feat: dedicated uri params generation for preset (#118)

* feat: dedicated uri params generation for preset

* chore: update more detail through comment

Author: climba03003

index.js

@@ -4,6 +4,7 @@ const defaultState = require('crypto').randomBytes(10).toString('hex')
 
 const fp = require('fastify-plugin')
 const oauth2Module = require('simple-oauth2')
+const kGenerateCallbackUriParams = Symbol.for('fastify-oauth2.generate-callback-uri-params')
 
 const promisify = require('util').promisify
 const callbackify = require('util').callbackify
@@ -20,6 +21,10 @@ function defaultCheckStateFunction (state, callback) {
   callback(new Error('Invalid state'))
 }
 
+function defaultGenerateCallbackUriParams (callbackUriParams) {
+  return callbackUriParams
+}
+
 const oauthPlugin = fp(function (fastify, options, next) {
   if (typeof options.name !== 'string') {
     return next(new Error('options.name should be a string'))
@@ -59,13 +64,14 @@ const oauthPlugin = fp(function (fastify, options, next) {
   const scope = options.scope
   const generateStateFunction = options.generateStateFunction || defaultGenerateStateFunction
   const checkStateFunction = options.checkStateFunction || defaultCheckStateFunction
+  const generateCallbackUriParams = (credentials.auth && credentials.auth[kGenerateCallbackUriParams]) || defaultGenerateCallbackUriParams
   const startRedirectPath = options.startRedirectPath
   const tags = options.tags || []
   const schema = options.schema || { tags: tags }
 
   function generateAuthorizationUri (requestObject) {
     const state = generateStateFunction(requestObject)
-    const urlOptions = Object.assign({}, callbackUriParams, {
+    const urlOptions = Object.assign({}, generateCallbackUriParams(callbackUriParams, requestObject, scope, state), {
       redirect_uri: callbackUri,
       scope: scope,
       state: state
@@ -149,7 +155,24 @@ oauthPlugin.APPLE_CONFIGURATION = {
   authorizeHost: 'https://appleid.apple.com',
   authorizePath: '/auth/authorize',
   tokenHost: 'https://appleid.apple.com',
-  tokenPath: '/auth/token'
+  tokenPath: '/auth/token',
+  // kGenerateCallbackUriParams is used for dedicated behavior for each OAuth2.0 provider
+  // It can update the callbackUriParams based on requestObject, scope and state
+  //
+  // Symbol used in here because we would not like the user to modify this behavior and
+  // do not want to mess up with property name collision
+  [kGenerateCallbackUriParams]: function (callbackUriParams, requestObject, scope, state) {
+    const stringifyScope = Array.isArray(scope) ? scope.join(' ') : scope
+    // This behavior is not documented on Apple Developer Docs but it display through runtime error.
+    // Related Docs: https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms
+    // Related Issue: https://github.com/fastify/fastify-oauth2/issues/116
+    //
+    // `response_mode` must be `form_post` when scope include `email` or `name`
+    if (stringifyScope.includes('email') || stringifyScope.includes('name')) {
+      callbackUriParams.response_mode = 'form_post'
+    }
+    return callbackUriParams
+  }
 }
 
 oauthPlugin.FACEBOOK_CONFIGURATION = {

test.js

@@ -565,3 +565,115 @@ t.test('already decorated', t => {
       t.strictSame(err.message, 'The decorator \'githubOAuth2\' has already been added!')
     })
 })
+
+t.test('preset configuration generate-callback-uri-params', t => {
+  t.plan(3)
+
+  t.test('array scope', t => {
+    const fastify = createFastify({ logger: { level: 'silent' } })
+
+    fastify.register(oauthPlugin, {
+      name: 'the-name',
+      credentials: {
+        client: {
+          id: 'my-client-id',
+          secret: 'my-secret'
+        },
+        auth: oauthPlugin.APPLE_CONFIGURATION
+      },
+      startRedirectPath: '/login/apple',
+      callbackUri: '/callback',
+      scope: ['email']
+    })
+
+    t.tearDown(fastify.close.bind(fastify))
+
+    fastify.listen(0, function (err) {
+      t.error(err)
+
+      fastify.inject({
+        method: 'GET',
+        url: '/login/apple'
+      }, function (err, responseStart) {
+        t.error(err)
+
+        t.equal(responseStart.statusCode, 302)
+        const matched = responseStart.headers.location.match(/https:\/\/appleid\.apple\.com\/auth\/authorize\?response_type=code&client_id=my-client-id&response_mode=form_post&redirect_uri=%2Fcallback&scope=email&state=(.*)/)
+        t.ok(matched)
+        t.end()
+      })
+    })
+  })
+
+  t.test('string scope', t => {
+    const fastify = createFastify({ logger: { level: 'silent' } })
+
+    fastify.register(oauthPlugin, {
+      name: 'the-name',
+      credentials: {
+        client: {
+          id: 'my-client-id',
+          secret: 'my-secret'
+        },
+        auth: oauthPlugin.APPLE_CONFIGURATION
+      },
+      startRedirectPath: '/login/apple',
+      callbackUri: '/callback',
+      scope: 'name'
+    })
+
+    t.tearDown(fastify.close.bind(fastify))
+
+    fastify.listen(0, function (err) {
+      t.error(err)
+
+      fastify.inject({
+        method: 'GET',
+        url: '/login/apple'
+      }, function (err, responseStart) {
+        t.error(err)
+
+        t.equal(responseStart.statusCode, 302)
+        const matched = responseStart.headers.location.match(/https:\/\/appleid\.apple\.com\/auth\/authorize\?response_type=code&client_id=my-client-id&response_mode=form_post&redirect_uri=%2Fcallback&scope=name&state=(.*)/)
+        t.ok(matched)
+        t.end()
+      })
+    })
+  })
+
+  t.test('no scope', t => {
+    const fastify = createFastify({ logger: { level: 'silent' } })
+
+    fastify.register(oauthPlugin, {
+      name: 'the-name',
+      credentials: {
+        client: {
+          id: 'my-client-id',
+          secret: 'my-secret'
+        },
+        auth: oauthPlugin.APPLE_CONFIGURATION
+      },
+      startRedirectPath: '/login/apple',
+      callbackUri: '/callback',
+      scope: ''
+    })
+
+    t.tearDown(fastify.close.bind(fastify))
+
+    fastify.listen(0, function (err) {
+      t.error(err)
+
+      fastify.inject({
+        method: 'GET',
+        url: '/login/apple'
+      }, function (err, responseStart) {
+        t.error(err)
+
+        t.equal(responseStart.statusCode, 302)
+        const matched = responseStart.headers.location.match(/https:\/\/appleid\.apple\.com\/auth\/authorize\?response_type=code&client_id=my-client-id&redirect_uri=%2Fcallback&scope=&state=(.*)/)
+        t.ok(matched)
+        t.end()
+      })
+    })
+  })
+})