Add support for new passwordless endpoint (#556)

* Fixing passwordless signin * Changing password to otp * Changing connection to realm * Addressing validation issue * Mapping password over to otp field * Updating tests * Changing `realm` back to `connection` Mapping the field instead to minimize impact * Setting default back to `ro` Allow switching to `otp` grant in signIn * Fixing issues with revert, cleaning up tests * Cleanup * Adding tests and documentation Small bug fix * Add deprecations for passwordless params Co-authored-by: Nick Bandarchi <[email protected]> Co-authored-by: David Patrick <[email protected]>
auth0 · Dec 7, 2020 · a21787a · a21787a
1 parent 31b8556
commit a21787a
Show file tree

Hide file tree

Showing 3 changed files with 405 additions and 167 deletions.
diff --git a/src/auth/OAuthAuthenticator.js b/src/auth/OAuthAuthenticator.js
@@ -17,6 +17,9 @@ function getParamsFromOptions(options) {
       req.set('auth0-forwarded-for', options.forwardedFor);
     };
   }
+  if (options.type) {
+    params.type = options.type;
+  }
   return params;
 }
 
@@ -117,7 +120,10 @@ OAuthAuthenticator.prototype.signIn = function(userData, options, cb) {
     throw new ArgumentError('Missing user data object');
   }
 
-  if (typeof data.connection !== 'string' || data.connection.split().length === 0) {
+  if (
+    params.type === 'ro' &&
+    (typeof data.connection !== 'string' || data.connection.split().length === 0)
+  ) {
     throw new ArgumentError('connection field is required');
   }
 

diff --git a/src/auth/PasswordlessAuthenticator.js b/src/auth/PasswordlessAuthenticator.js
@@ -48,7 +48,7 @@ var PasswordlessAuthenticator = function(options, oauth) {
  * @example <caption>
  *   Given the user credentials (`phone_number` and `code`), it will do the
  *   authentication on the provider and return a JSON with the `access_token`
- *   and `id_token`.
+ *   and `id_token` using `/oauth/ro` endpoint.
  * </caption>
  *
  * var data = {
@@ -63,6 +63,21 @@ var PasswordlessAuthenticator = function(options, oauth) {
  * });
  *
  * @example <caption>
+ * To use `/oauth/token` endpoint, use `otp` and `realm` instead
+ * </caption>
+ *
+ * var data = {
+ *   username: '{PHONE_NUMBER}',
+ *   otp: '{VERIFICATION_CODE}'
+ * };
+ *
+ * auth0.passwordless.signIn(data, function (err) {
+ *   if (err) {
+ *     // Handle error.
+ *   }
+ * });
+ *
+ * @example <caption>
  *   The user data object has the following structure.
  * </caption>
  *
@@ -73,9 +88,11 @@ var PasswordlessAuthenticator = function(options, oauth) {
  * }
  *
  * @param   {Object}    userData              User credentials object.
- * @param   {String}    userData.username     Username.
- * @param   {String}    userData.password     Password.
- * @param   {String}    [userData.connection=sms]  Connection string: "sms" or "email".
+ * @param   {String}    userData.otp          The user's verification code.
+ * @param   {String}    [userData.realm=sms]  Realm string: "sms" or "email".
+ * @param   {String}    userData.username     The user's phone number if realm=sms, or the user's email if realm=email
+ * @param   {String}    userData.password     [DEPRECATED] Password.
+ * @param   {String}    [userData.connection=sms] [DEPRECATED] Connection string: "sms" or "email".
  * @param   {Function}  [cb]                  Method callback.
  *
  * @return  {Promise|undefined}
@@ -87,12 +104,6 @@ PasswordlessAuthenticator.prototype.signIn = function(userData, cb) {
   };
   var data = extend(defaultFields, userData);
 
-  // Don't let the user override the connection nor the grant type.
-  if (!data.connection || (data.connection !== 'email' && data.connection !== 'sms')) {
-    data.connection = 'sms';
-  }
-  data.grant_type = 'password';
-
   if (!userData || typeof userData !== 'object') {
     throw new ArgumentError('Missing user data object');
   }
@@ -101,10 +112,29 @@ PasswordlessAuthenticator.prototype.signIn = function(userData, cb) {
     throw new ArgumentError('username field (phone number) is required');
   }
 
+  // If otp is provided, attempt to sign in using otp grant
+  if (typeof data.otp === 'string' && data.otp.trim().length > 0) {
+    if (!data.realm || (data.realm !== 'email' && data.realm !== 'sms')) {
+      data.realm = 'sms';
+    }
+    data.grant_type = 'http://auth0.com/oauth/grant-type/passwordless/otp';
+    return this.oauth.signIn(data, { type: 'token' }, cb);
+  }
+
+  // Don't let the user override the connection nor the grant type.
+  if (!data.connection || (data.connection !== 'email' && data.connection !== 'sms')) {
+    data.connection = 'sms';
+  }
+  data.grant_type = 'password';
+
   if (typeof data.password !== 'string' || data.password.trim().length === 0) {
     throw new ArgumentError('password field (verification code) is required');
   }
 
+  console.warn(
+    'The oauth/ro endpoint has been deprecated. Please use the realm and otp parameters in this function.'
+  );
+
   return this.oauth.signIn(data, cb);
 };