🌱 Adds support for Webfinger API calls #70
Conversation
gowthamidommety-okta
requested review from
lboyette-okta,
mauriciocastillosilva-okta and
rajaguruduraisamy-okta
|
@rajaguruduraisamy-okta Yea, i started making changes to the docs, but have some questions. Will speak to Len when he's back. |
There was a problem hiding this comment.
looks good to me.
Do we need to add info about the new webfinger function in the README.md file? There is doc about signIn there, so might be a good idea to let people know about webfinger... unless it is in beta, but in any case, it will be in the repo, so might as well doc it.
|
@mauriciocastillosilva-okta It is in beta, so i was wondering about the process for updating docs and README.md.. I'm almost done updating readme. I'll go ahead and add it to this PR |
README.md
Outdated
|
|
||
| - `resource` - URI that identifies the entity whose information is sought, currently only acct scheme is supported (e.g acct:dade.murphy@example.com) | ||
| - `rel` - Optional parameter to request only a subset of the information that would otherwise be returned without the "rel" parameter | ||
| - `requestContext` - A parameter that provides Webfinger the context of that which the user is trying to access, such as the path of an app |
There was a problem hiding this comment.
I thought only rel was optional. requestContext is optional too?
README.md
Outdated
| authClient.webfinger({ | ||
| resource: 'acct:john.joe@example.com', | ||
| rel: 'okta:idp', | ||
| requestContext: 'https://example.okta.com' |
There was a problem hiding this comment.
it does not need to pass the requestContext if user just tries to access the homepage, an example of requestContext will be "/home/dropbox/0oa16630PzpWKeWrH0g4/121"
There was a problem hiding this comment.
👍 Will change
| "und" : "Acme Partner IdP" | ||
| }, | ||
| "properties": { | ||
| "okta:logo" : "https://ok3static.oktacdn.com/bc/image/fileStoreRecord?id=fs0w8swww6KGUZZWGSHS", |
There was a problem hiding this comment.
okta:logo has not implemented yet, does UI need it?
There was a problem hiding this comment.
no, not yet anyway. I took this example response from the Tech Design just to test
lib/http.js
Outdated
| @@ -5,6 +5,7 @@ var storageUtil = require('./storageUtil'); | |||
| var Q = require('q'); | |||
| var AuthApiError = require('./errors/AuthApiError'); | |||
| var config = require('./config'); | |||
| var $ = require('jquery'); | |||
There was a problem hiding this comment.
Not sure about this change. Only a few files have a dependency on jquery
There was a problem hiding this comment.
We'd like to keep auth-js small and jQuery is a pretty big dependency, so if a dev wants to use jquery, they have to do it explicitly.
For example, normally, okta-auth-js is imported like this: var oktaAuth = require('@okta/okta-auth-js'). This uses a small library called reqwest to make http requests. If a dev wants to use jQuery to makes requests instead, they can import okta-auth-js like this: var oktaAuth = require('@okta/okta-auth-js/jquery').
So, yeah, it's a good idea to avoid it when possible
README.md
Outdated
| @@ -24,6 +24,7 @@ Read our [contributing guidelines](./CONTRIBUTING.md) if you wish to contribute. | |||
| * [forgotPassword](#forgotpasswordoptions) | |||
| * [unlockAccount](#unlockaccountoptions) | |||
| * [verifyRecoveryToken](#verifyrecoverytokenoptions) | |||
| * [webfinger](#webfinger) | |||
There was a problem hiding this comment.
this doesn't point to a heading (I think you want #webfingeroptions)
README.md
Outdated
| @@ -244,6 +245,28 @@ authClient.verifyRecoveryToken({ | |||
| }); | |||
| ``` | |||
|
|
|||
| ## [webfinger(options)] | |||
There was a problem hiding this comment.
