Skip to content

feat(auth): Added code flow support for OIDC flow. #1220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
May 25, 2021
Merged

feat(auth): Added code flow support for OIDC flow. #1220

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
d6681cc
OIDC codeflow support
xil222 Apr 6, 2021
3a925a5
improve configs to simulate the real cases
xil222 Apr 6, 2021
4f2e7bc
update for changes in signiture
xil222 Apr 6, 2021
3aacc80
Merge branch 'xinxinxin-codeflow' of https://github.com/firebase/fire…
xil222 Apr 6, 2021
4b86338
resolve comments
xil222 Apr 15, 2021
e565db3
improve validator logic
xil222 Apr 15, 2021
0a36501
remove unnecessary logic
xil222 Apr 19, 2021
92202e6
Merge branch 'master' into xinxinxin-codeflow
xil222 Apr 19, 2021
01f0c34
add tests and fix errors
xil222 Apr 20, 2021
14034d2
Merge branch 'xinxinxin-codeflow' of https://github.com/firebase/fire…
xil222 Apr 20, 2021
4fb8597
add auth-api-request rests
xil222 Apr 23, 2021
82ea5bb
Merge branch 'master' into xinxinxin-codeflow
xil222 Apr 23, 2021
b87a4ce
Merge branch 'master' into xinxinxin-codeflow
xil222 Apr 27, 2021
5dd52df
Merge branch 'master' into xinxinxin-codeflow
xil222 May 4, 2021
0a0cd0d
Merge branch 'master' into xinxinxin-codeflow
xil222 May 11, 2021
e824a41
Merge branch 'master' into xinxinxin-codeflow
xil222 May 19, 2021
2db147e
Merge branch 'master' into xinxinxin-codeflow
xil222 May 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
improve configs to simulate the real cases
  • Loading branch information
@xil222
xil222 committed Apr 6, 2021
commit 3a925a549313e0a1e7a97f35d9f7ef9fe659dfd5
9 changes: 6 additions & 3 deletions src/auth/auth-config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -816,15 +816,19 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
`"OIDCAuthProviderConfig.responseType.${responseTypeKey}" must be a boolean.`,
);
}
idTokenType = options.responseType && options.responseType.idToken;
if (options.responseType && options.responseType.idToken) {
idTokenType = options.responseType.idToken;
}
} else if (responseTypeKey == 'code') {
if (!validator.isBoolean(options.responseType.code)) {
throw new FirebaseAuthError(
AuthClientErrorCode.INVALID_ARGUMENT,
`"OIDCAuthProviderConfig.responseType.${responseTypeKey}" must be a boolean.`,
);
}
codeType = options.responseType && options.responseType.code;
if (options.responseType && options.responseType.code) {
codeType = options.responseType.code;
}
}
}
}
Expand Down Expand Up @@ -889,7 +893,6 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
} else {
const responseType = {
idToken: true,
code: false,
}
this.responseType = responseType;
}
Expand Down
4 changes: 2 additions & 2 deletions src/auth/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1301,12 +1301,12 @@ export namespace auth {
/**
* Whether ID token is returned from IdP's authorization endpoint.
*/
idToken: boolean;
idToken?: boolean;

/**
* Whether authorization code is returned from IdP's authorization endpoint.
*/
code: boolean;
code?: boolean;
}

/**
Expand Down
33 changes: 6 additions & 27 deletions test/integration/auth.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1648,7 +1648,6 @@ describe('admin.auth', () => {
clientId: 'CLIENT_ID1',
responseType: {
idToken: true,
code: false,
},
};
const authProviderConfig2 = {
Expand All @@ -1659,7 +1658,6 @@ describe('admin.auth', () => {
clientId: 'CLIENT_ID2',
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: false,
code: true,
},
};
Expand Down Expand Up @@ -1728,8 +1726,8 @@ describe('admin.auth', () => {
});
});

it('updateProviderConfig() successfully overwrites an OIDC config', () => {
const modifiedConfigOptions = {
it('updateProviderConfig() successfully partially modifies an OIDC config', () => {
const deltaChanges = {
displayName: 'OIDC_DISPLAY_NAME3',
enabled: false,
issuer: 'https://oidc.com/issuer3',
Expand All @@ -1740,34 +1738,15 @@ describe('admin.auth', () => {
code: true,
},
};
return admin.auth().updateProviderConfig(authProviderConfig1.providerId, modifiedConfigOptions)
.then((config) => {
const modifiedConfig = deepExtend(
{ providerId: authProviderConfig1.providerId }, modifiedConfigOptions);
assertDeepEqualUnordered(modifiedConfig, config);
});
});

it('updateProviderConfig() successfully partially modifies an OIDC config', () => {
const deltaChanges = {
displayName: 'OIDC_DISPLAY_NAME4',
issuer: 'https://oidc.com/issuer4',
clientSecret: '',
responseType: {
idToken: true,
code: false,
},
};
// Only above fields should be modified.
const modifiedConfigOptions = {
displayName: 'OIDC_DISPLAY_NAME4',
displayName: 'OIDC_DISPLAY_NAME3',
enabled: false,
issuer: 'https://oidc.com/issuer4',
issuer: 'https://oidc.com/issuer3',
clientId: 'CLIENT_ID3',
clientSecret: '',
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: true,
code: false,
code: true,
},
};
return admin.auth().updateProviderConfig(authProviderConfig1.providerId, deltaChanges)
Expand Down
14 changes: 10 additions & 4 deletions test/unit/auth/auth-config.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -741,7 +741,6 @@ describe('OIDCConfig', () => {
enabled: true,
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: false,
code: true,
},
};
Expand Down Expand Up @@ -790,7 +789,6 @@ describe('OIDCConfig', () => {

it('should set readonly property expected responseType', () => {
const expectedResponseType = {
idToken: false,
code: true,
};
expect(config.responseType).to.deep.equal(expectedResponseType);
Expand All @@ -801,7 +799,6 @@ describe('OIDCConfig', () => {
delete serverResponse.responseType;
const expectedResponseType = {
idToken: true,
code: false,
};
const testConfig = new OIDCConfig(serverResponse);
expect(testConfig.responseType).to.deep.equal(expectedResponseType);
Expand Down Expand Up @@ -871,7 +868,6 @@ describe('OIDCConfig', () => {
clientId: 'CLIENT_ID',
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: false,
code: true,
},
});
Expand All @@ -887,12 +883,22 @@ describe('OIDCConfig', () => {
const updateRequest: OIDCUpdateAuthProviderRequest = {
clientId: 'CLIENT_ID',
displayName: 'OIDC_PROVIDER_DISPLAY_NAME',
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: false,
code: true,
}
};
const updateServerRequest: OIDCConfigServerRequest = {
clientId: 'CLIENT_ID',
displayName: 'OIDC_PROVIDER_DISPLAY_NAME',
issuer: undefined,
enabled: undefined,
clientSecret: 'CLIENT_SECRET',
responseType: {
idToken: false,
code: true,
}
};
expect(OIDCConfig.buildServerRequest(updateRequest, true)).to.deep.equal(updateServerRequest);
});
Expand Down