logto/packages/core/src/oidc/utils.test.ts

import {
  ApplicationType,
  CustomClientMetadataKey,
  FirstScreen,
  GrantType,
  InteractionMode,
  demoAppApplicationId,
} from '@logto/schemas';

import { mockEnvSet } from '#src/test-utils/env-set.js';

import {
  isOriginAllowed,
  buildOidcClientMetadata,
  getConstantClientMetadata,
  validateCustomClientMetadata,
  buildLoginPromptUrl,
} from './utils.js';

describe('getConstantClientMetadata()', () => {
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.SPA)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],
    token_endpoint_auth_method: 'none',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Native)).toEqual({
    application_type: 'native',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],
    token_endpoint_auth_method: 'none',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Traditional)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],
    token_endpoint_auth_method: 'client_secret_basic',
  });
  expect(getConstantClientMetadata(mockEnvSet, ApplicationType.MachineToMachine)).toEqual({
    application_type: 'web',
    grant_types: [GrantType.ClientCredentials],
    token_endpoint_auth_method: 'client_secret_basic',
    response_types: [],
  });
});

describe('buildOidcClientMetadata()', () => {
  const metadata = {
    redirectUris: ['logto.dev'],
    postLogoutRedirectUris: ['logto.dev'],
    logoUri: 'logto.pnf',
  };
  expect(buildOidcClientMetadata()).toEqual({ redirectUris: [], postLogoutRedirectUris: [] });
  expect(buildOidcClientMetadata(metadata)).toEqual(metadata);
});

describe('validateMetadata', () => {
  describe('corsAllowedOrigins', () => {
    it('should not throw when corsAllowedOrigins is empty', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', []);
      }).not.toThrow();
    });

    it('should not throw when corsAllowedOrigins are all valid', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', [
          'http://localhost:3001',
          'https://logto.dev',
        ]);
      }).not.toThrow();
    });

    it('should throw when corsAllowedOrigins are not all valid', () => {
      expect(() => {
        validateCustomClientMetadata('corsAllowedOrigins', ['', 'logto.dev']);
      }).toThrow();
    });
  });

  describe.each(['idTokenTtl', 'refreshTokenTtl'])('%s', (ttlKey) => {
    test(`${ttlKey} should not throw when it is a number`, () => {
      expect(() => {
        validateCustomClientMetadata(ttlKey, 5000);
      }).not.toThrow();
    });

    test(`${ttlKey} should throw when it is not a number`, () => {
      expect(() => {
        validateCustomClientMetadata(ttlKey, 'string_value');
      }).toThrow();
    });
  });
});

describe('isOriginAllowed', () => {
  it('should return false if there is no corsAllowOrigins', () => {
    expect(isOriginAllowed('https://logto.dev', {})).toBeFalsy();
  });

  it('should return false if corsAllowOrigins is empty', () => {
    expect(
      isOriginAllowed('https://logto.dev', { [CustomClientMetadataKey.CorsAllowedOrigins]: [] })
    ).toBeFalsy();
  });

  it('should return false if corsAllowOrigins do not include the origin', () => {
    expect(
      isOriginAllowed('http://localhost:3001', {
        [CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],
      })
    ).toBeFalsy();
  });

  it('should return true if corsAllowOrigins include the origin', () => {
    expect(
      isOriginAllowed('https://logto.dev', {
        [CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],
      })
    ).toBeTruthy();
  });

  it('should return true if redirectUris include the origin', () => {
    expect(
      isOriginAllowed(
        'https://logto.dev',
        {
          [CustomClientMetadataKey.CorsAllowedOrigins]: [],
        },
        ['https://logto.dev/callback']
      )
    ).toBeTruthy();
  });
});

describe('buildLoginPromptUrl', () => {
  it('should return the correct url for empty parameters', () => {
    expect(buildLoginPromptUrl({})).toBe('sign-in');
    expect(buildLoginPromptUrl({}, 'foo')).toBe('sign-in');
    expect(buildLoginPromptUrl({}, demoAppApplicationId)).toBe('sign-in');
  });

  it('should return the correct url for firstScreen', () => {
    expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register })).toBe('register');
    expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register }, 'foo')).toBe('register');
    expect(buildLoginPromptUrl({ first_screen: FirstScreen.SignIn }, demoAppApplicationId)).toBe(
      'sign-in'
    );
    // Legacy interactionMode support
    expect(buildLoginPromptUrl({ interaction_mode: InteractionMode.SignUp })).toBe('register');
  });

