Support the @authress/login SDK response parameters.

CHANGELOG.md

@@ -4,6 +4,7 @@ This is the changelog for [Authress SDK](readme.md).
 ## 2.3 ##
 * Improve support for collectionConfiguration to skip `accessToAllSubResources` check when using `INCLUDE_NESTED` in the query.
 * Add explicit `clientId` into the generate service token JWT.
+* Support `AuthenticateResponse` from the `@authress/login` SDK.
 
 ## 2.2 ##
 * Fix `Invite` to use the correct `InviteStatement` type for `Invite` statements.

index.d.ts

@@ -2,6 +2,8 @@
 /* eslint-disable @typescript-eslint/no-empty-interface */
 /* eslint-disable no-shadow */
 
+import { AuthenticateResponse } from '@authress/login';
+
 import { Response, IPaginated, Links, Cursor, AccountLink } from './src/response';
 
 import { ConnectionsApi } from './src/connections/api';
@@ -1052,6 +1054,16 @@ export class ServiceClientTokenProvider {
    * @returns {Promise<string>} A url to redirect the user to complete login.
    */
   generateUserLoginUrl(authressCustomDomainLoginUrl: string, state: string, clientId: string, userId: string): Promise<string>;
+
+  /**
+   * Generate the url to redirect the user back to your application from your authentication server after their credentials have been successfully verified. All these parameters should be found passed through from the user's login attempt along with their credentials. The authentication server receives a request from the user to login, with these values. Then these are constructed and sent back to Authress to verify the generated login data.
+   * @summary Generate the url to redirect the user back to your application from your authentication server after their credentials have been successfully verified.
+   * @type {Function<Promise<string>>}
+   * @param {AuthenticateResponse} authenticateResponse The response object returned from the {@link @authress/login} SDK, it contains all the necessary information into order to correctly authenticate a user.
+   * @param {string} userId The user to request a JWT for.
+   * @returns {Promise<string>} A url to redirect the user to complete login.
+   */
+  generateUserLoginUrl(authenticateResponse: AuthenticateResponse, userId: string): Promise<string>;
 }
 
 /**

package.json

@@ -14,6 +14,7 @@
     "test": "mocha tests/**/*.test.js -R spec"
   },
   "dependencies": {
+    "@authress/login": "*",
     "axios": "^0.21",
     "base64url": "^3.0.1",
     "jose": "^4.8.3"

src/serviceClientTokenProvider.js

@@ -55,10 +55,23 @@ module.exports = function(accessKey, authressCustomDomain) {
   };
 
   innerGetToken.getToken = innerGetToken;
-  innerGetToken.generateUserLoginUrl = async (authressCustomDomainLoginUrl, state, clientId, userId) => {
-    if (!authressCustomDomainLoginUrl) {
+  innerGetToken.generateUserLoginUrl = async (authressCustomDomainLoginUrlInput, stateInput, clientIdInput, userIdInput) => {
+    if (!authressCustomDomainLoginUrlInput) {
       throw new ArgumentRequiredError('authressCustomDomainLoginUrl', 'The authressCustomDomainLoginUrl is specified in the incoming login request, this should match the configured Authress custom domain.');
     }
+
+    let authressCustomDomainLoginUrl = authressCustomDomainLoginUrlInput;
+    let state = stateInput;
+    let clientId = clientIdInput;
+    let userId = userIdInput;
+    if (typeof authressCustomDomainLoginUrlInput === 'object' && authressCustomDomainLoginUrlInput.authenticationUrl) {
+      userId = stateInput;
+      const parameters = [...new URL(authressCustomDomainLoginUrlInput.authenticationUrl).searchParams.entries()].reduce((acc, [k, v]) => ({ ...acc, [k]: v }), {});
+      authressCustomDomainLoginUrl = authressCustomDomainLoginUrlInput.authenticationUrl;
+      clientId = parameters.client_id;
+      state = parameters.state;
+    }
+
     if (!state) {
       throw new ArgumentRequiredError('state', 'The state should match value to generate a authorization code redirect for is required.');
     }

