Merge pull request #180 from thivi/master

Fix bugs with correlating authorization and access token requests

Author: thivi

README.md

@@ -34,6 +34,7 @@
     -   [getPKCECode](#getPKCECode)
     -   [setPKCECode](#setPKCECode)
     -   [isSignOutSuccessful](#isSignOutSuccessful)
+    -   [didSignOutFail](#didSignOutFail)
     -   [updateConfig](#updateConfig)
 -   [Data Storage](#data-storage)
     -   [Data Layer](#data-layer)
@@ -717,10 +718,13 @@ const isAuth = await auth.isAuthenticated();
 ### getPKCECode
 
 ```TypeScript
-getPKCECode(userID?: string): string
+getPKCECode(state: string, userID?: string): string
 ```
 #### Argument
-1. userID: `string` (optional)
+1. state: `string`
+   The state parameter that was passed in the authorization request.
+
+2. userID: `string` (optional)
 
     If you want to use the SDK to manage multiple user sessions, you can pass a unique ID here. This can be useful when this SDK is used in backend applications.
 #### Returns
@@ -736,23 +740,25 @@ This code returns the PKCE code generated when the authorization URL is generate
 #### Example
 
 ```TypeScript
-const pkce = auth.getPKCECode();
+const pkce = auth.getPKCECode(state);
 ```
 
 ---
 
 ### setPKCECode
 
 ```TypeScript
-setPKCECode(pkce: string, userID?: string): void
+setPKCECode(pkce: string, state: string, userID?: string): void
 ```
 
 #### Arguments
 
 1. pkce: `string`
 
 The PKCE code generated by the [`getAuthorizationURL`](#getAuthorizationURL) method.
-2. userID: `string` (optional)
+2. state: `string`
+   The state parameter that was passed in the authorization request.
+3. userID: `string` (optional)
 
     If you want to use the SDK to manage multiple user sessions, you can pass a unique ID here. This can be useful when this SDK is used in backend applications.
 #### Description
@@ -762,7 +768,7 @@ This method sets the PKCE code to the store. The PKCE code is usually stored in
 #### Example
 
 ```TypeScript
-auth.setPKCECode("pkce");
+auth.setPKCECode(pkce, state);
 ```
 
 ---
@@ -789,7 +795,39 @@ A boolean value indicating if the user has been signed out or not.
 
 #### Description
 
-This method returns if the user has been successfully signed out or not. When a user signs out from the server, the user is redirected to the URL specified by the `signOutRedirectURL` in the config object passed into the constructor of the `AsgardeoAuthClient`. The server appends path parameters indicating if the sign-out is successful. This method reads the URL and returns if the sign-out is successful or not. So, make sure you pass as the argument, the URL to which the user has been redirected to after signing out from the server.
+This method returns if the user has been successfully signed out or not. When a user signs out from the server, the user is redirected to the URL specified by the `signOutRedirectURL` in the config object passed into the constructor of the `AsgardeoAuthClient`. The server appends path parameters indicating if the sign-out is successful. This method reads the URL and returns if the sign-out is successful or not. So, make sure you pass as the argument the URL to which the user has been redirected to after signing out from the server.
+
+#### Example
+
+```TypeScript
+const isSignedOut = auth.isSignOutSuccessful(window.location.href);
+```
+
+---
+
+### didSignOutFail
+
+```TypeScript
+static didSignOutFail(signOutRedirectURL: string): boolean
+```
+
+**This is a static method.**
+
+#### Arguments
+
+1. signOutRedirectURL: `string`
+
+    The URL to which the user is redirected to after signing out from the server.
+
+#### Returns
+
+didSignOutFail: `boolean`
+
+A boolean value indicating if sign-out failed or not.
+
+#### Description
+
+This method returns if sign-out failed or not. When a user signs out from the server, the user is redirected to the URL specified by the `signOutRedirectURL` in the config object passed into the constructor of the `AsgardeoAuthClient`. The server appends path parameters indicating if the sign-out is successful. This method reads the URL and returns if the sign-out failed or not. So, make sure you pass as the argument the URL to which the user has been redirected to after signing out from the server.
 
