From 5c7d31851a895a0ef5309ab9e8e0d98d8154a30c Mon Sep 17 00:00:00 2001
From: Benoit Serrano <benoit.serrano10@gmail.com>
Date: Wed, 20 Nov 2024 18:29:23 +0100
Subject: [PATCH] add allow http protocol

---
 index.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index 0df427c..627c0e8 100644
--- a/index.js
+++ b/index.js
@@ -31,17 +31,22 @@ const objToUrlParams = (obj) =>
 const getCurrentUrl = (req) =>
   new URL(`${req.protocol}://${req.get("host")}${req.originalUrl}`);
 
+const configOptions = process.env.IS_HTTP_PROTOCOL_FORBIDDEN === "True" ? undefined : {execute: [client.allowInsecureRequests]}
+
 const getProviderConfig = async () => {
-  return await client.discovery(
+  const config = await client.discovery(
     new URL(process.env.PC_PROVIDER),
     process.env.PC_CLIENT_ID,
     {
-      client_secret: process.env.PC_CLIENT_SECRET,
       id_token_signed_response_alg: process.env.PC_ID_TOKEN_SIGNED_RESPONSE_ALG,
       userinfo_signed_response_alg:
         process.env.PC_USERINFO_SIGNED_RESPONSE_ALG || null,
+      
     },
+    client.ClientSecretPost(process.env.PC_CLIENT_SECRET),
+    configOptions
   );
+  return config
 };
 
 const AUTHORIZATION_DEFAULT_PARAMS = {
@@ -161,7 +166,7 @@ app.get(process.env.CALLBACK_URL, async (req, res, next) => {
     const tokens = await client.authorizationCodeGrant(config, currentUrl, {
       expectedNonce: req.session.nonce,
       expectedState: req.session.state,
-    });
+    }, configOptions);
 
     req.session.nonce = null;
     req.session.state = null;
@@ -170,6 +175,7 @@ app.get(process.env.CALLBACK_URL, async (req, res, next) => {
       config,
       tokens.access_token,
       claims.sub,
+      configOptions
     );
     req.session.idtoken = claims;
     req.session.id_token_hint = tokens.id_token;