Merge pull request #540 from FormidableLabs/echo-health-echo-fork

Kadi Kraman · web-flow · commit 99f0fa388dff · 2020-08-03T12:21:13.000+01:00
Support manual authorization code exchange
diff --git a/.travis.yml b/.travis.yml
@@ -1,11 +1,6 @@
 notifications:
   email: false
 
-branches:
-  only:
-    - master
-    - /^v\d+\.\d+\.\d+/
-
 language: node_js
 cache:
   yarn: true
diff --git a/README.md b/README.md
@@ -130,10 +130,11 @@ with optional overrides.
   - **register** - (`{ [key: string]: value }`) headers to be passed during registration request.
 - **useNonce** - (`boolean`) _IOS_ (default: true) optionally allows not sending the nonce parameter, to support non-compliant providers
 - **usePKCE** - (`boolean`) (default: true) optionally allows not sending the code_challenge parameter and skipping PKCE code verification, to support non-compliant providers.
+- **skipCodeExchange** - (`boolean`) (default: false) just return the authorization response, instead of automatically exchanging the authorization code. This is useful if this exchange needs to be done manually (not client-side)
 
 #### result
 
-This is the result from the auth server
+This is the result from the auth server:
 
 - **accessToken** - (`string`) the access token
 - **accessTokenExpirationDate** - (`string`) the token expiration date
@@ -143,6 +144,7 @@ This is the result from the auth server
 - **refreshToken** - (`string`) the refresh token
 - **tokenType** - (`string`) the token type, e.g. Bearer
 - **scopes** - ([`string`]) the scopes the user has agreed to be granted
+- **authorizationCode** - (`string`) the authorization code (only if `skipCodeExchange=true`)
 
