fix: ensure authorization_details can be passed in as array instead of only string#1111
Draft
frederikprijck wants to merge 5 commits into
Draft
fix: ensure authorization_details can be passed in as array instead of only string#1111frederikprijck wants to merge 5 commits into
frederikprijck wants to merge 5 commits into
Conversation
frederikprijck
commented
May 16, 2025
|
|
||
| it('should return token response, including authorization_details when available', async () => { | ||
| const authorization_details = JSON.stringify([{ type: 'test-type' }]); | ||
| const authorization_details = [{ type: 'test-type' }]; |
Member
Author
There was a problem hiding this comment.
This test was incorrectly configuring auth0 to return a string, so the test passed.
frederikprijck
commented
May 16, 2025
| ...options, | ||
| login_hint: getLoginHint(userId, this.domain), | ||
| client_id: this.clientId, | ||
| authorization_details: |
Member
Author
There was a problem hiding this comment.
Need to avoid sending it when not defined
frederikprijck
force-pushed
the
fix/ciba-rar
branch
from
1c1f670 to
b67ba7f
Compare
frederikprijck
changed the title
4 tasks
Contributor
|
Could you please update the PR when you get a chance? |
frederikprijck
force-pushed
the
fix/ciba-rar
branch
from
b67ba7f to
c80b7e2
Compare
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
…edupe type - Make grant() and all TokenSet-returning grant methods generic over TAuthorizationDetails so PAR+RAR custom types work end to end - Avoid mutating caller input in pushedAuthorization - Share a single exported AuthorizationDetails type across auth modules - Add test for array authorization_details serialization in Backchannel.authorize
Make IBackchannel.authorize and backchannelGrant generic so the TAuthorizationDetails type parameter is reachable via auth0.backchannel, not only when instantiating the Backchannel class directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
This PR ensures we can pass
authorization_detailsas an array instead of only a string.Additionally, the
authorization_detailsare not returned as a string, but as an actual array.This PR fixes those types, and implements it using Generics so that users can provide their own type of
AuthorizationDetails(which will most often be the case).This has been fixed for both CIBA+RAR and PAR+RAR.
References
https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba
Testing
To test this, simply do a CIBA+RAR exchange and inspect the returned
authorization_details(even before this change, it's marked as a string but it's actually an object at run time.Checklist