-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Enroll Authenticator via /authorize #1324
feat: Enroll Authenticator via /authorize #1324
Conversation
Codecov ReportBase: 92.11% // Head: 92.25% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #1324 +/- ##
==========================================
+ Coverage 92.11% 92.25% +0.13%
==========================================
Files 214 218 +4
Lines 5152 5204 +52
Branches 1094 1103 +9
==========================================
+ Hits 4746 4801 +55
+ Misses 383 380 -3
Partials 23 23
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
1e2d529
to
885bae5
Compare
a629472
to
c7f698e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking pretty good overall. Just a couple things:
-
See comments on _setLocation. Let's not continue this pattern. If possible let's refactor existing function so that this pattern doesn't exist anymore
-
Is cucumber feature spec part of this task? If E2E testing is not possible at this time because code is not in production, would make sense to at least write out the scenario definition in a .feature file (and then mark it with a @Skip annotation)
80fcad6
to
b0f4ec0
Compare
61986de
to
66e6c24
Compare
a761e2b
to
5d5cc12
Compare
9b4cafe
to
5af4857
Compare
@@ -56,7 +57,7 @@ export function convertTokenParamsToOAuthParams(tokenParams: TokenParams) { | |||
if (tokenParams.responseType!.indexOf('id_token') !== -1 && | |||
tokenParams.scopes!.indexOf('openid') === -1) { | |||
throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token'); | |||
} else { | |||
} else if (tokenParams.scopes) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this change? Does empty scope query parameter have a special meaning to the authorize endpoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For authenticator enrolment via authorize endpoint scope
should be deleted.
https://github.com/okta/okta-auth-js/pull/1324/files#diff-c7c807658c1f989f83fd7287c01e1c459ffa33b5afc14bb32dc9bd23b51e0048R39
more tests for responseType none
ad6645f
to
738ad21
Compare
endpoints.authorize.enrollAuthenticator(options: EnrollAuthenticatorOptions)
.Added
enrollAmrValues
toTokenParams
.EnrollAuthenticatorOptions
extendsTokenParams
and requiresenrollAmrValues
.redirectUri
after authenticator enrolment, but without tokens sinceresponseType
isnone
.To allow user to still use
handleRedirect
in this new flow (to show errors and redirect tooriginalUri
on success, but without storing tokens), addedresponseType
toTokenResponse
.In case of
none
value, don't clear tokens instoreTokensFromRedirect
.handleRedirect(options)
, deprecatedhandleLoginRedirect(tokens, options)
in readmeEnroll AMR values
to config and buttonEnroll authenticator
(for both auth and non-auth states)OAUTH2_ENROLL_AUTHENTICATOR
Internal ref: https://oktainc.atlassian.net/browse/OKTA-539548
Tech design: https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2630550024/Technical+Design+for+Enroll+Authenticator+via+authorize
List of AMR values: https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2230422496/Authenticator+Platform+Taxonomy#AuthenticatorPlatformTaxonomy-Table