feat: update GetAuthorizationUri, ConnectorSession and social connector member methods (#2922)

.changeset-staged/good-feet-own.md

@@ -0,0 +1,6 @@
+---
+"@logto/connector-kit": patch
+---
+
+1. Add `connectorId`, `connectorFactoryId` and `jti` to `GetAuthorizationUri`.
+2. Make `ConnectorSession` compatible for arbitrary keys.

packages/core/src/routes/interaction/utils/social-verification.ts

@@ -31,9 +31,25 @@ export const createSocialAuthorizationUrl = async (
   const {
     headers: { 'user-agent': userAgent },
   } = ctx.request;
+  const { jti } = await provider.interactionDetails(ctx.req, ctx.res);
 
   return connector.getAuthorizationUri(
-    { state, redirectUri, headers: { userAgent } },
+    {
+      state,
+      redirectUri,
+      /**
+       * For upcoming POST /interaction/verification/assertion API, we need to block requests
+       * for non-SAML connector (relies on connectorFactoryId) and use `connectorId`
+       * to find correct connector config.
+       *
+       * TODO @darcy : add check on `connectorId` and `connectorFactoryId` existence and save logic
+       * in SAML connector `getAuthorizationUri` method.
+       */
+      connectorId,
+      connectorFactoryId: connector.metadata.id,
+      jti,
+      headers: { userAgent },
+    },
     async (connectorStorage: ConnectorSession) =>
       assignConnectorSessionResult(ctx, provider, connectorStorage)
   );

packages/toolkit/connector-kit/src/types.ts

@@ -119,10 +119,20 @@ export type ConnectorMetadata = z.infer<typeof connectorMetadataGuard>;
 
 export type ConfigurableConnectorMetadata = z.infer<typeof configurableConnectorMetadataGuard>;
 
-export const connectorSessionGuard = z.object({
-  nonce: z.string().optional(),
-  redirectUri: z.string().optional(),
-});
+export const connectorSessionGuard = z
+  .object({
+    nonce: z.string(),
+    redirectUri: z.string(),
+    connectorId: z.string(),
+    connectorFactoryId: z.string(),
+    jti: z.string(),
+    state: z.string(),
+  })
+  .partial()
+  /**
+   * Accept arbitrary unspecified keys so developers who can not publish @logto/connector-kit can more flexibly utilize connector session.
+   */
+  .catchall(z.unknown());
 
 export type ConnectorSession = z.infer<typeof connectorSessionGuard>;
 
@@ -162,13 +172,24 @@ export type SendMessageFunction = (
 export type SocialConnector = BaseConnector<ConnectorType.Social> & {
   getAuthorizationUri: GetAuthorizationUri;
   getUserInfo: GetUserInfo;
+  validateSamlAssertion?: ValidateSamlAssertion;
 };
 
+// This type definition is for SAML connector
+export type ValidateSamlAssertion = (
+  assertion: Record<string, unknown>,
+  getSession: GetSession,
+  setSession: SetSession
+) => Promise<string>;
+
 export type GetAuthorizationUri = (
   payload: {
     state: string;
     redirectUri: string;
-    headers?: { userAgent?: string };
+    connectorId: string;
+    connectorFactoryId: string;
+    jti: string;
+    headers: { userAgent?: string };
   },
   setSession?: SetSession
 ) => Promise<string>;