wip

back/src/adapters/primary/routers/inclusionConnect/inclusionConnect.e2e.test.ts

@@ -11,6 +11,7 @@ import {
  frontRoutes,
  inclusionConnectImmersionRoutes,
  queryParamsAsString,
+ IdToken,
 } from "shared";
 import { HttpClient } from "shared-routes";
 import { createSupertestSharedClient } from "shared-routes/supertest";
@@ -102,8 +103,10 @@ describe("inclusion connection flow", () => {
  async (page) => {
  const authCode = "inclusion-auth-code";
  const inclusionToken = "inclusion-token";
+ const idToken = "inclusion-id-token";
  gateways.oAuthGateway.setAccessTokenResponse({
  accessToken: inclusionToken,
+ idToken,
  expire: 1,
  payload: {
  email: "osef@gmail",
@@ -150,9 +153,11 @@ describe("inclusion connection flow", () => {
  const authCode = "inclusion-auth-code";
  const inclusionToken = "inclusion-token";
  const sub = "osef";
+ const idToken: IdToken = "inclusion-connect-access-token";
  gateways.oAuthGateway.setAccessTokenResponse({
  accessToken: inclusionToken,
  expire: 1,
+ idToken,
  payload: {
  email: "osef@gmail",
  firstName: "osef",

back/src/domains/core/authentication/inclusion-connect/adapters/oauth-gateway/HttpOAuthGateway.ts

@@ -130,6 +130,7 @@ export class HttpOAuthGateway implements OAuthGateway {
 
  return {
  accessToken: proConnectAccessTokenBody.access_token,
+ idToken: proConnectAccessTokenBody.id_token,
  expire: proConnectAccessTokenBody.expires_in,
  payload: {
  sub: oAuthIdTokenPayload.sub,
@@ -176,6 +177,7 @@ export class HttpOAuthGateway implements OAuthGateway {
  return {
  accessToken: inclusionConnectAccessTokenBody.access_token,
  expire: inclusionConnectAccessTokenBody.expires_in,
+ idToken: tokenWithPayload,
  payload: {
  sub: oAuthIdTokenPayload.sub,
  lastName: oAuthIdTokenPayload.family_name,
@@ -206,14 +208,12 @@ export class HttpOAuthGateway implements OAuthGateway {
  public async getLogoutUrl(
  provider: OAuthGatewayProvider,
  ): Promise<AbsoluteUrl> {
- const uriByMode: Record<OAuthGatewayProvider, AbsoluteUrl> = {
- InclusionConnect: `${this.inclusionConnectConfig.providerBaseUri}/logout/`,
- ProConnect: "http://", // TODO
- };
+ const uri: AbsoluteUrl =
+ provider === "InclusionConnect"
+  ? `${this.inclusionConnectConfig.providerBaseUri}/logout/`
+  : `${this.proConnectConfig.providerBaseUri}/session/end/`;
 
- return `${
- uriByMode[provider]
- }?${queryParamsAsString<InclusionConnectLogoutQueryParams>({
+ return `${uri}?${queryParamsAsString<InclusionConnectLogoutQueryParams>({
  client_id: this.inclusionConnectConfig.clientId,
  post_logout_redirect_uri:
  this.inclusionConnectConfig.immersionRedirectUri.afterLogout,

back/src/domains/core/authentication/inclusion-connect/port/OAuthGateway.ts

@@ -5,7 +5,7 @@ import {
  FeatureFlags,
  WithSourcePage,
 } from "shared";
-import { OAuthJwt } from "../entities/OngoingOAuth";
+import { IdToken, OAuthJwt } from "../entities/OngoingOAuth";
 
 export type GetAccessTokenParams = WithSourcePage & {
  code: string;
@@ -24,6 +24,7 @@ export type GetAccessTokenResult = {
  payload: GetAccessTokenPayload;
  expire: number;
  accessToken: OAuthJwt;
+ idToken: IdToken;
 };
 
 export type GetLoginUrlParams = WithSourcePage & {

back/src/domains/core/authentication/inclusion-connect/use-cases/AuthenticateWithInclusionCode.integration.test.ts

@@ -134,9 +134,11 @@ describe("AuthenticateWithInclusionCode use case", () => {
  await uow.ongoingOAuthRepository.save(initialOngoingOAuth);
 
  const accessToken = "inclusion-access-token";
+ const idToken = "fake-id-token";
  inclusionConnectGateway.setAccessTokenResponse({
  payload: expectedIcIdTokenPayload,
  accessToken,
+ idToken,
  expire: 60,
  });
 

back/src/domains/core/authentication/inclusion-connect/use-cases/AuthenticateWithInclusionCode.ts

