From 4ff44fd05018e4fb243cfef801527b908028b4c3 Mon Sep 17 00:00:00 2001 From: Chirag Makwana Date: Fri, 1 May 2026 12:01:43 +0530 Subject: [PATCH 1/2] fix(oauth2): add code_verifier to token exchange OpenAPI spec --- internal/httpclient/api/openapi.yaml | 3 +++ internal/httpclient/api_o_auth2.go | 9 +++++++++ internal/httpclient/docs/OAuth2API.md | 6 ++++-- oauth2/handler.go | 3 +++ spec/api.json | 4 ++++ spec/swagger.json | 5 +++++ 6 files changed, 28 insertions(+), 2 deletions(-) diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 4ac97c4678..1e60c0321b 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -5001,6 +5001,9 @@ components: code: type: string x-formData-name: code + code_verifier: + type: string + x-formData-name: code_verifier grant_type: required: - grant_type diff --git a/internal/httpclient/api_o_auth2.go b/internal/httpclient/api_o_auth2.go index dd7e5dffd1..004a0a0878 100644 --- a/internal/httpclient/api_o_auth2.go +++ b/internal/httpclient/api_o_auth2.go @@ -2438,6 +2438,7 @@ type ApiOauth2TokenExchangeRequest struct { grantType *string clientId *string code *string + codeVerifier *string redirectUri *string refreshToken *string } @@ -2457,6 +2458,11 @@ func (r ApiOauth2TokenExchangeRequest) Code(code string) ApiOauth2TokenExchangeR return r } +func (r ApiOauth2TokenExchangeRequest) CodeVerifier(codeVerifier string) ApiOauth2TokenExchangeRequest { + r.codeVerifier = &codeVerifier + return r +} + func (r ApiOauth2TokenExchangeRequest) RedirectUri(redirectUri string) ApiOauth2TokenExchangeRequest { r.redirectUri = &redirectUri return r @@ -2538,6 +2544,9 @@ func (a *OAuth2APIService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe if r.code != nil { parameterAddToHeaderOrQuery(localVarFormParams, "code", r.code, "", "") } + if r.codeVerifier != nil { + parameterAddToHeaderOrQuery(localVarFormParams, "code_verifier", r.codeVerifier, "", "") + } parameterAddToHeaderOrQuery(localVarFormParams, "grant_type", r.grantType, "", "") if r.redirectUri != nil { parameterAddToHeaderOrQuery(localVarFormParams, "redirect_uri", r.redirectUri, "", "") diff --git a/internal/httpclient/docs/OAuth2API.md b/internal/httpclient/docs/OAuth2API.md index 989fa871c0..9d0ffb7dd1 100644 --- a/internal/httpclient/docs/OAuth2API.md +++ b/internal/httpclient/docs/OAuth2API.md @@ -1318,7 +1318,7 @@ No authorization required ## Oauth2TokenExchange -> OAuth2TokenExchange Oauth2TokenExchange(ctx).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() +> OAuth2TokenExchange Oauth2TokenExchange(ctx).GrantType(grantType).ClientId(clientId).Code(code).CodeVerifier(codeVerifier).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() The OAuth 2.0 Token Endpoint @@ -1340,12 +1340,13 @@ func main() { grantType := "grantType_example" // string | clientId := "clientId_example" // string | (optional) code := "code_example" // string | (optional) + codeVerifier := "codeVerifier_example" // string | (optional) redirectUri := "redirectUri_example" // string | (optional) refreshToken := "refreshToken_example" // string | (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.OAuth2API.Oauth2TokenExchange(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() + resp, r, err := apiClient.OAuth2API.Oauth2TokenExchange(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).CodeVerifier(codeVerifier).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.Oauth2TokenExchange``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -1369,6 +1370,7 @@ Name | Type | Description | Notes **grantType** | **string** | | **clientId** | **string** | | **code** | **string** | | + **codeVerifier** | **string** | | **redirectUri** | **string** | | **refreshToken** | **string** | | diff --git a/oauth2/handler.go b/oauth2/handler.go index fb8c1148be..5dba796b3d 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -1109,6 +1109,9 @@ type _ struct { // in: formData ClientID string `json:"client_id"` + + // in: formData + CodeVerifier string `json:"code_verifier"` } // OAuth2 Token Exchange Result diff --git a/spec/api.json b/spec/api.json index 337b5bf749..8bc0a38a07 100644 --- a/spec/api.json +++ b/spec/api.json @@ -4088,6 +4088,10 @@ "type": "string", "x-formData-name": "code" }, + "code_verifier": { + "type": "string", + "x-formData-name": "code_verifier" + }, "grant_type": { "required": [ "grant_type" diff --git a/spec/swagger.json b/spec/swagger.json index 9534572f39..0e27a28b35 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -2173,6 +2173,11 @@ "type": "string", "name": "client_id", "in": "formData" + }, + { + "type": "string", + "name": "code_verifier", + "in": "formData" } ], "responses": { From 6576b8fa492019606ddb2b82060d2b18ac1a8e1d Mon Sep 17 00:00:00 2001 From: Chirag Makwana Date: Fri, 1 May 2026 14:33:45 +0530 Subject: [PATCH 2/2] refactor: reorder import statements in page_token.go --- oryx/pagination/keysetpagination_v2/page_token.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oryx/pagination/keysetpagination_v2/page_token.go b/oryx/pagination/keysetpagination_v2/page_token.go index 4b633a1f3f..e6e887b8d7 100644 --- a/oryx/pagination/keysetpagination_v2/page_token.go +++ b/oryx/pagination/keysetpagination_v2/page_token.go @@ -12,9 +12,10 @@ import ( "time" "github.com/gofrs/uuid" - "github.com/ory/herodot" "github.com/pkg/errors" "golang.org/x/crypto/nacl/secretbox" + + "github.com/ory/herodot" ) var fallbackEncryptionKey = &[32]byte{}