Added fix overwriting param

FabianGosebrink · FabianGosebrink · commit d3c5cee45f85 · 2021-07-14T13:09:29.000+02:00
diff --git a/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.spec.ts
@@ -323,8 +323,8 @@ describe('UrlService Tests', () => {
         '&scope=openid%20email%20profile' +
         '&nonce=nonce' +
         '&state=state' +
-        '&prompt=myprompt' +
-        '&to=add&as=well';
+        '&to=add&as=well' +
+        '&prompt=myprompt';
 
       expect(value).toEqual(expectValue);
     });
@@ -623,6 +623,47 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
+    it('should add the prompt only once even if it is configured AND passed with `none` in silent renew case, taking the passed one', () => {
+      const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
+      config.clientId = '188968487735-b1hh7k87nkkh6vv84548sinju2kpr7gn.apps.googleusercontent.com';
+      config.responseType = 'code';
+      config.scope = 'openid email profile';
+      config.redirectUrl = 'https://localhost:44386';
+
+      config.customParamsAuthRequest = {
+        prompt: 'select_account',
+      };
+
+      configurationProvider.setConfig(config);
+      spyOn(storagePersistenceService, 'read')
+        .withArgs('authWellKnownEndPoints', 'configId')
+        .and.returnValue({ authorizationEndpoint: 'http://example' });
+
+      const value = (service as any).createAuthorizeUrl(
+        '', // Implicit Flow
+        config.redirectUrl,
+        'nonce',
+        'state',
+        'configId',
+        'somePrompt'
+      );
+
+      const expectValue =
+        'http://example?client_id=188968487735-b1hh7k87nkkh6vv84548sinju2kpr7gn.apps.googleusercontent.com' +
+        '&redirect_uri=https%3A%2F%2Flocalhost%3A44386' +
+        '&response_type=code' +
+        '&scope=openid%20email%20profile' +
+        '&nonce=nonce' +
+        '&state=state' +
+        '&code_challenge=' +
+        '&code_challenge_method=S256' +
+        '&prompt=somePrompt';
+
+      expect(value).toEqual(expectValue);
+    });
+  });
+
+  describe('createRevocationEndpointBodyAccessToken', () => {
     it('createRevocationBody access_token default', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
@@ -653,7 +694,9 @@ describe('UrlService Tests', () => {
 
       expect(value).toBeNull();
     });
+  });
 
+  describe('createRevocationEndpointBodyRefreshToken', () => {
     it('createRevocationBody refresh_token default', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
@@ -684,7 +727,9 @@ describe('UrlService Tests', () => {
 
       expect(value).toBeNull();
     });
+  });
 
+  describe('getRevocationEndpointUrl', () => {
     it('getRevocationEndpointUrl with params', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
diff --git a/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts b/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts
@@ -328,20 +328,20 @@ export class UrlService {
       params = params.append('code_challenge_method', 'S256');
     }
 
+    const mergedParams = { ...customParamsAuthRequest, ...customRequestParams };
+
+    if (Object.keys(mergedParams).length > 0) {
+      params = this.appendCustomParams({ ...mergedParams }, params);
+    }
+
     if (prompt) {
-      params = params.append('prompt', prompt);
+      params = this.overWriteParam(params, 'prompt', prompt);
     }
 
     if (hdParam) {
       params = params.append('hd', hdParam);
     }
 
-    const mergedParams = { ...customParamsAuthRequest, ...customRequestParams };
-
-    if (Object.keys(mergedParams).length > 0) {
-      params = this.appendCustomParams({ ...mergedParams }, params);
-    }
-
     return `${authorizationUrl}?${params}`;
   }
 
@@ -495,6 +495,10 @@ export class UrlService {
     return params;
   }
 
+  private overWriteParam(params: HttpParams, key: string, value: string | number | boolean): HttpParams {
+    return params.set(key, value);
+  }
+
   private createHttpParams(existingParams?: string): HttpParams {
     existingParams = existingParams ?? '';
 
