Skip to content

feat: Improve OAuth Handling and Validation #462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 18, 2025
Merged

feat: Improve OAuth Handling and Validation #462

merged 1 commit into from
Mar 18, 2025

Conversation

@armando-rodriguez-cko
Copy link
Contributor

@armando-rodriguez-cko armando-rodriguez-cko commented Mar 17, 2025
edited
Loading

feat: Improve OAuth Handling and Validation

Description:

This PR enhances the OAuth authentication flow in the Checkout SDK for .NET by improving token validation, refactoring OAuth models, and adding extensive test coverage.

Key Changes:

OAuth Enhancements:

  1. New Fields in OAuthAccessToken:

    • Added TokenType property.
    • Improved IsValid() check to ensure TokenType and ExpiresIn are valid.

  2. Improved Token Expiration Handling:

    • _expirationDate is now stored in UTC.
    • Added exception handling for invalid tokens.

  3. Refactored OAuthServiceResponse:

    • Added TokenType property.
    • IsValid() now checks for empty values more strictly.

  4. Fixed OAuth Request Data Order in OAuthSdkCredentials:

    • Moved grant_type before client_id in request payload for consistency.

Testing Improvements:

  1. New Unit Tests for OAuth Handling:

    • OAuthAccessTokenTests: Ensures tokens are correctly parsed and validated.
    • OAuthServiceResponseTests: Validates response correctness.
    • OAuthSdkCredentialsTests: Mocks HTTP responses and validates token retrieval.

  2. Mocked HTTP Responses:

    • Using Moq.Protected to simulate API responses for OAuthSdkCredentials.
    • Validated Authorization header handling.

Impact:

  • More Robust Authentication: Improved validation and error handling for OAuth tokens.
  • Better Test Coverage: Increased reliability through extensive unit tests.
  • Refactored and Cleaned Code: More maintainable and readable OAuth logic.

Notes:

  • Ensure that all API documentation is updated to reflect the changes in OAuthAccessToken and OAuthServiceResponse.
  • The new tests significantly improve SDK stability by covering edge cases.

@armando-rodriguez-cko armando-rodriguez-cko requested a review from a team March 17, 2025 17:50
@armando-rodriguez-cko armando-rodriguez-cko changed the title feat: Improve OAuth Handling and Validation in Checkout SDK .NET feat: Improve OAuth Handling and Validation Mar 17, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 17, 2025
View reviewed changes
@armando-rodriguez-cko
fix: handle OAuth token validation and error handling
cedded8 
Changes:
- OAuthAccessToken: Added TokenType field and improved validation logic.
- OAuthSdkCredentials: Fixed grant_type position in request payload.
- OAuthServiceResponse: Enhanced IsValid method with stricter checks.
- Tests:
  - Added tests for OAuthAccessToken validation.
  - Added tests for OAuthSdkCredentials error handling.
  - Added tests for OAuthServiceResponse validation.
  - Mocked HTTP responses for OAuth SDK credentials.
@armando-rodriguez-cko armando-rodriguez-cko merged commit 8a3f048 into master Mar 18, 2025
3 of 5 checks passed
@armando-rodriguez-cko armando-rodriguez-cko deleted the feature/update-access branch March 18, 2025 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robert-goheen-cko robert-goheen-cko robert-goheen-cko approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@armando-rodriguez-cko @robert-goheen-cko