* Support for code_verifier and code_challenge when generating a

     refresh token and access token in Gmail using the S256 method
     and plain method.

1 files changed, 4 insertions, 6 deletions

diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c
index f9e8e190..7848a8fc 100644
--- a/imap/src/c-client/auth_bea.c
+++ b/imap/src/c-client/auth_bea.c
@@ -87,6 +87,9 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder
 
     oauth2.param[OA2_State].value = oauth2_generate_state();
 
+    oauth2_code_challenge(&oauth2);
+
+    oauth2_login_hint(&oauth2, user);
     /* 
      * If we did not get an access token, try to get one through 
      * our internal functions
@@ -157,11 +160,6 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder
 	 *trial = 65535; 	/* don't retry if bad protocol */
     }
   }
-  if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value);
-  if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value);
-  if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value);
-  if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value);
-  if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value);
-  if(oauth2.access_token) fs_give((void **) &oauth2.access_token);
+  oauth2_free_extra_values(oauth2);
   return ret;
 }