From 7a5f91eac41f287f8a3edb9e1d6ba79fe294a5eb Mon Sep 17 00:00:00 2001 From: guabu <135956181+guabu@users.noreply.github.com> Date: Fri, 5 Sep 2025 13:40:57 +0200 Subject: [PATCH 1/3] fix(auth): fix the requested_expiry param --- src/auth/backchannel.ts | 11 +++++++ test/auth/backchannel.test.ts | 55 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/src/auth/backchannel.ts b/src/auth/backchannel.ts index 707a6bd00a..cedda1a627 100644 --- a/src/auth/backchannel.ts +++ b/src/auth/backchannel.ts @@ -88,8 +88,13 @@ export type AuthorizeOptions = { audience?: string; /** * Custom expiry time in seconds for this request. + * @deprecated Use {@link AuthorizeOptions.requested_expiry} instead. */ request_expiry?: string; + /** + * Custom expiry time in seconds for this request. + */ + requested_expiry?: string; /** * The user ID. */ @@ -191,6 +196,12 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel { client_id: this.clientId, }; + // The correct parameter is `requested_expiry`, but we also accept the deprecated `request_expiry` for backwards compatibility + const requestedExpiry = options.requested_expiry || options.request_expiry; + if (requestedExpiry) { + body.requested_expiry = requestedExpiry; + } + await this.addClientAuthentication(body); const response = await this.request.bind(this)( diff --git a/test/auth/backchannel.test.ts b/test/auth/backchannel.test.ts index 1f998ca442..3bae97a006 100644 --- a/test/auth/backchannel.test.ts +++ b/test/auth/backchannel.test.ts @@ -91,6 +91,61 @@ describe('Backchannel', () => { }); }); + it('should pass requested_expiry to /bc-authorize', async () => { + let receivedRequestedExpiry = 0; + nock(`https://${opts.domain}`) + .post('/bc-authorize') + .reply(201, (uri, requestBody, cb) => { + receivedRequestedExpiry = JSON.parse( + querystring.parse(requestBody as any)['requested_expiry'] as string + ); + cb(null, { + auth_req_id: 'test-auth-req-id', + expires_in: 300, + interval: 5, + }); + }); + + await backchannel.authorize({ + userId: 'auth0|test-user-id', + binding_message: 'Test binding message', + scope: 'openid', + requested_expiry: '999', + }); + + expect(receivedRequestedExpiry).toBe(999); + }); + + it('should pass request_expiry as requested_expiry and retain the request_expiry param for backwards compatibility', async () => { + let receivedRequestedExpiry = 0; + let receivedRequestExpiry = 0; + nock(`https://${opts.domain}`) + .post('/bc-authorize') + .reply(201, (uri, requestBody, cb) => { + receivedRequestedExpiry = JSON.parse( + querystring.parse(requestBody as any)['requested_expiry'] as string + ); + receivedRequestExpiry = JSON.parse( + querystring.parse(requestBody as any)['request_expiry'] as string + ); + cb(null, { + auth_req_id: 'test-auth-req-id', + expires_in: 300, + interval: 5, + }); + }); + + await backchannel.authorize({ + userId: 'auth0|test-user-id', + binding_message: 'Test binding message', + scope: 'openid', + request_expiry: '999', + }); + + expect(receivedRequestedExpiry).toBe(999); + expect(receivedRequestExpiry).toBe(999); + }); + it('should pass authorization_details to /bc-authorize', async () => { let receivedAuthorizationDetails: { type: string }[] = []; nock(`https://${opts.domain}`) From 38cc877d9d89bd3b2760d0d11a3900f4c9821bfa Mon Sep 17 00:00:00 2001 From: guabu <135956181+guabu@users.noreply.github.com> Date: Mon, 8 Sep 2025 09:21:34 +0200 Subject: [PATCH 2/3] fix: merge conflicts after refactor commits --- test/auth/backchannel.test.ts | 413 --------------------------------- tests/auth/backchannel.test.ts | 95 ++++++-- 2 files changed, 75 insertions(+), 433 deletions(-) delete mode 100644 test/auth/backchannel.test.ts diff --git a/test/auth/backchannel.test.ts b/test/auth/backchannel.test.ts deleted file mode 100644 index 3bae97a006..0000000000 --- a/test/auth/backchannel.test.ts +++ /dev/null @@ -1,413 +0,0 @@ -import nock from 'nock'; -import querystring from 'querystring'; - -import { AuthorizeOptions, Backchannel } from '../../src/auth/backchannel.js'; - -const opts = { - domain: 'test-domain.auth0.com', - clientId: 'test-client-id', - clientSecret: 'test-client-secret', -}; - -const jwtOpts = { - ...opts, - clientAssertion: 'test-client-assertion', - clientAssertionType: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', -}; - -const mtlsOpts = { - ...opts, - clientCertificate: 'test-client-certificate', - clientCertificateCA: 'test-client-certificate-ca-verified', -}; - -describe('Backchannel', () => { - let