_id: 'foo',
-      client_secret: 'bar',
       redirect_uris: ['http://localhost:3000/callback'],
-      grant_types: ['authorization_code'],
+      grant_types: ['authorization_code', 'refresh_token'],
+      token_endpoint_auth_method: 'none',
     },
   ],
   findAccount: (ctx, sub) => {