* Support for code_verifier and code_challenge when generating a

     refresh token and access token in Gmail using the S256 method
     and plain method.

1 files changed, 4 insertions, 6 deletions

diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c
index 9081a1e3..45156e95 100644
--- a/imap/src/c-client/auth_oa2.c
+++ b/imap/src/c-client/auth_oa2.c
@@ -107,6 +107,9 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha
 
     oauth2.param[OA2_State].value = oauth2_generate_state();
 
+    oauth2_code_challenge(&oauth2);
+
+    oauth2_login_hint(&oauth2, user);
     /* 
      * If we did not get an access token, try to get one through 
      * our internal functions
@@ -168,11 +171,6 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha
 	*trial = 65535; 	/* don't retry if bad protocol */
     }
   }
-  if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value);
-  if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value);
-  if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value);
-  if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value);
-  if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value);
-  if(oauth2.access_token) fs_give((void **) &oauth2.access_token);
+  oauth2_free_extra_values(oauth2);
   return ret;
 }