fixed cloudfront example

__tests__/src/clientAuthorizationTest.js

@@ -56,7 +56,7 @@ describe('testing clientAuthorization', () => {
         if (data === 'grant_type=client_credentials&client_id=lambda-jwks&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=jwsSignature') {
           return JSON.stringify({ access_token: 'access_token_jws' });
         }
-        if (data === 'refresh_token=refresh_token&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=lambda&client_secret=772decbe-0151-4b08-8171-bec6d097293b') {
+        if (data === 'refresh_token=refresh_token&grant_type=refresh_token&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=lambda&client_secret=772decbe-0151-4b08-8171-bec6d097293b') {
           return JSON.stringify({ access_token: 'access_token_refresh' });
         }
         throw new Error(`unexpected token data: ${data}`);
@@ -72,7 +72,7 @@ describe('testing clientAuthorization', () => {
         if (data === 'code=code&grant_type=authorization_code&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=lambda&client_secret=772decbe-0151-4b08-8171-bec6d097293b&redirect_uri=host%2Flambda-authorizer%2Flambda%2Fcallback') {
           return JSON.stringify({ access_token: 'access_token_code' });
         }
-        if (data === 'refresh_token=refresh_token&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=lambda&client_secret=772decbe-0151-4b08-8171-bec6d097293b') {
+        if (data === 'refresh_token=refresh_token&grant_type=refresh_token&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=lambda&client_secret=772decbe-0151-4b08-8171-bec6d097293b') {
           return JSON.stringify({ access_token: 'access_token_refresh' });
         }
         throw new Error(`unexpected token data: ${data}`);

__tests__/src/edge/routers/LogoutTest.js

@@ -14,7 +14,7 @@ describe('testing logout', () => {
   });
 
   test('test tenantLogout', async () => {
-    const ret = await tenantLogout({}, { keycloakJson: { realm: 'name', resource: 'resource' } });
+    const ret = await tenantLogout({}, { keycloakJson: () => ({ realm: 'name', resource: 'resource' }) });
     expect(ret).toEqual({
       body: 'Redirect to logout page',
       headers: {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "keycloak-lambda-authorizer",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "description": "Keycloak adapter for aws Lambda",
   "main": "index.js",
   "homepage": "https://github.com/vzakharchenko/keycloak-lambda-authorizer",

src/clientAuthorization.js

@@ -127,7 +127,7 @@ async function clientAuthentication(uma2Config, options) {
     const authorization = await clientIdAuthorization(options);
     let data = `grant_type=client_credentials&${authorization}`;
     if (token && !isExpired(options, JSON.parse(token).decodedRefreshToken)) {
-      data = `refresh_token=${JSON.parse(token).refresh_token}&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&${authorization}`;
+      data = `refresh_token=${JSON.parse(token).refresh_token}&grant_type=refresh_token&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&${authorization}`;
     }
     const res = await sendData(`${uma2Config.token_endpoint}`, 'POST', data);
     token = JSON.parse(res);

src/edge/lambdaEdgeUtils.js

@@ -67,7 +67,7 @@ async function signState(state, options) {
     n: tenantName(options.keycloakJson),
     exp: timeSec + 600,
   };
-  const jwtToken = await clientJWT(payload, options.sessionManager.sessionOptions);
+  const jwtToken = await clientJWT(payload, options);
   return jwtToken;
 }