Added token.getWithPopup

Resolves: OKTA-94708
okta · Jul 21, 2016 · 928a55e · 928a55e
1 parent 96c5251
commit 928a55e
Show file tree

Hide file tree

Showing 4 changed files with 190 additions and 1 deletion.
diff --git a/lib/clientBuilder.js b/lib/clientBuilder.js
@@ -66,7 +66,7 @@ function OktaAuthBuilder(args) {
   };
 
   sdk.idToken = {
-    authorize: util.bind(token.getIdToken, sdk, sdk), // deprecated for sessionToken
+    authorize: util.bind(token.getIdToken, sdk, sdk), // deprecated for sessionToken and idp flows
     verify: util.bind(token.verifyIdToken, sdk, sdk),
     refresh: util.bind(token.refreshIdToken, sdk, sdk),
     decode: util.bind(token.decodeToken, sdk) // deprecated
@@ -79,6 +79,7 @@ function OktaAuthBuilder(args) {
 
   sdk.token = {
     getWithoutPrompt: util.bind(token.getWithoutPrompt, sdk, sdk),
+    getWithPopup: util.bind(token.getWithPopup, sdk, sdk),
     decode: util.bind(token.decodeToken, sdk)
   };
 }

diff --git a/lib/token.js b/lib/token.js
@@ -543,9 +543,18 @@ function getWithoutPrompt(sdk, oauthOptions, options) {
   return getIdToken(sdk, oauthParams, options);
 }
 
+function getWithPopup(sdk, oauthOptions, options) {
+  var oauthParams = util.clone(oauthOptions) || {};
+  util.extend(oauthParams, {
+    display: 'popup'
+  });
+  return getIdToken(sdk, oauthParams, options);
+}
+
 module.exports = {
   getIdToken: getIdToken,
   getWithoutPrompt: getWithoutPrompt,
+  getWithPopup: getWithPopup,
   refreshIdToken: refreshIdToken,
   decodeToken: decodeToken,
   verifyIdToken: verifyIdToken

