Refactor auth URL generation

moneyhub · May 12, 2023 · 58e1b38 · 58e1b38
1 parent e549afb
commit 58e1b38
Show file tree

Hide file tree

Showing 5 changed files with 205 additions and 128 deletions.
diff --git a/examples/auth/get-reconsent-authorize-url-for-user.js b/examples/auth/get-reconsent-authorize-url-for-user.js
@@ -1,4 +1,4 @@
-const Moneyhub = require("../../src/index")
+const {Moneyhub} = require("../../src/index")
 const config = require("../config")
 
 const {DEFAULT_STATE, DEFAULT_NONCE} = require("../constants")

diff --git a/readme.md b/readme.md
@@ -113,6 +113,8 @@ The `expirationDateTime` and `transactionFromDateTime` options can be set accord
 
 Set `enableAsync` to true if you wish to make an AIS connection that won't wait for accounts and transactions to be fetched.
 
+**Note:** all methods generate an authorise URL using the Pushed Authorisation Request (PAR) method, see [here](https://docs.moneyhubenterprise.com/docs/pushed-authorisation-requests-par) for more details.
+
 #### `getAuthorizeUrl`
 
 This method returns an authorize url for your API client. You can redirect a user to this url, after which they will be redirected back to your `redirect_uri`.
@@ -251,6 +253,23 @@ const defaultClaims = {
 
 #### `getRefreshAuthorizeUrlForCreatedUser`
 
+#### `getAuthorizeUrlLegacy`
+
+This method returns an authorize url for your API client using the legacy method (where a request object is generated and passed in as the `request` query parameter). You can redirect a user to this url, after which they will be redirected back to your `redirect_uri`. It has the same method signature as `getAuthorizeUrl`
+
+```javascript
+const url = await moneyhub.getAuthorizeUrlLegacy({
+  scope: "openid bank-id-scope other-data-scopes",
+  state: " your state value", // optional
+  nonce: "your nonce value", //optional
+  claims: claimsObject, // optional
+  permissions: ["ReadBeneficiariesDetail"], // optional - set of extra permissions to set for auth URL
+  expirationDateTime: "2022-09-01T00:00:00.000Z", // optional
+  transactionFromDateTime: "2020-09-01T00:00:00.000Z", // optional,
+  enableAsync: false, // optional
+});
+```
+
 This is a helper function that returns an authorize url for a specific user to refresh an existing connection. This function uses the scope `openid refresh`. (Only relevant for legacy connections)
 
 ```javascript

diff --git a/src/__tests__/auth-urls.ts b/src/__tests__/auth-urls.ts
@@ -8,13 +8,7 @@ const bankId = "1ffe704d39629a929c8e293880fb449a"
 const state = "sample-state"
 const nonce = "sample-nonce"
 
-const parseJwt = (token?: string | string[]) => {
-  if (!token || Array.isArray(token)) return undefined
-  const base64String = token.split(".")[1]
-  const decodedValue = JSON.parse(Buffer.from(base64String,
-    "base64").toString("ascii"))
-  return decodedValue
-}
+const REQUEST_URI_REGEX = /urn:ietf:params:oauth:request_uri:.+/
 
 describe("Auth Urls", function() {
   let moneyhub: MoneyhubInstance,
@@ -32,11 +26,10 @@ describe("Auth Urls", function() {
       scope: `openid id:${bankId} accounts:read`,
     })
 
-    const {request} = querystring.parse(url)
-    const payload = parseJwt(request)
+    const {request_uri} = querystring.parse(url.split("?")[1])
 
     expect(url).to.be.a("string")
-    expect(payload).to.not.have.nested.property("claims.id_token.mh:consent.value.permissions")
+    expect(request_uri).to.match(REQUEST_URI_REGEX)
   })
 
   it("gets a basic auth url with permissions", async function() {
@@ -47,11 +40,10 @@ describe("Auth Urls", function() {
       permissions: ["permission-1"],
     })
 
-    const {request} = querystring.parse(url)
-    const payload = parseJwt(request)
+    const {request_uri} = querystring.parse(url.split("?")[1])
 
     expect(url).to.be.a("string")
-    expect(payload).to.have.deep.nested.property("claims.id_token.mh:consent.value.permissions", ["permission-1"])
+    expect(request_uri).to.match(REQUEST_URI_REGEX)
   })
 
   it("gets an auth url for a user", async function() {
@@ -62,11 +54,10 @@ describe("Auth Urls", function() {
       userId: "some-user-id",
     })
 
-    const {request} = querystring.parse(url)
-    const payload = parseJwt(request)
+    const {request_uri} = querystring.parse(url.split("?")[1])
 
     expect(url).to.be.a("string")
-    expect(payload).to.not.have.nested.property("claims.id_token.mh:consent.value.permissions")
+    expect(request_uri).to.match(REQUEST_URI_REGEX)
   })
 
   it("gets an auth url for a user with extra permissions", async function() {
@@ -78,11 +69,10 @@ describe("Auth Urls", function() {
       permissions: ["permission-1"],
     })
 
-    const {request} = querystring.parse(url)
-    const payload = parseJwt(request)
+    const {request_uri} = querystring.parse(url.split("?")[1])
 
     expect(url).to.be.a("string")
-    expect(payload).to.have.deep.nested.property("claims.id_token.mh:consent.value.permissions", ["permission-1"])
+    expect(request_uri).to.match(REQUEST_URI_REGEX)
   })
 
   it("gets a payment auth url", async function() {
@@ -137,11 +127,9 @@ describe("Auth Urls", function() {
       connectionId,
     })
 
-    const {request} = querystring.parse(url)
-    const payload = parseJwt(request)
+    const {request_uri} = querystring.parse(url.split("?")[1])
 
     expect(url).to.be.a("string")
-    expect(payload).to.have.nested.property("claims.id_token.mh:consent")
-    expect(payload).to.have.nested.property("claims.id_token.mh:con_id")
+    expect(request_uri).to.match(REQUEST_URI_REGEX)
   })
 })
diff --git a/src/__tests__/index.ts b/src/__tests__/index.ts
@@ -123,6 +123,7 @@ describe("API client", function() {
         "updateSavingsGoal",
         "deleteSavingsGoal",
         "getAuthorizeUrl",
+        "getAuthorizeUrlLegacy",
         "getAuthorizeUrlFromRequestUri",
         "requestObject",
         "getRequestUri",