From cf41704d53f4e2d67f19031c76fb5a9945549f11 Mon Sep 17 00:00:00 2001
From: Jason Raimondi <jason@raimondi.us>
Date: Sun, 11 Aug 2024 20:00:55 -0400
Subject: [PATCH] refactor: rename config opt to authenticateIntrospect &
authenticateRevoke
---
.idea/ts-oauth2-server.iml | 1 -
.../authorization_server/configuration.mdx | 22 +++++++++----------
src/authorization_server.ts | 4 ++--
src/grants/auth_code.grant.ts | 2 +-
src/grants/client_credentials.grant.ts | 4 ++--
src/options.ts | 4 ++--
test/e2e/authorization_server.spec.ts | 8 +++----
7 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/.idea/ts-oauth2-server.iml b/.idea/ts-oauth2-server.iml
index 3d3f3f21..c30a2ef4 100644
--- a/.idea/ts-oauth2-server.iml
+++ b/.idea/ts-oauth2-server.iml
@@ -10,7 +10,6 @@
<excludeFolder url="file://$MODULE_DIR$/docs/.vitepress/cache" />
<excludeFolder url="file://$MODULE_DIR$/docs/.vitepress/dist" />
<excludeFolder url="file://$MODULE_DIR$/example" />
- <excludeFolder url="file://$MODULE_DIR$/docs" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
diff --git a/docs/docs/authorization_server/configuration.mdx b/docs/docs/authorization_server/configuration.mdx
index 39b09fda..959b5783 100644
--- a/docs/docs/authorization_server/configuration.mdx
+++ b/docs/docs/authorization_server/configuration.mdx
@@ -8,15 +8,15 @@ The default configuration is great for most users. You might not need to tweak a
The authorization server has a few optional settings with the following default values;
-| Option | Type | Default | Details |
-| --------------------------------- | ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `requiresPKCE` | boolean | true | PKCE is enabled by default and recommended for all users. To support a legacy client without PKCE, disable this option. [[Learn more]][requires-pkce] |
-| `requiresS256` | boolean | true | Disabled by default. If you want to require all clients to use S256, you can enable that here. [[Learn more]][requires-s256] |
-| `notBeforeLeeway` | number | 0 | Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. |
-| `tokenCID` | "id" or "name" | "id" | Sets the JWT `accessToken.cid` to either the `client.id` or `client.name`.<br /><br />In 3.x the default is **"id"**, in v2.x the default was **"name"**. [[Learn more]][token-cid] |
-| `issuer` | string \| undefined | undefined | Sets the JWT `accessToken.iss` to this value. |
-| `introspectWithClientCredentials` | boolean | true | Authorize [the /introspect endpoint](../endpoints/introspect.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
-| `revokeWithClientCredentials` | boolean | true | Authorize [the /revoke endpoint](../endpoints/revoke.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
+| Option | Type | Default | Details |
+| ------------------------ | ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `requiresPKCE` | boolean | true | PKCE is enabled by default and recommended for all users. To support a legacy client without PKCE, disable this option. [[Learn more]][requires-pkce] |
+| `requiresS256` | boolean | true | Disabled by default. If you want to require all clients to use S256, you can enable that here. [[Learn more]][requires-s256] |
+| `notBeforeLeeway` | number | 0 | Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. |
+| `tokenCID` | "id" or "name" | "id" | Sets the JWT `accessToken.cid` to either the `client.id` or `client.name`.<br /><br />In 3.x the default is **"id"**, in v2.x the default was **"name"**. [[Learn more]][token-cid] |
+| `issuer` | string \| undefined | undefined | Sets the JWT `accessToken.iss` to this value. |
+| `authenticateIntrospect` | boolean | true | Authorize the [/introspect](../endpoints/introspect.mdx) endpoint using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) <br /><br />In 4.x the default is **true**, in v3.x the default was **false**. |
+| `authenticateRevoke` | boolean | true | Authorize the [/revoke](../endpoints/revoke.mdx) endpoint using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) <br /><br />In 4.x the default is **true**, in v3.x the default was **false**. |
```ts
