chore(javascript): enhance token validation configuration for ID tokens

Author: brionmario

packages/javascript/src/__legacy__/client.ts

@@ -45,12 +45,16 @@ import processOpenIDScopes from '../utils/processOpenIDScopes';
  * Default configurations.
  */
 const DefaultConfig: Partial<AuthClientConfig<unknown>> = {
-  clockTolerance: 300,
+  tokenValidation: {
+    idToken: {
+      validate: true,
+      validateIssuer: true,
+      clockTolerance: 300,
+    },
+  },
   enablePKCE: true,
   responseMode: 'query',
   sendCookiesInRequests: true,
-  validateIDToken: true,
-  validateIDTokenIssuer: true,
 };
 
 /**

packages/javascript/src/__legacy__/helpers/authentication-helper.ts

@@ -197,8 +197,8 @@ export class AuthenticationHelper<T> {
       (await this._config()).clientId,
       issuer ?? '',
       this._cryptoHelper.decodeIdToken(idToken).sub,
-      (await this._config()).clockTolerance,
-      (await this._config()).validateIDTokenIssuer ?? true,
+      (await this._config()).tokenValidation?.idToken?.clockTolerance,
+      (await this._config()).tokenValidation?.idToken?.validateIssuer ?? true,
     );
   }
 
@@ -257,7 +257,7 @@ export class AuthenticationHelper<T> {
 
     parsedResponse.created_at = new Date().getTime();
 
-    const shouldValidateIdToken: boolean | undefined = (await this._config()).validateIDToken;
+    const shouldValidateIdToken: boolean | undefined = (await this._config()).tokenValidation?.idToken?.validate;
 
     if (shouldValidateIdToken) {
       return this.validateIdToken(parsedResponse.id_token).then(async () => {

packages/javascript/src/__legacy__/models/client-config.ts

@@ -29,12 +29,25 @@ export interface DefaultAuthClientConfig {
   prompt?: string;
   responseMode?: OAuthResponseMode;
   scopes?: string | string[] | undefined;
-  validateIDToken?: boolean;
-  validateIDTokenIssuer?: boolean;
-  /**
-   * Allowed leeway for id_tokens (in seconds).
-   */
-  clockTolerance?: number;
+  tokenValidation?: {
+    /**
+     * ID token validation config.
+     */
+    idToken?: {
+      /**
+       * Whether to validate ID tokens.
+       */
+      validate?: boolean;
+      /**
+       * Whether to validate the issuer of ID tokens.
+       */
+      validateIssuer?: boolean;
+      /**
+       * Allowed leeway for ID tokens (in seconds).
+       */
+      clockTolerance?: number;
+    };
+  };
   /**
    * Specifies if cookies should be sent with access-token requests, refresh-token requests,
    * custom-grant requests, etc.

packages/javascript/src/models/config.ts

@@ -107,6 +107,33 @@ export interface BaseConfig<T = unknown> extends WithPreferences {
    * and use the `SignUp` component to render it.
    */
   signUpUrl?: string | undefined;
+
+  /**
+   * Token validation configuration.
+   * This allows you to configure how the SDK validates tokens received from the authorization server.
+   * It includes options for ID token validation, such as whether to validate the token,
+   * whether to validate the issuer, and the allowed clock tolerance for token validation.
+   * If not provided, the SDK will use default validation settings.
+   */
+  tokenValidation?: {
+    /**
+     * ID token validation config.
+     */
+    idToken?: {
+      /**
+       * Whether to validate ID tokens.
+       */
+      validate?: boolean;
+      /**
+       * Whether to validate the issuer of ID tokens.
+       */
+      validateIssuer?: boolean;
+      /**
+       * Allowed leeway for ID tokens (in seconds).
+       */
+      clockTolerance?: number;
+    };
+  };
 }
 
 export interface WithPreferences {