use more future proof config for static clients (#11175)

This commit is contained in:
Kerry 2023-07-05 11:10:03 +12:00 committed by GitHub
parent ce332d0f8b
commit 90e65e8490
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 13 deletions

View file

@ -201,7 +201,12 @@ export interface IConfigOptions {
* The issuer URL must have a trailing `/`.
* OPTIONAL
*/
oidc_static_client_ids?: Record<string, string>;
oidc_static_clients?: Record<
string,
{
client_id: string;
}
>;
}
export interface ISsoRedirectOptions {

View file

@ -102,7 +102,7 @@ export default class Login {
const oidcFlow = await tryInitOidcNativeFlow(
this.delegatedAuthentication,
SdkConfig.get().brand,
SdkConfig.get().oidc_static_client_ids,
SdkConfig.get().oidc_static_clients,
);
return [oidcFlow];
} catch (error) {
@ -211,9 +211,9 @@ export interface OidcNativeFlow extends ILoginFlow {
const tryInitOidcNativeFlow = async (
delegatedAuthConfig: ValidatedDelegatedAuthConfig,
brand: string,
oidcStaticClientIds?: IConfigOptions["oidc_static_client_ids"],
oidcStaticClients?: IConfigOptions["oidc_static_clients"],
): Promise<OidcNativeFlow> => {
const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClientIds);
const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClients);
const flow = {
type: "oidcNativeFlow",

View file

@ -17,6 +17,7 @@ limitations under the License.
import { logger } from "matrix-js-sdk/src/logger";
import { registerOidcClient } from "matrix-js-sdk/src/oidc/register";
import { IConfigOptions } from "../../IConfigOptions";
import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
/**
@ -25,10 +26,13 @@ import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
* @param staticOidcClients static client config from config.json
* @returns clientId if found, otherwise undefined
*/
const getStaticOidcClientId = (issuer: string, staticOidcClients?: Record<string, string>): string | undefined => {
const getStaticOidcClientId = (
issuer: string,
staticOidcClients?: IConfigOptions["oidc_static_clients"],
): string | undefined => {
// static_oidc_clients are configured with a trailing slash
const issuerWithTrailingSlash = issuer.endsWith("/") ? issuer : issuer + "/";
return staticOidcClients?.[issuerWithTrailingSlash];
return staticOidcClients?.[issuerWithTrailingSlash]?.client_id;
};
/**
@ -46,7 +50,7 @@ export const getOidcClientId = async (
delegatedAuthConfig: ValidatedDelegatedAuthConfig,
clientName: string,
baseUrl: string,
staticOidcClients?: Record<string, string>,
staticOidcClients?: IConfigOptions["oidc_static_clients"],
): Promise<string> => {
const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients);
if (staticClientId) {

View file

@ -37,7 +37,9 @@ jest.mock("matrix-js-sdk/src/matrix");
jest.useRealTimers();
const oidcStaticClientsConfig = {
"https://staticallyregisteredissuer.org/": "static-clientId-123",
"https://staticallyregisteredissuer.org/": {
client_id: "static-clientId-123",
},
};
describe("Login", function () {
@ -52,7 +54,7 @@ describe("Login", function () {
SdkConfig.put({
brand: "test-brand",
disable_custom_urls: true,
oidc_static_client_ids: oidcStaticClientsConfig,
oidc_static_clients: oidcStaticClientsConfig,
});
mockClient.login.mockClear().mockResolvedValue({
access_token: "TOKEN",

View file

@ -27,7 +27,9 @@ describe("getOidcClientId()", () => {
const baseUrl = "https://just.testing";
const dynamicClientId = "xyz789";
const staticOidcClients = {
[issuer]: "abc123",
[issuer]: {
client_id: "abc123",
},
};
const delegatedAuthConfig = {
issuer,
@ -42,9 +44,7 @@ describe("getOidcClientId()", () => {
});
it("should return static clientId when configured", async () => {
expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual(
staticOidcClients[issuer],
);
expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual("abc123");
// didn't try to register
expect(fetchMockJest).toHaveFetchedTimes(0);
});