Add access_token support to getWithoutPrompt #28
Conversation
lboyette-okta
force-pushed
the
lb-95512-getWithoutPrompt-accessToken
branch
3 times, most recently
from
4af5f66 to
a6cfd9a
Compare
| @@ -58,5 +58,96 @@ define(function(require) { | |||
| done(); | |||
There was a problem hiding this comment.
Can you update this test with an expected response?
There was a problem hiding this comment.
This is using the default expectedResp defined in oauthUtil.
lboyette-okta
force-pushed
the
lb-95512-getWithoutPrompt-accessToken
branch
from
9db0429 to
b9abe34
Compare
| @@ -343,6 +343,10 @@ function getIdToken(sdk, oauthOptions, options) { | |||
| throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get an idToken'); | |||
| } | |||
|
|
|||
| if (util.isString(oauthParams.responseType) && oauthParams.responseType.indexOf(' ') !== -1) { | |||
There was a problem hiding this comment.
oauthParams.responseType.indexOf(' ') Is checking just space good enough?
There was a problem hiding this comment.
It should be. The way the authorize endpoint works, it accepts a response_type that's space separated ie. id_token token. We don't want devs to pass in these response types as a string and space-separation seems like the most common slipup.
Also, space-separation is the only scenario where the api works, but the sdk doesn't (it'd simply return the first token in the list). If a user passed a comma, semicolon, or anything else, the api would throw an error about an incorrect response_type and the sdk would pass that error to the dev.
|
Overall looks good - couple minor comments and then 🚢 |
lboyette-okta
force-pushed
the
lb-95512-getWithoutPrompt-accessToken
branch
from
54ec2e4 to
d6e2a77
Compare
lboyette-okta
force-pushed
the
lb-95512-getWithoutPrompt-accessToken
branch
from
d6e2a77 to
1bd505b
Compare
Resolves: OKTA-95512
The point is to add access_token support to the sdk, so let's do that!
@rchild-okta
@stsai-okta