Skip to content

Commit

Permalink
🐛 Store ClientId in Cookie for use after redirect
Browse files Browse the repository at this point in the history 
ClientId is not stored in the session cookie before getWithRedirect() returns. This means that when the clientId is passed as a parameter to getWithRedirect() it is not available for use after the redirect (during the parseFromUrl method). This commit fixes that problem.

Resolves: Github Issue okta#102
  • Loading branch information
@Daniel-Houston
Daniel-Houston committed Apr 3, 2018
1 parent c4906a2 commit f295a1d
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 14 deletions.
3 changes: 2 additions & 1 deletion lib/token.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,8 @@ function getWithRedirect(sdk, oauthOptions, options) {
state: oauthParams.state,
nonce: oauthParams.nonce,
scopes: oauthParams.scopes,
urls: urls
urls: urls,
clientId: oauthParams.clientId
}));

// Set nonce cookie for servers to validate nonce in id_token
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,4 @@
"TOKEN_STORAGE_NAME": "okta-token-storage",
"CACHE_STORAGE_NAME": "okta-cache-storage"
}
}
}
77 changes: 65 additions & 12 deletions test/spec/token.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -960,7 +960,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -998,7 +999,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1040,7 +1042,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand All @@ -1057,6 +1060,47 @@ define(function(require) {
});
});

it('allows passing clientId through getWithRedirect, which takes precedence over the authArgs', function() {
oauthUtil.setupRedirect({
oktaAuthArgs: {
url: 'https://auth-js-test.okta.com',
redirectUri: 'https://example.com/redirect',
clientId: 'NPSfOkH5eZrTy8PMDlvx'
},
getWithRedirectArgs: {
responseType: 'token',
scopes: ['email'],
sessionToken: 'testToken',
clientId: 'testClientId'
},
expectedCookies: [
'okta-oauth-redirect-params=' + JSON.stringify({
responseType: 'token',
state: oauthUtil.mockedState,
nonce: oauthUtil.mockedNonce,
scopes: ['email'],
urls: {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
},
clientId: 'testClientId'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
],
expectedRedirectUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize?' +
'client_id=testClientId&' +
'redirect_uri=https%3A%2F%2Fexample.com%2Fredirect&' +
'response_type=token&' +
'response_mode=fragment&' +
'state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&' +
'nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&' +
'sessionToken=testToken&' +
'scope=email'
});
});

it('sets authorize url for access_token and don\'t throw an error if openid isn\'t included in scope', function() {
oauthUtil.setupRedirect({
getWithRedirectArgs: {
Expand All @@ -1074,7 +1118,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1114,7 +1159,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1147,7 +1193,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1186,7 +1233,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1219,7 +1267,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1258,7 +1307,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1292,7 +1342,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1326,7 +1377,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down Expand Up @@ -1360,7 +1412,8 @@ define(function(require) {
issuer: 'https://auth-js-test.okta.com',
authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize',
userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo'
}
},
clientId: 'NPSfOkH5eZrTy8PMDlvx'
}) + '; path=/;',
'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;',
'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'
Expand Down

0 comments on commit f295a1d

Please sign in to comment.