Add default behavior for client_credentials grant type. #141
Conversation
grant
left a comment
grant
left a comment
There was a problem hiding this comment.
Looks OK. In some places, the logic could be simplified.
src/Service.js
Outdated
| * this will be "client_credentials", in which case make sure to also specify an | ||
| * Authorization header if required by your OAuth provider. | ||
| * this will be "client_credentials", and a client ID and secret are set an | ||
| * "Authorization: Baseic ..." header will be added using thos values. |
src/Service.js
Outdated
| }; | ||
| payload = extend_(payload, this.params_); | ||
|
|
||
| // For the client_credentials grant type, add a basic authorization header |
There was a problem hiding this comment.
I suggest making this comment more readable:
// For the client_credentials grant type, add a basic authorization header:
// - If the client ID and client secret are set
// - No authorization header has been set yet
src/Utilities.js
Outdated
| * @return {Object} the value under that key, or undefined otherwise | ||
| */ | ||
| function getValueCaseInsensitive_(obj, key) { | ||
| if (obj == null || typeof obj !== 'object' || |
There was a problem hiding this comment.
===instead of==always- Simply boolean logic.
- if
typeof obj !== 'object', thenobj === nullwill always be true.
- if
src/Utilities.js
Outdated
| function getValueCaseInsensitive_(obj, key) { | ||
| if (obj == null || typeof obj !== 'object' || | ||
| key == null || !key.toString) { | ||
| return undefined; |
There was a problem hiding this comment.
Undefined is returned by default in JavaScript.
Why don't you just return;?
Sample:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/return#Description
| if (key in obj) { | ||
| return obj[key]; | ||
| } | ||
| return Object.keys(obj).reduce(function(result, k) { |
There was a problem hiding this comment.
Can you add a comment to what this semi-complicated block is doing?
src/Utilities.js
Outdated
| key == null || !key.toString) { | ||
| return undefined; | ||
| } | ||
| if (key in obj) { |
There was a problem hiding this comment.
This is a shortcut for some cases.
It's not immediately obvious why we can return here, can you add a comment?
src/Utilities.js
Outdated
| if (k.toLowerCase() === key.toLowerCase()) { | ||
| return obj[k]; | ||
| } | ||
| }, undefined); |
There was a problem hiding this comment.
It would be great if we could remove this , undefined) since it requires more advanced js (reduce) knowledge.
src/Utilities.js
Outdated
|
|
||
| /* exported getValueCaseInsensitive_ */ | ||
| /** | ||
| * Gets the value stored in the object under the given key, in a |
There was a problem hiding this comment.
getValueCaseInsensitive_ seems like an obscure method.
Why don't we make a util method that converts an object to a lowercased-keyed object and then get that value?
erickoledadevrel
left a comment
erickoledadevrel
left a comment
There was a problem hiding this comment.
Changes made, thanks for the review!
src/Service.js
Outdated
| * this will be "client_credentials", in which case make sure to also specify an | ||
| * Authorization header if required by your OAuth provider. | ||
| * this will be "client_credentials", and a client ID and secret are set an | ||
| * "Authorization: Baseic ..." header will be added using thos values. |
src/Service.js
Outdated
| }; | ||
| payload = extend_(payload, this.params_); | ||
|
|
||
| // For the client_credentials grant type, add a basic authorization header |
src/Utilities.js
Outdated
|
|
||
| /* exported getValueCaseInsensitive_ */ | ||
| /** | ||
| * Gets the value stored in the object under the given key, in a |
src/Utilities.js
Outdated
| * @return {Object} the value under that key, or undefined otherwise | ||
| */ | ||
| function getValueCaseInsensitive_(obj, key) { | ||
| if (obj == null || typeof obj !== 'object' || |
src/Utilities.js
Outdated
| function getValueCaseInsensitive_(obj, key) { | ||
| if (obj == null || typeof obj !== 'object' || | ||
| key == null || !key.toString) { | ||
| return undefined; |
src/Utilities.js
Outdated
| key == null || !key.toString) { | ||
| return undefined; | ||
| } | ||
| if (key in obj) { |
| if (key in obj) { | ||
| return obj[key]; | ||
| } | ||
| return Object.keys(obj).reduce(function(result, k) { |
src/Utilities.js
Outdated
| if (k.toLowerCase() === key.toLowerCase()) { | ||
| return obj[k]; | ||
| } | ||
| }, undefined); |
grant
left a comment
grant
left a comment
There was a problem hiding this comment.
Looks OK after applying the fixes.
src/Utilities.js
Outdated
| } | ||
|
|
||
| /* exported getValueCaseInsensitive_ */ | ||
| /* exported witLowerCaseKeys_ */ |
There was a problem hiding this comment.
Rename witLowerCaseKeys_ to
toLowerCaseKeys_ or copyWithLowerCaseKeys_.
If you read this function aloud, it is not clear what the function does. By using "to lowercase keys", it's a bit clearer that like JS's toLowerCase, this function creates a copy of the parameter with lowercase keys.
There was a problem hiding this comment.
Done, selected toLowerCaseKeys_
test/test.js
Outdated
| }; | ||
| var lowerCaseData = witLowerCaseKeys_(data); | ||
|
|
||
| it('should contain lower-case keys', function() { |
There was a problem hiding this comment.
Note, a stronger test would compare the exact input/output of values for the function rather than the presence and lack of presence of certain keys.
i.e. Combine these 2 tests. 'a' and 'A' could be one test like:
assert.deepEqual(lowerCaseData, {
'a': true,
'b': true,
'cc': true,
'd2': true,
'e!@#': true,
});This will assert everything else not in the object isUndefined too. You could also then inline lowerCaseData.
There was a problem hiding this comment.
Good idea, done!
2 participants
I added support for arbitrary grant types primarily to support the
client_credentialsgrant type, but I didn't special-case it at the time. In practice developers expect that setting the client ID and secret will just work when using that grant type, but the values were being ignored.Given that mostly all providers use these values in a predictable way I decided to added a default behavior that does what the developer expects, set an
Authorazation: Basic ...header. Developers not wishing to use this default behavior can avoid it by not setting the client ID and secret or by manually adding anAuthorizationheader of their own.