adds nonce param to idx.interact (#1307)

OKTA-534246 adds nonce param to idx.interact

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 6.9
+
+- [#1307](https://github.com/okta/okta-auth-js/pull/1307) Adds `nonce` param to `idx.interact` (and `idx.start`) 
+
 ## 6.8.1
 
 ### Fixes

lib/idx/interact.ts

@@ -30,6 +30,7 @@ export interface InteractParams {
   recovery_token?: string;
   client_secret?: string;
   max_age?: string | number;
+  nonce?: string;
 }
 /* eslint-enable camelcase */
 
@@ -68,7 +69,8 @@ export async function interact (
     codeChallengeMethod,
     activationToken,
     recoveryToken,
-    maxAge
+    maxAge,
+    nonce
   } = meta as IdxTransactionMeta;
   const clientSecret = options.clientSecret || authClient.options.clientSecret;
   withCredentials = withCredentials ?? true;
@@ -88,7 +90,8 @@ export async function interact (
     // eslint-disable-next-line max-len
     // https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)
     ...(clientSecret && { client_secret: clientSecret }),
-    ...(maxAge && { max_age: maxAge })
+    ...(maxAge && { max_age: maxAge }),
+    ...(nonce && { nonce }),
   } as InteractParams;
   /* eslint-enable camelcase */
 

lib/idx/run.ts

@@ -121,6 +121,7 @@ async function getDataFromIntrospect(authClient, data: RunData): Promise<RunData
     recoveryToken,
     activationToken,
     maxAge,
+    nonce,
   } = options;
 
   let idxResponse;
@@ -140,6 +141,7 @@ async function getDataFromIntrospect(authClient, data: RunData): Promise<RunData
         activationToken,
         recoveryToken,
         maxAge,
+        nonce,
       }); 
       interactionHandle = interactResponse.interactionHandle;
       meta = interactResponse.meta;

lib/idx/types/options.ts

@@ -35,6 +35,7 @@ export interface InteractOptions extends IdxOptions {
   recoveryToken?: string;
   clientSecret?: string;
   maxAge?: string | number;
+  nonce?: string;
 }
 
 export interface IntrospectOptions extends IdxOptions {

test/spec/idx/interact.ts

@@ -774,6 +774,50 @@ describe('idx/interact', () => {
       });
     });
 
+    describe('nonce', () => {
+      it('passes `nonce` to /interact', async () => {
+        const { authClient, transactionMeta } = testContext;
+        jest.spyOn(mocked.transactionMeta, 'getSavedTransactionMeta').mockReturnValue(transactionMeta);
+        const res = await interact(authClient, { nonce: 'nonce-upon-a-time' });
+        expect(mocked.http.httpRequest).toHaveBeenCalledWith(authClient, {
+          url: 'https://auth-js-test.okta.com/oauth2/v1/interact',
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+          },
+          args: ({
+            client_id: 'authClient-clientId',
+            scope: 'meta',
+            redirect_uri: 'authClient-redirectUri',
+            code_challenge: 'meta-codeChallenge',
+            code_challenge_method: 'meta-codeChallengeMethod',
+            state: 'meta-state',
+            nonce: 'nonce-upon-a-time'
+          }),
+          withCredentials: true
+        });
+        expect(res).toEqual({
+          'interactionHandle': 'idx-interactionHandle',
+          'meta': {
+            'clientId': 'authClient-clientId',
+            'issuer': 'https://auth-js-test.okta.com',
+            'redirectUri': 'authClient-redirectUri',
+            'codeChallenge': 'meta-codeChallenge',
+            'codeChallengeMethod': 'meta-codeChallengeMethod',
+            'codeVerifier': 'meta-codeVerifier',
+            'interactionHandle': 'idx-interactionHandle',
+            'responseType': 'tp-responseType',
+            'scopes': [
+              'meta',
+            ],
+            'state': 'meta-state',
+            'withCredentials': true,
+            'nonce': 'nonce-upon-a-time',
+          },
+          'state': 'meta-state',
+        });
+      });
+    });
   });
 
   describe('with saved interactionHandle', () => {