fix: only assign Discovery 1.0 defaults when Issuer is discovered

When calling new Issuer({ ... }) the Discovery 1.0 defaults will not be assigned on the instance anymore.
panva · Aug 23, 2018 · dca60b8 · dca60b8
1 parent 2aed999
commit dca60b8
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 14 deletions.
diff --git a/lib/helpers/consts.js b/lib/helpers/consts.js
@@ -16,6 +16,7 @@ const CLIENT_DEFAULTS = {
 };
 
 const ISSUER_DEFAULTS = {
+  claim_types_supported: ['normal'],
   claims_parameter_supported: false,
   grant_types_supported: ['authorization_code', 'implicit'],
   request_parameter_supported: false,

diff --git a/lib/issuer.js b/lib/issuer.js
@@ -34,9 +34,7 @@ class Issuer {
    * @name constructor
    * @api public
    */
-  constructor(metadata) {
-    const meta = Object.assign({}, ISSUER_DEFAULTS, metadata);
-
+  constructor(meta = {}) {
     ['introspection', 'revocation'].forEach((endpoint) => {
       // e.g. defaults introspection_endpoint to token_introspection_endpoint value
       if (
@@ -218,7 +216,7 @@ class Issuer {
       const wellKnownUri = url.format(Object.assign({}, parsed, { pathname }));
       return this.httpClient.get(wellKnownUri, this.httpOptions())
         .then(expectResponseWithBody(200))
-        .then(response => new this(JSON.parse(response.body)));
+        .then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body))));
     }))
       .catch((err) => {
         if (err instanceof pAny.AggregateError) {

diff --git a/test/issuer/discover_issuer.test.js b/test/issuer/discover_issuer.test.js
@@ -166,6 +166,30 @@ const fail = () => { throw new Error('expected promise to be rejected'); };
       });
     });
 
+    it('assigns Discovery 1.0 defaults', function () {
+      nock('https://op.example.com', { allowUnmocked: true })
+        .get('/.well-known/openid-configuration')
+        .reply(200, {
+          authorization_endpoint: 'https://op.example.com/o/oauth2/v2/auth',
+          issuer: 'https://op.example.com',
+          jwks_uri: 'https://op.example.com/oauth2/v3/certs',
+          token_endpoint: 'https://op.example.com/oauth2/v4/token',
+          userinfo_endpoint: 'https://op.example.com/oauth2/v3/userinfo',
+        });
+
+      return Issuer.discover('https://op.example.com')
+        .then((issuer) => {
+          expect(issuer).to.have.property('claims_parameter_supported', false);
+          expect(issuer).to.have.property('grant_types_supported').to.eql(['authorization_code', 'implicit']);
+          expect(issuer).to.have.property('request_parameter_supported', false);
+          expect(issuer).to.have.property('request_uri_parameter_supported', true);
+          expect(issuer).to.have.property('require_request_uri_registration', false);
+          expect(issuer).to.have.property('response_modes_supported').to.eql(['query', 'fragment']);
+          expect(issuer).to.have.property('claim_types_supported').to.eql(['normal']);
+          expect(issuer).to.have.property('token_endpoint_auth_methods_supported').to.eql(['client_secret_basic']);
+        });
+    });
+
     it('is rejected with OpenIdConnectError upon oidc error', function () {
       nock('https://op.example.com', { allowUnmocked: true })
         .get('/.well-known/openid-configuration')

diff --git a/test/issuer/new_issuer.test.js b/test/issuer/new_issuer.test.js
@@ -22,18 +22,16 @@ describe('new Issuer()', function () {
     expect(issuer).to.have.property('userinfo_endpoint', 'https://www.googleapis.com/oauth2/v3/userinfo');
   });
 
-  it('assigns defaults to some properties', function () {
+  it('does not assign Discovery 1.0 defaults when instantiating manually', function () {
     const issuer = new Issuer();
 
-    expect(issuer).to.have.property('claims_parameter_supported', false);
-    expect(issuer).to.have.property('grant_types_supported')
-      .to.eql(['authorization_code', 'implicit']);
-    expect(issuer).to.have.property('request_parameter_supported', false);
-    expect(issuer).to.have.property('request_uri_parameter_supported', true);
-    expect(issuer).to.have.property('require_request_uri_registration', false);
-    expect(issuer).to.have.property('response_modes_supported').to.eql(['query', 'fragment']);
-    expect(issuer).to.have.property('token_endpoint_auth_methods_supported')
-      .to.eql(['client_secret_basic']);
+    expect(issuer).not.to.have.property('claims_parameter_supported');
+    expect(issuer).not.to.have.property('grant_types_supported');
+    expect(issuer).not.to.have.property('request_parameter_supported');
+    expect(issuer).not.to.have.property('request_uri_parameter_supported');
+    expect(issuer).not.to.have.property('require_request_uri_registration');
+    expect(issuer).not.to.have.property('response_modes_supported');
+    expect(issuer).not.to.have.property('token_endpoint_auth_methods_supported');
   });
 
   ['introspection', 'revocation'].forEach((endpoint) => {