Merge pull request #159 from s0er3n/main

feat: add twitch strategy

CHANGELOG.md

@@ -7,6 +7,7 @@
 * `Assent.Strategy.OAuth2` `:state` override in `:authorization_parms` has been deprecated
 * `Assent.Strategy.OIDC` now supports `none` authentication method
 * `Assent.Strategy.Bitbucket` added
+* `Assent.Strategy.Twitch` added
 
 ## v0.2.10 (2024-04-11)
 

README.md

@@ -31,6 +31,7 @@ Multi-provider authentication framework.
   * Strava - `Assent.Strategy.Strava`
   * Slack - `Assent.Strategy.Slack`
   * Stripe Connect - `Assent.Strategy.Stripe`
+  * Twitch - `Assent.Strategy.Twitch`
   * Twitter - `Assent.Strategy.Twitter`
   * VK - `Assent.Strategy.VK`
 

lib/assent/strategies/twitch.ex

@@ -0,0 +1,24 @@
+defmodule Assent.Strategy.Twitch do
+  @moduledoc """
+  Twitch OpenID Connect strategy.
+
+  See `Assent.Strategy.OIDC` for more.
+  """
+  use Assent.Strategy.OIDC.Base
+
+  @impl true
+  def default_config(_config) do
+    [
+      base_url: "https://id.twitch.tv/oauth2",
+      authorization_params: [
+        scope: "user:read:email",
+        # Only sub is in the ID Token by default so we must specify the
+        # additional claims:
+        # https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims
+        claims:
+          "{\"id_token\":{\"email\":null,\"email_verified\":null,\"picture\":null,\"preferred_username\":null}}"
+      ],
+      client_authentication_method: "client_secret_post"
+    ]
+  end
+end

test/assent/strategies/twitch_test.exs

@@ -0,0 +1,62 @@
+defmodule Assent.Strategy.TwitchTest do
+  use Assent.Test.OIDCTestCase
+
+  alias Assent.Strategy.Twitch
+
+  # From https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-grant-flow
+  @id_token_claims %{
+    "iss" => "https://id.twitch.tv/oauth2",
+    "sub" => "713936733",
+    "aud" => "hof5gwx0su6owfnys0nyan9c87zr6t",
+    "exp" => :os.system_time(:second) + 60,
+    "iat" => :os.system_time(:second),
+    "email" => "[email protected]",
+    "email_verified" => true,
+    "picture" => "https://justin.tv/picture.png",
+    "preferred_username" => "scotwht"
+  }
+  @user %{
+    "email" => "[email protected]",
+    "email_verified" => true,
+    "sub" => "713936733",
+    "picture" => "https://justin.tv/picture.png",
+    "preferred_username" => "scotwht"
+  }
+
+  test "authorize_url/2", %{config: config} do
+    assert {:ok, %{url: url}} = Twitch.authorize_url(config)
+
+    url = URI.parse(url)
+
+    assert url.path == "/oauth/authorize"
+
+    assert %{"client_id" => "id", "scope" => scope, "claims" => claims} =
+             URI.decode_query(url.query)
+
+    assert scope =~ "user:read:email"
+
+    assert @json_library.decode!(claims)["id_token"] == %{
+             "email" => nil,
+             "email_verified" => nil,
+             "picture" => nil,
+             "preferred_username" => nil
+           }
+  end
+
+  test "callback/2", %{config: config, callback_params: params} do
+    openid_config =
+      Map.put(config[:openid_configuration], "issuer", "https://id.twitch.tv/oauth2")
+
+    config =
+      Keyword.merge(config,
+        openid_configuration: openid_config,
+        client_id: "hof5gwx0su6owfnys0nyan9c87zr6t"
+      )
+
+    [key | _rest] = expect_oidc_jwks_uri_request()
+    expect_oidc_access_token_request(id_token_opts: [claims: @id_token_claims, kid: key["kid"]])
+
+    assert {:ok, %{user: user}} = Twitch.callback(config, params)
+    assert user == @user
+  end
+end