 ### `refresh`
 
@@ -332,6 +334,19 @@ Add the following code to `AppDelegate.m` (to support iOS 10 and below)
 + }
 ```
 
+If you want to support universal links, add the following to `AppDelegate.m` under `continueUserActivity`
+
+```diff
++ if ([userActivity.activityType isEqualToString:NSUserActivityTypeBrowsingWeb]) {
++   if (self.authorizationFlowManagerDelegate) {
++     BOOL resumableAuth = [self.authorizationFlowManagerDelegate resumeExternalUserAgentFlowWithURL:userActivity.webpageURL];
++     if (resumableAuth) {
++       return YES;
++     }
++   }
++ }
+```
+
 #### Integration of the library with a Swift iOS project
 
 The approach mentioned should work with Swift. In this case one should make `AppDelegate` conform to `RNAppAuthAuthorizationFlowManager`. Note that this is not tested/guaranteed by the maintainers.
diff --git a/android/src/main/java/com/rnappauth/RNAppAuthModule.java b/android/src/main/java/com/rnappauth/RNAppAuthModule.java
@@ -62,6 +62,7 @@ public class RNAppAuthModule extends ReactContextBaseJavaModule implements Activ
     private final ReactApplicationContext reactContext;
     private Promise promise;
     private boolean dangerouslyAllowInsecureHttpRequests;
+    private Boolean skipCodeExchange;
     private String clientAuthMethod = "basic";
     private Map<String, String> registrationRequestHeaders = null;
     private Map<String, String> authorizationRequestHeaders = null;
@@ -216,6 +217,7 @@ public void authorize(
             final ReadableArray scopes,
             final ReadableMap additionalParameters,
             final ReadableMap serviceConfiguration,
+            final Boolean skipCodeExchange,
             final Boolean usePKCE,
             final String clientAuthMethod,
             final boolean dangerouslyAllowInsecureHttpRequests,
@@ -233,6 +235,7 @@ public void authorize(
         this.additionalParametersMap = additionalParametersMap;
         this.clientSecret = clientSecret;
         this.clientAuthMethod = clientAuthMethod;
+        this.skipCodeExchange = skipCodeExchange;
 
         // when serviceConfiguration is provided, we don't need to hit up the OpenID well-known id endpoint
         if (serviceConfiguration != null || hasServiceConfiguration(issuer)) {
@@ -392,6 +395,13 @@ public void onActivityResult(Activity activity, int requestCode, int resultCode,
                 return;
             }
 
+            if (this.skipCodeExchange) {
+                WritableMap map = TokenResponseFactory.authorizationResponseToMap(response);
+                promise.resolve(map);
+                return;
+            }
+
+
             final Promise authorizePromise = this.promise;
             final AppAuthConfiguration configuration = createAppAuthConfiguration(
                     createConnectionBuilder(this.dangerouslyAllowInsecureHttpRequests, this.tokenRequestHeaders)
diff --git a/android/src/main/java/com/rnappauth/utils/TokenResponseFactory.java b/android/src/main/java/com/rnappauth/utils/TokenResponseFactory.java
@@ -64,6 +64,26 @@ public static final WritableMap tokenResponseToMap(TokenResponse response, Autho
         }
 
 
+        return map;
+    }
+
+
+    /*
+     * Read raw authorization into a React Native map to be passed down the bridge
+     */
+    public static final WritableMap authorizationResponseToMap(AuthorizationResponse authResponse) {
+        WritableMap map = Arguments.createMap();
+        map.putString("authorizationCode", authResponse.authorizationCode);
+        map.putString("accessToken", authResponse.accessToken);
+        map.putMap("additionalParameters", MapUtil.createAdditionalParametersMap(authResponse.additionalParameters));
+        map.putString("idToken", authResponse.idToken);
+        map.putString("tokenType", authResponse.tokenType);
+        map.putArray("scopes", createScopeArray(authResponse.scope));
+
+        if (authResponse.accessTokenExpirationTime != null) {
+            map.putString("accessTokenExpirationTime", DateUtil.formatTimestamp(authResponse.accessTokenExpirationTime));
+        }
+
         return map;
     }
 }
diff --git a/index.d.ts b/index.d.ts
@@ -72,6 +72,7 @@ export type AuthConfiguration = BaseAuthConfiguration & {
   useNonce?: boolean;
   usePKCE?: boolean;
   warmAndPrefetchChrome?: boolean;
+  skipCodeExchange?: boolean;
 };
 
 export interface AuthorizeResult {
@@ -83,6 +84,7 @@ export interface AuthorizeResult {
   refreshToken: string;
   tokenType: string;
   scopes: string[];
+  authorizationCode: string;
 }
 
 export interface RefreshResult {
diff --git a/index.js b/index.js
@@ -155,6 +155,7 @@ export const authorize = ({
   clientAuthMethod = 'basic',
   dangerouslyAllowInsecureHttpRequests = false,
   customHeaders,
+  skipCodeExchange = false,
 }) => {
   validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
   validateClientId(clientId);
@@ -170,6 +171,7 @@ export const authorize = ({
     scopes,
     additionalParameters,
     serviceConfiguration,
+    skipCodeExchange,
   ];
 
   if (Platform.OS === 'android') {
diff --git a/index.spec.js b/index.spec.js
@@ -41,6 +41,7 @@ describe('AppAuth', () => {
     useNonce: true,
