feat: introduce option to set additional getToken parameters (#178)

philsch · philsch · web-flow · commit 932c6d7a8574 · 2022-10-01T09:40:21.000+02:00
* introduce option to set additional getToken parameters

* add test

* rename to options.tokenRequestParams, small section for README

* use t.plan, linting

* simplify implementation

Co-authored-by: philsch &lt;code@mail.philippschmiedel.com&gt;
diff --git a/README.md b/README.md
@@ -184,6 +184,11 @@ fastify.register(oauthPlugin, {
 });
 ```
 
+## Set custom tokenRequest body Parameters
+
+The `tokenRequestParams` parameter accepts an object that will be translated to additional parameters in the POST body
+when requesting access tokens via the service’s token endpoint.
+
 ## Examples
 
 See the [`example/`](./examples/) folder for more examples.
diff --git a/index.d.ts b/index.d.ts
@@ -24,6 +24,7 @@ export interface FastifyOAuth2Options {
   credentials: Credentials;
   callbackUri: string;
   callbackUriParams?: Object;
+  tokenRequestParams?: Object;
   generateStateFunction?: Function;
   checkStateFunction?: Function;
   startRedirectPath: string;
diff --git a/index.js b/index.js
@@ -38,6 +38,9 @@ const oauthPlugin = fp(function (fastify, options, next) {
   if (options.callbackUriParams && typeof options.callbackUriParams !== 'object') {
     return next(new Error('options.callbackUriParams should be a object'))
   }
+  if (options.tokenRequestParams && typeof options.tokenRequestParams !== 'object') {
+    return next(new Error('options.tokenRequestParams should be a object'))
+  }
   if (options.generateStateFunction && typeof options.generateStateFunction !== 'function') {
     return next(new Error('options.generateStateFunction should be a function'))
   }
@@ -61,6 +64,7 @@ const oauthPlugin = fp(function (fastify, options, next) {
   const credentials = options.credentials
   const callbackUri = options.callbackUri
   const callbackUriParams = options.callbackUriParams || {}
+  const tokenRequestParams = options.tokenRequestParams || {}
   const scope = options.scope
   const generateStateFunction = options.generateStateFunction || defaultGenerateStateFunction
   const checkStateFunction = options.checkStateFunction || defaultCheckStateFunction
@@ -88,10 +92,12 @@ const oauthPlugin = fp(function (fastify, options, next) {
   }
 
   const cbk = function (o, code, callback) {
-    return callbackify(o.oauth2.getToken.bind(o.oauth2, {
+    const body = Object.assign({}, tokenRequestParams, {
       code,
       redirect_uri: callbackUri
-    }))(callback)
+    })
+
+    return callbackify(o.oauth2.getToken.bind(o.oauth2, body))(callback)
   }
 
   function getAccessTokenFromAuthorizationCodeFlowCallbacked (request, callback) {
diff --git a/test/plugin.test.js b/test/plugin.test.js
@@ -297,6 +297,93 @@ t.test('options.callbackUriParams', t => {
   })
 })
 
+t.test('options.tokenRequestParams should be an object', t => {
+  t.plan(1)
+
+  const fastify = createFastify({ logger: { level: 'silent' } })
+
+  fastify.register(oauthPlugin, {
+    name: 'the-name',
+    credentials: {
+      client: {
+        id: 'my-client-id',
+        secret: 'my-secret'
+      },
+      auth: oauthPlugin.GITHUB_CONFIGURATION
+    },
+    callbackUri: '/callback',
+    tokenRequestParams: 1
+  })
+    .ready(err => {
+      t.strictSame(err.message, 'options.tokenRequestParams should be a object')
+    })
+})
+
+t.test('options.tokenRequestParams', t => {
+  t.plan(2)
+
+  const fastify = createFastify({ logger: { level: 'silent' } })
+  const oAuthCode = '123456789'
+
+  fastify.register(oauthPlugin, {
+    name: 'githubOAuth2',
+    credentials: {
+      client: {
+        id: 'my-client-id',
+        secret: 'my-secret'
+      },
+      auth: oauthPlugin.GITHUB_CONFIGURATION
+    },
+    startRedirectPath: '/login/github',
+    callbackUri: 'http://localhost:3000/callback',
+    generateStateFunction: function () {
+      return 'dummy'
+    },
+    checkStateFunction: function (state, callback) {
+      callback()
+    },
+    tokenRequestParams: {
+      param1: '123'
+    },
+    scope: ['notifications']
+  })
+
+  const githubScope = nock('https://github.com')
+    .post(
+      '/login/oauth/access_token',
+      'grant_type=authorization_code&param1=123&code=123456789&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback',
+      {
+        reqheaders: {
+          authorization: 'Basic bXktY2xpZW50LWlkOm15LXNlY3JldA=='
+        }
+      }
+    )
+    .reply(200, {})
+
+  fastify.get('/callback', function (request, reply) {
+    return this.githubOAuth2.getAccessTokenFromAuthorizationCodeFlow(request)
+      .catch(e => {
+        reply.code(400)
+        return e.message
+      })
+  })
+
+  t.teardown(fastify.close.bind(fastify))
+
+  fastify.listen({ port: 0 }, function (err) {
+    t.error(err)
+
+    fastify.inject({
+      method: 'GET',
+      url: '/callback?code=' + oAuthCode
+    }, function (err, responseStart) {
+      t.error(err)
+
+      githubScope.done()
+    })
+  })
+})
+
 t.test('options.generateStateFunction with request', t => {
   t.plan(5)
   const fastify = createFastify()
