From b06971bf81db5944b66d1a651a0d2a6611e7f727 Mon Sep 17 00:00:00 2001
From: Eric Turcotte <ericturcotte@users.noreply.github.com>
Date: Wed, 12 Jul 2017 23:35:34 -0500
Subject: [PATCH] If config useBasicAuthenticationWithAccessCodeGrant is
 truthy, send client id and secret as HTTP basic auth during
 authorization_code grant

---
 README.md                    |  7 +++++--
 src/core/oauth2-authorize.js | 12 +++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 28943fab..6618688c 100644
--- a/README.md
+++ b/README.md
@@ -97,7 +97,8 @@ To use swagger-ui's bundles, you should take a look at the [source of swagger-ui
 
 #### OAuth2 configuration
 You can configure OAuth2 authorization by calling `initOAuth` method with passed configs under the instance of `SwaggerUIBundle`
-default `client_id` and `client_secret`, `realm`, an application name `appName`, `scopeSeparator`, `additionalQueryStringParams`.
+default `client_id` and `client_secret`, `realm`, an application name `appName`, `scopeSeparator`, `additionalQueryStringParams`, 
+`useBasicAuthenticationWithAccessCodeGrant`.
 
 Config Name | Description
 --- | ---
@@ -107,6 +108,7 @@ realm | realm query parameter (for oauth1) added to `authorizationUrl` and `toke
 appName | application name, displayed in authorization popup. MUST be a string
 scopeSeparator | scope separator for passing scopes, encoded before calling, default value is a space (encoded value `%20`). MUST be a string
 additionalQueryStringParams | Additional query parameters added to `authorizationUrl` and `tokenUrl`. MUST be an object
+useBasicAuthenticationWithAccessCodeGrant | Only activated for the `accessCode` flow.  During the `authorization_code` request to the `tokenUrl`, pass the [Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) using the HTTP Basic Authentication scheme (`Authorization` header with `Basic base64encoded[client_id:client_secret]`).  The default is `false` 
 
 ```
 const ui = SwaggerUIBundle({...})
@@ -118,7 +120,8 @@ ui.initOAuth({
     realm: "your-realms",
     appName: "your-app-name",
     scopeSeparator: " ",
-    additionalQueryStringParams: {test: "hello"}
+    additionalQueryStringParams: {test: "hello"},
+    useBasicAuthenticationWithAccessCodeGrant: true
   })
 ```
 
diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js
index 5d654318..06935357 100644
--- a/src/core/oauth2-authorize.js
+++ b/src/core/oauth2-authorize.js
@@ -68,11 +68,21 @@ export default function authorize ( { auth, authActions, errActions, configs, au
 
   // pass action authorizeOauth2 and authentication data through window
   // to authorize with oauth2
+
+  let callback;
+  if (flow === "implicit") {
+    callback = authActions.preAuthorizeImplicit
+  } else if (authConfigs.useBasicAuthenticationWithAccessCodeGrant) {
+    callback = authActions.authorizeAccessCodeWithBasicAuthentication
+  } else {
+    callback = authActions.authorizeAccessCodeWithQueryParams
+  }
+
   win.swaggerUIRedirectOauth2 = {
     auth: auth,
     state: state,
     redirectUrl: redirectUrl,
-    callback: flow === "implicit" ? authActions.preAuthorizeImplicit : authActions.authorizeAccessCode,
+    callback: callback,
     errCb: errActions.newAuthErr
   }