From 816f19d485d52f8898cc3d51086bd8cf6fefcd33 Mon Sep 17 00:00:00 2001 From: acr13 Date: Tue, 14 Dec 2021 11:03:28 -0500 Subject: [PATCH] fix: update getAccessTokenFromClientCredentialFlow to take scope as a param --- src/smart-auth/README.md | 1 + src/smart-auth/index.test.ts | 1 - src/smart-auth/index.ts | 6 +++--- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/smart-auth/README.md b/src/smart-auth/README.md index 5cb8146..7bf5bb2 100644 --- a/src/smart-auth/README.md +++ b/src/smart-auth/README.md @@ -123,6 +123,7 @@ Sero will pass your scoped parameters in its generated authorization URL for you * `SmartAuthRedirectQuerystring` is a TS interface that types the Fastify route contraints for the redirect/callback url - see example for use * `SmartAuthUrlQuerystring` is a TS interface that types the Fastify route contraints for the auto-generated authorization URL starting point described above. You can customize scopes on a per request basis. * `SmartAuthRedirectQuerystringSchema` is the AJV schema definition that corresponds to `SmartAuthRedirectQuerystring`, and can be used in the Fastify runtime - see example for use +* `getAccessTokenFromClientCredentialFlow` is a function to fetch a `client_credential` access token for a given `SmartAuthProvider`. It will also prioritize the passed in `scope: string[]` over the `smartAuthProvider.scope`, in case you need special scope(s) for this flow. This function is not decorated on the fastify server, so it can be called directly on a `SmartAuthProvider`. ### Decorators diff --git a/src/smart-auth/index.test.ts b/src/smart-auth/index.test.ts index 993d83e..3efaf30 100644 --- a/src/smart-auth/index.test.ts +++ b/src/smart-auth/index.test.ts @@ -82,7 +82,6 @@ describe("getAccessTokenFromClientCredentialFlow", () => { }, auth: { tokenHost: 'http://localhost/token', - clientCredentialsScope: ['Public NonPII'], }, redirect: { host: 'http://localhost:3000/smart/smart-stub/auth', diff --git a/src/smart-auth/index.ts b/src/smart-auth/index.ts index 7306097..77b5ea1 100644 --- a/src/smart-auth/index.ts +++ b/src/smart-auth/index.ts @@ -47,8 +47,6 @@ export type SmartAuthProvider = { tokenPath?: string; /** String path to revoke an access token. Default to /oauth/revoke. */ revokePath?: string; - /** Overrides for client credentials */ - clientCredentialsScope?: (SmartAuthScope | string)[]; }; redirect: { /** A required host name for the auth code exchange redirect path. */ @@ -69,6 +67,7 @@ export interface SmartAuthNamespace { getAccessTokenFromClientCredentialFlow( smartAuthProvider: SmartAuthProvider, + scope?: string[], ): Promise; getNewAccessTokenUsingRefreshToken( @@ -208,6 +207,7 @@ const oauthPlugin: FastifyPluginCallback = function (http, op export const getAccessTokenFromClientCredentialFlow = async ( smartAuthProvider: SmartAuthProvider, + scope?: string[] ): Promise => { const clientCredentialsOptions = { client: smartAuthProvider.client, @@ -219,7 +219,7 @@ export const getAccessTokenFromClientCredentialFlow = async ( const client = new ClientCredentials(clientCredentialsOptions); const tokenParams = { - scope: smartAuthProvider.auth?.clientCredentialsScope || smartAuthProvider.scope, + scope: scope || smartAuthProvider.scope, }; try {