backchannel: Backchannel; - - beforeAll(() => { - backchannel = new Backchannel(opts); - }); - - beforeEach(() => { - nock.cleanAll(); - }); - - describe('#authorize', () => { - it('should require a userId', async () => { - nock(`https://${opts.domain}`).post('/bc-authorize').reply(400, { - error: 'invalid_request', - error_description: - 'login_hint parameter validation failed: "sub" contains unsupported format', - }); - - await expect(backchannel.authorize({} as AuthorizeOptions)).rejects.toThrow( - 'login_hint parameter validation failed: "sub" contains unsupported format' - ); - }); - - it('should require a binding_message', async () => { - nock(`https://${opts.domain}`).post('/bc-authorize').reply(400, { - error: 'invalid_request', - error_description: 'binding_message is required', - }); - - await expect( - backchannel.authorize({ userId: 'auth0|test-user-id' } as AuthorizeOptions) - ).rejects.toThrow('binding_message is required'); - }); - - it('should require a valid openid scope', async () => { - nock(`https://${opts.domain}`).post('/bc-authorize').reply(400, { - error: 'invalid_scope', - error_description: 'openid scope must be requested', - }); - - await expect( - backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'invalid_scope', - } as AuthorizeOptions) - ).rejects.toThrow('openid scope must be requested'); - }); - - it('should return authorization response', async () => { - nock(`https://${opts.domain}`).post('/bc-authorize').reply(200, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - - await expect( - backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - }) - ).resolves.toMatchObject({ - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - it('should pass requested_expiry to /bc-authorize', async () => { - let receivedRequestedExpiry = 0; - nock(`https://${opts.domain}`) - .post('/bc-authorize') - .reply(201, (uri, requestBody, cb) => { - receivedRequestedExpiry = JSON.parse( - querystring.parse(requestBody as any)['requested_expiry'] as string - ); - cb(null, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - await backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - requested_expiry: '999', - }); - - expect(receivedRequestedExpiry).toBe(999); - }); - - it('should pass request_expiry as requested_expiry and retain the request_expiry param for backwards compatibility', async () => { - let receivedRequestedExpiry = 0; - let receivedRequestExpiry = 0; - nock(`https://${opts.domain}`) - .post('/bc-authorize') - .reply(201, (uri, requestBody, cb) => { - receivedRequestedExpiry = JSON.parse( - querystring.parse(requestBody as any)['requested_expiry'] as string - ); - receivedRequestExpiry = JSON.parse( - querystring.parse(requestBody as any)['request_expiry'] as string - ); - cb(null, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - await backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - request_expiry: '999', - }); - - expect(receivedRequestedExpiry).toBe(999); - expect(receivedRequestExpiry).toBe(999); - }); - - it('should pass authorization_details to /bc-authorize', async () => { - let receivedAuthorizationDetails: { type: string }[] = []; - nock(`https://${opts.domain}`) - .post('/bc-authorize') - .reply(201, (uri, requestBody, cb) => { - receivedAuthorizationDetails = JSON.parse( - querystring.parse(requestBody as any)['authorization_details'] as string - ); - cb(null, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - await backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - authorization_details: JSON.stringify([{ type: 'test-type' }]), - }); - - expect(receivedAuthorizationDetails[0].type).toBe('test-type'); - }); - - it('should pass custom parameters to /bc-authorize', async () => { - let receivedCustomParam = ''; - nock(`https://${opts.domain}`) - .post('/bc-authorize') - .reply(201, (uri, requestBody, cb) => { - receivedCustomParam = querystring.parse(requestBody as any)['custom_param'] as string; - cb(null, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - await backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - custom_param: '', - }); - - expect(receivedCustomParam).toBe(''); - }); - - it('should throw for invalid request', async () => { - nock(`https://${opts.domain}`).post('/bc-authorize').reply(400, { - error: 'invalid_request', - error_description: 'Invalid request parameters', - }); - - await expect( - backchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - }) - ).rejects.toThrowError( - expect.objectContaining({ - body: expect.anything(), - }) - ); - }); - - it('should support Private Key JWT authentication', async () => { - const jwtBackchannel = new Backchannel(jwtOpts); - - nock(`https://${opts.domain}`).post('/bc-authorize').reply(200, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - - await expect( - jwtBackchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - }) - ).resolves.toMatchObject({ - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - - it('should support mTLS authentication', async () => { - const mtlsBackchannel = new Backchannel(mtlsOpts); - - nock(`https://${opts.domain}`).post('/bc-authorize').reply(200, { - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - - await expect( - mtlsBackchannel.authorize({ - userId: 'auth0|test-user-id', - binding_message: 'Test binding message', - scope: 'openid', - }) - ).resolves.toMatchObject({ - auth_req_id: 'test-auth-req-id', - expires_in: 300, - interval: 5, - }); - }); - }); - - describe('#backchannelGrant', () => { - it('should throw for invalid or expired auth_req_id', async () => { - nock(`https://${opts.domain}`).post('/oauth/token').reply(401, { - error: 'invalid_grant', - error_description: 'Invalid or expired auth_req_id', - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'invalid-auth-req-id', - }) - ).rejects.toThrow('Invalid or expired auth_req_id'); - }); - - it('should return token response', async () => { - nock(`https://${opts.domain}`).post('/oauth/token').reply(200, { - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).resolves.toMatchObject({ - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - }); - - it('should return token response, including authorization_details when available', async () => { - const authorization_details = JSON.stringify([{ type: 'test-type' }]); - nock(`https://${opts.domain}`).post('/oauth/token').reply(200, { - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - authorization_details, - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).resolves.toMatchObject({ - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - authorization_details, - }); - }); - - it('should throw for authorization pending', async () => { - nock(`https://${opts.domain}`).post('/oauth/token').reply(400, { - error: 'authorization_pending', - error_description: 'The end-user authorization is pending', - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).rejects.toThrowError( - expect.objectContaining({ - body: expect.anything(), - }) - ); - }); - - it('should throw for access denied', async () => { - nock(`https://${opts.domain}`).post('/oauth/token').reply(400, { - error: 'access_denied', - error_description: 'The end-user denied the authorization request or it has been expired', - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).rejects.toThrowError( - expect.objectContaining({ - body: expect.anything(), - }) - ); - }); - - it('should throw for polling too quickly', async () => { - nock(`https://${opts.domain}`).post('/oauth/token').reply(400, { - error: 'slow_down', - error_description: 'You are polling faster than allowed. Try again in 10 seconds.', - }); - - await expect( - backchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).rejects.toThrowError( - expect.objectContaining({ - body: expect.anything(), - }) - ); - }); - - it('should support Private Key JWT authentication', async () => { - const jwtBackchannel = new Backchannel(jwtOpts); - - nock(`https://${opts.domain}`).post('/oauth/token').reply(200, { - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - - await expect( - jwtBackchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).resolves.toMatchObject({ - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - }); - - it('should support mTLS authentication', async () => { - const mtlsBackchannel = new Backchannel(mtlsOpts); - - nock(`https://${opts.domain}`).post('/oauth/token').reply(200, { - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - - await expect( - mtlsBackchannel.backchannelGrant({ - auth_req_id: 'test-auth-req-id', - }) - ).resolves.toMatchObject({ - access_token: 'test-access-token', - id_token: 'test-id-token', - expires_in: 86400, - scope: 'openid', - }); - }); - }); -}); diff --git a/tests/auth/backchannel.test.ts b/tests/auth/backchannel.test.ts index 9e6582db4d..73172fa7f2 100644 --- a/tests/auth/backchannel.test.ts +++ b/tests/auth/backchannel.test.ts @@ -40,7 +40,7 @@ describe("Backchannel", () => { }); await expect(backchannel.authorize({} as AuthorizeOptions)).rejects.toThrow( - 'login_hint parameter validation failed: "sub" contains unsupported format', + 'login_hint parameter validation failed: "sub" contains unsupported format' ); }); @@ -51,7 +51,7 @@ describe("Backchannel", () => { }); await expect(backchannel.authorize({ userId: "auth0|test-user-id" } as AuthorizeOptions)).rejects.toThrow( - "binding_message is required", + "binding_message is required" ); }); @@ -66,7 +66,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "invalid_scope", - } as AuthorizeOptions), + } as AuthorizeOptions) ).rejects.toThrow("openid scope must be requested"); }); @@ -82,7 +82,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }), + }) ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -90,13 +90,68 @@ describe("Backchannel", () => { }); }); + it("should pass requested_expiry to /bc-authorize", async () => { + let receivedRequestedExpiry = 0; + nock(`https://${opts.domain}`) + .post("/bc-authorize") + .reply(201, (uri, requestBody, cb) => { + receivedRequestedExpiry = JSON.parse( + querystring.parse(requestBody as any)["requested_expiry"] as string + ); + cb(null, { + auth_req_id: "test-auth-req-id", + expires_in: 300, + interval: 5, + }); + }); + + await backchannel.authorize({ + userId: "auth0|test-user-id", + binding_message: "Test binding message", + scope: "openid", + requested_expiry: "999", + }); + + expect(receivedRequestedExpiry).toBe(999); + }); + + it("should pass request_expiry as requested_expiry and retain the request_expiry param for backwards compatibility", async () => { + let receivedRequestedExpiry = 0; + let receivedRequestExpiry = 0; + nock(`https://${opts.domain}`) + .post("/bc-authorize") + .reply(201, (uri, requestBody, cb) => { + receivedRequestedExpiry = JSON.parse( + querystring.parse(requestBody as any)["requested_expiry"] as string + ); + receivedRequestExpiry = JSON.parse( + querystring.parse(requestBody as any)["request_expiry"] as string + ); + cb(null, { + auth_req_id: "test-auth-req-id", + expires_in: 300, + interval: 5, + }); + }); + + await backchannel.authorize({ + userId: "auth0|test-user-id", + binding_message: "Test binding message", + scope: "openid", + request_expiry: "999", + }); + + expect(receivedRequestedExpiry).toBe(999); + expect(receivedRequestExpiry).toBe(999); + }); + it("should pass authorization_details to /bc-authorize", async () => { let receivedAuthorizationDetails: { type: string }[] = []; nock(`https://${opts.domain}`) .post("/bc-authorize") .reply(201, (uri, requestBody, cb) => { receivedAuthorizationDetails = JSON.parse( - querystring.parse(requestBody as any)["authorization_details"] as string, + querystring.parse(requestBody as any)["authorization_details"] as string ); cb(null, { auth_req_id: "test-auth-req-id", @@ -149,11 +204,11 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }), + }) ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }), + }) ); }); @@ -171,7 +226,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }), + }) ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -193,7 +248,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }), + }) ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -212,7 +267,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "invalid-auth-req-id", - }), + }) ).rejects.toThrow("Invalid or expired auth_req_id"); }); @@ -227,7 +282,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -249,7 +304,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -268,11 +323,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }), + }) ); }); @@ -285,11 +340,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }), + }) ); }); @@ -302,11 +357,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }), + }) ); }); @@ -323,7 +378,7 @@ describe("Backchannel", () => { await expect( jwtBackchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -345,7 +400,7 @@ describe("Backchannel", () => { await expect( mtlsBackchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }), + }) ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", From 6b0464873d83f06dcd478a11e908e146381aa8d6 Mon Sep 17 00:00:00 2001 From: guabu <135956181+guabu@users.noreply.github.com> Date: Mon, 8 Sep 2025 09:33:18 +0200 Subject: [PATCH 3/3] chore: format --- src/auth/backchannel.ts | 4 +-- tests/auth/backchannel.test.ts | 46 +++++++++++++++++----------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/auth/backchannel.ts