-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for PKCE #245
Open
tanettrimas
wants to merge
30
commits into
axa-group:master
Choose a base branch
from
tanettrimas:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
34ab848
Add a test watch script to package json for easier working with tests
tanettrimas ada2b55
fix: add .idea to gitignore
5a9e6c6
Add tests for verification of pkce verifiers
c514b2d
Make sure the regex is according to the RFC spec
tanettrimas 465d4aa
Add generator for a valid pkce verifier
tanettrimas e5c7c9f
Add generator for a valid code challenge
tanettrimas 63d44b1
Add code_verifier to the tokenrequest
02578e8
Add an asserter for code_challenge_method
tanettrimas 7b514e0
Use string or undefined assertion on code_challenge and code_challeng…
tanettrimas a4f949e
Add tests for verification of challenge and verifier in combination
tanettrimas 8631506
Add the actual implementation of PKCE
tanettrimas 62b99ac
Added metadata information about pkce
28428a0
Add corresponding oauth2-service tests for the functionality
tanettrimas 86cd8c3
Fix formatting
c8cf8db
Remove .idea
tanettrimas 71a6478
Format
b5b6441
format
96c9c3f
format
tanettrimas c27f31b
format
05720c9
format
tanettrimas 79bb5ec
format
tanettrimas 350f928
format
204d972
format
tanettrimas 9ad92eb
Inline function
tanettrimas 16e3da5
Remove assertion functions
tanettrimas f8bdb2a
Remove helper functions
a0794a0
fix: remove unused helper methods
2904885
refactor: use explicit assertion instead of "tobetruthy/falsy"
404a83b
fix: lint issues
472cae4
Update src/lib/oauth2-service.ts
tanettrimas File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
/node_modules/ | ||
/coverage/ | ||
/.vscode/ | ||
/.idea | ||
/.cache/ | ||
/dist/ | ||
.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tanettrimas How about adding a
default:
clause for this switch and make it throw?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do I need a default? it is only used with constant values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's good coding practice to leave no execution branches unchecked, no matter how unlikely you think their execution might be.
Every public method (in this case, "public" means "an exported function in a module that someone else can consume") should validate its input, and throw if it receives an input it's not expected to handle.
I can see that you are already guarding against invalid values and returning an HTTP 400 error response if this happens, and today nothing in the rest of the code will pass an invalid value to this method. The thing is that tomorrow some other developer might decide to reuse this method somewhere else and not guard against invalid values, thus producing an unexpected behaviour and unintentionally introducing a bug.