feat: self-review fixes and general cleanup

CHANGELOG.md

@@ -10,10 +10,41 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## UNRELEASED
 
 -   Added OAuth2Provider recipe
+-   Added a way to run CI on unmerged PRs
+-   Added support for FDIs: 3.1 and 4.0. Required by: auth-react >=0.43.0 and web-js>=0.13.0
+-   The `networkInterceptor` now also gets a new `params` prop in the request config.
 
 ### Breaking change
 
 -   Changes type of value in formField object to be `unknown` instead of `string` to add support for accepting any type of value in form fields.
+-   Only supporting CDI 5.1, Compatible with core version >= 10.0
+-   Changed the default value of `overwriteSessionDuringSignInUp` to true.
+-   Added a new `shouldTryLinkingWithSessionUser` to sign in/up related APIs (and the related recipe functions)
+    -   This will default to false on the API
+    -   This will be set to true in function calls if you pass a session, otherwise it is set to false
+    -   By setting this to true you can enable MFA flows (trying to connect to the session user)
+    -   If set to false, the sign-in/up will be considered a first-factor
+    -   Changed APIs:
+        -   `ThirdParty.signInUpPOST`
+        -   `Passwordless.createCodePOST`
+        -   `Passwordless.consumeCodePOST`
+        -   `Passwordless.consumeCodePOST`
+    -   Changed functions:
+        -   `ThirdParty.signInUp`
+        -   `ThirdPary.manuallyCreateOrUpdateUser`
+        -   `Passwordless.createCode`
+        -   `Passwordless.consumeCode`
+-   We no longer try to load the session if `shouldTryLinkingWithSessionUser` is set to false and overwriteSessionDuringSignInUp is set to true or left as the default value.
+-   Changed the return type of `getOpenIdConfiguration` and `getOpenIdDiscoveryConfigurationGET`, and added the following props:
+    -   authorization_endpoint
+    -   token_endpoint
+    -   userinfo_endpoint
+    -   revocation_endpoint
+    -   token_introspection_endpoint
+    -   end_session_endpoint
+    -   subject_types_supported
+    -   id_token_signing_alg_values_supported
+    -   response_types_supported
 
 ## [20.1.3] - 2024-09-30
 

lib/build/recipe/oauth2client/api/signin.js

@@ -21,7 +21,6 @@ var __importDefault =
 Object.defineProperty(exports, "__esModule", { value: true });
 const error_1 = __importDefault(require("../../../error"));
 const utils_1 = require("../../../utils");
-const session_1 = __importDefault(require("../../session"));
 async function signInAPI(apiImplementation, tenantId, options, userContext) {
     if (apiImplementation.signInPOST === undefined) {
         return false;
@@ -51,18 +50,6 @@ async function signInAPI(apiImplementation, tenantId, options, userContext) {
             message: "Please provide one of redirectURIInfo or oAuthTokens in the request body",
         });
     }
-    let session = await session_1.default.getSession(
-        options.req,
-        options.res,
-        {
-            sessionRequired: false,
-            overrideGlobalClaimValidators: () => [],
-        },
-        userContext
-    );
-    if (session !== undefined) {
-        tenantId = session.getTenantId();
-    }
     let result = await apiImplementation.signInPOST({
         tenantId,
         clientId: bodyParams.clientId,

lib/build/recipe/oauth2provider/OAuth2Client.d.ts

@@ -25,12 +25,10 @@ export declare class OAuth2Client {
     scope: string;
     /**
      * Array of redirect URIs
-     * StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.
      */
     redirectUris: string[] | null;
     /**
      * Array of post logout redirect URIs
-     * StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.
      *
      * This field holds a list of whitelisted `post_logout_redirect_uri`s used to redirect the user after
      * logout via the `end_session_endpoint`. If a non-whitelisted URI is provided, the logout request is rejected.
@@ -96,17 +94,14 @@ export declare class OAuth2Client {
     clientUri: string;
     /**
      * Array of audiences
-     * StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.
      */
     audience: string[];
     /**
      * Array of grant types
-     * StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.
      */
     grantTypes: string[] | null;
     /**
      * Array of response types
-     * StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.
      */
     responseTypes: string[] | null;
     /**