     usePKCE: true,
     customHeaders: null,
+    skipCodeExchange: false,
   };
 
   const registerConfig = {
@@ -380,11 +381,37 @@ describe('AppAuth', () => {
         config.scopes,
         config.additionalParameters,
         config.serviceConfiguration,
+        config.skipCodeExchange,
         config.useNonce,
         config.usePKCE
       );
     });
 
+    it('calls the native wrapper with the default value `false`, `true`, `true`', () => {
+      authorize({
+        issuer: 'test-issuer',
+        redirectUrl: 'test-redirectUrl',
+        clientId: 'test-clientId',
+        clientSecret: 'test-clientSecret',
+        customHeaders: null,
+        additionalParameters: null,
+        serviceConfiguration: null,
+        scopes: ['openid'],
+      });
+      expect(mockAuthorize).toHaveBeenCalledWith(
+        'test-issuer',
+        'test-redirectUrl',
+        'test-clientId',
+        'test-clientSecret',
+        ['openid'],
+        null,
+        null,
+        false,
+        true,
+        true
+      );
+    });
+
     describe('Android-specific', () => {
       beforeEach(() => {
         require('react-native').Platform.OS = 'android';
@@ -404,6 +431,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            config.skipCodeExchange,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -421,6 +449,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            false,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -438,6 +467,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            false,
             config.usePKCE,
             config.clientAuthMethod,
             true,
@@ -464,6 +494,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            false,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -619,6 +650,7 @@ describe('AppAuth', () => {
             config.scopes,
             config.additionalParameters,
             config.serviceConfiguration,
+            false,
             config.usePKCE,
             config.clientAuthMethod,
             false,
@@ -643,6 +675,7 @@ describe('AppAuth', () => {
           config.scopes,
           config.additionalParameters,
           config.serviceConfiguration,
+          false,
           true,
           true
         );
@@ -659,6 +692,7 @@ describe('AppAuth', () => {
           config.additionalParameters,
           config.serviceConfiguration,
           false,
+          false,
           true
         );
       });
@@ -679,6 +713,7 @@ describe('AppAuth', () => {
           config.scopes,
           config.additionalParameters,
           config.serviceConfiguration,
+          config.skipCodeExchange,
           config.useNonce,
           true
         );
@@ -694,6 +729,7 @@ describe('AppAuth', () => {
           config.scopes,
           config.additionalParameters,
           config.serviceConfiguration,
+          config.skipCodeExchange,
           config.useNonce,
           false
         );
diff --git a/ios/RNAppAuth.m b/ios/RNAppAuth.m
@@ -88,6 +88,7 @@ - (dispatch_queue_t)methodQueue
                  scopes: (NSArray *) scopes
                  additionalParameters: (NSDictionary *_Nullable) additionalParameters
                  serviceConfiguration: (NSDictionary *_Nullable) serviceConfiguration
+                 skipCodeExchange: (BOOL) skipCodeExchange
                  useNonce: (BOOL *) useNonce
                  usePKCE: (BOOL *) usePKCE
                  resolve: (RCTPromiseResolveBlock) resolve
@@ -104,6 +105,7 @@ - (dispatch_queue_t)methodQueue
                                 useNonce: useNonce
                                  usePKCE: usePKCE
                     additionalParameters: additionalParameters
+                    skipCodeExchange: skipCodeExchange
                                  resolve: resolve
                                   reject: reject];
     } else {
@@ -121,6 +123,7 @@ - (dispatch_queue_t)methodQueue
                                                                                         useNonce: useNonce
                                                                                          usePKCE: usePKCE
                                                                             additionalParameters: additionalParameters
+                                                                                skipCodeExchange: skipCodeExchange
                                                                                          resolve: resolve
                                                                                           reject: reject];
                                                             }];
@@ -259,6 +262,7 @@ - (void)authorizeWithConfiguration: (OIDServiceConfiguration *) configuration
                           useNonce: (BOOL *) useNonce
                            usePKCE: (BOOL *) usePKCE
               additionalParameters: (NSDictionary *_Nullable) additionalParameters
+              skipCodeExchange: (BOOL) skipCodeExchange
                            resolve: (RCTPromiseResolveBlock) resolve
                             reject: (RCTPromiseRejectBlock)  reject
 {
