Authorization Management Component reference implementation

.changeset/README.md

@@ -0,0 +1,16 @@
+# Changesets
+
+Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
+with multi-package repos, or single-package repos to help you version and publish your code. You can
+find the full documentation for it [in our repository](https://github.com/changesets/changesets)
+
+We have a quick list of common questions to get you started engaging with this project in
+[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)
+
+Steps to use Changesets with this Repo.
+
+#1 Commit as you normally would to your branch
+#2 When you have code the constitues a patch/minor/major version bump then run `npm run bump-version`, you will be prompted to give a summary then that will later to be added to the changelog.md NOTE: you may add multiple changesets to once branch and the packages version will take the highest semvar change.
+#3 If you want to add additional details to your notes you can edit the generated changesets file before you commit it
+#4 Commit the changesets file and push your changes.
+#5 On merge into `main` branch, the version will be bumped and release PR will be made. Look over this PR and merge to finish tagging the release. NOTE: if you do not commit a changesets file AT ALL on merge to main

.changeset/config.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "https://unpkg.com/@changesets/config@2.3.0/schema.json",
+  "changelog": "@changesets/cli/changelog",
+  "commit": false,
+  "fixed": [],
+  "linked": [],
+  "access": "restricted",
+  "baseBranch": "main",
+  "updateInternalDependencies": "patch",
+  "ignore": []
+}

.env.development

@@ -0,0 +1 @@
+NEXT_PUBLIC_DEV_CLIENT_ID=https://storage.inrupt.com/87048fc7-b553-4c86-95de-633e1675f0bd/AMI/clientid.jsonld

.eslintignore

@@ -0,0 +1,4 @@
+/coverage
+/node_modules
+/e2e/test-app
+src/cache/purposesParsed.ts

.eslintrc.json

@@ -0,0 +1,48 @@
+{
+  "root": true,
+  "env": {
+    "browser": true,
+    "es2021": true
+  },
+  "extends": [
+    "next/core-web-vitals",
+    "@inrupt/eslint-config-react",
+    "plugin:react/recommended",
+    "plugin:react/jsx-runtime",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:jsx-a11y/recommended",
+    "eslint:recommended",
+    "prettier"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaFeatures": {
+      "jsx": true
+    },
+    "ecmaVersion": "latest",
+    "project": ["./tsconfig.json"],
+    "sourceType": "module"
+  },
+  "plugins": ["react", "prettier", "@typescript-eslint", "jsx-a11y"],
+  "rules": {
+    "react/jsx-filename-extension": [
+      1,
+      {
+        "extensions": [".ts", ".tsx"]
+      }
+    ],
+    "react/jsx-props-no-spreading": [0],
+    "no-shadow": ["warn", { "allow": ["fetch"] }],
+    "@typescript-eslint/no-floating-promises": "error",
+    "@typescript-eslint/no-unused-vars": "error",
+    "no-unused-vars": "off"
+  },
+  "overrides": [
+    {
+      "files": ["e2e/**/*.playwright.ts"]
+    }
+  ],
+  "globals": {
+    "JSX": true
+  }
+}

.github/pull_request_template.md

@@ -0,0 +1,20 @@
+# Title
+
+## Description of changes
+
+## User testing instructions
+
+## Commit checklist
+
+- [ ] All acceptance criteria are met.
+- [ ] Includes tests to ensure functionality, accessibility and prevent regressions, including E2E tests for supported browsers.
+- [ ] Relevant documentation, if any, has been written/updated.
+- [ ] The changelog has been updated, if applicable.
+- [ ] A changeset version has been created, if applicable.
+- [ ] Meets Inrupt coding standards and adheres to commit conventions.
+
+## Design requirements checklist
+
+- [ ] Meets Inrupt API Design and UX standards
+- [ ] Is responsive to our documented minimum supported screen size + resolution
+- [ ] Code is extensible by external contributors or anyone forking

.github/workflows/cd.yml

@@ -0,0 +1,44 @@
+on:
+  push:
+    branches: [main]
+
+jobs:
+  lint:
+    uses: inrupt/typescript-sdk-tools/.github/workflows/reusable-lint.yml@v3
+
+  test:
+    name: run tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20.x
+          cache: npm
+      - run: npm ci
+      - run: npm run test
+      - uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage
+          path: coverage/
+
+  sonarqube:
+    name: run sonarqube
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v3
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+      - uses: actions/download-artifact@v3
+        with:
+          name: code-coverage
+          path: coverage/
+      - name: SonarQube Scan
+        uses: kitabisa/sonarqube-action@v1.2.0
+        with:
+          host: ${{ secrets.SONARQUBE_HOST }}
+          login: ${{ secrets.SONARQUBE_DEV_INRUPT_COM_GITHUB_TOKEN }}