 #### Example
 

lib/.eslintrc.js

@@ -5,8 +5,8 @@ module.exports = {
         jest: true,
         node: true
     },
-    extends: ["eslint:recommended", "plugin:import/typescript"],
-    overrides: [{
+    extends: [ "eslint:recommended", "plugin:import/typescript" ],
+    overrides: [ {
         env: {
             browser: true,
             es6: true,
@@ -17,7 +17,7 @@ module.exports = {
             "plugin:@typescript-eslint/eslint-recommended",
             "plugin:@typescript-eslint/recommended"
         ],
-        files: ["**/*.ts"],
+        files: [ "**/*.ts" ],
         parser: "@typescript-eslint/parser",
         parserOptions: {
             ecmaVersion: 9,
@@ -27,50 +27,49 @@ module.exports = {
             "@typescript-eslint/explicit-function-return-type": 0,
             "@typescript-eslint/no-explicit-any": 0,
             "@typescript-eslint/no-inferrable-types": "off",
-            "@typescript-eslint/no-unused-vars": "off",
-            "@typescript-eslint/no-unused-vars-experimental": "warn",
-            "@typescript-eslint/no-use-before-define": ["warn", {
+            "@typescript-eslint/no-unused-vars": "warn",
+            "@typescript-eslint/no-use-before-define": [ "warn", {
                 classes: false,
                 functions: false,
                 typedefs: false,
                 variables: false
-            }],
+            } ],
             "eol-last": "error",
             "no-debugger": "warn",
             "no-use-before-define": "off"
         }
-    }],
+    } ],
     parserOptions: {
         ecmaVersion: 9,
         sourceType: "module"
     },
-    plugins: ["import"],
+    plugins: [ "import", "@typescript-eslint" ],
     rules: {
-        "comma-dangle": ["warn", "never"],
+        "comma-dangle": [ "warn", "never" ],
         "eol-last": "error",
-        "import/order": ["warn", {
+        "import/order": [ "warn", {
             "alphabetize": {
                 caseInsensitive: true,
                 order: "asc"
             },
-            "groups": ["builtin", "external", "index", "sibling", "parent", "internal"]
-        }],
-        "max-len": ["warn", {
+            "groups": [ "builtin", "external", "index", "sibling", "parent", "internal" ]
+        } ],
+        "max-len": [ "warn", {
             "code": 120
-        }],
+        } ],
         "no-console": "warn",
         "no-duplicate-imports": "warn",
-        "object-curly-spacing": ["warn", "always"],
-        "quotes": ["warn", "double"],
-        "sort-imports": ["warn", {
+        "object-curly-spacing": [ "warn", "always" ],
+        "quotes": [ "warn", "double" ],
+        "sort-imports": [ "warn", {
             "ignoreCase": false,
             "ignoreDeclarationSort": true,
             "ignoreMemberSort": false
-        }],
-        "sort-keys": ["warn", "asc", {
+        } ],
+        "sort-keys": [ "warn", "asc", {
             "caseSensitive": true,
             "minKeys": 2,
             "natural": false
-        }]
+        } ]
     }
 };

