From 67076ce973b559647d01052549b282af86493b95 Mon Sep 17 00:00:00 2001
From: 4geru <uchinishi.koichi@moneyforward.co.jp>
Date: Sun, 25 Jul 2021 17:28:49 +0900
Subject: [PATCH] add oauth verify api

---
 docs/api-reference/oauth.md | 25 +++++++++++++++++++++++--
 lib/client.ts               | 20 ++++++++++++++++++++
 lib/types.ts                | 23 +++++++++++++++++++++++
 test/client.spec.ts         | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+), 2 deletions(-)

diff --git a/docs/api-reference/oauth.md b/docs/api-reference/oauth.md
index 4bbd88339..c0642316c 100644
--- a/docs/api-reference/oauth.md
+++ b/docs/api-reference/oauth.md
@@ -11,6 +11,7 @@ class OAuth {
 
   issueAccessToken(client_id: string, client_secret: string): Promise<Types.ChannelAccessToken>
   revokeAccessToken(access_token: string): Promise<{}>
+  verifyAccessToken(access_token: string): Promise<{}>
   issueChannelAccessTokenV2_1(
     client_assertion: string,
   ): Promise<Types.ChannelAccessToken>
@@ -21,7 +22,13 @@ class OAuth {
     client_id: string,
     client_secret: string,
     access_token: string,
-  ): Promise<{}>
+  ): Promise<Types.VerifyAccessToken>
+  verifyIdToken(
+    id_token: string,
+    client_id: string,
+    nonce: string = undefined,
+    user_id: string = undefined,
+  ): Promise<Types.VerifyIDToken>
 }
 ```
 
@@ -66,9 +73,19 @@ It corresponds to the [Issue channel access token](https://developers.line.biz/e
 const { access_token, expires_in, token_type } = await oauth.issueAccessToken("client_id", "client_secret");
 ```
 
+
+#### `verifyAccessToken(access_token: string): Promise<{}>`
+
+It corresponds to the [Verify access token validity](https://developers.line.biz/en/reference/line-login/#verify-access-token) API.
+
+
+``` js
+await oauth.verifyAccessToken("access_token");
+```
+
 #### `revokeAccessToken(access_token: string): Promise<{}>`
 
-It corresponds to the [Revoke channel access token](https://developers.line.biz/en/reference/messaging-api/#revoke-channel-access-token) API.
+It corresponds to the [Revoke channel access token](https://developers.line.biz/en/reference/line-login/#revoke-access-token) API.
 
 
 ``` js
@@ -86,3 +103,7 @@ It corresponds to the [Get all valid channel access token key IDs v2.1](https://
 #### revokeChannelAccessTokenV2_1(client_id: string, client_secret: string, access_token: string): Promise<{}>
 
 It corresponds to the [Revoke channel access token v2.1](https://developers.line.biz/en/reference/messaging-api/#revoke-channel-access-token-v2-1) API.
+
+#### verifyIdToken(id_token: string, client_id: string, nonce: string = undefined, user_id: string = undefined): Promise<{}>
+
+It corresponds to the [Verify ID token v2.1](https://developers.line.biz/en/reference/line-login/#verify-id-token) API.
\ No newline at end of file
diff --git a/lib/client.ts b/lib/client.ts
index f1632ab83..58d537135 100644
--- a/lib/client.ts
+++ b/lib/client.ts
@@ -679,6 +679,26 @@ export class OAuth {
     return this.http.postForm(`${OAUTH_BASE_PREFIX}/revoke`, { access_token });
   }
 
+  public verifyAccessToken(
+    access_token: string,
+  ): Promise<Types.VerifyAccessToken> {
+    return this.http.get(`${OAUTH_BASE_PREFIX_V2_1}/verify`, { access_token });
+  }
+
+  public verifyIdToken(
+    id_token: string,
+    client_id: string,
+    nonce?: string,
+    user_id?: string,
+  ): Promise<Types.VerifyIDToken> {
+    return this.http.postForm(`${OAUTH_BASE_PREFIX}/verify`, {
+      id_token,
+      client_id,
+      nonce,
+      user_id,
+    });
+  }
+
   public issueChannelAccessTokenV2_1(
     client_assertion: string,
   ): Promise<Types.ChannelAccessToken> {
diff --git a/lib/types.ts b/lib/types.ts
index 94f74540a..e81aa6ae7 100644
--- a/lib/types.ts
+++ b/lib/types.ts
@@ -2599,6 +2599,29 @@ export type ChannelAccessToken = {
   key_id?: string;
 };
 
+export type VerifyAccessToken = {
+  scope: string;
+  client_id: string;
+  expires_in: number;
+};
+
+export type VerifyIDToken = {
+  scope: string;
+  client_id: string;
+  expires_in: number;
+
+  iss: string;
+  sub: string;
+  aud: number;
+  exp: number;
+  iat: number;
+  nonce: string;
+  amr: string[];
+  name: string;
+  picture: string;
+  email: string;
+};
+
 /**
  * Response body of get group summary.
  *
diff --git a/test/client.spec.ts b/test/client.spec.ts
index f66da7ad2..b9f3d0aab 100644
--- a/test/client.spec.ts
+++ b/test/client.spec.ts
@@ -1042,6 +1042,39 @@ describe("oauth", () => {
     deepEqual(res, {});
   });
 
+  it("verifyAccessToken", async () => {
+    const access_token = "test_channel_access_token";
+    const scope = nock(OAUTH_BASE_PREFIX_V2_1)
+      .get("/verify")
+      .query({
+        access_token,
+      })
+      .reply(200, {});
+
+    const res = await oauth.verifyAccessToken(access_token);
+    equal(scope.isDone(), true);
+    deepEqual(res, {});
+  });
+
+  it("verifyIdToken", async () => {
+    const id_token = "test_channel_access_token";
+    const client_id = "test_client_id";
+    const nonce = "test_nonce";
+    const user_id = "test_user_id";
+    const scope = nock(OAUTH_BASE_PREFIX, interceptionOption)
+      .post("/verify", {
+        id_token,
+        client_id,
+        nonce,
+        user_id,
+      })
+      .reply(200, {});
+
+    const res = await oauth.verifyIdToken(id_token, client_id, nonce, user_id);
+    equal(scope.isDone(), true);
+    deepEqual(res, {});
+  });
+
   it("issueChannelAccessTokenV2_1", async () => {
     const client_assertion = "client_assertion";
     const reply = {