feat: Make sure redirect_uri is the same for authorization and token …

…endpoint when used and made redirect_uri optional. The redirect_uri is automatically passed to the token request in case one was used for authorization
Sphereon-Opensource · Feb 3, 2024 · 394fcb7 · 394fcb7
1 parent 4ae9a7d
commit 394fcb7
Show file tree

Hide file tree

Showing 3 changed files with 220 additions and 216 deletions.
diff --git a/packages/client/lib/AccessTokenClient.ts b/packages/client/lib/AccessTokenClient.ts
@@ -176,14 +176,6 @@ export class AccessTokenClient {
       throw new Error('Authorization flow requires the code to be present');
     }
   }
-
-  private assertNonEmptyRedirectUri(accessTokenRequest: AccessTokenRequest): void {
-    if (!accessTokenRequest.redirect_uri) {
-      debug('No redirect_uri present, whilst it is required');
-      throw new Error('Authorization flow requires the redirect_uri to be present');
-    }
-  }
-
   private validate(accessTokenRequest: AccessTokenRequest, isPinRequired?: boolean): void {
     if (accessTokenRequest.grant_type === GrantTypes.PRE_AUTHORIZED_CODE) {
       this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
@@ -193,7 +185,6 @@ export class AccessTokenClient {
       this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
       this.assertNonEmptyCodeVerifier(accessTokenRequest);
       this.assertNonEmptyCode(accessTokenRequest);
-      this.assertNonEmptyRedirectUri(accessTokenRequest);
     } else {
       this.throwNotSupportedFlow();
     }
@@ -236,11 +227,14 @@ export class AccessTokenClient {
 
   private static creatTokenURLFromURL(url: string, allowInsecureEndpoints?: boolean, tokenEndpoint?: string): string {
     if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
-      throw Error(`Unprotected token endpoints are not allowed ${url}. Adjust settings if you really need this (dev/test settings only!!)`);
+      throw Error(
+        `Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`,
+      );
     }
     const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
     const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
     const scheme = url.split('://')[0];
+    console.log(`scheme: ${scheme}, hostname: ${hostname}, endpoint: ${endpoint}`);
     return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
   }
 

diff --git a/packages/client/lib/AuthorizationCodeClient.ts b/packages/client/lib/AuthorizationCodeClient.ts
@@ -104,7 +104,7 @@ export const createAuthorizationRequestUrl = async ({
   console.log(`QUERY obj: ` + JSON.stringify(queryObj, null, 2));
   const url = convertJsonToURI(queryObj, {
     baseUrl: endpointMetadata.authorization_endpoint,
-    uriTypeProperties: ['client_id', 'request_uri', 'redirect_uri', 'scope', 'authorization_details',  'issuer_state'],
+    uriTypeProperties: ['client_id', 'request_uri', 'redirect_uri', 'scope', 'authorization_details', 'issuer_state'],
     // arrayTypeProperties: ['authorization_details'],
     mode: JsonURIMode.X_FORM_WWW_URLENCODED,
     // We do not add the version here, as this always needs to be form encoded