@@ -97,7 +97,7 @@ export class AuthenticateWithInclusionCode extends TransactionalUseCase<
  { code, page }: WithSourcePage & { code: OAuthCode },
  existingOngoingOAuth: OngoingOAuth,
  ): Promise<ConnectedRedirectUrl> {
- const { accessToken, expire, payload } =
+ const { accessToken, expire, payload, idToken } =
  await this.#inclusionConnectGateway.getAccessToken(
  {
  code,
@@ -184,6 +184,7 @@ export class AuthenticateWithInclusionCode extends TransactionalUseCase<
  firstName: newOrUpdatedAuthenticatedUser.firstName,
  lastName: newOrUpdatedAuthenticatedUser.lastName,
  email: newOrUpdatedAuthenticatedUser.email,
+ idToken,
  })}`;
  }
 

back/src/domains/core/authentication/inclusion-connect/use-cases/AuthenticateWithInclusionCode.unit.test.ts

@@ -350,11 +350,13 @@ describe("AuthenticateWithInclusionCode use case", () => {
  uow.ongoingOAuthRepository.ongoingOAuths = [initialOngoingOAuth];
 
  const accessToken = "inclusion-access-token";
+ const idToken: IdToken = "inclusion-connect-id-token";
 
  inclusionConnectGateway.setAccessTokenResponse({
  expire: 60,
  payload: defaultExpectedIcIdTokenPayload,
  accessToken,
+ idToken,
  });
 
  await expectPromiseToFailWithError(
@@ -388,10 +390,12 @@ describe("AuthenticateWithInclusionCode use case", () => {
  uuidGenerator.setNextUuid(userId);
 
  const accessToken = "inclusion-access-token";
+ const idToken: IdToken = "inclusion-connect-id-token";
  inclusionConnectGateway.setAccessTokenResponse({
  payload: expectedIcIdTokenPayload,
  accessToken,
  expire: 60,
+ idToken,
  });
 
  return {

front/src/app/routes/InclusionConnectedPrivateRoute.tsx

@@ -9,6 +9,7 @@ import {
 import { useDispatch } from "react-redux";
 import {
  domElementIds,
+ FederatedIdentityProvider,
  inclusionConnectImmersionRoutes,
  queryParamsAsString,
 } from "shared";
@@ -49,6 +50,10 @@ export const InclusionConnectedPrivateRoute = ({
  featureFlagSelectors.featureFlagState,
  );
 
+ const providerName = enableProConnect.isActive
+ ? "ProConnect"
+ : "Inclusion Connect";
+
  useEffect(() => {
  const { token, email = "", firstName = "", lastName = "" } = route.params;
  if (token) {
@@ -67,10 +72,6 @@ export const InclusionConnectedPrivateRoute = ({
  }
  }, [route.params, route.name, dispatch]);
 
- const providerName = enableProConnect.isActive
- ? "Pro Connect"
- : "Inclusion Connect";
-
  if (!isInclusionConnected)
  return (
  <HeaderFooterLayout>

front/src/app/routes/routes.ts

@@ -33,6 +33,7 @@ const inclusionConnectedParams = createInclusionConnectedParams({
  firstName: param.query.optional.string,
  lastName: param.query.optional.string,
  email: param.query.optional.string,
+ idToken: param.query.optional.string,
 });
 
 export const acquisitionParams = {

shared/src/federatedIdentities/federatedIdentity.dto.ts

@@ -1,12 +1,14 @@
 import { InclusionConnectJwt } from "../tokens/jwt.dto";
 import { Flavor } from "../typeFlavors";
+import { IdToken } from "../inclusionConnect/inclusionConnect.dto";
 
 export type FederatedIdentityProvider =
  (typeof federatedIdentityProviders)[number];
 
 export const federatedIdentityProviders = [
  "inclusionConnect",
  "peConnect",
+ "proConnect",
 ] as const;
 
 type GenericFederatedIdentity<
@@ -17,6 +19,7 @@ type GenericFederatedIdentity<
  provider: Provider;
  token: T;
  payload?: P;
+ idToken: IdToken;
 };
 
 export const authFailed = "AuthFailed";
@@ -53,4 +56,12 @@ export type InclusionConnectIdentity = GenericFederatedIdentity<
  InclusionConnectJwt
 >;
 
-export type FederatedIdentity = InclusionConnectIdentity | PeConnectIdentity;
+export type ProConnectIdentity = GenericFederatedIdentity<
+ "proConnect",
+ InclusionConnectJwt
+>;
+
+export type FederatedIdentity =
+ | ProConnectIdentity
+ | InclusionConnectIdentity
+ | PeConnectIdentity;

shared/src/inclusionConnect/inclusionConnect.dto.ts

@@ -9,6 +9,7 @@ import { SignatoryRole } from "../role/role.dto";
 import { allowedStartInclusionConnectLoginPages } from "../routes/routes";
 import { ExcludeFromExisting, ExtractFromExisting } from "../utils";
 
+export type IdToken = Flavor<string, "IdToken">;
 export type IdentityProvider = "inclusionConnect" | "proConnect";
 export type OAuthState = Flavor<string, "OAuthState">;
 export type OAuthCode = Flavor<string, "OAuthCode">;
@@ -26,6 +27,7 @@ export type WithSourcePage = {
 
 export type AuthenticatedUserQueryParams = {
  token: InclusionConnectJwt;
+ idToken: string;
 } & Pick<User, "email" | "firstName" | "lastName">;
 
 type InclusionConnectConventionManageAllowedRole =