From 5cc8108e7bb6fcba2b66dab4da318123d7da0267 Mon Sep 17 00:00:00 2001
From: Quentin BEY <quentin.bey@mail.numerique.gouv.fr>
Date: Thu, 13 Mar 2025 10:03:08 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(oauth2)=20disable=20PKCE=20for=20P?=
 =?UTF-8?q?roconnect?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The PKCE is not available for Proconnect, security is made otherwise.
---
 src/backend/mailbox_oauth2/validators.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/backend/mailbox_oauth2/validators.py b/src/backend/mailbox_oauth2/validators.py
index 5ec84d0..3f1d425 100644
--- a/src/backend/mailbox_oauth2/validators.py
+++ b/src/backend/mailbox_oauth2/validators.py
@@ -178,3 +178,17 @@ class ProConnectValidator(BaseValidator):
 
         # Call the superclass method to create the authorization code
         return super()._create_authorization_code(request, code, expires)
+
+    def is_pkce_required(self, client_id, request):
+        """
+        Determine if PKCE is required for the given client.
+        For ProConnect, PKCE is disabled.
+
+        Args:
+            client_id: The client identifier.
+            request: The OAuth2 request object containing user and scope information.
+
+        Returns:
+            bool: True if PKCE is required, False otherwise.
+        """
+        return False