Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added new authorization_details parameter to support RAR requests #997

Merged
merged 7 commits into from
Apr 24, 2024
5 changes: 5 additions & 0 deletions src/auth/oauth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,11 @@ export interface PushedAuthorizationRequest extends ClientCredentials {
*/
code_challenge?: string;

/**
* A JSON stringified array of objects. It can carry fine-grained authorization data in OAuth messages as part of Rich Authorization Requests (RAR) {@link https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/authorization-code-flow-with-rar | Reference}
*/
authorization_details?: string;
gyaneshgouraw-okta marked this conversation as resolved.
Show resolved Hide resolved

/**
* Allow for any custom property to be sent to Auth0
*/
Expand Down
53 changes: 53 additions & 0 deletions test/auth/client-authentication.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,56 @@ describe('client-authentication', () => {
});
});
});

describe('client-authentication for par endpoint', () => {
const path = jest.fn();
const body = jest.fn();
const headers = jest.fn();
const clientAssertion = jest.fn();

beforeEach(() => {
async function handler(this: any, pathIn: unknown, bodyIn: string) {
const bodyParsed = Object.fromEntries(new URLSearchParams(bodyIn));
path(pathIn);
body(bodyParsed);
headers(this.req.headers);
if ((bodyParsed as any).client_assertion) {
clientAssertion(await verify(bodyParsed.client_assertion, TEST_PUBLIC_KEY, verifyOpts));
}
return {
data: {
request_uri: 'https://www.request.uri',
expires_in: 86400,
},
};
}

nock(URL, { encodedQueryParams: true }).post('/oauth/par').reply(200, handler).persist();
});

afterEach(() => {
nock.cleanAll();
jest.clearAllMocks();
});

it('should allow you to call with cliendId & clientSecret combination', async () => {
const auth0 = new AuthenticationClient({
domain: 'tenant.auth0.com',
clientId,
clientSecret: 'foo',
});
await auth0.oauth.pushedAuthorization({
client_id: 'test-client-id',
response_type: 'code',
redirect_uri: 'https://example.com',
});
expect(path).toHaveBeenCalledWith('/oauth/par');

expect(body).toHaveBeenCalledWith({
client_id: 'test-client-id',
client_secret: 'foo',
redirect_uri: 'https://example.com',
response_type: 'code',
});
});
});
11 changes: 11 additions & 0 deletions test/auth/fixtures/oauth.json
Original file line number Diff line number Diff line change
Expand Up @@ -167,5 +167,16 @@
"request_uri": "https://www.request.uri",
"expires_in": 86400
}
},
{
"scope": "https://test-domain.auth0.com",
"method": "POST",
"path": "/oauth/par",
"body": "client_id=test-client-id&response_type=code&redirect_uri=https%3A%2F%2Fexample.com&authorization_details=%5B%7B%22type%22%3A%22payment_initiation%22%2C%22actions%22%3A%5B%22write%22%5D%7D%5D&client_secret=test-client-secret",
"status": 200,
"response": {
"request_uri": "https://www.request.uri",
"expires_in": 86400
}
}
]
19 changes: 19 additions & 0 deletions test/auth/oauth.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,25 @@ describe('OAuth', () => {
},
});
});

it('should send authorization_details when provided', async () => {
const oauth = new OAuth(opts);
await expect(
oauth.pushedAuthorization({
client_id: 'test-client-id',
response_type: 'code',
redirect_uri: 'https://example.com',
authorization_details: JSON.stringify([
{ type: 'payment_initiation', actions: ['write'] },
]),
})
).resolves.toMatchObject({
data: {
request_uri: 'https://www.request.uri',
expires_in: 86400,
},
});
});
});
});

Expand Down
Loading