diff --git a/lib/clientBuilder.js b/lib/clientBuilder.js index 869fec48a..5a5e52e46 100644 --- a/lib/clientBuilder.js +++ b/lib/clientBuilder.js @@ -66,7 +66,7 @@ function OktaAuthBuilder(args) { }; sdk.idToken = { - authorize: util.bind(token.getIdToken, sdk, sdk), // deprecated for sessionToken + authorize: util.bind(token.getIdToken, sdk, sdk), // deprecated for sessionToken and idp flows verify: util.bind(token.verifyIdToken, sdk, sdk), refresh: util.bind(token.refreshIdToken, sdk, sdk), decode: util.bind(token.decodeToken, sdk) // deprecated @@ -79,6 +79,7 @@ function OktaAuthBuilder(args) { sdk.token = { getWithoutPrompt: util.bind(token.getWithoutPrompt, sdk, sdk), + getWithPopup: util.bind(token.getWithPopup, sdk, sdk), decode: util.bind(token.decodeToken, sdk) }; } diff --git a/lib/token.js b/lib/token.js index 43d9e7d97..bd7c9aefd 100644 --- a/lib/token.js +++ b/lib/token.js @@ -543,9 +543,18 @@ function getWithoutPrompt(sdk, oauthOptions, options) { return getIdToken(sdk, oauthParams, options); } +function getWithPopup(sdk, oauthOptions, options) { + var oauthParams = util.clone(oauthOptions) || {}; + util.extend(oauthParams, { + display: 'popup' + }); + return getIdToken(sdk, oauthParams, options); +} + module.exports = { getIdToken: getIdToken, getWithoutPrompt: getWithoutPrompt, + getWithPopup: getWithPopup, refreshIdToken: refreshIdToken, decodeToken: decodeToken, verifyIdToken: verifyIdToken diff --git a/test/spec/token.js b/test/spec/token.js index 4bb50e282..0d7853d83 100644 --- a/test/spec/token.js +++ b/test/spec/token.js @@ -263,4 +263,180 @@ define(function(require) { } ); }); + + describe('token.getWithPopup', function () { + it('returns id_token using idp', function (done) { + return oauthUtil.setupPopup({ + oktaAuthArgs: { + url: 'https://lboyette.trexcloud.com', + clientId: 'NPSfOkH5eZrTy8PMDlvx', + redirectUri: 'https://lboyette.trexcloud.com/redirect' + }, + getWithPopupArgs: { + idp: 'testIdp' + }, + postMessageSrc: { + baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize', + queryParams: { + 'client_id': 'NPSfOkH5eZrTy8PMDlvx', + 'redirect_uri': 'https://lboyette.trexcloud.com/redirect', + 'response_type': 'id_token', + 'response_mode': 'okta_post_message', + 'display': 'popup', + 'state': oauthUtil.mockedState, + 'nonce': oauthUtil.mockedNonce, + 'scope': 'openid email', + 'idp': 'testIdp' + } + } + }) + .fin(function() { + done(); + }); + }); + + it('returns access_token using sessionToken', function (done) { + return oauthUtil.setupPopup({ + oktaAuthArgs: { + url: 'https://lboyette.trexcloud.com', + clientId: 'NPSfOkH5eZrTy8PMDlvx', + redirectUri: 'https://lboyette.trexcloud.com/redirect' + }, + getWithPopupArgs: { + responseType: 'token', + idp: 'testIdp' + }, + postMessageSrc: { + baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize', + queryParams: { + 'client_id': 'NPSfOkH5eZrTy8PMDlvx', + 'redirect_uri': 'https://lboyette.trexcloud.com/redirect', + 'response_type': 'token', + 'response_mode': 'okta_post_message', + 'display': 'popup', + 'state': oauthUtil.mockedState, + 'nonce': oauthUtil.mockedNonce, + 'scope': 'openid email', + 'idp': 'testIdp' + } + }, + time: 1449699929, + postMessageResp: { + 'access_token': tokens.standardAccessToken, + 'token_type': 'Bearer', + 'expires_in': 3600, + 'state': oauthUtil.mockedState + }, + expectedResp: { + accessToken: tokens.standardAccessToken, + expiresAt: 1449703529, + scopes: ['openid', 'email'], + tokenType: 'Bearer' + } + }) + .fin(function() { + done(); + }); + }); + + it('returns