lib/build/recipe/oauth2provider/api/auth.js

@@ -54,8 +54,8 @@ async function authGET(apiImplementation, options, userContext) {
         userContext,
     });
     if ("redirectTo" in response) {
-        if (response.setCookie) {
-            const cookieStr = set_cookie_parser_1.default.splitCookiesString(response.setCookie);
+        if (response.cookies) {
+            const cookieStr = set_cookie_parser_1.default.splitCookiesString(response.cookies);
             const cookies = set_cookie_parser_1.default.parse(cookieStr);
             for (const cookie of cookies) {
                 options.res.setCookie(

lib/build/recipe/oauth2provider/api/implementation.js

@@ -1,5 +1,5 @@
 "use strict";
-/* Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+/* Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
  *
  * This software is licensed under the Apache License, Version 2.0 (the
  * "License") as published by the Apache Software Foundation.
@@ -42,7 +42,7 @@ function getAPIImplementation() {
             }
             return {
                 frontendRedirectTo: respAfterInternalRedirects.redirectTo,
-                setCookie: respAfterInternalRedirects.setCookie,
+                cookies: respAfterInternalRedirects.cookies,
             };
         },
         authGET: async ({ options, params, cookie, session, shouldTryRefresh, userContext }) => {

lib/build/recipe/oauth2provider/api/login.js

@@ -61,8 +61,8 @@ async function login(apiImplementation, options, userContext) {
         userContext,
     });
     if ("frontendRedirectTo" in response) {
-        if (response.setCookie) {
-            const cookieStr = set_cookie_parser_1.default.splitCookiesString(response.setCookie);
+        if (response.cookies) {
+            const cookieStr = set_cookie_parser_1.default.splitCookiesString(response.cookies);
             const cookies = set_cookie_parser_1.default.parse(cookieStr);
             for (const cookie of cookies) {
                 options.res.setCookie(
@@ -81,11 +81,10 @@ async function login(apiImplementation, options, userContext) {
             frontendRedirectTo: response.frontendRedirectTo,
         });
     } else if ("statusCode" in response) {
-        utils_1.sendNon200ResponseWithMessage(
-            options.res,
-            response.error + ": " + response.errorDescription,
-            (_b = response.statusCode) !== null && _b !== void 0 ? _b : 400
-        );
+        utils_1.sendNon200Response(options.res, (_b = response.statusCode) !== null && _b !== void 0 ? _b : 400, {
+            error: response.error,
+            error_description: response.errorDescription,
+        });
     } else {
         utils_1.send200Response(options.res, response);
     }

lib/build/recipe/oauth2provider/api/revokeToken.js

@@ -16,6 +16,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const utils_1 = require("../../../utils");
 async function revokeTokenPOST(apiImplementation, options, userContext) {
+    var _a;
     if (apiImplementation.revokeTokenPOST === undefined) {
         return false;
     }
@@ -42,7 +43,10 @@ async function revokeTokenPOST(apiImplementation, options, userContext) {
         userContext,
     });
     if ("statusCode" in response && response.statusCode !== 200) {
-        utils_1.sendNon200Response(options.res, response.statusCode, response);
+        utils_1.sendNon200Response(options.res, (_a = response.statusCode) !== null && _a !== void 0 ? _a : 400, {
+            error: response.error,
+            error_description: response.errorDescription,
+        });
     } else {
         utils_1.send200Response(options.res, response);
     }

lib/build/recipe/oauth2provider/api/utils.d.ts

@@ -7,27 +7,27 @@ export declare function loginGET({
     loginChallenge,
     shouldTryRefresh,
     session,
-    setCookie,
+    cookies,
     isDirectCall,
     userContext,
 }: {
     recipeImplementation: RecipeInterface;
     loginChallenge: string;
     session?: SessionContainerInterface;
     shouldTryRefresh: boolean;
-    setCookie?: string;
+    cookies?: string;
     userContext: UserContext;
     isDirectCall: boolean;
 }): Promise<
     | ErrorOAuth2
     | {
           status: string;
           redirectTo: string;
-          setCookie: string | undefined;
+          cookies: string | undefined;
       }
     | {
           redirectTo: string;
-          setCookie: string | undefined;
+          cookies: string | undefined;
           status?: undefined;
       }
 >;
@@ -41,7 +41,7 @@ export declare function handleLoginInternalRedirects({
 }: {
     response: {
         redirectTo: string;
-        setCookie?: string;
+        cookies?: string;
     };
     recipeImplementation: RecipeInterface;
     session?: SessionContainerInterface;
@@ -51,7 +51,7 @@ export declare function handleLoginInternalRedirects({
 }): Promise<
     | {
           redirectTo: string;
-          setCookie?: string;
+          cookies?: string;
       }
     | ErrorOAuth2
 >;