example: update fapi2-message-signing.ts to be using OpenID Connect

panva · Sep 15, 2024 · bec0d40 · bec0d40
1 parent d34609b
commit bec0d40
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 8 deletions.
diff --git a/examples/fapi2-message-signing.diff b/examples/fapi2-message-signing.diff
@@ -1,5 +1,5 @@
 diff --git a/examples/fapi2.ts b/examples/fapi2-message-signing.ts
-index 80ec0f4..c4b4e4f 100644
+index 80ec0f4..5afce7e 100644
 --- a/examples/fapi2.ts
 +++ b/examples/fapi2-message-signing.ts
 @@ -24,6 +24,11 @@ let DPoP!: CryptoKeyPair
@@ -25,10 +25,12 @@ index 80ec0f4..c4b4e4f 100644
  {
    const params = new URLSearchParams()
    params.set('client_id', client.client_id)
-@@ -55,6 +60,17 @@ let request_uri: string
+@@ -54,7 +59,18 @@ let request_uri: string
+   params.set('code_challenge_method', code_challenge_method)
    params.set('redirect_uri', redirect_uri)
    params.set('response_type', 'code')
-   params.set('scope', 'api:read')
+-  params.set('scope', 'api:read')
++  params.set('scope', 'openid api:read')
 +  params.set('response_mode', 'jwt')
 +
 +  request = await oauth.issueRequestObject(as, client, params, jarPrivateKey)
@@ -52,6 +54,27 @@ index 80ec0f4..c4b4e4f 100644
    if (oauth.isOAuth2Error(params)) {
      console.error('Error Response', params)
      throw new Error() // Handle OAuth 2.0 redirect error
+@@ -124,16 +140,16 @@ let access_token: string
+     throw new Error() // Handle WWW-Authenticate Challenges as needed
+   }
+
+-  const processAuthorizationCodeOAuth2Response = () =>
+-    oauth.processAuthorizationCodeOAuth2Response(as, client, response)
++  const processAuthorizationCodeOpenIDResponse = () =>
++    oauth.processAuthorizationCodeOpenIDResponse(as, client, response)
+
+-  let result = await processAuthorizationCodeOAuth2Response()
++  let result = await processAuthorizationCodeOpenIDResponse()
+   if (oauth.isOAuth2Error(result)) {
+     console.error('Error Response', result)
+     if (result.error === 'use_dpop_nonce') {
+       // the AS-signalled nonce is now cached, retrying
+       response = await authorizationCodeGrantRequest()
+-      result = await processAuthorizationCodeOAuth2Response()
++      result = await processAuthorizationCodeOpenIDResponse()
+       if (oauth.isOAuth2Error(result)) {
+         throw new Error() // Handle OAuth 2.0 response body error
+       }
 @@ -142,6 +158,9 @@ let access_token: string
      }
    }

diff --git a/examples/fapi2-message-signing.ts b/examples/fapi2-message-signing.ts
@@ -59,7 +59,7 @@ let request: string
   params.set('code_challenge_method', code_challenge_method)
   params.set('redirect_uri', redirect_uri)
   params.set('response_type', 'code')
-  params.set('scope', 'api:read')
+  params.set('scope', 'openid api:read')
   params.set('response_mode', 'jwt')
 
   request = await oauth.issueRequestObject(as, client, params, jarPrivateKey)
@@ -140,16 +140,16 @@ let access_token: string
     throw new Error() // Handle WWW-Authenticate Challenges as needed
   }
 
-  const processAuthorizationCodeOAuth2Response = () =>
-    oauth.processAuthorizationCodeOAuth2Response(as, client, response)
+  const processAuthorizationCodeOpenIDResponse = () =>
+    oauth.processAuthorizationCodeOpenIDResponse(as, client, response)
 
-  let result = await processAuthorizationCodeOAuth2Response()
+  let result = await processAuthorizationCodeOpenIDResponse()
   if (oauth.isOAuth2Error(result)) {
     console.error('Error Response', result)
     if (result.error === 'use_dpop_nonce') {
       // the AS-signalled nonce is now cached, retrying
       response = await authorizationCodeGrantRequest()
-      result = await processAuthorizationCodeOAuth2Response()
+      result = await processAuthorizationCodeOpenIDResponse()
       if (oauth.isOAuth2Error(result)) {
         throw new Error() // Handle OAuth 2.0 response body error
       }