tests/serviceClientTokenProvider.test.js

@@ -40,6 +40,9 @@ describe('serviceClientTokenProvider.js', () => {
 
       const issuer = new URL(initialToken).searchParams.get('iss');
       expect(issuer).to.eql('https://login.redirect-url.com/v1/clients/clientId');
+
+      const state = new URL(initialToken).searchParams.get('state');
+      expect(state).to.eql('state');
     });
 
     it('Validate cache tokens work use custom domain fallback', async () => {
@@ -48,6 +51,9 @@ describe('serviceClientTokenProvider.js', () => {
       const url = await tokenProvider.generateUserLoginUrl('https://login.redirect-url.com/login', 'state', 'clientId', 'user1');
       const issuer = new URL(url).searchParams.get('iss');
       expect(issuer).to.eql('https://login.redirect-url.com/v1/clients/clientId');
+
+      const state = new URL(url).searchParams.get('state');
+      expect(state).to.eql('state');
     });
 
     it('Validate cache tokens work use custom domain', async () => {
@@ -56,6 +62,21 @@ describe('serviceClientTokenProvider.js', () => {
       const url = await tokenProvider.generateUserLoginUrl('https://login.something-wrong.com/login', 'state', 'clientId', 'user1');
       const issuer = new URL(url).searchParams.get('iss');
       expect(issuer).to.eql('https://login.redirect-url.com/v1/clients/clientId');
+
+      const state = new URL(url).searchParams.get('state');
+      expect(state).to.eql('state');
+    });
+
+    it('Validate authentication response from the @authress/login SDK correctly generates the correct result', async () => {
+      const accessKey = 'clientId.uDeF.a43706ca-9647-40e4-aeae-7dcaa54bbab3.MC4CAQAwBQYDK2VwBCIEIE99LFw2c3DCiYwrY/Qkg1nIDiagoHtdCwb88RxarVYA';
+      const tokenProvider = new ServiceClientTokenProvider(accessKey);
+      const initialToken = await tokenProvider.generateUserLoginUrl({ authenticationUrl: 'https://login.redirect-url.com?client_id=clientId&state=state' }, 'user1');
+
+      const issuer = new URL(initialToken).searchParams.get('iss');
+      expect(issuer).to.eql('https://login.redirect-url.com/v1/clients/clientId');
+
+      const state = new URL(initialToken).searchParams.get('state');
+      expect(state).to.eql('state');
     });
   });
 });

yarn.lock

@@ -2,6 +2,14 @@
 # yarn lockfile v1
 
 
+"@authress/login@*":
+  version "2.4.313"
+  resolved "https://registry.yarnpkg.com/@authress/login/-/login-2.4.313.tgz#d4171db8c5fe0e6ff52fc9122bbc0a5afb3db2fe"
+  integrity sha512-p0m1Sod9+N2YYSFpwWVS43usuKeysGraHm2ThREuHWp3HVIfbFwmAiRhCmTt+M2F0GdC8ilcmPe1BTK0KQUJ0Q==
+  dependencies:
+    cookie "^0.5.0"
+    lodash.take "^4.1.1"
+
 "@eslint/eslintrc@^1.3.3":
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-1.3.3.tgz#2b044ab39fdfa75b4688184f9e573ce3c5b0ff95"
@@ -431,6 +439,11 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+cookie@^0.5.0:
+  version "0.5.0"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
+  integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
+
 cross-spawn@^7.0.2:
   version "7.0.3"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
@@ -1295,6 +1308,11 @@ lodash.merge@^4.6.2:
   resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
   integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
 
+lodash.take@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/lodash.take/-/lodash.take-4.1.1.tgz#0b4146dcb7a70c6153495187fc10b12b71fefadf"
+  integrity sha512-3T118EQjnhr9c0aBKCCMhQn0OBwRMz/O2WaRU6VH0TSKoMCmFtUpr0iUp+eWKODEiRXtYOK7R7SiBneKHdk7og==
+
 lodash@^4.17.15:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"