From e8b4615717e91ab7a56161c5421fc4ed2fd4b500 Mon Sep 17 00:00:00 2001
From: Tibet Sprague <tibet.sprague@gmail.com>
Date: Thu, 23 Jun 2022 13:52:13 -0700
Subject: [PATCH 1/3] Try to fix Zapier oAuth integratiom

---
 api/services/OpenIDConnect.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/services/OpenIDConnect.js b/api/services/OpenIDConnect.js
index d5abde050..51d44d9ce 100644
--- a/api/services/OpenIDConnect.js
+++ b/api/services/OpenIDConnect.js
@@ -91,7 +91,7 @@ const configuration = {
     keys: process.env.OIDC_KEYS ? process.env.OIDC_KEYS.split(',').map(k => rsaPemToJwk(Buffer.from(k, 'base64').toString('ascii'), {}, 'private')) : []
   },
   pkce: {
-    required: true
+    required: false
   },
   proxy: true, // maybe??
   routes: {

From e0f7c406e808ec045329b1ab11958f56f4f11c81 Mon Sep 17 00:00:00 2001
From: Tibet Sprague <tibet.sprague@gmail.com>
Date: Thu, 23 Jun 2022 15:27:12 -0700
Subject: [PATCH 2/3] Allow for specifying that some oAuth clients don't
 require PKCE - for Zapier

---
 api/services/OpenIDConnect.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/services/OpenIDConnect.js b/api/services/OpenIDConnect.js
index 51d44d9ce..65e764e21 100644
--- a/api/services/OpenIDConnect.js
+++ b/api/services/OpenIDConnect.js
@@ -91,7 +91,9 @@ const configuration = {
     keys: process.env.OIDC_KEYS ? process.env.OIDC_KEYS.split(',').map(k => rsaPemToJwk(Buffer.from(k, 'base64').toString('ascii'), {}, 'private')) : []
   },
   pkce: {
-    required: false
+    required: (ctx, client) => {
+      return client.noPKCE ? false : true
+    }
   },
   proxy: true, // maybe??
   routes: {

From 53f68a335ab95416ccda8762f51998c3173b6e16 Mon Sep 17 00:00:00 2001
From: Tibet Sprague <tibet.sprague@gmail.com>
Date: Thu, 23 Jun 2022 15:39:22 -0700
Subject: [PATCH 3/3] One more try to turn of PKCE for zapier

---
 api/services/OpenIDConnect.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/services/OpenIDConnect.js b/api/services/OpenIDConnect.js
index 65e764e21..8910331a3 100644
--- a/api/services/OpenIDConnect.js
+++ b/api/services/OpenIDConnect.js
@@ -43,7 +43,8 @@ const configuration = {
       'invite_subject', // The email subject of invite messages sent to users created by this client
       'invite_message', // The email body of invite messages sent to users created by this client
       'name', // The name of the API client
-      'role' // Can give a client super powers by giving them a role of 'super'
+      'role', // Can give a client super powers by giving them a role of 'super'
+      'noPKCE' // Turn off requirement for PKCE from this client
     ]
   },
   findAccount: async (ctx, id, token) => {