access_token and id_token (in that order) using idp', function (done) { + return oauthUtil.setupPopup({ + oktaAuthArgs: { + url: 'https://lboyette.trexcloud.com', + clientId: 'NPSfOkH5eZrTy8PMDlvx', + redirectUri: 'https://lboyette.trexcloud.com/redirect' + }, + getWithPopupArgs: { + responseType: ['token', 'id_token'], + idp: 'testIdp' + }, + postMessageSrc: { + baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize', + queryParams: { + 'client_id': 'NPSfOkH5eZrTy8PMDlvx', + 'redirect_uri': 'https://lboyette.trexcloud.com/redirect', + 'response_type': 'token id_token', + 'response_mode': 'okta_post_message', + 'display': 'popup', + 'state': oauthUtil.mockedState, + 'nonce': oauthUtil.mockedNonce, + 'scope': 'openid email', + 'idp': 'testIdp' + } + }, + time: 1449699929, + postMessageResp: { + 'id_token': tokens.standardIdToken, + 'access_token': tokens.standardAccessToken, + 'token_type': 'Bearer', + 'expires_in': 3600, + 'state': oauthUtil.mockedState + }, + expectedResp: [{ + accessToken: tokens.standardAccessToken, + expiresAt: 1449703529, + scopes: ['openid', 'email'], + tokenType: 'Bearer' + }, { + idToken: tokens.standardIdToken, + claims: tokens.standardIdTokenClaims, + expiresAt: 1449699930, + scopes: ['openid', 'email'] + }] + }) + .fin(function() { + done(); + }); + }); + + it('returns id_token and access_token (in that order) using idp', function (done) { + return oauthUtil.setupPopup({ + oktaAuthArgs: { + url: 'https://lboyette.trexcloud.com', + clientId: 'NPSfOkH5eZrTy8PMDlvx', + redirectUri: 'https://lboyette.trexcloud.com/redirect' + }, + getWithPopupArgs: { + responseType: ['id_token', 'token'], + idp: 'testIdp' + }, + postMessageSrc: { + baseUri: 'https://lboyette.trexcloud.com/oauth2/v1/authorize', + queryParams: { + 'client_id': 'NPSfOkH5eZrTy8PMDlvx', + 'redirect_uri': 'https://lboyette.trexcloud.com/redirect', + 'response_type': 'id_token token', + 'response_mode': 'okta_post_message', + 'display': 'popup', + 'state': oauthUtil.mockedState, + 'nonce': oauthUtil.mockedNonce, + 'scope': 'openid email', + 'idp': 'testIdp' + } + }, + time: 1449699929, + postMessageResp: { + 'id_token': tokens.standardIdToken, + 'access_token': tokens.standardAccessToken, + 'token_type': 'Bearer', + 'expires_in': 3600, + 'state': oauthUtil.mockedState + }, + expectedResp: [{ + idToken: tokens.standardIdToken, + claims: tokens.standardIdTokenClaims, + expiresAt: 1449699930, + scopes: ['openid', 'email'] + }, { + accessToken: tokens.standardAccessToken, + expiresAt: 1449703529, + scopes: ['openid', 'email'], + tokenType: 'Bearer' + }] + }) + .fin(function() { + done(); + }); + }); + }); }); diff --git a/test/util/oauthUtil.js b/test/util/oauthUtil.js index efcd2224f..3d017a32e 100644 --- a/test/util/oauthUtil.js +++ b/test/util/oauthUtil.js @@ -35,6 +35,7 @@ define(function(require) { if (opts && (opts.authorizeArgs && opts.authorizeArgs.responseMode !== 'fragment') || opts.getWithoutPromptArgs || + opts.getWithPopupArgs || opts.refreshArgs) { // Simulate the postMessage between the window and the popup or iframe spyOn(window, 'addEventListener').and.callFake(function(eventName, fn) { @@ -80,6 +81,8 @@ define(function(require) { promise = authClient.idToken.refresh(opts.refreshArgs); } else if (opts.getWithoutPromptArgs) { promise = authClient.token.getWithoutPrompt(opts.getWithoutPromptArgs); + } else if (opts.getWithPopupArgs) { + promise = authClient.token.getWithPopup(opts.getWithPopupArgs); } else { promise = authClient.idToken.authorize(opts.authorizeArgs); }