feat: Add OAuth2Client recipe #877
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…eat/login-info-api
feat: Add an api to get login info
porcellus
requested changes
Jul 9, 2024
anku255
force-pushed
the
feat/oauth2client
branch
from
a6a1c70 to
7cd08a1
Compare
porcellus
requested changes
Jul 11, 2024
lib/ts/recipe/oauth2client/index.ts
Outdated
Comment on lines
26
to
33
| static async exchangeAuthCodeForOAuthTokens(input: { | ||
| providerConfig: ProviderConfigWithOIDCInfo; | ||
| redirectURIInfo: { | ||
| redirectURIOnProviderDashboard: string; | ||
| redirectURIQueryParams: any; | ||
| pkceCodeVerifier?: string | undefined; | ||
| }; | ||
| }) { |
There was a problem hiding this comment.
Please make the function signature match other index files. (for all other exposed functions in this file as well)
Check for example the lib/ts/recipe/session/index.ts
Suggested change
| static async exchangeAuthCodeForOAuthTokens(input: { | |
| providerConfig: ProviderConfigWithOIDCInfo; | |
| redirectURIInfo: { | |
| redirectURIOnProviderDashboard: string; | |
| redirectURIQueryParams: any; | |
| pkceCodeVerifier?: string | undefined; | |
| }; | |
| }) { | |
| static async exchangeAuthCodeForOAuthTokens( | |
| redirectURIInfo: { | |
| redirectURIOnProviderDashboard: string; | |
| redirectURIQueryParams: any; | |
| pkceCodeVerifier?: string | undefined; | |
| }, | |
| userContext?: Record<string, any> | |
| ) { |
There was a problem hiding this comment.
The userContext passed to this is the wrong type. Please check the linked file on how we handle it in other recipes.
There was a problem hiding this comment.
sorry! I just fixed it.
porcellus
requested changes
Jul 14, 2024
porcellus
requested changes
Jul 23, 2024
porcellus
approved these changes
Jul 23, 2024
porcellus
added a commit
that referenced
this pull request
Oct 3, 2024
#927) * feat: add boilerplate for oauth2 recipe * feat: add a temporary solution to query hydra (until core impl) from recipe funcs * fix: fix temp solution for hydra calls * feat: Add a recipe function to create OAuth2Client (#859) * feat: Add recipe functions to update/delete OAuth2Client (#863) * feat: Add recipe functions to update/delete OAuth2Client * fix: PR changes * feat: Add recipe functions to get OAuth2Clients (#865) * feat: Add recipe functions to update/delete OAuth2Client * fix: PR changes * feat: Add recipe functions to get OAuth2Clients * fix: PR changes --------- Co-authored-by: Mihaly Lengyel <[email protected]> * feat: add initial oauth2 client apis (#866) * feat: add initial oauth2 client apis * feat: Add an api to get login info * fix: merge issues and FE path * fix: WIP fix for CSRF and redirection issues * fix: OAuth2 fixes and test-server updates (#871) * feat: update oauth2 login info endpoint types to match our general patterns * fix: make login flow work * feat!: improve how we handle changing email addresses and users becoming unverified when account linking requires verification (#869) * feat: update email and pw change logic and add more security checks * feat: update error messages * refactor: improve debug logs and clarify conditions * chore: update changelog * chore: empty line from changelog * refactor: remove duplicated check and bypass mapping for already mapped errcodes * chore: update changelog * feat: call isEmailChangeAllowed in pwless updateUser (#875) * feat: call isEmailChangeAllowed in pwless updateUser * test: add updateUser to test-server * chore: remove unnecessary item from changelog * chore: extend changelog to mention exact function names * test: add logging to default overrides in test-server (#876) * fix: circular dependency * fix: fix types in oauth2 index exposed functions * feat: add token building callbacks * test: move the session object and claims to the BE sdk server (#879) * fixes issue of refresh not clearing tokens * adding dev-v18.0.2 tag to this commit to ensure building --------- Co-authored-by: Ankit Tiwari <[email protected]> Co-authored-by: rishabhpoddar <[email protected]> * feat: Add OAuth2Client recipe (#877) * feat: add initial oauth2 client apis * feat: Add an api to get login info * fix: merge issues and FE path * fix: WIP fix for CSRF and redirection issues * fix: OAuth2 fixes and test-server updates (#871) * feat: update oauth2 login info endpoint types to match our general patterns * fix: make login flow work * fix: circular dependency * feat: Add OAuth2Client recipe * fix: PR changes * fix: PR changes * fix: PR changes * fix: use correct userContext type --------- Co-authored-by: Mihaly Lengyel <[email protected]> * fix: Remove internal redirects in the OAuth2 flow (#896) * fix: Remove internal redirects in the OAuth2 flow * fix: PR changes * fix: Prefer exact api path match in the middleware (#892) * feat: Add userInfoGET endpoint (#890) * feat: add initial oauth2 client apis * feat: Add an api to get login info * fix: merge issues and FE path * fix: WIP fix for CSRF and redirection issues * fix: OAuth2 fixes and test-server updates (#871) * feat: update oauth2 login info endpoint types to match our general patterns * fix: make login flow work * fix: circular dependency * feat: Add OAuth2Client recipe * fix: PR changes * fix: PR changes * fix: PR changes * feat: Add userInfoGET endpoint * fix: PR changes * fix: PR changes * fix: PR changes --------- Co-authored-by: Mihaly Lengyel <[email protected]> * feat: add functions to validate oauth2 tokens * feat: rename OAuth2 to OAuth2Provider * feat: expose token validation functions * test: update tests * fix: add userinfo_endpoint properly * feat: removed unnecessary props * fix: add workaround to validate access/idtokens * fix: OAuth2 fixes (#900) * feat: review fixes * feat: remove accessTokenStrategy * test: update tests * feat: OAuth2Client interface changes (#904) * feat: Add token revocation endpoint (#902) * feat: Add token revocation endpoint * fix: PR changes * fix: PR changes * fix: PR changes * fix: PR changes * fix: PR changes * fix: Add revocation_endpoint * feat: Add token introspection endpoint (#906) * feat: Add token revocation endpoint * fix: PR changes * fix: PR changes * fix: PR changes * fix: PR changes * feat: Add token introspection endpoint * fix: PR changes * fix: Add revocation_endpoint * fix: PR changes * fix: merge issue --------- Co-authored-by: Mihaly Lengyel <[email protected]> * fix: make clientSecret optional (#908) * fix: revokeToken input check * feat: add shouldTryLinkingWithSessionUser flag to auth apis and make overwriteSessionDuringSignInUp deafult to true (#909) * feat: add shouldTryLinkingWithSessionUser flag * feat: add tryLinkingWithSessionUser, forceFreshAuth and small test fixes * fix: test server compatible with 1.17/2.0 (#897) * fix: test server compatible with 1.17 * fix: pr comments * fix: mfa claim * fix: version and changelog * fix: using version function for comparision * fix: circle ci scripts * fix: circle ci testing * fix: circle ci testing * fix: circle ci testing * fix: test server * fix: circle ci restore * adding dev-v20.0.1 tag to this commit to ensure building * fix: config (#905) * adding dev-v20.0.1 tag to this commit to ensure building * feat: prompt param fixing * refactors an exception case * feat: validate max_age * fix: make shouldDoAutomaticAccountLinking properly get the primary user when linking to oldest user (#907) * adding dev-v20.0.2 tag to this commit to ensure building * feat: make shouldTryLinkingWithSessionUser optional in FDI3.1 * feat: fix tryLinkingImplementation and change degault for overwriteSessionDuringSignInUp --------- Co-authored-by: Sattvik Chakravarthy <[email protected]> Co-authored-by: Sattvik Chakravarthy <[email protected]> Co-authored-by: rishabhpoddar <[email protected]> * feat: add shouldTryRefresh plus self-review and test related fixes * feat: Add APIs for rp-initiated logout (#911) * feat: Add APIs for rp-initiated logout * fix: PR changes * fix: PR changes * feat: integrate with OAuth2 core impl (#926) * WIP * WIP * feat: clean up earlier debugging changes * feat: expose new revoke functions + update tests * feat: make the frontend redirection urls overrideable * feat: update how oauth token payloads work * fix: Add changes to support unknown type in formField values (#928) * Add changes to support unknown type in formField values * Update email/password invalid type error message to be same as go/python sdk * Add tests for invalid email/password in signup API * Add tests for invalid email/password in token reset and reset API * Update some errors to indicate unreachable errors * Run build to generate build files * Add detail about breaking change regarding formField value type change to unknown * feat: make loginGET return the redirection link as a JSON response instead * ci: add option to run the CI scripts manually (#929) * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * ci: experiment with manually runnable ci with pre-set branchnames * fix: test fixing * ci: experiment with manually runnable ci with pre-set branchnames * test: make integration test server more stable * ci: update ci runner script * fix: adding hydra to circleci * ci: add missing branch mapping * fix: force script * fix: update ci config * fix: update ci config * fix: update script * fix: update script * fix: update script * fix: ory image --------- Co-authored-by: Sattvik Chakravarthy <[email protected]> * feat: make the issuer overrideable + fix new status * fix: fix handling of CLIENT_NOT_FOUND_ERROR * feat: error consistency improvements * feat: error consistency improvements * refactor: some cleanup and error handling * fix: set the jwks cacheMaxAge in MS * test: add more debug options into ci * feat: added more debug logging * fix: fix the session loading logic in auth apis * ci: improve forceRunCI mac compatibility * ci: add missing env var to test script * feat: detect email_change_not_allowed earlier to fix tests * Revert "feat: detect email_change_not_allowed earlier to fix tests" This reverts commit 47df0a2. * feat: self-review fixes and general cleanup * feat: add emails and phoneNumbers as arrays into the id token as well * feat!: separating the OpenId recipe from the Session recipe --------- Co-authored-by: Ankit Tiwari <[email protected]> Co-authored-by: rishabhpoddar <[email protected]> Co-authored-by: Sattvik Chakravarthy <[email protected]> Co-authored-by: Sattvik Chakravarthy <[email protected]> Co-authored-by: Deepjyoti <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of change
This PR adds the OAuth2Client recipe. It is a trimmed down version of our ThirdParty recipe except that it only allows Supertokens client Ids. There are some TODOs in this PR which are either blocked or require some discussion.
Related issues
Test Plan
(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Bonus points for screenshots and videos!)
Documentation changes
(If relevant, please create a PR in our docs repo, or create a checklist here highlighting the necessary changes)
Checklist for important updates
coreDriverInterfaceSupported.jsonfile has been updated (if needed)lib/ts/version.tsfrontendDriverInterfaceSupported.jsonfile has been updated (if needed)package.jsonpackage-lock.jsonlib/ts/version.tsnpm run build-prettyrecipe/thirdparty/providers/configUtils.tsfile,createProviderfunction.git tag) in the formatvX.Y.Z, and then find the latest branch (git branch --all) whoseX.Yis greater than the latest released tag.add-ts-no-check.jsfile to include thatsomeFunc: function () {..}).