fix(authentication): OAuth2 authentication url construction (#482)

ConduitPlatform · Jan 5, 2023 · eae1e82 · eae1e82
1 parent 3cfdf55
commit eae1e82
Showing 1 changed file with 13 additions and 11 deletions.
diff --git a/modules/authentication/src/handlers/oauth2/OAuth2.ts b/modules/authentication/src/handlers/oauth2/OAuth2.ts
@@ -34,9 +34,9 @@ export abstract class OAuth2<T, S extends OAuth2Settings>
   mapScopes: { [key: string]: string };
   defaultScopes: string[];
   protected settings: S;
-  private providerName: string;
+  private readonly providerName: string;
 
-  constructor(grpcSdk: ConduitGrpcSdk, providerName: string, settings: S) {
+  protected constructor(grpcSdk: ConduitGrpcSdk, providerName: string, settings: S) {
     this.providerName = providerName;
     this.grpcSdk = grpcSdk;
     this.settings = settings;
@@ -74,14 +74,16 @@ export abstract class OAuth2<T, S extends OAuth2Settings>
         .replace(/\//g, '_');
     }
 
-    const options: RedirectOptions = {
+    const queryOptions: RedirectOptions = {
       client_id: this.settings.clientId,
       redirect_uri: conduitUrl + this.settings.callbackUrl,
       response_type: this.settings.responseType,
       response_mode: this.settings.responseMode,
       scope: this.constructScopes(scopes),
-      code_challenge: codeChallenge,
-      code_challenge_method: this.settings.codeChallengeMethod,
+      ...(codeChallenge !== undefined && { code_challenge: codeChallenge }),
+      ...(this.settings.codeChallengeMethod !== undefined && {
+        code_challenge_method: this.settings.codeChallengeMethod,
+      }),
     };
     const baseUrl = this.settings.authorizeUrl;
 
@@ -92,23 +94,23 @@ export abstract class OAuth2<T, S extends OAuth2Settings>
         data: {
           invitationToken: call.request.params?.invitationToken,
           clientId: call.request.context.clientId,
-          scope: options.scope,
+          scope: queryOptions.scope,
           codeChallenge: codeChallenge,
           expiresAt: new Date(Date.now() + 10 * 60 * 1000),
         },
       })
       .catch(err => {
         throw new GrpcError(status.INTERNAL, err);
       });
-    options['state'] = stateToken.token;
+    queryOptions['state'] = stateToken.token;
 
-    const keys = Object.keys(options) as [keyof RedirectOptions];
-    const url = keys
+    const keys = Object.keys(queryOptions) as [keyof RedirectOptions];
+    const queryString = keys
       .map(k => {
-        return k + '=' + options[k];
+        return k + '=' + queryOptions[k];
       })
       .join('&');
-    return baseUrl + url;
+    return baseUrl + '?' + queryString;
   }
 
   async authorize(call: ParsedRouterRequest) {