b/src/auth/backchannel.ts index fe4b124521..108a28f95f 100644 --- a/src/auth/backchannel.ts +++ b/src/auth/backchannel.ts @@ -211,7 +211,7 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel { headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: new URLSearchParams(body), }, - {} + {}, ); const r: JSONApiResponse = await JSONApiResponse.fromResponse(response); @@ -266,7 +266,7 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel { headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: new URLSearchParams(body), }, - {} + {}, ); const r: JSONApiResponse = await JSONApiResponse.fromResponse(response); diff --git a/tests/auth/backchannel.test.ts b/tests/auth/backchannel.test.ts index 73172fa7f2..fd57e0c4b1 100644 --- a/tests/auth/backchannel.test.ts +++ b/tests/auth/backchannel.test.ts @@ -40,7 +40,7 @@ describe("Backchannel", () => { }); await expect(backchannel.authorize({} as AuthorizeOptions)).rejects.toThrow( - 'login_hint parameter validation failed: "sub" contains unsupported format' + 'login_hint parameter validation failed: "sub" contains unsupported format', ); }); @@ -51,7 +51,7 @@ describe("Backchannel", () => { }); await expect(backchannel.authorize({ userId: "auth0|test-user-id" } as AuthorizeOptions)).rejects.toThrow( - "binding_message is required" + "binding_message is required", ); }); @@ -66,7 +66,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "invalid_scope", - } as AuthorizeOptions) + } as AuthorizeOptions), ).rejects.toThrow("openid scope must be requested"); }); @@ -82,7 +82,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }) + }), ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -96,7 +96,7 @@ describe("Backchannel", () => { .post("/bc-authorize") .reply(201, (uri, requestBody, cb) => { receivedRequestedExpiry = JSON.parse( - querystring.parse(requestBody as any)["requested_expiry"] as string + querystring.parse(requestBody as any)["requested_expiry"] as string, ); cb(null, { auth_req_id: "test-auth-req-id", @@ -122,10 +122,10 @@ describe("Backchannel", () => { .post("/bc-authorize") .reply(201, (uri, requestBody, cb) => { receivedRequestedExpiry = JSON.parse( - querystring.parse(requestBody as any)["requested_expiry"] as string + querystring.parse(requestBody as any)["requested_expiry"] as string, ); receivedRequestExpiry = JSON.parse( - querystring.parse(requestBody as any)["request_expiry"] as string + querystring.parse(requestBody as any)["request_expiry"] as string, ); cb(null, { auth_req_id: "test-auth-req-id", @@ -151,7 +151,7 @@ describe("Backchannel", () => { .post("/bc-authorize") .reply(201, (uri, requestBody, cb) => { receivedAuthorizationDetails = JSON.parse( - querystring.parse(requestBody as any)["authorization_details"] as string + querystring.parse(requestBody as any)["authorization_details"] as string, ); cb(null, { auth_req_id: "test-auth-req-id", @@ -204,11 +204,11 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }) + }), ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }) + }), ); }); @@ -226,7 +226,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }) + }), ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -248,7 +248,7 @@ describe("Backchannel", () => { userId: "auth0|test-user-id", binding_message: "Test binding message", scope: "openid", - }) + }), ).resolves.toMatchObject({ auth_req_id: "test-auth-req-id", expires_in: 300, @@ -267,7 +267,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "invalid-auth-req-id", - }) + }), ).rejects.toThrow("Invalid or expired auth_req_id"); }); @@ -282,7 +282,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -304,7 +304,7 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -323,11 +323,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }) + }), ); }); @@ -340,11 +340,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }) + }), ); }); @@ -357,11 +357,11 @@ describe("Backchannel", () => { await expect( backchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).rejects.toThrowError( expect.objectContaining({ body: expect.anything(), - }) + }), ); }); @@ -378,7 +378,7 @@ describe("Backchannel", () => { await expect( jwtBackchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token", @@ -400,7 +400,7 @@ describe("Backchannel", () => { await expect( mtlsBackchannel.backchannelGrant({ auth_req_id: "test-auth-req-id", - }) + }), ).resolves.toMatchObject({ access_token: "test-access-token", id_token: "test-id-token",