Add support for token exchange using shared links (#398)

naeims · Cary Cheng · commit 76aa1cf25a15 · 2019-09-17T16:01:11.000-07:00
diff --git a/lib/box-client.js b/lib/box-client.js
@@ -492,6 +492,7 @@ BoxClient.prototype.revokeTokens = function(callback) {
  * @param {string} [resource] The absolute URL of an API resource to scope the new token to
  * @param {Object} [options] - Optional parameters
  * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens with Token Auth client
+ * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
  * @param {Function} [callback] Called with the new token
  * @returns {Promise<TokenInfo>} A promise resolving to the exchanged token info
  */
diff --git a/lib/token-manager.js b/lib/token-manager.js
@@ -18,6 +18,12 @@
  *                         server requesting the tokens.
  */
 
+/**
+ * Parameters for creating a token using a Box shared link via token exchange
+ * @typedef {Object} SharedLinkParams
+ * @property {string} url Shared link URL
+ */
+
 /**
  * Parameters for creating an actor token via token exchange
  * @typedef {Object} ActorParams
@@ -382,6 +388,7 @@ TokenManager.prototype = {
 	 * @param {Object} [options] - Optional parameters
 	 * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
 	 * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
+	 * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
 	 * @returns {Promise<TokenInfo>} Promise resolving to the new token info
 	 */
 	exchangeToken(accessToken, scopes, resource, options) {
@@ -396,6 +403,10 @@ TokenManager.prototype = {
 			params.resource = resource;
 		}
 
+		if (options && options.sharedLink) {
+			params.box_shared_link = options.sharedLink.url;
+		}
+
 		if (options && options.actor) {
 
 			var payload = {
diff --git a/tests/lib/box-client-test.js b/tests/lib/box-client-test.js
@@ -1149,6 +1149,29 @@ describe('box-client', function() {
 				});
 		});
 
+		it('should call session to exchange token with shared link params when shared link params are passed', function() {
+
+			var sharedLink = {
+				url: 'https://app.box.com/s/xyz'
+			};
+
+			var expectedOptions = {
+				sharedLink,
+				tokenRequestOptions: null
+			};
+
+			var exchangedTokenInfo = {accessToken: 'qqwjnfldkjfhksedrg'};
+
+			sandbox.mock(apiSessionFake).expects('exchangeToken')
+				.withArgs(TEST_SCOPE, TEST_RESOURCE, expectedOptions)
+				.returns(Promise.resolve(exchangedTokenInfo));
+
+			return basicClient.exchangeToken(TEST_SCOPE, TEST_RESOURCE, { sharedLink })
+				.then(data => {
+					assert.equal(data, exchangedTokenInfo);
+				});
+		});
+
 		it('should call callback with error when token exchange fails', function(done) {
 
 			var error = new Error('Failure');
diff --git a/tests/lib/token-manager-test.js b/tests/lib/token-manager-test.js
@@ -652,7 +652,8 @@ describe('token-manager', function() {
 		var TEST_ACCESS_TOKEN = 'poiudafjdbfjygsdfg',
 			TEST_SCOPE = 'item_preview',
 			TEST_JTI = '630aab1e-912e-468d-b052-fd53a41925ed',
-			TEST_RESOURCE = 'https://api.box.com/2.0/files/12345';
+			TEST_RESOURCE = 'https://api.box.com/2.0/files/12345',
+			TEST_SHARED_LINK_URL = 'https://app.box.com/s/xyz';
 
 		it('should exchange access token for lower scope when only scope is passed', function() {
 
@@ -850,6 +851,33 @@ describe('token-manager', function() {
 					assert.equal(err, jwtError);
 				});
 		});
+
+		it('should exchange token when shared link params are passed', function() {
+			var sharedLink = {
+				url: TEST_SHARED_LINK_URL
+			};
+
+			var expectedTokenParams = {
+				grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
+				subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+				subject_token: TEST_ACCESS_TOKEN,
+				scope: TEST_SCOPE,
+				box_shared_link: TEST_SHARED_LINK_URL
+			};
+
+			var tokenInfo = {
+				accessToken: 'lsdjhgo87w3h4tbd87fg54'
+			};
+
+			sandbox.mock(tokenManager).expects('getTokens')
+				.withArgs(expectedTokenParams, null)
+				.returns(Promise.resolve(tokenInfo));
+
+			return tokenManager.exchangeToken(TEST_ACCESS_TOKEN, TEST_SCOPE, null, { sharedLink })
+				.then(tokens => {
+					assert.equal(tokens, tokenInfo);
+				});
+		});
 	});
 
 	describe('revokeTokens()', function() {
