Skip to content

Commit

Permalink
fix: deal with discovery issues from b2clogin.com
Browse files Browse the repository at this point in the history
fixes #718
  • Loading branch information
panva committed Oct 23, 2024
1 parent 5fda2cb commit b9a4f2f
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 0 deletions.
12 changes: 12 additions & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1034,6 +1034,17 @@ function handleEntraId(
return false
}

function handleB2Clogin(server: URL, options?: DiscoveryRequestOptions) {
if (
server.hostname.endsWith('.b2clogin.com') &&
(!options?.algorithm || options.algorithm === 'oidc')
) {
return true
}

return false
}

/**
* Performs Authorization Server Metadata discovery and returns a
* {@link Configuration} with the discovered
Expand Down Expand Up @@ -1113,6 +1124,7 @@ export async function discovery(

if (resolve && new URL(as.issuer).href !== server.href) {
handleEntraId(server, as, options) ||
handleB2Clogin(server, options) ||
(() => {
throw new ClientError(
'discovered metadata issuer does not match the expected issuer',
Expand Down
63 changes: 63 additions & 0 deletions test/issue-718.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// see https://github.com/panva/openid-client/issues/718

import test from 'ava'
import * as client from '../src/index.js'
import * as undici from 'undici'

const tenantName = 'openidclientdemo.onmicrosoft.com'
const tenantId = '0e96f835-6e34-470c-800b-2e2c5908c54c'
const policy = 'B2C_1_signupsignin'

const urls = [
new URL(`https://openidclientdemo.b2clogin.com/${tenantName}/${policy}/v2.0`),
new URL(`https://openidclientdemo.b2clogin.com/${tenantId}/${policy}/v2.0`),
new URL(
`https://openidclientdemo.b2clogin.com/${tenantName}/${policy}/v2.0/`,
),
new URL(`https://openidclientdemo.b2clogin.com/${tenantId}/${policy}/v2.0/`),
]

let i = 0
for (const url of urls) {
i++
test(`accepts b2clogin.com issuer identifier for whatever value it is ${i}/${urls.length}`, async (t) => {
let agent = new undici.MockAgent()
agent.disableNetConnect()

const wellKnown = new URL(
`${url.pathname}/.well-known/openid-configuration`.replace('//', '/'),
url,
)

const mockAgent = agent.get(url.origin)

mockAgent
.intercept({
method: 'GET',
path: wellKnown.pathname,
})
.reply(
200,
{
issuer:
'https://openidclientdemo.b2clogin.com/0e96f835-6e34-470c-800b-2e2c5908c54c/v2.0/',
},
{
headers: {
'content-type': 'application/json',
},
},
)

await t.notThrowsAsync(
client.discovery(url, 'decoy', 'decoy', undefined, {
// @ts-ignore
[client.customFetch](url, options) {
return undici.fetch(url, { ...options, dispatcher: agent })
},
}),
)

t.notThrows(() => agent.assertNoPendingInterceptors())
})
}

0 comments on commit b9a4f2f

Please sign in to comment.