.github/workflows/changeset-version-release.yml

@@ -0,0 +1,30 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+permissions: {} #reset
+jobs:
+  release:
+    # IMPORTANT: prevent this action from running on forks
+    if: github.repository == 'inrupt/authorization-management-component'
+    permissions:
+      contents: write # to create release (changesets/action)
+      pull-requests: write # to create pull request (changesets/action)
+    name: Create a new release version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: npm ci
+      - name: Publish release tags and changelogs
+        id: changesets
+        uses: changesets/action@v1
+        with:
+          version: npm run version
+          publish: npm run release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -0,0 +1,49 @@
+on:
+  pull_request:
+  workflow_dispatch:
+
+# This allows a subsequently queued workflow run to interrupt previous runs
+concurrency:
+  group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    uses: inrupt/typescript-sdk-tools/.github/workflows/reusable-lint.yml@v3
+
+  test:
+    name: run tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: npm
+      - run: npm ci
+      - run: npm run test
+      - uses: actions/upload-artifact@v4
+        with:
+          name: code-coverage
+          path: coverage/
+
+  sonarqube:
+    name: run sonarqube
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v4
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+      - uses: actions/download-artifact@v4
+        with:
+          name: code-coverage
+          path: coverage/
+      - name: SonarQube Scan
+        uses: kitabisa/sonarqube-action@v1.2.0
+        with:
+          host: ${{ secrets.SONARQUBE_HOST }}
+          login: ${{ secrets.SONARQUBE_DEV_INRUPT_COM_GITHUB_TOKEN }}

.github/workflows/clientId.yml

@@ -0,0 +1,19 @@
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update-clientId:
+    name: update client ID document
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: npm
+      - run: npm run update-clientId
+        env:
+          CLIENT_ID: ${{ secrets.UPDATECLIENTID_CLIENT_ID }}
+          CLIENT_SECRET: ${{ secrets.UPDATECLIENTID_CLIENT_SECRET }}

.github/workflows/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+  # Enable version updates for application itself.
+  - package-ecosystem: "npm"
+    # Look for `package.json` and `lock` files in the `root` directory.
+    directory: "/"
+    # Check the npm registry for updates every day (weekdays).
+    schedule:
+      interval: "weekly"
+  # Enable version updates for our CI tooling.
+  - package-ecosystem: "github-actions"
+    # For GitHub Actions, setting the directory to / will check for workflow
+    # files in .github/workflows.
+    directory: "/"
+    # Check the npm registry for updates every day (weekdays).
+    schedule:
+      interval: "weekly"
+  # Enable version updates for embedded demo app
+  - package-ecosystem: "npm"
+    # Look for `package.json` and `package-lock.json` files in the `e2e/browser/test-app` directory.
+    directory: "/e2e/test-app"
+    # Check the npm registry for updates every day (weekdays).
+    schedule:
+      interval: "weekly"

.github/workflows/e2e-browser.yml

@@ -0,0 +1,58 @@
+name: End-to-end tests
+
+on:
+  push:
+
+env:
+  CI: true
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  e2e-browser:
+    runs-on: ubuntu-latest-m
+    environment:
+      name: ${{ matrix.environment-name }}
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      fail-fast: true
+      matrix:
+        environment-name: ["ESS PodSpaces", "ESS Dev-2-1"]
+        experimental: [false]
+        include:
+          - environment-name: "ESS Dev-2-2"
+            experimental: true
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: npm
+      - run: npm ci
+      - run: npm run build -- --no-lint
+      - run: npm run prepare:e2e
+      - run: npx playwright install --with-deps
+      - # Dependabot cannot access secrets, so it doesn't have a token to authenticate to ESS.
+        # We want jobs in this workflow to be gating PRs, so the whole matrix must
+        # run even for dependabot so that the matrixed jobs are skipped, instead
+        # of the whole pipeline.
+        if: github.actor != 'dependabot[bot]'
+        run: npm run test:e2e
+        env:
+          E2E_TEST_USER: ${{ secrets.E2E_TEST_USER }}
+          E2E_TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
+          E2E_TEST_IDP: ${{ secrets.E2E_TEST_IDP }}
+          E2E_TEST_NOTIFICATION_GATEWAY: ${{ secrets.E2E_TEST_NOTIFICATION_GATEWAY }}
+          E2E_TEST_OWNER_CLIENT_ID: ${{ secrets.E2E_TEST_OWNER_CLIENT_ID }}
+          E2E_TEST_OWNER_CLIENT_SECRET: ${{ secrets.E2E_TEST_OWNER_CLIENT_SECRET }}
+          E2E_TEST_REQUESTOR_CLIENT_ID: ${{ secrets.E2E_TEST_REQUESTOR_CLIENT_ID }}
+          E2E_TEST_REQUESTOR_CLIENT_SECRET: ${{ secrets.E2E_TEST_REQUESTOR_CLIENT_SECRET }}
+          E2E_TEST_ENVIRONMENT: ${{ matrix.environment-name }}
+      - name: Archive Authorization-management-component end-to-end test request logs
+        uses: actions/upload-artifact@v4
+        if: failure()
+        continue-on-error: true
+        with:
+          name: playwright-output-${{ matrix.environment-name }}
+          path: test-results/

.gitignore

@@ -0,0 +1,53 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+src/cache/purposesParsed.ts
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+test-results/
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# local env files
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Sentry
+.sentryclirc
+
+# Developers' Environment Variables
+.env
+.env.local

.husky/pre-push

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npm run lint && npm run test

.nvmrc

@@ -0,0 +1 @@
+20