lib/package.json

@@ -27,20 +27,20 @@
     "author": "Asgardeo",
     "license": "Apache-2.0",
     "devDependencies": {
-        "@rollup/plugin-commonjs": "^16.0.0",
-        "@rollup/plugin-eslint": "^8.0.0",
+        "@rollup/plugin-commonjs": "^21.0.2",
+        "@rollup/plugin-eslint": "^8.0.1",
         "@rollup/plugin-json": "^4.1.0",
-        "@rollup/plugin-node-resolve": "^10.0.0",
-        "@rollup/plugin-replace": "^2.3.4",
-        "@types/node": "^13.9.2",
-        "rollup": "^2.33.3",
-        "rollup-plugin-analyzer": "^3.3.0",
+        "@rollup/plugin-node-resolve": "^13.1.3",
+        "@rollup/plugin-replace": "^4.0.0",
+        "@types/node": "^17.0.21",
+        "rollup": "^2.69.0",
+        "rollup-plugin-analyzer": "^4.0.0",
         "rollup-plugin-auto-external": "^2.0.0",
         "rollup-plugin-terser": "^7.0.2",
-        "rollup-plugin-typescript2": "^0.29.0",
-        "rollup-plugin-web-worker-loader": "^1.4.0",
+        "rollup-plugin-typescript2": "^0.31.2",
+        "rollup-plugin-web-worker-loader": "^1.6.1",
         "rollup-pluginutils": "^2.8.2",
-        "typescript": "*"
+        "typescript": "~4.5.5"
     },
     "repository": {
         "type": "git",

lib/src/client.ts

@@ -16,7 +16,7 @@
  * under the License.
  */
 
-import { OIDC_SCOPE, OP_CONFIG_INITIATED, ResponseMode, SIGN_OUT_SUCCESS_PARAM } from "./constants";
+import { OIDC_SCOPE, OP_CONFIG_INITIATED, ResponseMode, SIGN_OUT_SUCCESS_PARAM, STATE } from "./constants";
 import { AuthenticationCore } from "./core";
 import { DataLayer } from "./data";
 import {
@@ -205,7 +205,7 @@ export class AsgardeoAuthClient<T> {
         }
 
         return this._authenticationCore.getOIDCProviderMetaData(false).then(() => {
-            return this._authenticationCore.requestAccessToken(authorizationCode, sessionState, state,userID);
+            return this._authenticationCore.requestAccessToken(authorizationCode, sessionState, state, userID);
         });
     }
 
@@ -498,6 +498,7 @@ export class AsgardeoAuthClient<T> {
      *
      * @param {string} userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
      * scenarios where each user should be uniquely identified.
+     * @param {string} state - The state parameter that was passed in the authentication URL.
      *
      * @return {Promise<string>} - A Promise that resolves with the PKCE code.
      *
@@ -512,15 +513,15 @@ export class AsgardeoAuthClient<T> {
      *
      * @preserve
      */
-    public async getPKCECode(userID?: string): Promise<string> {
-        return this._authenticationCore.getPKCECode(userID);
+    public async getPKCECode(state: string, userID?: string): Promise<string> {
+        return this._authenticationCore.getPKCECode(state, userID);
     }
 
     /**
      * This method sets the PKCE code to the data store.
      *
      * @param {string} pkce - The PKCE code.
-     *
+     * @param {string} state - The state parameter that was passed in the authentication URL.
      * @param {string} userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
      * scenarios where each user should be uniquely identified.
      *
@@ -535,8 +536,8 @@ export class AsgardeoAuthClient<T> {
      *
      * @preserve
      */
-    public async setPKCECode(pkce: string, userID?: string): Promise<void> {
-        await this._authenticationCore.setPKCECode(pkce, userID);
+    public async setPKCECode(pkce: string, state: string, userID?: string): Promise<void> {
+        await this._authenticationCore.setPKCECode(pkce, state, userID);
     }
 
     /**
@@ -557,12 +558,36 @@ export class AsgardeoAuthClient<T> {
      */
     public static isSignOutSuccessful(signOutRedirectURL: string): boolean {
         const url = new URL(signOutRedirectURL);
-        const stateParam = url.searchParams.get("state");
+        const stateParam = url.searchParams.get(STATE);
         const error = Boolean(url.searchParams.get("error"));
 
         return stateParam ? stateParam === SIGN_OUT_SUCCESS_PARAM && !error : false;
     }
 
