|
33 | 33 | "docs_url": "https://github.com/damienbod/angular-auth-oidc-client", |
34 | 34 | "install": "angular-auth-oidc-client", |
35 | 35 | "repo_path": "samples/angular/login-pkce", |
36 | | - "run_command": "yarn install && yarn start" |
| 36 | + "run_command": "yarn install && yarn start", |
| 37 | + "callout": "Uses PKCE — no client secret needed. The browser generates a code_verifier/code_challenge pair." |
37 | 38 | }, |
38 | 39 | "react": { |
39 | 40 | "steps": [ |
|
76 | 77 | "docs_url": "https://github.com/authts/react-oidc-context", |
77 | 78 | "install": "oidc-client-ts react-oidc-context", |
78 | 79 | "repo_path": "samples/react/login-pkce", |
79 | | - "run_command": "yarn install && yarn start" |
| 80 | + "run_command": "yarn install && yarn start", |
| 81 | + "callout": "Uses PKCE — no client secret needed. The browser generates a code_verifier/code_challenge pair." |
80 | 82 | }, |
81 | 83 | "vue": { |
82 | 84 | "steps": [ |
|
119 | 121 | "docs_url": "https://github.com/authts/oidc-client-ts", |
120 | 122 | "install": "oidc-client-ts", |
121 | 123 | "repo_path": "samples/vue/login-pkce", |
122 | | - "run_command": "yarn install && yarn start" |
| 124 | + "run_command": "yarn install && yarn start", |
| 125 | + "callout": "Uses PKCE — no client secret needed. The browser generates a code_verifier/code_challenge pair." |
123 | 126 | } |
124 | 127 | }, |
125 | 128 | "spa_token_refresh": { |
|
156 | 159 | "docs_url": "https://github.com/damienbod/angular-auth-oidc-client", |
157 | 160 | "install": "angular-auth-oidc-client", |
158 | 161 | "repo_path": "samples/angular/token-refresh", |
159 | | - "run_command": "yarn install && yarn start" |
| 162 | + "run_command": "yarn install && yarn start", |
| 163 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
160 | 164 | }, |
161 | 165 | "react": { |
162 | 166 | "steps": [ |
|
199 | 203 | "docs_url": "https://github.com/authts/react-oidc-context", |
200 | 204 | "install": "oidc-client-ts react-oidc-context", |
201 | 205 | "repo_path": "samples/react/token-refresh", |
202 | | - "run_command": "yarn install && yarn start" |
| 206 | + "run_command": "yarn install && yarn start", |
| 207 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
203 | 208 | }, |
204 | 209 | "vue": { |
205 | 210 | "steps": [ |
|
242 | 247 | "docs_url": "https://github.com/authts/oidc-client-ts", |
243 | 248 | "install": "oidc-client-ts", |
244 | 249 | "repo_path": "samples/vue/token-refresh", |
245 | | - "run_command": "yarn install && yarn start" |
| 250 | + "run_command": "yarn install && yarn start", |
| 251 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
246 | 252 | } |
247 | 253 | }, |
248 | 254 | "server_login_auth_code": { |
|
279 | 285 | "docs_url": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication", |
280 | 286 | "install": "", |
281 | 287 | "repo_path": "samples/dotnet/login-auth-code", |
282 | | - "run_command": "dotnet restore && dotnet run --project src" |
| 288 | + "run_command": "dotnet restore && dotnet run --project src", |
| 289 | + "callout": "Server-side flow — the client_secret never reaches the browser. PKCE is still enabled to protect against authorization-code interception during the redirect back to /callback." |
283 | 290 | }, |
284 | 291 | "java": { |
285 | 292 | "steps": [ |
|
322 | 329 | "docs_url": "https://docs.spring.io/spring-security/reference/servlet/oauth2/login/index.html", |
323 | 330 | "install": "", |
324 | 331 | "repo_path": "samples/java/login-auth-code", |
325 | | - "run_command": "mvn spring-boot:run" |
| 332 | + "run_command": "mvn spring-boot:run", |
| 333 | + "callout": "Server-side flow — the client_secret never reaches the browser. PKCE is still enabled to protect against authorization-code interception during the redirect back to /login/oauth2/code/secureauth." |
326 | 334 | }, |
327 | 335 | "node": { |