  it('should return the correct url for directSignIn', () => {
    expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' })).toBe(
      'direct/method/target?fallback=sign-in'
    );
    expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, 'foo')).toBe(
      'direct/method/target?fallback=sign-in'
    );
    expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, demoAppApplicationId)).toBe(
      'direct/method/target?fallback=sign-in'
    );
    expect(buildLoginPromptUrl({ direct_sign_in: 'method' })).toBe(
      'direct/method?fallback=sign-in'
    );
    expect(buildLoginPromptUrl({ direct_sign_in: '' })).toBe('sign-in');
  });

  it('should return the correct url for mixed parameters', () => {
    expect(
      buildLoginPromptUrl({ first_screen: FirstScreen.Register, direct_sign_in: 'method:target' })
    ).toBe('direct/method/target?fallback=register');
    expect(
      buildLoginPromptUrl(
        { first_screen: FirstScreen.Register, direct_sign_in: 'method:target' },
        demoAppApplicationId
      )
    ).toBe('direct/method/target?fallback=register');
  });
});
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`import {`
			`ApplicationType,`
			`CustomClientMetadataKey,`
			`FirstScreen,`
			`GrantType,`
			`InteractionMode,`
			`demoAppApplicationId,`
			`} from '@logto/schemas';`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`import { mockEnvSet } from '#src/test-utils/env-set.js';`
refactor: remove deprecated singleton instances 2023-01-11 16:41:53 +08:00
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`import {`
			`isOriginAllowed,`
			`buildOidcClientMetadata,`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`getConstantClientMetadata,`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`validateCustomClientMetadata,`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`buildLoginPromptUrl,`
refactor: use esm (batch 3) 2022-11-21 16:38:24 +08:00			`} from './utils.js';`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`describe('getConstantClientMetadata()', () => {`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.SPA)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
feat(core,schemas): token exchange grant (#6057) 2024-07-01 16:36:34 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'none',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Native)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'native',`
feat(core,schemas): token exchange grant (#6057) 2024-07-01 16:36:34 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'none',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.Traditional)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
feat(core,schemas): token exchange grant (#6057) 2024-07-01 16:36:34 +08:00			`grant_types: [GrantType.AuthorizationCode, GrantType.RefreshToken, GrantType.TokenExchange],`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`token_endpoint_auth_method: 'client_secret_basic',`
			`});`
refactor: fix alteration 2023-02-09 18:31:14 +08:00			`expect(getConstantClientMetadata(mockEnvSet, ApplicationType.MachineToMachine)).toEqual({`
feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`application_type: 'web',`
			`grant_types: [GrantType.ClientCredentials],`
			`token_endpoint_auth_method: 'client_secret_basic',`
			`response_types: [],`
			`});`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`});`

feat(core): machine to machine apps 2022-09-21 13:06:56 +08:00			`describe('buildOidcClientMetadata()', () => {`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`const metadata = {`
			`redirectUris: ['logto.dev'],`
			`postLogoutRedirectUris: ['logto.dev'],`
			`logoUri: 'logto.pnf',`
			`};`
			`expect(buildOidcClientMetadata()).toEqual({ redirectUris: [], postLogoutRedirectUris: [] });`
			`expect(buildOidcClientMetadata(metadata)).toEqual(metadata);`
			`});`

			`describe('validateMetadata', () => {`
			`describe('corsAllowedOrigins', () => {`
			`it('should not throw when corsAllowedOrigins is empty', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', []);`
			`}).not.toThrow();`
			`});`

			`it('should not throw when corsAllowedOrigins are all valid', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', [`
			`'http://localhost:3001',`
			`'https://logto.dev',`
			`]);`
			`}).not.toThrow();`
			`});`

			`it('should throw when corsAllowedOrigins are not all valid', () => {`
			`expect(() => {`
			`validateCustomClientMetadata('corsAllowedOrigins', ['', 'logto.dev']);`
			`}).toThrow();`
			`});`
			`});`

			`describe.each(['idTokenTtl', 'refreshTokenTtl'])('%s', (ttlKey) => {`
			test(`${ttlKey} should not throw when it is a number`, () => {
			`expect(() => {`
			`validateCustomClientMetadata(ttlKey, 5000);`
			`}).not.toThrow();`
			`});`

			test(`${ttlKey} should throw when it is not a number`, () => {
			`expect(() => {`
			`validateCustomClientMetadata(ttlKey, 'string_value');`
			`}).toThrow();`
			`});`
			`});`
			`});`

feat(core): validate custom client metadata when post or patch application (#529) 2022-04-13 15:23:04 +08:00			`describe('isOriginAllowed', () => {`
feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`it('should return false if there is no corsAllowOrigins', () => {`
			`expect(isOriginAllowed('https://logto.dev', {})).toBeFalsy();`
			`});`