+    /**
+     * This method returns if the sign-out has failed or not.
+     *
+     * @param {string} signOutRedirectUrl - The URL to which the user has been redirected to after signing-out.
+     *
+     * **The server appends path parameters to the `signOutRedirectURL` and these path parameters
+     *  are required for this method to function.**
+     *
+     * @return {boolean} - `true` if successful, `false` otherwise.
+     *
+     * @link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#didSignOutFail
+     *
+     * @memberof AsgardeoAuthClient
+     *
+     * @preserve
+     */
+    public static didSignOutFail(signOutRedirectURL: string): boolean {
+        const url = new URL(signOutRedirectURL);
+        const stateParam = url.searchParams.get(STATE);
+        const error = Boolean(url.searchParams.get("error"));
+
+        return stateParam ? stateParam === SIGN_OUT_SUCCESS_PARAM && error : false;
+    }
+
     /**
      * This method updates the configuration that was passed into the constructor when instantiating this class.
      *

lib/src/core/authentication-core.ts

@@ -20,7 +20,6 @@ import {
     FetchCredentialTypes,
     OIDC_SCOPE,
     OP_CONFIG_INITIATED,
-    PKCE_CODE_VERIFIER,
     SESSION_STATE,
     SIGN_OUT_SUCCESS_PARAM,
     STATE
@@ -119,17 +118,18 @@ export class AuthenticationCore<T> {
         const customParams = config;
         if (customParams) {
             for (const [ key, value ] of Object.entries(customParams)) {
-                if (key != "" && value != "") {
+                if (key != "" && value != "" && key !== STATE) {
                     authorizeRequest.searchParams.append(key, value.toString());
                 }
             }
         }
 
+
         authorizeRequest.searchParams.append(
             STATE,
             AuthenticationUtils.generateStateParamForRequestCorrelation(
                 pkceKey,
-                authorizeRequest.searchParams.get(STATE) ?? ""
+                customParams ? customParams[STATE]?.toString() : ""
             )
         );
 
@@ -644,12 +644,18 @@ export class AuthenticationCore<T> {
         return Boolean(await this.getAccessToken(userID));
     }
 
-    public async getPKCECode(userID?: string): Promise<string> {
-        return (await this._dataLayer.getTemporaryDataParameter(PKCE_CODE_VERIFIER, userID)) as string;
+    public async getPKCECode(state: string, userID?: string): Promise<string> {
+        return (await this._dataLayer.getTemporaryDataParameter(
+            AuthenticationUtils.extractPKCEKeyFromStateParam(state),
+            userID)) as string;
     }
 
-    public async setPKCECode(pkce: string, userID?: string): Promise<void> {
-        return await this._dataLayer.setTemporaryDataParameter(PKCE_CODE_VERIFIER, pkce, userID);
+    public async setPKCECode(pkce: string, state: string, userID?: string): Promise<void> {
+        return await this._dataLayer.setTemporaryDataParameter(
+            AuthenticationUtils.extractPKCEKeyFromStateParam(state),
+            pkce,
+            userID
+        );
     }
 
     public async updateConfig(config: Partial<AuthClientConfig<T>>): Promise<void> {

lib/src/helpers/authentication-helper.ts

@@ -96,7 +96,9 @@ export class AuthenticationHelper<T> {
         configData.endpoints &&
             Object.keys(configData.endpoints).forEach((endpointName: string) => {
                 const snakeCasedName = endpointName.replace(/[A-Z]/g, (letter) => `_${ letter.toLowerCase() }`);
-                oidcProviderMetaData[ snakeCasedName ] = configData?.endpoints ? configData.endpoints[ endpointName ] : "";
+                oidcProviderMetaData[ snakeCasedName ] = configData?.endpoints
+                    ? configData.endpoints[ endpointName ]
+                    : "";
             });
 
         const defaultEndpoints = {

lib/src/helpers/crypto-helper.ts

@@ -59,12 +59,7 @@ export class CryptoHelper<T = any, R = any> {
 
         for (const key of keys) {
             if (headerJSON.kid === key.kid) {
-                return this._cryptoUtils.parseJwk({
-                    alg: key.alg,
-                    e: key.e,
-                    kty: key.kty,
-                    n: key.n
-                });
+                return this._cryptoUtils.parseJwk(key);
             }
         }