@@ -916,44 +916,6 @@ describe('OAuthProvider', () => {
916916 expect ( tokens . expires_in ) . toBe ( 3600 ) ;
917917 } ) ;
918918
919- it ( 'should reject token exchange with code_verifier when PKCE was not used in authorization' , async ( ) => {
920- // First get an auth code WITHOUT using PKCE
921- const authRequest = createMockRequest (
922- `https://example.com/authorize?response_type=code&client_id=${ clientId } +
923- `&redirect_uri=${ encodeURIComponent ( redirectUri ) } +
924- `&scope=read%20write&state=xyz123`
925- ) ;
926-
927- const authResponse = await oauthProvider . fetch ( authRequest , mockEnv , mockCtx ) ;
928- const location = authResponse . headers . get ( 'Location' ) ! ;
929- const url = new URL ( location ) ;
930- const code = url . searchParams . get ( 'code' ) ! ;
931-
932- // Now exchange the code and incorrectly provide a code_verifier
933- const params = new URLSearchParams ( ) ;
934- params . append ( 'grant_type' , 'authorization_code' ) ;
935- params . append ( 'code' , code ) ;
936- params . append ( 'redirect_uri' , redirectUri ) ;
937- params . append ( 'client_id' , clientId ) ;
938- params . append ( 'client_secret' , clientSecret ) ;
939- params . append ( 'code_verifier' , 'some_random_verifier_that_wasnt_used_in_auth' ) ;
940-
941- const tokenRequest = createMockRequest (
942- 'https://example.com/oauth/token' ,
943- 'POST' ,
944- { 'Content-Type' : 'application/x-www-form-urlencoded' } ,
945- params . toString ( )
946- ) ;
947-
948- const tokenResponse = await oauthProvider . fetch ( tokenRequest , mockEnv , mockCtx ) ;
949-
950- // Should fail because code_verifier is provided but PKCE wasn't used in authorization
951- expect ( tokenResponse . status ) . toBe ( 400 ) ;
952- const error = await tokenResponse . json ( ) ;
953- expect ( error . error ) . toBe ( 'invalid_request' ) ;
954- expect ( error . error_description ) . toBe ( 'code_verifier provided for a flow that did not use PKCE' ) ;
955- } ) ;
956-
957919 it ( 'should accept the access token for API requests' , async ( ) => {
958920 // Get an auth code
959921 const authRequest = createMockRequest (
@@ -2307,135 +2269,6 @@ describe('OAuthProvider', () => {
23072269 } ) ;
23082270 } ) ;
23092271
2310- describe ( 'API Route Configuration' , ( ) => {
2311- it ( 'should support multi-handler configuration with apiHandlers' , async ( ) => {
2312- // Create handler classes for different API routes
2313- class UsersApiHandler extends WorkerEntrypoint {
2314- fetch ( request : Request ) {
2315- return new Response ( 'Users API response' , { status : 200 } ) ;
2316- }
2317- }
2318-
2319- class DocumentsApiHandler extends WorkerEntrypoint {
2320- fetch ( request : Request ) {
2321- return new Response ( 'Documents API response' , { status : 200 } ) ;
2322- }
2323- }
2324-
2325- // Create provider with multi-handler configuration
2326- const providerWithMultiHandler = new OAuthProvider ( {
2327- apiHandlers : {
2328- '/api/users/' : UsersApiHandler ,
2329- '/api/documents/' : DocumentsApiHandler ,
2330- } ,
2331- defaultHandler : testDefaultHandler ,
2332- authorizeEndpoint : '/authorize' ,
2333- tokenEndpoint : '/oauth/token' ,
2334- clientRegistrationEndpoint : '/oauth/register' , // Important for registering clients in the test
2335- scopesSupported : [ 'read' , 'write' ] ,
2336- } ) ;
2337-
2338- // Create a client and get an access token
2339- const clientData = {
2340- redirect_uris : [ 'https://client.example.com/callback' ] ,
2341- client_name : 'Test Client' ,
2342- token_endpoint_auth_method : 'client_secret_basic' ,
2343- } ;
2344-
2345- const registerRequest = createMockRequest (
2346- 'https://example.com/oauth/register' ,
2347- 'POST' ,
2348- { 'Content-Type' : 'application/json' } ,
2349- JSON . stringify ( clientData )
2350- ) ;
2351-
2352- const registerResponse = await providerWithMultiHandler . fetch ( registerRequest , mockEnv , mockCtx ) ;
