-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
39 query param support #47
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
import * as qs from 'querystring'; | ||
import * as HttpStatus from 'http-status'; | ||
import fetch from 'node-fetch'; | ||
import * as formurlencoded from 'form-urlencoded'; | ||
|
@@ -22,18 +23,27 @@ const OAUTH_CONTENT_TYPE = 'application/x-www-form-urlencoded'; | |
/** | ||
* Returns URI to request authorization code with the given parameters. | ||
* | ||
* @param authorizationEndpoint | ||
* @param clientId | ||
* @param redirectUri | ||
* @param authorizationEndpoint string | ||
* @param clientId string | ||
* @param redirectUri string | ||
* @param queryParams {} optional | ||
* @returns {string} | ||
*/ | ||
function createAuthCodeRequestUri(authorizationEndpoint: string, clientId: string, | ||
redirectUri: string) { | ||
return authorizationEndpoint + | ||
'?client_id=' + clientId + | ||
'&redirect_uri=' + redirectUri + | ||
'&response_type=code' + | ||
'&realm=' + EMPLOYEES_REALM; | ||
redirectUri: string, queryParams?: {}) { | ||
|
||
const _queryParams = Object.assign({ | ||
'client_id': clientId, | ||
'redirect_uri': redirectUri, | ||
'response_type': 'code', | ||
'realm': EMPLOYEES_REALM | ||
}, queryParams); | ||
|
||
const queryString = qs.stringify(_queryParams); | ||
// we are unescaping again since we did not escape before using querystring and we do not want to break anything | ||
const unescapedQueryString = qs.unescape(queryString); | ||
|
||
return `${authorizationEndpoint}?${unescapedQueryString}`; | ||
} | ||
|
||
/** | ||
|
@@ -45,14 +55,21 @@ function createAuthCodeRequestUri(authorizationEndpoint: string, clientId: strin | |
* @param authorizationHeaderValue | ||
* @param accessTokenEndpoint | ||
* @param realm | ||
* @param queryParams optional | ||
* @returns {Promise<T>|Q.Promise<U>} | ||
*/ | ||
function requestAccessToken(bodyObject: any, authorizationHeaderValue: string, | ||
accessTokenEndpoint: string, realm: string): Promise<Token> { | ||
accessTokenEndpoint: string, realm: string, | ||
queryParams?: {}): Promise<Token> { | ||
|
||
const promise = new Promise(function(resolve, reject) { | ||
|
||
fetch(accessTokenEndpoint + '?realm=' + realm, { | ||
const queryString = qs.stringify(Object.assign({ realm: realm }, queryParams)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is safe if queryParams is not set? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is, see examples in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign "[...]null and undefined will be ignored." There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
or with spread: const x = {
...{ realm },
...queryParams}
); There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good point, will tackle that. |
||
|
||
// we are unescaping again since we did not escape before using querystring and we do not want to break anything | ||
const unescapedQueryString = qs.unescape(queryString); | ||
|
||
fetch(`${accessTokenEndpoint}?${unescapedQueryString}`, { | ||
method: 'POST', | ||
body: formurlencoded(bodyObject), | ||
headers: { | ||
|
@@ -145,6 +162,7 @@ function getTokenInfo(tokenInfoUrl: string, accessToken: string): Promise<TokenI | |
* - accessTokenEndpoint string | ||
* - realm string | ||
* - scopes string optional | ||
* - queryParams {} optional | ||
* - redirect_uri string optional (required with AUTHORIZATION_CODE_GRANT) | ||
* - code string optional (required with AUTHORIZATION_CODE_GRANT) | ||
* - refreshToken string optional (required with REFRESH_TOKEN_GRANT) | ||
|
@@ -197,7 +215,7 @@ function getAccessToken(options: OAuthConfig): Promise<Token> { | |
const authorizationHeaderValue = getBasicAuthHeaderValue(clientData.client_id, clientData.client_secret); | ||
|
||
return requestAccessToken(bodyParameters, authorizationHeaderValue, | ||
options.accessTokenEndpoint, options.realm); | ||
options.accessTokenEndpoint, options.realm, options.queryParams); | ||
}); | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -93,6 +93,31 @@ describe('oauth tooling', () => { | |
|
||
expect(result).to.equal(expected); | ||
}); | ||
|
||
it('should return the correct uri as string with queryParams specified', () => { | ||
|
||
// given | ||
const authorizationEndpoint = '/oauth2/authorize'; | ||
const clientId = 'clientID'; | ||
const redirectUri = '/redirect'; | ||
const queryParams = { | ||
foo: 'bar' | ||
}; | ||
|
||
// when | ||
const result = createAuthCodeRequestUri(authorizationEndpoint, clientId, | ||
redirectUri, queryParams); | ||
|
||
// then | ||
const expected = authorizationEndpoint + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we use template strings? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes you are right, I would suggest this solution: const expected = `${authorizationEndpoint}` +
`?client_id=${clientId}` +
`&redirect_uri=${redirectUri}` +
`&response_type=code` +
`&realm=${EMPLOYEES_REALM}` +
`&foo=bar`; cause with multi line template strings we have the problem that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. True, alternative idea:
|
||
'?client_id=' + clientId + | ||
'&redirect_uri=' + redirectUri + | ||
'&response_type=code' + | ||
'&realm=' + EMPLOYEES_REALM + | ||
'&foo=bar'; | ||
|
||
expect(result).to.equal(expected); | ||
}); | ||
}); | ||
|
||
describe('TokenCache', () => { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
port
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 ^^