type AuthorizationServerOptions = {
@@ -25,8 +25,8 @@ type AuthorizationServerOptions = {
notBeforeLeeway: 0;
tokenCID: "id" | "name";
issuer: undefined;
- introspectWithClientCredentials: boolean;
- revokeWithClientCredentials: boolean;
+ authenticateIntrospect: boolean;
+ authenticateRevoke: boolean;
};
```
diff --git a/src/authorization_server.ts b/src/authorization_server.ts
index 992abb77..2ff7f8ca 100644
--- a/src/authorization_server.ts
+++ b/src/authorization_server.ts
@@ -30,8 +30,8 @@ export interface AuthorizationServerOptions {
tokenCID: "id" | "name";
issuer?: string;
scopeDelimiter: string;
- introspectWithClientCredentials: boolean;
- revokeWithClientCredentials: boolean;
+ authenticateIntrospect: boolean;
+ authenticateRevoke: boolean;
}
export type EnableableGrants =
diff --git a/src/grants/auth_code.grant.ts b/src/grants/auth_code.grant.ts
index fe932de0..f4100134 100644
--- a/src/grants/auth_code.grant.ts
+++ b/src/grants/auth_code.grant.ts
@@ -314,7 +314,7 @@ export class AuthCodeGrant extends AbstractAuthorizedGrant {
async respondToRevokeRequest(req: RequestInterface): Promise<ResponseInterface> {
req.body["grant_type"] = this.identifier;
- if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateRevoke) await this.validateClient(req);
const token = this.getRequestParameter("token", req);
diff --git a/src/grants/client_credentials.grant.ts b/src/grants/client_credentials.grant.ts
index e0c4b2f7..85699ce2 100644
--- a/src/grants/client_credentials.grant.ts
+++ b/src/grants/client_credentials.grant.ts
@@ -32,7 +32,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
async respondToIntrospectRequest(req: RequestInterface): Promise<ResponseInterface> {
req.body["grant_type"] = this.identifier;
- if (this.options.introspectWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateIntrospect) await this.validateClient(req);
const { parsedToken, oauthToken, expiresAt, tokenType } = await this.tokenFromRequest(req);
@@ -60,7 +60,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
async respondToRevokeRequest(req: RequestInterface): Promise<ResponseInterface> {
req.body["grant_type"] = this.identifier;
- if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+ if (this.options.authenticateRevoke) await this.validateClient(req);
let { oauthToken } = await this.tokenFromRequest(req);
diff --git a/src/options.ts b/src/options.ts
index 43e6a8a7..40b62617 100644
--- a/src/options.ts
+++ b/src/options.ts
@@ -7,6 +7,6 @@ export const DEFAULT_AUTHORIZATION_SERVER_OPTIONS: AuthorizationServerOptions =
tokenCID: "id",
issuer: undefined,
scopeDelimiter: " ",
- introspectWithClientCredentials: true,
- revokeWithClientCredentials: true,
+ authenticateIntrospect: true,
+ authenticateRevoke: true,
};
diff --git a/test/e2e/authorization_server.spec.ts b/test/e2e/authorization_server.spec.ts
index c713c068..43630aee 100644
--- a/test/e2e/authorization_server.spec.ts
+++ b/test/e2e/authorization_server.spec.ts
@@ -359,7 +359,7 @@ describe("authorization_server", () => {
inMemoryDatabase.clients[client.id] = client;
});
- describe("without option introspectWithClientCredentials=false", () => {
+ describe("without option authenticateIntrospect=false", () => {
it("does not require client credentials", async () => {
authorizationServer = new AuthorizationServer(
inMemoryClientRepository,
@@ -367,7 +367,7 @@ describe("authorization_server", () => {
inMemoryScopeRepository,
new JwtService("secret-key"),
{
- introspectWithClientCredentials: false,
+ authenticateIntrospect: false,
},
);
@@ -548,7 +548,7 @@ describe("authorization_server", () => {
inMemoryDatabase.clients[client.id] = client;
});
- describe("without option revokeWithClientCredentials=false", () => {
+ describe("without option authenticateRevoke=false", () => {
it("does not require client credentials", async () => {
authorizationServer = new AuthorizationServer(
inMemoryClientRepository,
@@ -556,7 +556,7 @@ describe("authorization_server", () => {
inMemoryScopeRepository,
new JwtService("secret-key"),
{
- revokeWithClientCredentials: false,
+ authenticateRevoke: false,
},
);