2353- const client = await registerResponse . json ( ) ;
2354- const clientId = client . client_id ;
2355- const clientSecret = client . client_secret ;
2356- const redirectUri = 'https://client.example.com/callback' ;
2357-
2358- // Get an auth code
2359- const authRequest = createMockRequest (
2360- `https://example.com/authorize?response_type=code&client_id=${ clientId } +
2361- `&redirect_uri=${ encodeURIComponent ( redirectUri ) } +
2362- `&scope=read%20write&state=xyz123`
2363- ) ;
2364-
2365- const authResponse = await providerWithMultiHandler . fetch ( authRequest , mockEnv , mockCtx ) ;
2366- const location = authResponse . headers . get ( 'Location' ) ! ;
2367- const code = new URL ( location ) . searchParams . get ( 'code' ) ! ;
2368-
2369- // Exchange for tokens
2370- const params = new URLSearchParams ( ) ;
2371- params . append ( 'grant_type' , 'authorization_code' ) ;
2372- params . append ( 'code' , code ) ;
2373- params . append ( 'redirect_uri' , redirectUri ) ;
2374- params . append ( 'client_id' , clientId ) ;
2375- params . append ( 'client_secret' , clientSecret ) ;
2376-
2377- const tokenRequest = createMockRequest (
2378- 'https://example.com/oauth/token' ,
2379- 'POST' ,
2380- { 'Content-Type' : 'application/x-www-form-urlencoded' } ,
2381- params . toString ( )
2382- ) ;
2383-
2384- const tokenResponse = await providerWithMultiHandler . fetch ( tokenRequest , mockEnv , mockCtx ) ;
2385- const tokens = await tokenResponse . json ( ) ;
2386- const accessToken = tokens . access_token ;
2387-
2388- // Make requests to different API routes
2389- const usersApiRequest = createMockRequest ( 'https://example.com/api/users/profile' , 'GET' , {
2390- Authorization : `Bearer ${ accessToken } ,
2391- } ) ;
2392-
2393- const documentsApiRequest = createMockRequest ( 'https://example.com/api/documents/list' , 'GET' , {
2394- Authorization : `Bearer ${ accessToken } ,
2395- } ) ;
2396-
2397- // Request to Users API should be handled by UsersApiHandler
2398- const usersResponse = await providerWithMultiHandler . fetch ( usersApiRequest , mockEnv , mockCtx ) ;
2399- expect ( usersResponse . status ) . toBe ( 200 ) ;
2400- expect ( await usersResponse . text ( ) ) . toBe ( 'Users API response' ) ;
2401-
2402- // Request to Documents API should be handled by DocumentsApiHandler
2403- const documentsResponse = await providerWithMultiHandler . fetch ( documentsApiRequest , mockEnv , mockCtx ) ;
2404- expect ( documentsResponse . status ) . toBe ( 200 ) ;
2405- expect ( await documentsResponse . text ( ) ) . toBe ( 'Documents API response' ) ;
2406- } ) ;
2407-
2408- it ( 'should throw an error when both single-handler and multi-handler configs are provided' , ( ) => {
2409- expect ( ( ) => {
2410- new OAuthProvider ( {
2411- apiRoute : '/api/' ,
2412- apiHandler : {
2413- fetch : ( ) => Promise . resolve ( new Response ( ) ) ,
2414- } ,
2415- apiHandlers : {
2416- '/api/users/' : {
2417- fetch : ( ) => Promise . resolve ( new Response ( ) ) ,
2418- } ,
2419- } ,
2420- defaultHandler : testDefaultHandler ,
2421- authorizeEndpoint : '/authorize' ,
2422- tokenEndpoint : '/oauth/token' ,
2423- } ) ;
2424- } ) . toThrow ( 'Cannot use both apiRoute/apiHandler and apiHandlers' ) ;
2425- } ) ;
2426-
2427- it ( 'should throw an error when neither single-handler nor multi-handler config is provided' , ( ) => {
2428- expect ( ( ) => {
2429- new OAuthProvider ( {
2430- // Intentionally omitting apiRoute and apiHandler and apiHandlers
2431- defaultHandler : testDefaultHandler ,
2432- authorizeEndpoint : '/authorize' ,
2433- tokenEndpoint : '/oauth/token' ,
2434- } ) ;
2435- } ) . toThrow ( 'Must provide either apiRoute + apiHandler OR apiHandlers' ) ;
2436- } ) ;
2437- } ) ;
2438-
24392272 describe ( 'Token Revocation' , ( ) => {
24402273 let clientId : string ;
24412274 let clientSecret : string ;
0 commit comments