@@ -296,24 +300,39 @@ - (void)authorizeWithConfiguration: (OIDServiceConfiguration *) configuration
         taskId = UIBackgroundTaskInvalid;
     }];
 
-    _currentSession = [OIDAuthState authStateByPresentingAuthorizationRequest:request
+    if (skipCodeExchange) {
+        _currentSession = [OIDAuthorizationService presentAuthorizationRequest:request
                                    presentingViewController:appDelegate.window.rootViewController
-                                                   callback:^(OIDAuthState *_Nullable authState,
-                                                              NSError *_Nullable error) {
+                                                    callback:^(OIDAuthorizationResponse *_Nullable authorizationResponse, NSError *_Nullable error) {
                                                        typeof(self) strongSelf = weakSelf;
                                                        strongSelf->_currentSession = nil;
                                                        [UIApplication.sharedApplication endBackgroundTask:taskId];
                                                        taskId = UIBackgroundTaskInvalid;
-                                                       if (authState) {
-                                                           resolve([self formatResponse:authState.lastTokenResponse
-                                                               withAuthResponse:authState.lastAuthorizationResponse]);
+                                                       if (authorizationResponse) {
+                                                           resolve([self formatAuthorizationResponse:authorizationResponse]);
                                                        } else {
                                                            reject(@"authentication_failed", [error localizedDescription], error);
                                                        }
-                                                   }]; // end [OIDAuthState authStateByPresentingAuthorizationRequest:request
+                                                   }]; // end [OIDAuthState presentAuthorizationRequest:request
+    } else {
+        _currentSession = [OIDAuthState authStateByPresentingAuthorizationRequest:request
+                                presentingViewController:appDelegate.window.rootViewController
+                                                callback:^(OIDAuthState *_Nullable authState,
+                                                            NSError *_Nullable error) {
+                                                    typeof(self) strongSelf = weakSelf;
+                                                    strongSelf->_currentSession = nil;
+                                                    [UIApplication.sharedApplication endBackgroundTask:taskId];
+                                                    taskId = UIBackgroundTaskInvalid;
+                                                    if (authState) {
+                                                        resolve([self formatResponse:authState.lastTokenResponse
+                                                            withAuthResponse:authState.lastAuthorizationResponse]);
+                                                    } else {
+                                                        reject(@"authentication_failed", [error localizedDescription], error);
+                                                    }
+                                                }]; // end [OIDAuthState authStateByPresentingAuthorizationRequest:request
+    }
 }
 
-
 /*
  * Refresh a token with provided OIDServiceConfiguration
  */
@@ -350,6 +369,27 @@ - (void)refreshWithConfiguration: (OIDServiceConfiguration *)configuration
                                         }];
 }
 
+
+/*
+ * Take raw OIDAuthorizationResponse and turn it to response format to pass to JavaScript caller
+ */
+- (NSDictionary*)formatAuthorizationResponse: (OIDAuthorizationResponse*) response {
+    NSDateFormatter *dateFormat = [[NSDateFormatter alloc] init];
+    dateFormat.timeZone = [NSTimeZone timeZoneWithAbbreviation: @"UTC"];
+    [dateFormat setLocale:[NSLocale localeWithLocaleIdentifier:@"en_US_POSIX"]];
+    [dateFormat setDateFormat:@"yyyy-MM-dd'T'HH:mm:ss'Z'"];
+
+    return @{@"authorizationCode": response.authorizationCode ? response.authorizationCode : @"",
+            @"state": response.state ? response.state : @"",
+            @"accessToken": response.accessToken ? response.accessToken : @"",
+            @"accessTokenExpirationDate": response.accessTokenExpirationDate ? [dateFormat stringFromDate:response.accessTokenExpirationDate] : @"",
+            @"tokenType": response.tokenType ? response.tokenType : @"",
+            @"idToken": response.idToken ? response.idToken : @"",
+            @"scopes": response.scope ? [response.scope componentsSeparatedByString:@" "] : [NSArray new],
+            @"additionalParameters": response.additionalParameters,
+            };
+}
+
 /*
  * Take raw OIDTokenResponse and turn it to a token response format to pass to JavaScript caller
  */
