diff --git a/src/auth/oauth.ts b/src/auth/oauth.ts index ce57b1a0f..e6e1eb7b0 100644 --- a/src/auth/oauth.ts +++ b/src/auth/oauth.ts @@ -151,6 +151,11 @@ export interface PushedAuthorizationRequest extends ClientCredentials { */ request?: string; + /** + * A JSON stringified array of objects. It can carry fine-grained authorization data in OAuth messages as part of Rich Authorization Requests (RAR) {@link https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/authorization-code-flow-with-rar | Reference} + */ + authorization_details?: string; + /** * Allow for any custom property to be sent to Auth0 */ diff --git a/test/auth/client-authentication.test.ts b/test/auth/client-authentication.test.ts index 24d6583fd..53000d469 100644 --- a/test/auth/client-authentication.test.ts +++ b/test/auth/client-authentication.test.ts @@ -152,3 +152,56 @@ describe('client-authentication', () => { }); }); }); + +describe('client-authentication for par endpoint', () => { + const path = jest.fn(); + const body = jest.fn(); + const headers = jest.fn(); + const clientAssertion = jest.fn(); + + beforeEach(() => { + async function handler(this: any, pathIn: unknown, bodyIn: string) { + const bodyParsed = Object.fromEntries(new URLSearchParams(bodyIn)); + path(pathIn); + body(bodyParsed); + headers(this.req.headers); + if ((bodyParsed as any).client_assertion) { + clientAssertion(await verify(bodyParsed.client_assertion, TEST_PUBLIC_KEY, verifyOpts)); + } + return { + data: { + request_uri: 'https://www.request.uri', + expires_in: 86400, + }, + }; + } + + nock(URL, { encodedQueryParams: true }).post('/oauth/par').reply(200, handler).persist(); + }); + + afterEach(() => { + nock.cleanAll(); + jest.clearAllMocks(); + }); + + it('should allow you to call with cliendId & clientSecret combination', async () => { + const auth0 = new AuthenticationClient({ + domain: 'tenant.auth0.com', + clientId, + clientSecret: 'foo', + }); + await auth0.oauth.pushedAuthorization({ + client_id: 'test-client-id', + response_type: 'code', + redirect_uri: 'https://example.com', + }); + expect(path).toHaveBeenCalledWith('/oauth/par'); + + expect(body).toHaveBeenCalledWith({ + client_id: 'test-client-id', + client_secret: 'foo', + redirect_uri: 'https://example.com', + response_type: 'code', + }); + }); +}); diff --git a/test/auth/fixtures/oauth.json b/test/auth/fixtures/oauth.json index 4afcd6431..9b0b94845 100644 --- a/test/auth/fixtures/oauth.json +++ b/test/auth/fixtures/oauth.json @@ -168,6 +168,17 @@ "expires_in": 86400 } }, + { + "scope": "https://test-domain.auth0.com", + "method": "POST", + "path": "/oauth/par", + "body": "client_id=test-client-id&response_type=code&redirect_uri=https%3A%2F%2Fexample.com&authorization_details=%5B%7B%22type%22%3A%22payment_initiation%22%2C%22actions%22%3A%5B%22write%22%5D%7D%5D&client_secret=test-client-secret", + "status": 200, + "response": { + "request_uri": "https://www.request.uri", + "expires_in": 86400 + } + }, { "scope": "https://test-domain.auth0.com", "method": "POST", diff --git a/test/auth/oauth.test.ts b/test/auth/oauth.test.ts index ea2295256..0e0cbaa7e 100644 --- a/test/auth/oauth.test.ts +++ b/test/auth/oauth.test.ts @@ -329,6 +329,25 @@ describe('OAuth', () => { }); }); + it('should send authorization_details when provided', async () => { + const oauth = new OAuth(opts); + await expect( + oauth.pushedAuthorization({ + client_id: 'test-client-id', + response_type: 'code', + redirect_uri: 'https://example.com', + authorization_details: JSON.stringify([ + { type: 'payment_initiation', actions: ['write'] }, + ]), + }) + ).resolves.toMatchObject({ + data: { + request_uri: 'https://www.request.uri', + expires_in: 86400, + }, + }); + }); + it('should send request param when provided', async () => { const oauth = new OAuth(opts); await expect(