328 | 336 | "steps": [ |
|
365 | 373 | "docs_url": "https://github.com/panva/openid-client", |
366 | 374 | "install": "openid-client", |
367 | 375 | "repo_path": "samples/node/login-auth-code", |
368 | | - "run_command": "yarn install && yarn start" |
| 376 | + "run_command": "yarn install && yarn start", |
| 377 | + "callout": "Server-side flow — the client_secret never reaches the browser. PKCE is still enabled to protect against authorization-code interception during the redirect back to /callback." |
369 | 378 | } |
370 | 379 | }, |
371 | 380 | "server_token_refresh": { |
|
418 | 427 | "docs_url": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication", |
419 | 428 | "install": "", |
420 | 429 | "repo_path": "samples/dotnet/token-refresh", |
421 | | - "run_command": "dotnet restore && dotnet run --project src" |
| 430 | + "run_command": "dotnet restore && dotnet run --project src", |
| 431 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
422 | 432 | }, |
423 | 433 | "java": { |
424 | 434 | "steps": [ |
|
477 | 487 | "docs_url": "https://docs.spring.io/spring-security/reference/servlet/oauth2/login/index.html", |
478 | 488 | "install": "", |
479 | 489 | "repo_path": "samples/java/token-refresh", |
480 | | - "run_command": "mvn spring-boot:run" |
| 490 | + "run_command": "mvn spring-boot:run", |
| 491 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
481 | 492 | }, |
482 | 493 | "node": { |
483 | 494 | "steps": [ |
|
528 | 539 | "docs_url": "https://github.com/panva/openid-client", |
529 | 540 | "install": "openid-client", |
530 | 541 | "repo_path": "samples/node/token-refresh", |
531 | | - "run_command": "yarn install && yarn start" |
| 542 | + "run_command": "yarn install && yarn start", |
| 543 | + "callout": "Requires refresh_token grant type enabled in workspace [OAuth settings](workspace-oauth-general) and in the application's [Grant Types](workspace-applications-oauth). Also requires the offline_access scope." |
532 | 544 | } |
533 | 545 | }, |
534 | 546 | "server_saml_sp_login": { |
|
565 | 577 | "docs_url": "https://github.com/Sustainsys/Saml2", |
566 | 578 | "install": "", |
567 | 579 | "repo_path": "samples/dotnet/saml-sp-login", |
568 | | - "run_command": "dotnet restore && dotnet run --project src" |
| 580 | + "run_command": "dotnet restore && dotnet run --project src", |
| 581 | + "callout": "AuthnRequests are unsigned for simplicity — CIAM accepts unsigned requests by default. For production, configure SP request signing per your library's docs." |
569 | 582 | }, |
570 | 583 | "java": { |
571 | 584 | "steps": [ |
|
600 | 613 | "docs_url": "https://docs.spring.io/spring-security/reference/servlet/saml2/login/index.html", |
601 | 614 | "install": "", |
602 | 615 | "repo_path": "samples/java/saml-sp-login", |
603 | | - "run_command": "mvn spring-boot:run" |
| 616 | + "run_command": "mvn spring-boot:run", |
| 617 | + "callout": "Spring Security 6.4 always signs AuthnRequests; this sample reuses the dev TLS keystore as the SP signing credential. CIAM doesn't validate the signature (no SP cert registered), so the request is accepted as if unsigned. For production, generate a dedicated SP signing key and register its public cert in CIAM's SAML SP form." |
604 | 618 | }, |
605 | 619 | "node": { |
606 | 620 | "steps": [ |
|
635 | 649 | "docs_url": "https://github.com/node-saml/passport-saml", |
636 | 650 | "install": "@node-saml/passport-saml passport", |
637 | 651 | "repo_path": "samples/node/saml-sp-login", |
638 | | - "run_command": "yarn install && yarn start" |
| 652 | + "run_command": "yarn install && yarn start", |
| 653 | + "callout": "AuthnRequests are unsigned for simplicity — CIAM accepts unsigned requests by default. For production, configure SP request signing per your library's docs." |
639 | 654 | } |
640 | 655 | } |
641 | 656 | } |
0 commit comments