diff --git a/test/spec/token.js b/test/spec/token.js
@@ -263,4 +263,180 @@ define(function(require) {
       }
     );
   });
+
+  describe('token.getWithPopup', function () {
+    it('returns id_token using idp', function (done) {
+        return oauthUtil.setupPopup({
+          oktaAuthArgs: {
+            url: 'https://lboyette.trexcloud.com',
+            clientId: 'NPSfOkH5eZrTy8PMDlvx',
+            redirectUri: 'https://lboyette.trexcloud.com/redirect'
+          },
+          getWithPopupArgs: {
+            idp: 'testIdp'
+          },
+          postMessageSrc: {
+            baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize',
+            queryParams: {
+              'client_id': 'NPSfOkH5eZrTy8PMDlvx',
+              'redirect_uri': 'https://lboyette.trexcloud.com/redirect',
+              'response_type': 'id_token',
+              'response_mode': 'okta_post_message',
+              'display': 'popup',
+              'state': oauthUtil.mockedState,
+              'nonce': oauthUtil.mockedNonce,
+              'scope': 'openid email',
+              'idp': 'testIdp'
+            }
+          }
+        })
+        .fin(function() {
+          done();
+        });
+    });
+
+    it('returns access_token using sessionToken', function (done) {
+      return oauthUtil.setupPopup({
+        oktaAuthArgs: {
+          url: 'https://lboyette.trexcloud.com',
+          clientId: 'NPSfOkH5eZrTy8PMDlvx',
+          redirectUri: 'https://lboyette.trexcloud.com/redirect'
+        },
+        getWithPopupArgs: {
+          responseType: 'token',
+          idp: 'testIdp'
+        },
+        postMessageSrc: {
+          baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize',
+          queryParams: {
+            'client_id': 'NPSfOkH5eZrTy8PMDlvx',
+            'redirect_uri': 'https://lboyette.trexcloud.com/redirect',
+            'response_type': 'token',
+            'response_mode': 'okta_post_message',
+            'display': 'popup',
+            'state': oauthUtil.mockedState,
+            'nonce': oauthUtil.mockedNonce,
+            'scope': 'openid email',
+            'idp': 'testIdp'
+          }
+        },
+        time: 1449699929,
+        postMessageResp: {
+          'access_token': tokens.standardAccessToken,
+          'token_type': 'Bearer',
+          'expires_in': 3600,
+          'state': oauthUtil.mockedState
+        },
+        expectedResp: {
+          accessToken: tokens.standardAccessToken,
+          expiresAt: 1449703529,
+          scopes: ['openid', 'email'],
+          tokenType: 'Bearer'
+        }
+      })
+      .fin(function() {
+        done();
+      });
+    });
+
+    it('returns access_token and id_token (in that order) using idp', function (done) {
+      return oauthUtil.setupPopup({
+        oktaAuthArgs: {
+          url: 'https://lboyette.trexcloud.com',
+          clientId: 'NPSfOkH5eZrTy8PMDlvx',
+          redirectUri: 'https://lboyette.trexcloud.com/redirect'
+        },
+        getWithPopupArgs: {
+          responseType: ['token', 'id_token'],
+          idp: 'testIdp'
+        },
+        postMessageSrc: {
+          baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize',
+          queryParams: {
+            'client_id': 'NPSfOkH5eZrTy8PMDlvx',
+            'redirect_uri': 'https://lboyette.trexcloud.com/redirect',
+            'response_type': 'token id_token',
+            'response_mode': 'okta_post_message',
+            'display': 'popup',
+            'state': oauthUtil.mockedState,
+            'nonce': oauthUtil.mockedNonce,
+            'scope': 'openid email',
+            'idp': 'testIdp'
+          }
+        },
+        time: 1449699929,
+        postMessageResp: {
+          'id_token': tokens.standardIdToken,
+          'access_token': tokens.standardAccessToken,
+          'token_type': 'Bearer',
+          'expires_in': 3600,
+          'state': oauthUtil.mockedState
+        },
+        expectedResp: [{
+          accessToken: tokens.standardAccessToken,
+          expiresAt: 1449703529,
+          scopes: ['openid', 'email'],
+          tokenType: 'Bearer'
+        }, {
+          idToken: tokens.standardIdToken,
+          claims: tokens.standardIdTokenClaims,
+          expiresAt: 1449699930,
+          scopes: ['openid', 'email']
+        }]
+      })
+      .fin(function() {
+        done();
+      });
+    });
+
+    it('returns id_token and access_token (in that order) using idp', function (done) {
+      return oauthUtil.setupPopup({
+        oktaAuthArgs: {
+          url: 'https://lboyette.trexcloud.com',
+          clientId: 'NPSfOkH5eZrTy8PMDlvx',
+          redirectUri: 'https://lboyette.trexcloud.com/redirect'
+        },
+        getWithPopupArgs: {
+          responseType: ['id_token', 'token'],
+          idp: 'testIdp'
+        },
+        postMessageSrc: {
+          baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize',
+          queryParams: {
+            'client_id': 'NPSfOkH5eZrTy8PMDlvx',
+            'redirect_uri': 'https://lboyette.trexcloud.com/redirect',
+            'response_type': 'id_token token',
+            'response_mode': 'okta_post_message',
+            'display': 'popup',
+            'state': oauthUtil.mockedState,
+            'nonce': oauthUtil.mockedNonce,
+            'scope': 'openid email',
+            'idp': 'testIdp'
+          }
+        },
+        time: 1449699929,
+        postMessageResp: {
+          'id_token': tokens.standardIdToken,
+          'access_token': tokens.standardAccessToken,
+          'token_type': 'Bearer',
+          'expires_in': 3600,
+          'state': oauthUtil.mockedState
+        },
+        expectedResp: [{
+          idToken: tokens.standardIdToken,
+          claims: tokens.standardIdTokenClaims,
+          expiresAt: 1449699930,
+          scopes: ['openid', 'email']
+        }, {
+          accessToken: tokens.standardAccessToken,
+          expiresAt: 1449703529,
+          scopes: ['openid', 'email'],
+          tokenType: 'Bearer'
+        }]
+      })
+      .fin(function() {
+        done();
+      });
+    });
+  });
 });
diff --git a/test/util/oauthUtil.js b/test/util/oauthUtil.js
@@ -35,6 +35,7 @@ define(function(require) {
     if (opts &&
         (opts.authorizeArgs && opts.authorizeArgs.responseMode !== 'fragment') ||
         opts.getWithoutPromptArgs ||
+        opts.getWithPopupArgs ||
         opts.refreshArgs) {
       // Simulate the postMessage between the window and the popup or iframe
       spyOn(window, 'addEventListener').and.callFake(function(eventName, fn) {
@@ -80,6 +81,8 @@ define(function(require) {
       promise = authClient.idToken.refresh(opts.refreshArgs);
     } else if (opts.getWithoutPromptArgs) {
       promise = authClient.token.getWithoutPrompt(opts.getWithoutPromptArgs);
+    } else if (opts.getWithPopupArgs) {
+      promise = authClient.token.getWithPopup(opts.getWithPopupArgs);
     } else {
       promise = authClient.idToken.authorize(opts.authorizeArgs);
     }