Adjusts -admin validation check (#1513)

OKTA-720755 fix: updates issuer validation
okta · Apr 23, 2024 · 6ff9711 · 6ff9711
1 parent 7af0a83
commit 6ff9711
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,10 +3,15 @@
 ## 7.6.0
 
 ### Features
+
 - [#1507](https://github.com/okta/okta-auth-js/pull/1507) add: new method `getOrRenewAccessToken`
 - [#1505](https://github.com/okta/okta-auth-js/pull/1505) add: support of `revokeSessions` param for `OktaPassword` authenticator (can be used in `reset-authenticator` remediation)
 - [#1512](https://github.com/okta/okta-auth-js/pull/1512) add: new service `RenewOnTabActivation`
 
+### Bug Fix
+
+- [#1513](https://github.com/okta/okta-auth-js/pull/1513) fix: restricts `issuer` "-admin" validation to `.okta` domain
+
 ## 7.5.1
 
 ### Bug Fix

diff --git a/lib/oidc/options/OAuthOptionsConstructor.ts b/lib/oidc/options/OAuthOptionsConstructor.ts
@@ -48,7 +48,7 @@ function assertValidConfig(args) {
       'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
   }
 
-  if (issuer.indexOf('-admin.') !== -1) {
+  if (issuer.indexOf('-admin.okta') !== -1) {
     throw new AuthSdkError('Issuer URL passed to constructor contains "-admin" in subdomain. ' +
       'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com})');
   }

diff --git a/test/spec/OktaAuth/assertValidConfig.ts b/test/spec/OktaAuth/assertValidConfig.ts
@@ -53,7 +53,7 @@ describe('assertValidConfig', () => {
       'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})');
   });
 
-  it('throw an error if url contains "-admin" when passed to the constructor', function () {
+  it('throw an error if url on the okta domain contains "-admin" when passed to the constructor', function () {
     var err;
     try {
       new OktaAuth({issuer: 'https://dev-12345-admin.oktapreview.com'}); // eslint-disable-line no-new
@@ -65,4 +65,8 @@ describe('assertValidConfig', () => {
       'Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com})');
   });
 
+  it('should not throw an error if url contains "-admin" on a domain other than .okta when passed to the constructor', function () {
+    // eslint-disable-next-line no-new
+    expect(() => new OktaAuth({issuer: 'https://login-admin.foobar.com'})).not.toThrowError();
+  });
 });