OIDC: update to oidc-client-ts functions from js-sdk (#11193)

* test util for oidcclientconfigs * rename type and lint * correct oidc test util * store issuer and clientId pre auth navigation * update for js-sdk userstate, tidy
2025-08-07 21:23:00 +03:00 · 2023-07-10 12:57:16 +12:00
parent 1a75d5d869
commit 01bd80fe59
5 changed files with 91 additions and 78 deletions
--- a/test/test-utils/oidc.ts
+++ b/test/test-utils/oidc.ts
@@ -0,0 +1,53 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { OidcClientConfig } from "matrix-js-sdk/src/autodiscovery";
+import { ValidatedIssuerMetadata } from "matrix-js-sdk/src/oidc/validate";
+
+/**
+ * Makes a valid OidcClientConfig with minimum valid values
+ * @param issuer used as the base for all other urls
+ * @returns OidcClientConfig
+ */
+export const makeDelegatedAuthConfig = (issuer = "https://auth.org/"): OidcClientConfig => {
+    const metadata = mockOpenIdConfiguration(issuer);
+
+    return {
+        issuer,
+        account: issuer + "account",
+        registrationEndpoint: metadata.registration_endpoint,
+        authorizationEndpoint: metadata.authorization_endpoint,
+        tokenEndpoint: metadata.token_endpoint,
+        metadata,
+    };
+};
+
+/**
+ * Useful for mocking <issuer>/.well-known/openid-configuration
+ * @param issuer used as the base for all other urls
+ * @returns ValidatedIssuerMetadata
+ */
+export const mockOpenIdConfiguration = (issuer = "https://auth.org/"): ValidatedIssuerMetadata => ({
+    issuer,
+    revocation_endpoint: issuer + "revoke",
+    token_endpoint: issuer + "token",
+    authorization_endpoint: issuer + "auth",
+    registration_endpoint: issuer + "registration",
+    jwks_uri: issuer + "jwks",
+    response_types_supported: ["code"],
+    grant_types_supported: ["authorization_code", "refresh_token"],
+    code_challenge_methods_supported: ["S256"],
+});
--- a/test/utils/oidc/authorize-test.ts
+++ b/test/utils/oidc/authorize-test.ts
@@ -18,23 +18,17 @@ import fetchMockJest from "fetch-mock-jest";
 import * as randomStringUtils from "matrix-js-sdk/src/randomstring";

 import { startOidcLogin } from "../../../src/utils/oidc/authorize";
+import { makeDelegatedAuthConfig, mockOpenIdConfiguration } from "../../test-utils/oidc";

 describe("startOidcLogin()", () => {
    const issuer = "https://auth.com/";
-    const authorizationEndpoint = "https://auth.com/authorization";
    const homeserver = "https://matrix.org";
    const clientId = "xyz789";
    const baseUrl = "https://test.com";

-    const delegatedAuthConfig = {
-        issuer,
-        registrationEndpoint: issuer + "registration",
-        authorizationEndpoint,
-        tokenEndpoint: issuer + "token",
-    };
+    const delegatedAuthConfig = makeDelegatedAuthConfig(issuer);

    const sessionStorageGetSpy = jest.spyOn(sessionStorage.__proto__, "setItem").mockReturnValue(undefined);
-    const randomStringMockImpl = (length: number) => new Array(length).fill("x").join("");

    // to restore later
    const realWindowLocation = window.location;
@@ -53,6 +47,10 @@ describe("startOidcLogin()", () => {
            origin: baseUrl,
        };

+        fetchMockJest.get(
+            delegatedAuthConfig.metadata.issuer + ".well-known/openid-configuration",
+            mockOpenIdConfiguration(),
+        );
        jest.spyOn(randomStringUtils, "randomString").mockRestore();
    });

@@ -60,23 +58,6 @@ describe("startOidcLogin()", () => {
        window.location = realWindowLocation;
    });

-    it("should store authorization params in session storage", async () => {
-        jest.spyOn(randomStringUtils, "randomString").mockReset().mockImplementation(randomStringMockImpl);
-        await startOidcLogin(delegatedAuthConfig, clientId, homeserver);
-
-        const state = randomStringUtils.randomString(8);
-
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(`oidc_${state}_nonce`, randomStringUtils.randomString(8));
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(`oidc_${state}_redirectUri`, baseUrl);
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(
-            `oidc_${state}_codeVerifier`,
-            randomStringUtils.randomString(64),
-        );
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(`oidc_${state}_clientId`, clientId);
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(`oidc_${state}_issuer`, issuer);
-        expect(sessionStorageGetSpy).toHaveBeenCalledWith(`oidc_${state}_homeserver`, homeserver);
-    });
-
    it("navigates to authorization endpoint with correct parameters", async () => {
        await startOidcLogin(delegatedAuthConfig, clientId, homeserver);