From f295a1dc2663d897bc707b0f1605a80feedbb7f8 Mon Sep 17 00:00:00 2001 From: Daniel Houston Date: Tue, 3 Apr 2018 16:14:24 -0600 Subject: [PATCH] :bug: Store ClientId in Cookie for use after redirect ClientId is not stored in the session cookie before getWithRedirect() returns. This means that when the clientId is passed as a parameter to getWithRedirect() it is not available for use after the redirect (during the parseFromUrl method). This commit fixes that problem. Resolves: Github Issue #102 --- lib/token.js | 3 +- package.json | 2 +- test/spec/token.js | 77 ++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 68 insertions(+), 14 deletions(-) diff --git a/lib/token.js b/lib/token.js index ccd43efb5..c66545a11 100644 --- a/lib/token.js +++ b/lib/token.js @@ -547,7 +547,8 @@ function getWithRedirect(sdk, oauthOptions, options) { state: oauthParams.state, nonce: oauthParams.nonce, scopes: oauthParams.scopes, - urls: urls + urls: urls, + clientId: oauthParams.clientId })); // Set nonce cookie for servers to validate nonce in id_token diff --git a/package.json b/package.json index bad283c86..e19f5ede6 100644 --- a/package.json +++ b/package.json @@ -62,4 +62,4 @@ "TOKEN_STORAGE_NAME": "okta-token-storage", "CACHE_STORAGE_NAME": "okta-cache-storage" } -} \ No newline at end of file +} diff --git a/test/spec/token.js b/test/spec/token.js index 479adfe71..a126c1ac1 100644 --- a/test/spec/token.js +++ b/test/spec/token.js @@ -960,7 +960,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -998,7 +999,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1040,7 +1042,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1057,6 +1060,47 @@ define(function(require) { }); }); + it('allows passing clientId through getWithRedirect, which takes precedence over the authArgs', function() { + oauthUtil.setupRedirect({ + oktaAuthArgs: { + url: 'https://auth-js-test.okta.com', + redirectUri: 'https://example.com/redirect', + clientId: 'NPSfOkH5eZrTy8PMDlvx' + }, + getWithRedirectArgs: { + responseType: 'token', + scopes: ['email'], + sessionToken: 'testToken', + clientId: 'testClientId' + }, + expectedCookies: [ + 'okta-oauth-redirect-params=' + JSON.stringify({ + responseType: 'token', + state: oauthUtil.mockedState, + nonce: oauthUtil.mockedNonce, + scopes: ['email'], + urls: { + issuer: 'https://auth-js-test.okta.com', + authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', + userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' + }, + clientId: 'testClientId' + }) + '; path=/;', + 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', + 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' + ], + expectedRedirectUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize?' + + 'client_id=testClientId&' + + 'redirect_uri=https%3A%2F%2Fexample.com%2Fredirect&' + + 'response_type=token&' + + 'response_mode=fragment&' + + 'state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&' + + 'nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&' + + 'sessionToken=testToken&' + + 'scope=email' + }); + }); + it('sets authorize url for access_token and don\'t throw an error if openid isn\'t included in scope', function() { oauthUtil.setupRedirect({ getWithRedirectArgs: { @@ -1074,7 +1118,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1114,7 +1159,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1147,7 +1193,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1186,7 +1233,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1219,7 +1267,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1258,7 +1307,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/aus8aus76q8iphupD0h7/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1292,7 +1342,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1326,7 +1377,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;' @@ -1360,7 +1412,8 @@ define(function(require) { issuer: 'https://auth-js-test.okta.com', authorizeUrl: 'https://auth-js-test.okta.com/oauth2/v1/authorize', userinfoUrl: 'https://auth-js-test.okta.com/oauth2/v1/userinfo' - } + }, + clientId: 'NPSfOkH5eZrTy8PMDlvx' }) + '; path=/;', 'okta-oauth-nonce=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;', 'okta-oauth-state=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa; path=/;'