From e7a41e9885e4c2738770adea722389640fa07ee2 Mon Sep 17 00:00:00 2001
From: Dusan Jakub <dusan.jakub@ysoft.com>
Date: Wed, 18 Oct 2023 13:16:18 +0200
Subject: [PATCH] Add client secret to Auth code flow example

---
 src/flow/code-3.html | 10 ++++++++++
 src/twistd.log       | 18 ++++++++++++++++++
 src/twistd.pid       |  1 +
 3 files changed, 29 insertions(+)
 create mode 100644 src/twistd.log
 create mode 100644 src/twistd.pid

diff --git a/src/flow/code-3.html b/src/flow/code-3.html
index ce8279e..c9d6d7b 100644
--- a/src/flow/code-3.html
+++ b/src/flow/code-3.html
@@ -78,6 +78,12 @@
                                             used by the authorization server to identify the application when redirecting the user back to the client.
                                         </p>
                                     </li>
+                                    <li class="collection-item">
+                                        <p><b><span class="emphasis">client_secret</span>=<span id="clientSecret"></span></b></p>
+                                        <p>
+                                            Client secret. Note that this flow is wrongly used for a JavaScript application, in which anyone can read the secret.
+                                        </p>
+                                    </li>
                                     <li class="collection-item">
                                         <p><b><span class="emphasis">redirect_uri</span>=<span id="redirectUri"></span></b></p>
                                         <p>The redirect URI</p>
@@ -160,6 +166,7 @@
     <script src="../js/env-config.js"></script>
     <script>
         const tokenEndpoint = baseUrl + "/token";
+        const secret = "s3cr3t";
         const code = new URLSearchParams(window.location.search).get('code');
 
         if (!code) {
@@ -171,6 +178,7 @@
                 "grant_type=authorization_code" + "\n"
                 + "&client_id=" + getClientId() + "\n"
                 + "&redirect_uri=" + getRedirectUri() + "\n"
+                + "&client_secret=" + secret + "\n"
                 + "&code=" + code;
 
             $("#requestUriExample").text(tokenEndpoint);
@@ -179,6 +187,7 @@
             $("#tokenUrl").text(tokenEndpoint);
             $("#grantType").text("authorization_code");
             $("#clientId").text(getClientId());
+            $("#clientSecret").text(secret);
             $("#redirectUri").text(getRedirectUri());
             $("#code").text(code);
         }
@@ -193,6 +202,7 @@
             const bodyData = new URLSearchParams();
             bodyData.append('grant_type', 'authorization_code');
             bodyData.append('client_id', getClientId());
+            bodyData.append('client_secret', secret);
             bodyData.append('redirect_uri', getRedirectUri());
             bodyData.append('code', code);
 
diff --git a/src/twistd.log b/src/twistd.log
new file mode 100644
index 0000000..8005704
--- /dev/null
+++ b/src/twistd.log
@@ -0,0 +1,18 @@
+2023-10-02T11:26:21+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 23.8.0 (/home/linuxbrew/.linuxbrew/opt/python@3.11/bin/python3.11 3.11.3) starting up.
+2023-10-02T11:26:21+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
+2023-10-02T11:26:21+0200 [-] Site starting on 8080
+2023-10-02T11:26:21+0200 [twisted.web.server.Site#info] Starting factory <twisted.web.server.Site object at 0x7fbbc18a7ad0>
+2023-10-02T11:27:51+0200 [-] Received SIGTERM, shutting down.
+2023-10-02T11:27:51+0200 [-] (TCP Port 8080 Closed)
+2023-10-02T11:27:51+0200 [twisted.web.server.Site#info] Stopping factory <twisted.web.server.Site object at 0x7fbbc18a7ad0>
+2023-10-02T11:27:51+0200 [-] Main loop terminated.
+2023-10-02T11:27:51+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] Server Shut Down.
+2023-10-02T11:27:53+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 23.8.0 (/home/linuxbrew/.linuxbrew/opt/python@3.11/bin/python3.11 3.11.3) starting up.
+2023-10-02T11:27:53+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
+2023-10-02T11:27:53+0200 [-] Site starting on 8080
+2023-10-02T11:27:53+0200 [twisted.web.server.Site#info] Starting factory <twisted.web.server.Site object at 0x7f2dd4237a10>
+2023-10-02T11:28:54+0200 [-] Received SIGTERM, shutting down.
+2023-10-02T11:28:54+0200 [-] (TCP Port 8080 Closed)
+2023-10-02T11:28:54+0200 [twisted.web.server.Site#info] Stopping factory <twisted.web.server.Site object at 0x7f2dd4237a10>
+2023-10-02T11:28:54+0200 [-] Main loop terminated.
+2023-10-02T11:28:54+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] Server Shut Down.
diff --git a/src/twistd.pid b/src/twistd.pid
new file mode 100644
index 0000000..fce27bf
--- /dev/null
+++ b/src/twistd.pid
@@ -0,0 +1 @@
+5688
\ No newline at end of file