diff --git a/app/forms/openid_connect_authorize_form.rb b/app/forms/openid_connect_authorize_form.rb index 989cef6d5dc..a3e65e9ab3d 100644 --- a/app/forms/openid_connect_authorize_form.rb +++ b/app/forms/openid_connect_authorize_form.rb @@ -234,6 +234,7 @@ def extra_analytics_attributes unauthorized_scope: @unauthorized_scope, code_digest: code ? Digest::SHA256.hexdigest(code) : nil, code_challenge_present: code_challenge.present?, + service_provider_pkce: service_provider&.pkce, } end diff --git a/app/forms/openid_connect_token_form.rb b/app/forms/openid_connect_token_form.rb index f8dca5f8490..97fd3424092 100644 --- a/app/forms/openid_connect_token_form.rb +++ b/app/forms/openid_connect_token_form.rb @@ -199,6 +199,7 @@ def extra_analytics_attributes user_id: identity&.user&.uuid, code_digest: code ? Digest::SHA256.hexdigest(code) : nil, code_verifier_present: code_verifier.present?, + service_provider_pkce: service_provider&.pkce, } end diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb index 5d89f9e6669..e1149dec658 100644 --- a/spec/controllers/openid_connect/authorization_controller_spec.rb +++ b/spec/controllers/openid_connect/authorization_controller_spec.rb @@ -61,6 +61,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid') expect(@analytics).to receive(:track_event). with('OpenID Connect: authorization request handoff', @@ -130,6 +131,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/2', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid profile') expect(@analytics).to receive(:track_event). with('OpenID Connect: authorization request handoff', @@ -293,6 +295,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/0', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid profile') expect(@analytics).to receive(:track_event). with('OpenID Connect: authorization request handoff', @@ -344,6 +347,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/0', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid profile') expect(@analytics).to receive(:track_event). with('OpenID Connect: authorization request handoff', @@ -396,6 +400,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/0', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid profile') expect(@analytics).to receive(:track_event). with('OpenID Connect: authorization request handoff', @@ -485,6 +490,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid') expect(@analytics).to_not receive(:track_event).with('SP redirect initiated') @@ -517,6 +523,7 @@ user_fully_authenticated: true, acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid') expect(@analytics).to_not receive(:track_event).with('SP redirect initiated') @@ -579,6 +586,7 @@ user_fully_authenticated: false, acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', code_challenge_present: false, + service_provider_pkce: nil, scope: 'openid') action diff --git a/spec/controllers/openid_connect/token_controller_spec.rb b/spec/controllers/openid_connect/token_controller_spec.rb index 8b2c7f2ca77..8fc0b36c51a 100644 --- a/spec/controllers/openid_connect/token_controller_spec.rb +++ b/spec/controllers/openid_connect/token_controller_spec.rb @@ -60,6 +60,7 @@ errors: {}, code_digest: kind_of(String), code_verifier_present: false, + service_provider_pkce: nil, }) action end @@ -87,6 +88,7 @@ errors: hash_including(:grant_type), code_digest: kind_of(String), code_verifier_present: false, + service_provider_pkce: nil, error_details: hash_including(:grant_type), }) diff --git a/spec/forms/openid_connect_authorize_form_spec.rb b/spec/forms/openid_connect_authorize_form_spec.rb index c5799dfc528..dce7824be51 100644 --- a/spec/forms/openid_connect_authorize_form_spec.rb +++ b/spec/forms/openid_connect_authorize_form_spec.rb @@ -51,6 +51,7 @@ scope: 'openid', code_digest: nil, code_challenge_present: false, + service_provider_pkce: nil, ) end end @@ -74,6 +75,7 @@ scope: 'openid', code_digest: nil, code_challenge_present: false, + service_provider_pkce: nil, ) end end diff --git a/spec/forms/openid_connect_token_form_spec.rb b/spec/forms/openid_connect_token_form_spec.rb index bf5af7f71f2..15880ab0576 100644 --- a/spec/forms/openid_connect_token_form_spec.rb +++ b/spec/forms/openid_connect_token_form_spec.rb @@ -380,6 +380,7 @@ user_id: user.uuid, code_digest: Digest::SHA256.hexdigest(code), code_verifier_present: false, + service_provider_pkce: nil, ) end end