From b9a4f2fe8844efaed5eba2b175d7daa6c662f264 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Wed, 23 Oct 2024 23:15:47 +0200
Subject: [PATCH] fix: deal with discovery issues from b2clogin.com

fixes #718
---
 src/index.ts           | 12 ++++++++
 test/issue-718.test.ts | 63 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 test/issue-718.test.ts

diff --git a/src/index.ts b/src/index.ts
index ac3a9c9a..c7555036 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1034,6 +1034,17 @@ function handleEntraId(
   return false
 }
 
+function handleB2Clogin(server: URL, options?: DiscoveryRequestOptions) {
+  if (
+    server.hostname.endsWith('.b2clogin.com') &&
+    (!options?.algorithm || options.algorithm === 'oidc')
+  ) {
+    return true
+  }
+
+  return false
+}
+
 /**
  * Performs Authorization Server Metadata discovery and returns a
  * {@link Configuration} with the discovered
@@ -1113,6 +1124,7 @@ export async function discovery(
 
   if (resolve && new URL(as.issuer).href !== server.href) {
     handleEntraId(server, as, options) ||
+      handleB2Clogin(server, options) ||
       (() => {
         throw new ClientError(
           'discovered metadata issuer does not match the expected issuer',
diff --git a/test/issue-718.test.ts b/test/issue-718.test.ts
new file mode 100644
index 00000000..ec51a1c8
--- /dev/null
+++ b/test/issue-718.test.ts
@@ -0,0 +1,63 @@
+// see https://github.com/panva/openid-client/issues/718
+
+import test from 'ava'
+import * as client from '../src/index.js'
+import * as undici from 'undici'
+
+const tenantName = 'openidclientdemo.onmicrosoft.com'
+const tenantId = '0e96f835-6e34-470c-800b-2e2c5908c54c'
+const policy = 'B2C_1_signupsignin'
+
+const urls = [
+  new URL(`https://openidclientdemo.b2clogin.com/${tenantName}/${policy}/v2.0`),
+  new URL(`https://openidclientdemo.b2clogin.com/${tenantId}/${policy}/v2.0`),
+  new URL(
+    `https://openidclientdemo.b2clogin.com/${tenantName}/${policy}/v2.0/`,
+  ),
+  new URL(`https://openidclientdemo.b2clogin.com/${tenantId}/${policy}/v2.0/`),
+]
+
+let i = 0
+for (const url of urls) {
+  i++
+  test(`accepts b2clogin.com issuer identifier for whatever value it is ${i}/${urls.length}`, async (t) => {
+    let agent = new undici.MockAgent()
+    agent.disableNetConnect()
+
+    const wellKnown = new URL(
+      `${url.pathname}/.well-known/openid-configuration`.replace('//', '/'),
+      url,
+    )
+
+    const mockAgent = agent.get(url.origin)
+
+    mockAgent
+      .intercept({
+        method: 'GET',
+        path: wellKnown.pathname,
+      })
+      .reply(
+        200,
+        {
+          issuer:
+            'https://openidclientdemo.b2clogin.com/0e96f835-6e34-470c-800b-2e2c5908c54c/v2.0/',
+        },
+        {
+          headers: {
+            'content-type': 'application/json',
+          },
+        },
+      )
+
+    await t.notThrowsAsync(
+      client.discovery(url, 'decoy', 'decoy', undefined, {
+        // @ts-ignore
+        [client.customFetch](url, options) {
+          return undici.fetch(url, { ...options, dispatcher: agent })
+        },
+      }),
+    )
+
+    t.notThrows(() => agent.assertNoPendingInterceptors())
+  })
+}