Authz code flow with PKCE using angular-oauth2-oidc dependency

.gitignore

@@ -0,0 +1 @@
+.idea/

code/oauth2/client-app-authzcode-pkce/.editorconfig

@@ -0,0 +1,16 @@
+# Editor configuration, see https://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.ts]
+quote_type = single
+
+[*.md]
+max_line_length = off
+trim_trailing_whitespace = false

code/oauth2/client-app-authzcode-pkce/.gitignore

@@ -0,0 +1,42 @@
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+
+# Compiled output
+/dist
+/tmp
+/out-tsc
+/bazel-out
+
+# Node
+/node_modules
+npm-debug.log
+yarn-error.log
+
+# IDEs and editors
+.idea/
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# Visual Studio Code
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+.history/*
+
+# Miscellaneous
+/.angular/cache
+.sass-cache/
+/connect.lock
+/coverage
+/libpeerconnection.log
+testem.log
+/typings
+
+# System files
+.DS_Store
+Thumbs.db

code/oauth2/client-app-authzcode-pkce/README.md

@@ -0,0 +1,62 @@
+# Client App for "Authorization Code grant with PKCE flow"
+
+### Pre-requisites
+- Install node in your PC [NodeJS Download](https://nodejs.org/en/download)
+- Start the KeyCloak instance <https://www.keycloak.org/>
+
+This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 16.2.5.
+- `node --version && npm --version`
+- `npm install && npm start`. Navigate to [localhost:4200](http://localhost:4200/). The application will automatically reload if you change any of the source files.
+
+Follow below steps if you would like to create Single page client app from the scratch, otherwise skip the steps.
+```shell
+  CLIENT_APP_NAME=client-app-authz-code-pkce
+  sudo npm install -g @angular/cli &&
+  mkdir ${CLIENT_APP_NAME} &&
+  ng new ${CLIENT_APP_NAME} &&
+  npm install angular-oauth2-oidc &&
+  npm start
+```
+
+### Create Realm [KeyCloak](http://localhost:8080)
+- `Administration Console -> Create Realm`
+- `Realm Settings -> Endpoints -> OpenID Endpoint Configuration -> Note the Issuer URL`
+
+### Create the client and demo user in KeyCloak (Authorization Server)
+
+#### Enable the authorization flow options as specified on below screenshots and select the PKCE Challenge Method (S256)
+1. ![Client account for Authorization Code grant with PKCE Flow](images/auth-code-grant-with-pkce.png "PKCE Authorization Code Flow")
+2. ![Access Settings](images/auth-code-with-pkce-access-settings.png "Access Settings")
+3. ![Advanced Settings](images/auth-code-with-pkce-adv-settings.png "Advanced Settings")
+
+### Create a demo user
+- `Administration Console -> Select Realm -> Create User -> `
+
+### Update the SPA with OauthService
+#### Update the `auth.config.ts` with clientId and issuer
+```shell
+import {AuthConfig} from 'angular-oauth2-oidc'
+export const authConfig: AuthConfig = {
+  issuer: 'http://localhost:8080/realms/oauth2-authzcode-demo',
+  redirectUri: window.location.origin,
+  clientId: 'oauth2-demo-pkce',
+  responseType: 'code',
+  strictDiscoveryDocumentValidation: true,
+  scope: 'openid profile email offline_access',
+}
+```
+[Access localhost:4200](http://localhost:4200)
+
+![Login](images/auth-code-with-pkce-login.png "Request for Authorization Code")
+
+![Token](images/auth-code-with-pkce-token.png "Token call with auth code")
+
+
+### Reference
+[Angular Oauth2 OIDC](https://github.com/manfredsteyer/angular-oauth2-oidc)
+
+[Steps to create a code challenge](https://datatracker.ietf.org/doc/html/rfc7636#section-4.2)
+
+[Tool to generate code challenge](https://tonyxu-io.github.io/pkce-generator/)
+
+[Oauth2 vs OpenID Connect](https://www.linkedin.com/advice/0/how-do-you-choose-between-oauth2-openid?trk=cah1)

code/oauth2/client-app-authzcode-pkce/angular.json

@@ -0,0 +1,104 @@
+{
+  "$schema": "./node_modules/@angular/cli/lib/config/schema.json",
+  "version": 1,
+  "newProjectRoot": "projects",
+  "projects": {
+    "client-app-authzcode-pkce": {
+      "projectType": "application",
+      "schematics": {
+        "@schematics/angular:component": {
+          "style": "sass"
+        }
+      },
+      "root": "",
+      "sourceRoot": "src",
+      "prefix": "app",
+      "architect": {
+        "build": {
+          "builder": "@angular-devkit/build-angular:browser",
+          "options": {
+            "outputPath": "dist/client-app-authzcode-pkce",
+            "index": "src/index.html",
+            "main": "src/main.ts",
+            "polyfills": [
+              "zone.js"
+            ],
+            "tsConfig": "tsconfig.app.json",
+            "inlineStyleLanguage": "sass",
+            "assets": [
+              "src/favicon.ico",
+              "src/assets"
+            ],
+            "styles": [
+              "src/styles.sass"
+            ],
+            "scripts": []
+          },
+          "configurations": {
+            "production": {
+              "budgets": [
+                {
+                  "type": "initial",
+                  "maximumWarning": "500kb",
+                  "maximumError": "1mb"
+                },
+                {
+                  "type": "anyComponentStyle",
+                  "maximumWarning": "2kb",
+                  "maximumError": "4kb"
+                }
+              ],
+              "outputHashing": "all"
+            },
+            "development": {
+              "buildOptimizer": false,
+              "optimization": false,
+              "vendorChunk": true,
+              "extractLicenses": false,
+              "sourceMap": true,
+              "namedChunks": true
+            }
+          },
+          "defaultConfiguration": "production"
+        },
+        "serve": {
+          "builder": "@angular-devkit/build-angular:dev-server",
+          "configurations": {
+            "production": {
+              "browserTarget": "client-app-authzcode-pkce:build:production"
+            },
+            "development": {
+              "browserTarget": "client-app-authzcode-pkce:build:development"
+            }
+          },
+          "defaultConfiguration": "development"
+        },
+        "extract-i18n": {
+          "builder": "@angular-devkit/build-angular:extract-i18n",
+          "options": {
+            "browserTarget": "client-app-authzcode-pkce:build"
+          }
+        },
+        "test": {
+          "builder": "@angular-devkit/build-angular:karma",
+          "options": {
+            "polyfills": [
+              "zone.js",
+              "zone.js/testing"
+            ],
+            "tsConfig": "tsconfig.spec.json",
+            "inlineStyleLanguage": "sass",
+            "assets": [
+              "src/favicon.ico",
+              "src/assets"
+            ],
+            "styles": [
+              "src/styles.sass"
+            ],
+            "scripts": []
+          }
+        }
+      }
+    }
+  }
+}