matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-07-31 15:24:23 +03:00
Code Activity

OIDC: use oidc-client-ts (#3544)

Browse Source 
* use oidc-client-ts during oidc discovery

* export new type for auth config

* deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl

* testing util for oidc configurations

* test generateOidcAuthorizationUrl

* lint

* test discovery

* dont pass whole client wellknown to oidc validation funcs

* add nonce

* use client userState for homeserver
This commit is contained in:
Kerry
2023-07-10 09:19:32 +12:00
committed by GitHub
parent b606d1e54b
commit b8fa030d5d
10 changed files with 432 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
spec/unit/oidc/validate.spec.ts
View File

@ -35,7 +35,7 @@ describe("validateWellKnownAuthentication()", () => {
},
};
it("should throw not supported error when wellKnown has no m.authentication section", () => {
expect(() => validateWellKnownAuthentication(baseWk)).toThrow(OidcError.NotSupported);
expect(() => validateWellKnownAuthentication(undefined)).toThrow(OidcError.NotSupported);
});
it("should throw misconfigured error when authentication issuer is not a string", () => {
@ -45,7 +45,9 @@ describe("validateWellKnownAuthentication()", () => {
issuer: { url: "test.com" },
},
};
expect(() => validateWellKnownAuthentication(wk)).toThrow(OidcError.Misconfigured);
expect(() => validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!] as any)).toThrow(
OidcError.Misconfigured,
);
});
it("should throw misconfigured error when authentication account is not a string", () => {
@ -56,7 +58,9 @@ describe("validateWellKnownAuthentication()", () => {
account: { url: "test" },
},
};
expect(() => validateWellKnownAuthentication(wk)).toThrow(OidcError.Misconfigured);
expect(() => validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!] as any)).toThrow(
OidcError.Misconfigured,
);
});
it("should throw misconfigured error when authentication account is false", () => {
@ -67,7 +71,9 @@ describe("validateWellKnownAuthentication()", () => {
account: false,
},
};
expect(() => validateWellKnownAuthentication(wk)).toThrow(OidcError.Misconfigured);
expect(() => validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!] as any)).toThrow(
OidcError.Misconfigured,
);
});
it("should return valid config when wk uses stable m.authentication", () => {
@ -78,7 +84,7 @@ describe("validateWellKnownAuthentication()", () => {
account: "account.com",
},
};
expect(validateWellKnownAuthentication(wk)).toEqual({
expect(validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!])).toEqual({
issuer: "test.com",
account: "account.com",
});
@ -91,7 +97,7 @@ describe("validateWellKnownAuthentication()", () => {
issuer: "test.com",
},
};
expect(validateWellKnownAuthentication(wk)).toEqual({
expect(validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!])).toEqual({
issuer: "test.com",
});
});
@ -104,24 +110,10 @@ describe("validateWellKnownAuthentication()", () => {
somethingElse: "test",
},
};
expect(validateWellKnownAuthentication(wk)).toEqual({
expect(validateWellKnownAuthentication(wk[M_AUTHENTICATION.stable!])).toEqual({
issuer: "test.com",
});
});
it("should return valid config when wk uses unstable prefix for m.authentication", () => {
const wk = {
...baseWk,
[M_AUTHENTICATION.unstable!]: {
issuer: "test.com",
account: "account.com",
},
};
expect(validateWellKnownAuthentication(wk)).toEqual({
issuer: "test.com",
account: "account.com",
});
});
});
describe("validateOIDCIssuerWellKnown", () => {
@ -129,6 +121,7 @@ describe("validateOIDCIssuerWellKnown", () => {
authorization_endpoint: "https://test.org/authorize",
token_endpoint: "https://authorize.org/token",
registration_endpoint: "https://authorize.org/regsiter",
revocation_endpoint: "https://authorize.org/regsiter",
response_types_supported: ["code"],
grant_types_supported: ["authorization_code"],
code_challenge_methods_supported: ["S256"],