From 6aaa0e5b829403a6e003162edc72c3e63291c0e5 Mon Sep 17 00:00:00 2001
From: Bryn Ryans <bryans99@users.noreply.github.com>
Date: Wed, 6 Oct 2021 15:42:10 -0700
Subject: [PATCH] fix: add support for okta oauth implicit flow in extension
 framework (#847)

---
 .../src/connect/extension_host_api.spec.ts    | 43 +++++++++++++++++++
 .../src/connect/extension_host_api.ts         |  3 +-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/packages/extension-sdk/src/connect/extension_host_api.spec.ts b/packages/extension-sdk/src/connect/extension_host_api.spec.ts
index a4f8aa308..ccbcef932 100644
--- a/packages/extension-sdk/src/connect/extension_host_api.spec.ts
+++ b/packages/extension-sdk/src/connect/extension_host_api.spec.ts
@@ -593,6 +593,49 @@ describe('extension_host_api tests', () => {
     done()
   })
 
+  it('sends oauth2 authenticate request with response_type id_token', async (done) => {
+    const hostApi = createHostApi({ lookerVersion: '7.9' })
+    const authEndpoint = 'https://accounts.google.com/o/oauth2/v2/auth'
+    const authParameters = {
+      client_id: 'CLIENT_ID',
+      scope: 'SCOPE',
+      response_type: 'id_token',
+    }
+    await hostApi.oauth2Authenticate(authEndpoint, authParameters)
+    expect(sendAndReceiveSpy).toHaveBeenCalledWith('EXTENSION_API_REQUEST', {
+      payload: {
+        payload: {
+          authEndpoint,
+          authParameters,
+          httpMethod: 'POST',
+        },
+        type: 'oauth2_authenticate',
+      },
+      type: 'INVOKE_EXTERNAL_API',
+    })
+    done()
+  })
+
+  it('rejects oauth2 authenticate request with invalid response_type', async (done) => {
+    const hostApi = createHostApi({ lookerVersion: '7.9' })
+    const authEndpoint = 'https://accounts.google.com/o/oauth2/v2/auth'
+    const authParameters = {
+      client_id: 'CLIENT_ID',
+      scope: 'SCOPE',
+      response_type: 'unknown_response_type',
+    }
+    try {
+      await hostApi.oauth2Authenticate(authEndpoint, authParameters)
+      throw new Error('How did I get here')
+    } catch (err: any) {
+      expect(err.message).toEqual(
+        'invalid response_type, must be token, id_token or code, unknown_response_type'
+      )
+    }
+    expect(sendAndReceiveSpy).not.toHaveBeenCalled()
+    done()
+  })
+
   it('overrides http method for oauth2Authenticate', async (done) => {
     const hostApi = createHostApi({ lookerVersion: '7.9' })
     const authEndpoint = 'https://accounts.google.com/o/oauth2/v2/auth'
diff --git a/packages/extension-sdk/src/connect/extension_host_api.ts b/packages/extension-sdk/src/connect/extension_host_api.ts
index 27ff4891e..b04c1f259 100644
--- a/packages/extension-sdk/src/connect/extension_host_api.ts
+++ b/packages/extension-sdk/src/connect/extension_host_api.ts
@@ -502,9 +502,10 @@ export class ExtensionHostApiImpl implements ExtensionHostApi {
     }
     if (
       authParameters.response_type !== 'token' &&
+      authParameters.response_type !== 'id_token' &&
       authParameters.response_type !== 'code'
     ) {
-      return `invalid response_type, must be token or code, ${authParameters.response_type}`
+      return `invalid response_type, must be token, id_token or code, ${authParameters.response_type}`
     }
     return undefined
   }