fix: migrate more auth routes

[markusahlstrand]

Migrate logout and userinfo. Remove unused code and dependencies

Summary by CodeRabbit

• New Features
  • Updated the authhero package to the latest version.
• Bug Fixes
  • Removed unused routes and imports to streamline the application.
• Documentation
  • Removed integration tests related to logout and userinfo functionality.
• Chores
  • Cleaned up commented-out code and constants for improved maintainability.

[coderabbitai]

Walkthrough

The pull request includes updates to the package.json file, specifically changing the version of the authhero package and removing several other dependencies. Additionally, it involves modifications to the src/constants.ts file, where a block of code defining HTTP header constants has been commented out. The src/oauth-app.ts file has had several unused import statements and route definitions removed for clarity. Furthermore, the src/routes/oauth2/logout.ts and src/routes/oauth2/userinfo.ts files have been deleted, along with their associated integration tests in test/integration/flows/logout.spec.ts and test/integration/userinfo.spec.ts.

Changes

File	Change Summary
package.json	- Updated authhero version from ^0.20.2 to ^0.21.0 - Removed lru-cache, xml-crypto, xmldsigjs
src/constants.ts	- Commented out the export of const headers
src/oauth-app.ts	- Removed unused import statements and commented-out route definitions for wellKnownRoutes, userinfoRoutes, and tokenRoutes - Removed logoutRoutes definition
src/routes/oauth2/logout.ts	- Deleted file containing logout route implementation
src/routes/oauth2/userinfo.ts	- Deleted file containing userinfo route implementation
test/integration/flows/logout.spec.ts	- Deleted file containing integration tests for logout functionality
test/integration/userinfo.spec.ts	- Deleted file containing integration tests for userinfo functionality

Possibly related PRs

• fix: add support for act_as #1117: This PR updates the package.json to change the version of the authhero package, which is directly related to the version update in the main PR.
• fix: pass data adapter in env #1146: This PR also updates the authhero package version in package.json, indicating a connection to the dependency management changes in the main PR.
• fix: pkce again #1147: This PR updates the authhero package version again, showing a continued focus on the same dependency as in the main PR.
• Ma/apple redirect #1148: This PR involves restructuring the OAuth2 connectors, which may relate to the overall authentication flow and dependencies, indirectly connecting to the changes made in the main PR regarding package management.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 8c34ebd and dad60cf.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (7)

• package.json (1 hunks)
• src/constants.ts (1 hunks)
• src/oauth-app.ts (1 hunks)
• src/routes/oauth2/logout.ts (0 hunks)
• src/routes/oauth2/userinfo.ts (0 hunks)
• test/integration/flows/logout.spec.ts (0 hunks)
• test/integration/userinfo.spec.ts (0 hunks)

💤 Files with no reviewable changes (4)

• test/integration/flows/logout.spec.ts
• src/routes/oauth2/logout.ts
• test/integration/userinfo.spec.ts
• src/routes/oauth2/userinfo.ts

✅ Files skipped from review due to trivial changes (2)

• src/constants.ts
• src/oauth-app.ts

🔇 Additional comments (1)

package.json (1)

58-58: Verify compatibility with authhero v0.21.0

The minor version bump of authhero (0.20.2 → 0.21.0) might introduce breaking changes. Please ensure all authhero features used in the codebase are compatible with the new version.

✅ Verification successful

No breaking changes found in authhero usage

The codebase shows consistent usage of authhero imports and features, primarily focusing on authentication flows, user management, and OAuth2/SAML functionality. The removed files (logout.ts, userinfo.ts) and their dependencies align with the migration effort, while the remaining codebase maintains proper integration with authhero's core features.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in authhero and its usage

# Check the changelog or releases for breaking changes
gh api repos/authhero/authhero/releases | jq -r '.[].body' | grep -i -A 5 "breaking"

# Find all authhero imports and usage
rg "from ['\"]authhero['\"]" -A 3

Length of output: 21259

[coderabbitai]

💡 Codebase verification

Based on the results, I can generate the final response as we have enough information to verify the dependencies usage:

Dependencies removal needs additional changes

While the XML-related packages can be safely removed as XML processing is now handled by fast-xml-parser, the lru-cache package is still being used in src/middlewares/authentication.ts for JWKS key caching. Before removing lru-cache, you'll need to:

• Replace the JWKS caching implementation in authentication.ts that currently uses LRUCache
• Consider using a simpler caching mechanism or the new built-in Map with TTL implementation

🔗 Analysis chain

Verify removal of XML and caching dependencies

The removal of lru-cache, xml-crypto, and xmldsigjs dependencies aligns with the migration of auth routes. However, let's verify there are no remaining usages of these packages.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify no remaining usage of removed dependencies

# Search for any remaining imports or requires of removed packages
echo "Checking for remaining imports..."
rg "require\(['\"](?:lru-cache|xml-crypto|xmldsigjs)['\"]" --type ts
rg "from ['\"](?:lru-cache|xml-crypto|xmldsigjs)['\"]" --type ts

# Search for XML-related code that might still need these dependencies
echo "Checking for XML-related code..."
rg "\.xml|XML|SAML" --type ts

# Search for caching-related code that might need lru-cache
echo "Checking for cache-related code..."
rg "cache|Cache" --type ts

Length of output: 26107