			`it('should return false if corsAllowOrigins is empty', () => {`
			`expect(`
			`isOriginAllowed('https://logto.dev', { [CustomClientMetadataKey.CorsAllowedOrigins]: [] })`
			`).toBeFalsy();`
			`});`

			`it('should return false if corsAllowOrigins do not include the origin', () => {`
			`expect(`
			`isOriginAllowed('http://localhost:3001', {`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],`
			`})`
			`).toBeFalsy();`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`

feat(core,schemas): cors allowed origins (#507) * feat(schemas): cors allowed origins of application in custom OIDC client metadata * refactor(schemas): rename CustomClientMetadataType to CustomClientMetadataKey * feat(core): cors allowed origins 2022-04-08 18:16:20 +08:00			`it('should return true if corsAllowOrigins include the origin', () => {`
			`expect(`
			`isOriginAllowed('https://logto.dev', {`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: ['https://logto.dev'],`
			`})`
			`).toBeTruthy();`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`
refactor: by default allow redirect URIs for CORS access (#1420) * refactor: by default allow redirect URIs for CORS access * refactor: improve wording Co-authored-by: IceHe.xyz <icehe@silverhand.io> Co-authored-by: IceHe.xyz <icehe@silverhand.io> 2022-07-05 17:36:43 +08:00
			`it('should return true if redirectUris include the origin', () => {`
			`expect(`
			`isOriginAllowed(`
			`'https://logto.dev',`
			`{`
			`[CustomClientMetadataKey.CorsAllowedOrigins]: [],`
			`},`
			`['https://logto.dev/callback']`
			`)`
			`).toBeTruthy();`
			`});`
test(oidc): add oidc adapter test case (#266) add oidc adapter test case 2022-02-23 09:42:29 +08:00			`});`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00
			`describe('buildLoginPromptUrl', () => {`
			`it('should return the correct url for empty parameters', () => {`
			`expect(buildLoginPromptUrl({})).toBe('sign-in');`
			`expect(buildLoginPromptUrl({}, 'foo')).toBe('sign-in');`
refactor(core, experience): remove `no_cache` param 2024-07-08 09:03:45 +08:00			`expect(buildLoginPromptUrl({}, demoAppApplicationId)).toBe('sign-in');`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`});`

			`it('should return the correct url for firstScreen', () => {`
			`expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register })).toBe('register');`
			`expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register }, 'foo')).toBe('register');`
			`expect(buildLoginPromptUrl({ first_screen: FirstScreen.SignIn }, demoAppApplicationId)).toBe(`
refactor(core, experience): remove `no_cache` param 2024-07-08 09:03:45 +08:00			`'sign-in'`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`);`
			`// Legacy interactionMode support`
			`expect(buildLoginPromptUrl({ interaction_mode: InteractionMode.SignUp })).toBe('register');`
			`});`

			`it('should return the correct url for directSignIn', () => {`
			`expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' })).toBe(`
			`'direct/method/target?fallback=sign-in'`
			`);`
			`expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, 'foo')).toBe(`
			`'direct/method/target?fallback=sign-in'`
			`);`
			`expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, demoAppApplicationId)).toBe(`
refactor(core, experience): remove `no_cache` param 2024-07-08 09:03:45 +08:00			`'direct/method/target?fallback=sign-in'`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`);`
			`expect(buildLoginPromptUrl({ direct_sign_in: 'method' })).toBe(`
			`'direct/method?fallback=sign-in'`
			`);`
			`expect(buildLoginPromptUrl({ direct_sign_in: '' })).toBe('sign-in');`
			`});`

			`it('should return the correct url for mixed parameters', () => {`
			`expect(`
			`buildLoginPromptUrl({ first_screen: FirstScreen.Register, direct_sign_in: 'method:target' })`
			`).toBe('direct/method/target?fallback=register');`
			`expect(`
			`buildLoginPromptUrl(`
			`{ first_screen: FirstScreen.Register, direct_sign_in: 'method:target' },`
			`demoAppApplicationId`
			`)`
refactor(core, experience): remove `no_cache` param 2024-07-08 09:03:45 +08:00			`).toBe('direct/method/target?fallback=register');`
feat: support direct sign-in (#5536) * feat: support direct sign-in * chore: add changesets * refactor: add test cases * chore(deps): upgrade logto sdks 2024-03-26 13:23:41 +08:00			`});`
			`});`