feat(javascript-sdk): include raw response to OAuth token return #400
Conversation
- add raw response to returned value in OAuth2Client - this raw response is the original serialized JSON body - this new property will be persisted with the tokens in WebStorage
|
☁️ Nx Cloud ReportCI is running/has finished running commands for commit b4ba91e. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this CI Pipeline Execution ✅ Successfully ran 5 targetsSent with 💌 from NxCloud. |
| @@ -88,6 +88,7 @@ function autoscript() { | |||
| } else { | |||
| throw new Error('Session_Error'); | |||
| } | |||
| console.log(tokens.rawResponse); | |||
There was a problem hiding this comment.
Adding a log of the raw response, so the test suite can pick it up and ensure the original response has the correct values.
There was a problem hiding this comment.
Should probably use the Logger class?
| messageArray.forEach((message) => { | ||
| if (message.includes('access_token')) { | ||
| rawResponse = message; | ||
| } | ||
| }); |
There was a problem hiding this comment.
This is the new code that tests the existence of the raw response, which uses snake_case. Because this is a live capable test, I just want to test the existence of keys, not values.
| expect(messageArray.includes('OAuth login successful'), 'oauth success').toBe(true); | ||
| expect(messageArray.includes('Logout successful'), 'logout success').toBe(true); | ||
| expect(messageArray.includes('Calling authorize endpoint'), 'call /authorize').toBe(true); | ||
| expect( | ||
| messageArray.includes('Calling access token exchange endpoint'), | ||
| 'call /access_token', | ||
| ).toBe(true); | ||
| expect(messageArray.includes('Get user info from OAuth endpoint'), 'call /userinfo').toBe(true); | ||
| expect(messageArray.includes('New OAuth tokens retrieved'), 'tokens received').toBe(true); |
There was a problem hiding this comment.
I'm adding secondary messages here, so if the test fails, it will print the message to help inform which expectation failed. Without this, the test just says, "expected true and got false" or something like that.
| expect( | ||
| messageArray.includes('IG resource requires additional authorization'), | ||
| 'add. auth required', | ||
| ).toBe(true); | ||
| expect( | ||
| messageArray.includes('Request to IG resource successfully responded'), | ||
| 'successful response', | ||
| ).toBe(true); | ||
| expect( | ||
| messageArray.includes('Starting authentication with composite advice'), | ||
| 'start auth with advice', | ||
| ).toBe(true); | ||
| expect( | ||
| messageArray.includes('Continuing authentication with composite advice'), | ||
| 'continue with advice', | ||
| ).toBe(true); |
There was a problem hiding this comment.
This randomly failed, and I was motivated to add the secondary messages here to, but there's no actual code change here.
| @@ -160,6 +160,7 @@ abstract class OAuth2Client { | |||
| }; | |||
|
|
|||
| const response = await this.request('accessToken', undefined, false, init, options); | |||
| const responseClone = response.clone(); | |||
There was a problem hiding this comment.
Cloning the response here since we want to both grab the response text as well as create parsed JSON out of it.
There was a problem hiding this comment.
Can you point me to what you mean? I don't understand why the clone is necessary?
There was a problem hiding this comment.
Good question! This is something that took me a bit to wrap my head around (I had to do this a lot in the Token Vault plugin). The tl;dr of is any time you call a method off of body, you "attach" a "reader" to the underlying ReadableStream of the body. Only one reader can be attached to a stream at a time, so if you have two different places in the code that need to "attach" to the stream of the body, then you have to clone it.
The other location where we read the body is here: https://github.com/ForgeRock/forgerock-javascript-sdk/blob/develop/packages/javascript-sdk/src/oauth2-client/index.ts#L301.
Ref for the above: https://developer.mozilla.org/en-US/docs/Web/API/Streams_API/Using_readable_streams#attaching_a_reader
There was a problem hiding this comment.
wow havent used this before at all. interesting stuff
|
Your preview environment pr-400-ryanbas21 has been deployed. Preview environment endpoints are available at: |
| @@ -88,6 +88,7 @@ function autoscript() { | |||
| } else { | |||
| throw new Error('Session_Error'); | |||
| } | |||
| console.log(tokens.rawResponse); | |||
There was a problem hiding this comment.
Should probably use the Logger class?
| @@ -160,6 +160,7 @@ abstract class OAuth2Client { | |||
| }; | |||
|
|
|||
| const response = await this.request('accessToken', undefined, false, init, options); | |||
| const responseClone = response.clone(); | |||
There was a problem hiding this comment.
Can you point me to what you mean? I don't understand why the clone is necessary?
| @@ -185,6 +186,7 @@ abstract class OAuth2Client { | |||
| idToken: responseObject.id_token, | |||
| refreshToken: responseObject.refresh_token, | |||
| tokenExpiry: tokenExpiry, | |||
| rawResponse: await responseClone.text(), | |||
There was a problem hiding this comment.
so the basic ask is to just include the entire response object in addition to how we structure it normally.
i'm curious if we should include this as an opt in configuration? it may be overkill to add as a config but i also think we are adding a lot to what was previously a very thin api that could add noise for many who just don't need this info
There was a problem hiding this comment.
Yeah, we discussed enabling/disabling this with a config flag, but since this was just a test branch, we decided to minimize the work. If this is brought in as an official feature, we can consider more sophisticated implementation.
DO NOT MERGE
JIRA Ticket
SDKS-2790
Description
Adjust
OAuth2Clientclass to attach the raw response from the server as an additional property that propagates through to the application layer and also is stored along with the traditional tokens.Details
OAuth2Client.getOAuth2TokensType of Change
Please Delete options that are not relevant
How Has This Been Tested?
Manually tested with the e2e autoscript apps (screenshot included) as well as added a test assertion for our automated e2e test suite as well.
Screenshot of manual test with localStorage with
rawResponsecontaining the original response bodyDefinition of Done
Check all that apply
Documentation