From feef0a3ce5fdfa3cf8a0064ca7b2db5234a1e2f6 Mon Sep 17 00:00:00 2001 From: adamjmcgrath Date: Wed, 25 Mar 2020 12:06:40 +0000 Subject: [PATCH 1/3] Allow to opt-out from sending SDK Telemetry - by setting `enableTelemetry: false` --- API.md | 1 + index.d.ts | 6 ++++++ lib/client.js | 4 ++-- lib/config.js | 1 + test/client.tests.js | 23 +++++++++++++++++++++++ 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/API.md b/API.md index ae612cda..a389e192 100644 --- a/API.md +++ b/API.md @@ -34,6 +34,7 @@ Additional configuration keys that can be passed to `auth()` on initialization: - **`auth0Logout`** - Boolean value to enable Auth0's logout feature. Default is `false`. - **`authorizationParams`** - Object that describes the authorization server request. [See below](#authorization-params-key) for defaults and more details. - **`clockTolerance`** - Integer value for the system clock's tolerance (leeway) in seconds for ID token verification. Default is `60`. +- **`enableTelemetry`** - Opt-in to sending the library and node version to your authorization server via the `Auth0-Client` header. Default is `true`. - **`errorOnRequiredAuth`** - Boolean value to throw a `Unauthorized 401` error instead of triggering the login process for routes that require authentication. Default is `false`. - **`getUser`** - Function that returns the profile for `req.openid.user`. This runs on each application page load for authenticated users. Default is [here](lib/hooks/getUser.js). - **`handleCallback`** - Function that runs on the callback route, after callback processing but before redirection. Default is [here](lib/hooks/handleCallback.js). diff --git a/index.d.ts b/index.d.ts index f222abde..b8dd4f82 100644 --- a/index.d.ts +++ b/index.d.ts @@ -64,6 +64,12 @@ interface ConfigParams { */ clockTolerance?: number; + /** + * Opt-in to sending the library and node version to your authorization server + * via the `Auth0-Client` header. + */ + enableTelemetry?: boolean; + /** * Throw a 401 error instead of triggering the login process for routes that require authentication. */ diff --git a/lib/client.js b/lib/client.js index 6712dcec..27ae12d0 100644 --- a/lib/client.js +++ b/lib/client.js @@ -74,8 +74,8 @@ async function get(config) { // Allow configuration to override user agent header. {'User-Agent': `${pkg.name}/${pkg.version}`}, httpOptions.headers || {}, - // Do not allow overriding telemetry. - {'Auth0-Client': Buffer.from(JSON.stringify(telemetryHeader)).toString('base64')} + // Do not allow overriding telemetry, but allow it to be omitted. + config.enableTelemetry && {'Auth0-Client': Buffer.from(JSON.stringify(telemetryHeader)).toString('base64')} ); custom.setHttpOptionsDefaults(httpOptions); diff --git a/lib/config.js b/lib/config.js index 4dae5094..2bc5ed5a 100644 --- a/lib/config.js +++ b/lib/config.js @@ -59,6 +59,7 @@ const paramsSchema = Joi.object({ } ), clockTolerance: Joi.number().optional().default(60), + enableTelemetry: Joi.boolean().optional().default(true), errorOnRequiredAuth: Joi.boolean().optional().default(false), getLoginState: Joi.function().optional().default(() => getLoginState), getUser: Joi.function().optional().default(() => getUser), diff --git a/test/client.tests.js b/test/client.tests.js index 85c9d472..643fc214 100644 --- a/test/client.tests.js +++ b/test/client.tests.js @@ -90,6 +90,29 @@ describe('client initialization', function() { }); }); + describe('telemetry header', function() { + const config = getConfig({ + appSession: {secret: '__test_session_secret__'}, + clientID: '__test_client_id__', + clientSecret: '__test_client_secret__', + issuerBaseURL: 'https://test.auth0.com', + baseURL: 'https://example.org', + enableTelemetry: false + }); + + let client; + before(async function() { + client = await getClient(config); + }); + + it('should send the correct default headers', async function() { + const headers = await client.introspect('__test_token__', '__test_hint__'); + const headerProps = Object.getOwnPropertyNames(headers); + + assert.notInclude(headerProps, 'auth0-client'); + }); + }); + describe('idTokenAlg configuration is not overridden by discovery server', function() { const config = getConfig({ appSession: {secret: '__test_session_secret__'}, From 82f1a0d0e90752247eb17d94b525e091709f824e Mon Sep 17 00:00:00 2001 From: adamjmcgrath Date: Thu, 26 Mar 2020 13:16:40 +0000 Subject: [PATCH 2/3] Fix tests by applying http options on a per request basis --- lib/client.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/client.js b/lib/client.js index 27ae12d0..833a046d 100644 --- a/lib/client.js +++ b/lib/client.js @@ -78,7 +78,9 @@ async function get(config) { config.enableTelemetry && {'Auth0-Client': Buffer.from(JSON.stringify(telemetryHeader)).toString('base64')} ); - custom.setHttpOptionsDefaults(httpOptions); + client[custom.http_options] = function(options) { + return Object.assign({}, options, httpOptions); + }; client[custom.clock_tolerance] = config.clockTolerance; From 2523f4ba0d62287e2834a7f1a1c24b214ac1e7f9 Mon Sep 17 00:00:00 2001 From: adamjmcgrath Date: Thu, 26 Mar 2020 14:17:54 +0000 Subject: [PATCH 3/3] Get codecov checks to run again --- EXAMPLES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EXAMPLES.md b/EXAMPLES.md index bb1476bd..7ffd7e3b 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -108,7 +108,7 @@ app.use(auth({ // Setting this configuration key to false will turn off internal session handling. appSession: false, handleCallback: async function (req, res, next) { - // This will store the user identity claims in the session + // This will store the user identity claims in the session. req.session.userIdentity = req.openidTokens.claims(); next(); },