I couldn't find any docs on developer.okta.com for this api yet, so we can just provide a link to the spec for now: [webfinger(options)](https://tools.ietf.org/html/rfc7033)
|
|
||
| ```javascript | ||
| authClient.webfinger({ | ||
| resource: 'acct:john.joe@example.com', |
There was a problem hiding this comment.
do we want to allow a custom issuer or is webfinger only available on the root Okta url?
| @@ -166,6 +166,17 @@ proto.verifyRecoveryToken = function (opts) { | |||
| return tx.postToTransaction(this, '/api/v1/authn/recovery/token', opts); | |||
| }; | |||
|
|
|||
| // { resource, (rel), (requestContext)} | |||
| proto.webfinger = function (opts) { | |||
| var url = '/.well-known/webfinger' + util.toQueryParams(opts); | |||
There was a problem hiding this comment.
We should figure out if a custom auth server issuer is allowed. If so, we can do something like this:
var issuer = opts.issuer || sdk.options.issuer || sdk.options.url;
var params = util.omit(opts, 'issuer');
var url = issuer + '/.well-known/webfinger' + util.toQueryParams(params);There was a problem hiding this comment.
I'm not so sure. @yuliu-okta Can you please comment?
There was a problem hiding this comment.
spoke to @yuliu-okta offline. He said we may support custom auth server issuer in the future, but not now
lib/clientBuilder.js
Outdated
| 'Accept': 'application/jrd+json' | ||
| } | ||
| }; | ||
| return tx.getFromTransaction(this, url, options); |
There was a problem hiding this comment.
This isn't a transaction (transactions are only created by the /authn api), so we should make the call directly:
var http = require('./http');
// ...
return http.get(this, url);There was a problem hiding this comment.
👍 Got it!
lib/http.js
Outdated
| @@ -5,6 +5,7 @@ var storageUtil = require('./storageUtil'); | |||
| var Q = require('q'); | |||
| var AuthApiError = require('./errors/AuthApiError'); | |||
| var config = require('./config'); | |||
| var $ = require('jquery'); | |||
There was a problem hiding this comment.
We'd like to keep auth-js small and jQuery is a pretty big dependency, so if a dev wants to use jquery, they have to do it explicitly.
For example, normally, okta-auth-js is imported like this: var oktaAuth = require('@okta/okta-auth-js'). This uses a small library called reqwest to make http requests. If a dev wants to use jQuery to makes requests instead, they can import okta-auth-js like this: var oktaAuth = require('@okta/okta-auth-js/jquery').
So, yeah, it's a good idea to avoid it when possible
lib/http.js
Outdated
| @@ -28,7 +29,7 @@ function httpRequest(sdk, options) { | |||
| 'Content-Type': 'application/json', | |||
| 'X-Okta-User-Agent-Extended': 'okta-auth-js-' + config.SDK_VERSION | |||
| }; | |||
| util.extend(headers, sdk.options.headers || {}); | |||
| $.extend(headers, sdk.options.headers, options.headers); | |||
There was a problem hiding this comment.
Let's make util.extend behave more like jQuery instead of importing jQuery.
Alternatively, you could call util.extend twice, but it'd be much cleaner if it accepted an arbitrary number of arguments.
lib/tx.js
Outdated
| @@ -55,6 +55,10 @@ function postToTransaction(sdk, url, options) { | |||
| }); | |||
| } | |||
|
|
|||
| function getFromTransaction(sdk, url, options) { | |||
test/spec/webfinger.js
Outdated
| define(function(require) { | ||
| var util = require('../util/util'); | ||
|
|
||
| describe('WEBFINGER', function () { |
There was a problem hiding this comment.
lowercase is ok here. The others are capitalized because they're states in the /authn api
gowthamidommety-okta
force-pushed
the
gd-OKTA-145614-webfingerSupport
branch
from
421d2b0 to
3a9cbf7
Compare
Adds support for Webfinger API calls Resolves: OKTA-145614
gowthamidommety-okta
force-pushed
the
gd-OKTA-145614-webfingerSupport
branch
from
3a9cbf7 to
2a4a535
Compare
Resolves: OKTA-145614