Skip to content

Commit 494b4f9

Browse files
asafasaf
committed
fix: getters should not concat given scopes and default scopes together.
Respect consumer demand to get token for specific scopes. Prior to this, the default scopes set on the client level were always concatented when searching for a match token.
1 parent 5ec6737 commit 494b4f9

File tree

2 files changed

+25
-13
lines changed

2 files changed

+25
-13
lines changed

playground/index.html

+5-3
Original file line numberDiff line numberDiff line change
@@ -844,15 +844,17 @@ <h3 class="text-lg leading-6 font-medium text-gray-500">Actions</h3>
844844
}
845845
},
846846
getUser: async function () {
847-
const user = await this.crossid.getUser()
847+
const user = await this.crossid.getUser({ scope: 'openid' })
848848
this.user = user
849849
},
850850
getAccessToken: async function () {
851-
const at = await this.crossid.getAccessToken()
851+
const at = await this.crossid.getAccessToken({ scope: 'openid' })
852852
this.accessToken = at
853853
},
854854
introspectAccessToken: async function () {
855-
const at = await this.crossid.introspectAccessToken()
855+
const at = await this.crossid.introspectAccessToken({
856+
scope: 'openid',
857+
})
856858
this.accessTokenClaims = at
857859
},
858860
logout: async function () {

src/client.ts

+20-10
Original file line numberDiff line numberDiff line change
@@ -352,8 +352,8 @@ export default class CrossidClient {
352352
public async getUser<E extends IDToken>(
353353
opts: GetUserOpts = {}
354354
): Promise<E | undefined> {
355-
const aud = opts.audience || this.opts.audience || ['']
356-
const scp = uniqueScopes(this.scope, opts.scope)
355+
const aud = this.getFinalAudience(opts.audience)
356+
const scp = this.getFinalScope(opts.scope)
357357
const keys = this._getTokensKeysFromCache('id_token', aud, scp)
358358
const tok = this._getNarrowedKey<DecodedJWT<E>>(keys)
359359
return tok?.payload
@@ -368,8 +368,8 @@ export default class CrossidClient {
368368
public async getAccessToken(
369369
opts: GetAccessTokenOpts = {}
370370
): Promise<string | undefined> {
371-
const aud = opts.audience || this.opts.audience || ['']
372-
const scp = uniqueScopes(this.scope, opts.scope)
371+
const aud = this.getFinalAudience(opts.audience)
372+
const scp = this.getFinalScope(opts.scope)
373373
const keys = this._getTokensKeysFromCache('access_token', aud, scp)
374374
const tok = this._getNarrowedKey<DecodedJWT<JWTClaims>>(keys)
375375
return tok?.payload?._raw
@@ -387,8 +387,8 @@ export default class CrossidClient {
387387
public async introspectAccessToken(
388388
opts: GetAccessTokenOpts = {}
389389
): Promise<JWTClaims | undefined> {
390-
const aud = opts.audience || this.opts.audience
391-
const scp = uniqueScopes(this.scope, opts.scope)
390+
const aud = this.getFinalAudience(opts.audience)
391+
const scp = this.getFinalScope(opts.scope)
392392
const keys = this._getTokensKeysFromCache('access_token', aud, scp)
393393
const tok = this._getNarrowedKey<DecodedJWT<JWTClaims>>(keys)
394394

@@ -540,12 +540,12 @@ export default class CrossidClient {
540540
): AuthorizationRequest {
541541
return {
542542
client_id: this.opts.client_id,
543-
audience: opts.audience || this.opts.audience,
543+
audience: this.getFinalAudience(opts.audience),
544544
response_type: opts.response_type || this.opts.response_type || 'code',
545545
redirect_uri: opts.redirect_uri || this.opts.redirect_uri,
546546
nonce: opts.nonce,
547547
state: opts.state,
548-
scope: opts.scope || this.opts.scope,
548+
scope: this.getFinalScope(opts.scope).join(' '),
549549
code_challenge: opts.code_challenge,
550550
code_challenge_method: 'S256',
551551
}
@@ -824,13 +824,13 @@ export default class CrossidClient {
824824
// _getTokensKeysFromCache returns key names that matches the given criteria.
825825
private _getTokensKeysFromCache(
826826
tokType: tokenTypes,
827-
aud: string[],
827+
aud: string[] = [''],
828828
scp: string[]
829829
): string[] {
830830
let idx = this.cache.get(CACHE_IDX_KEY) || {}
831831
// this method currently handles single aud only
832832
const aud1 = aud[0]
833-
const audIdx = idx[aud1]
833+
const audIdx = idx[aud1] || ['']
834834
if (!audIdx) return []
835835

836836
let inter
@@ -896,4 +896,14 @@ export default class CrossidClient {
896896
}
897897
this.cache.set(CACHE_IDX_KEY, idx)
898898
}
899+
900+
private getFinalAudience(localAud: string[]): string[] {
901+
return localAud || this.opts.audience
902+
}
903+
904+
private getFinalScope(localScp: string): string[] {
905+
return localScp !== undefined
906+
? uniqueScopes(localScp)
907+
: uniqueScopes(this.scope)
908+
}
899909
}

0 commit comments

Comments
 (0)