Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Authorization): The value of the 'required_scopes' property of an AuthorizationError is now sent to Globus Auth as 'scope' parameter by default. #366

Merged
merged 2 commits into from
Nov 13, 2024
Merged

fix(Authorization): The value of the 'required_scopes' property of an AuthorizationError is now sent to Globus Auth as 'scope' parameter by default. #366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b2e7db6
fix(Authorization): The value of the 'required_scopes' property of an…
jbottigliero Nov 13, 2024
cae2bae
fix: include more descriptive type for toAuthorizationQueryParams
jbottigliero Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions src/core/__tests__/errors.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,16 @@ describe('toAuthorizationQueryParams', () => {
}),
).toEqual({});
});
it('drops known unsupported properties', () => {

it('maps properties to their Globus Auth query parameter equivalent and removes unsupported parameters', () => {
expect(
toAuthorizationQueryParams({
authorization_parameters: {
required_scopes: ['foobar'],
required_scopes: ['foobar', 'data_access'],
},
}),
).toEqual({});
).toEqual({
scope: 'foobar,data_access',
});
});
});
25 changes: 22 additions & 3 deletions src/core/errors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* if (errors.isConsentRequiredError(...)) { ... }
*/
import type { AuthorizationQueryParameters } from '../services/auth/index.js';
import type { AuthorizationRequestParameters } from './authorization/pkce.js';

export class EnvironmentConfigurationError extends Error {
override name = 'EnvironmentConfigurationError';
Expand Down Expand Up @@ -65,16 +66,34 @@ export type AuthorizationRequirementsError = {
[key: string]: unknown;
};
/**
* Keys that should not be included in the query string object (not recognized by Globus Auth).
* Keys that should not be included in the query string object (not recognized by Globus Auth),
* but are found on the `AuthorizationRequirementsError` object.
*/
const NO_OP_KEYS: (keyof AuthorizationRequirementsError)[] = ['required_scopes'];
/**
* Convert an `AuthorizationRequirementsError` to a query string object accepted by Globus Auth.
*/
export function toAuthorizationQueryParams(
error: AuthorizationRequirementsError,
): AuthorizationQueryParameters {
return Object.entries(error.authorization_parameters).reduce((acc, [key, v]) => {
): AuthorizationQueryParameters & Partial<AuthorizationRequestParameters> {
/**
* Map properties from the `AuthorizationRequirementsError` to accepted query parameters.
*/
const mapped = {
/**
* `required_scopes` isn't a query parameter accepted by Globus Auth, but
* in most cases the `required_scopes` represented in the error are intended
* to be included in the `scopes` (OAuth) parameter.
* @see https://docs.globus.org/api/auth/sessions/#client-initiated-authns
*/
scope: error.authorization_parameters.required_scopes,
/**
* We still include the entire `authorization_parameters` object in addition to the mapped values for parsing.
*/
...error.authorization_parameters,
};

return Object.entries(mapped).reduce((acc, [key, v]) => {
/**
* Remove keys that are not recognized by Globus Auth and empty values.
*/
Expand Down
Loading