update signingErrors state when encoding result is ok

christiansamaniego-okta · christiansamaniego-okta · commit 3ef2fe6a34ed · 2025-08-04T03:57:49.000-05:00
diff --git a/src/features/common/services/jwt.service.ts b/src/features/common/services/jwt.service.ts
@@ -836,7 +836,7 @@ export const getSymmetricSecretKeyByteArray = (
 
     const buffer = safeBase64urlToBufferResult.value;
 
-    const safeNewUint8ArrayResult = safeNewUint8ArrayFromBuffer(buffer);
+    const safeNewUint8ArrayResult = safeNewUint8ArrayFromBuffer(buffer.buffer);
 
     if (safeNewUint8ArrayResult.isErr()) {
       return err(safeNewUint8ArrayResult.error);
diff --git a/src/features/encoder/services/token-encoder.service.ts b/src/features/encoder/services/token-encoder.service.ts
@@ -68,6 +68,11 @@ type EncodingJwtErrors = {
   encodingErrors: string[] | null;
 };
 
+type EncodingResult = {
+  jwt: string;
+  signingErrors: string[] | null;
+}
+
 class _TokenEncoderService {
   async selectEncodingExample(
     algorithmPickerOptionValue: string,
@@ -183,7 +188,8 @@ class _TokenEncoderService {
       }
 
       if (encodeJWTResult.isOk()) {
-        stateUpdate.jwt = encodeJWTResult.value.trim();
+        stateUpdate.jwt = encodeJWTResult.value.jwt.trim();
+        stateUpdate.signingErrors = encodeJWTResult.value.signingErrors;
       }
 
       return {
@@ -214,7 +220,7 @@ class _TokenEncoderService {
       }
 
       if (encodeJWTResult.isOk()) {
-        stateUpdate.jwt = encodeJWTResult.value.trim();
+        stateUpdate.jwt = encodeJWTResult.value.jwt.trim();
 
         useDebuggerStore.getState().setStash$({
           asymmetricPublicKey: digitallySignedToken.publicKey,
@@ -379,7 +385,7 @@ class _TokenEncoderService {
       }
 
       if (encodeJWTResult.isOk()) {
-        stateUpdate.jwt = encodeJWTResult.value.trim();
+        stateUpdate.jwt = encodeJWTResult.value.jwt.trim();
       }
 
       return {
@@ -409,7 +415,7 @@ class _TokenEncoderService {
       }
 
       if (encodeJWTResult.isOk()) {
-        stateUpdate.jwt = encodeJWTResult.value.trim();
+        stateUpdate.jwt = encodeJWTResult.value.jwt.trim();
       }
 
       return {
@@ -484,48 +490,61 @@ class _TokenEncoderService {
     payload: DecodedJwtPayloadModel,
     key: string,
     encodingFormat: EncodingValues,
-  ): Promise<Result<string, DebuggerErrorModel>> {
-    if (isHmacAlg(header.alg)) {
-      if (!key) {
-        return err({
-          task: DebuggerTaskValues.ENCODE,
-          input: DebuggerInputValues.KEY,
-          message: "Secret must not be empty.",
-        });
-      }
+  ): Promise<Result<EncodingResult, DebuggerErrorModel>> {
+    if (!isHmacAlg(header.alg)) {
+      return err({
+        task: DebuggerTaskValues.ENCODE,
+        input: DebuggerInputValues.HEADER,
+        message: `Invalid MAC algorithm. Only use MAC "alg" parameter values in the header as defined by [RFC 7518 (JSON Web Algorithms)](https://datatracker.ietf.org/doc/html/rfc7518#section-3.1).`,
+      });
+    }
 
-      const getAlgSizeResult = getAlgSize(header.alg);
+    if (!key) {
+      return err({
+        task: DebuggerTaskValues.ENCODE,
+        input: DebuggerInputValues.KEY,
+        message: "Secret must not be empty.",
+      });
+    }
 
-      if (getAlgSizeResult.isErr()) {
-        return err({
-          task: DebuggerTaskValues.ENCODE,
-          input: DebuggerInputValues.KEY,
-          message: getAlgSizeResult.error,
-        });
-      }
+    const getAlgSizeResult = getAlgSize(header.alg);
 
-      const checkHmacSecretLengthResult = checkHmacSecretLength(
-        key,
-        getAlgSizeResult.value.size,
-        encodingFormat,
-      );
+    if (getAlgSizeResult.isErr()) {
+      return err({
+        task: DebuggerTaskValues.ENCODE,
+        input: DebuggerInputValues.KEY,
+        message: getAlgSizeResult.error,
+      });
+    }
 
-      if (checkHmacSecretLengthResult.isErr()) {
-        return err(checkHmacSecretLengthResult.error);
-      }
+    const checkHmacSecretLengthResult = checkHmacSecretLength(
+      key,
+      getAlgSizeResult.value.size,
+      encodingFormat,
+    );
 
-      return await signWithSymmetricSecretKey(
-        header as CompactJWSHeaderParameters,
-        payload,
-        key,
-        encodingFormat,
-      );
+    const signingError = checkHmacSecretLengthResult.isErr()
+      ? [checkHmacSecretLengthResult.error.message]
+      : null;
+
+    const signWithSymmetricSecretKeyResult =  await signWithSymmetricSecretKey(
+      header as CompactJWSHeaderParameters,
+      payload,
+      key,
+      encodingFormat,
+    );
+
+    if (signWithSymmetricSecretKeyResult.isErr()) {
+      return err({
+        task: DebuggerTaskValues.ENCODE,
+        input: DebuggerInputValues.KEY,
+        message: signWithSymmetricSecretKeyResult.error.message,
+      });
     }
 
-    return err({
-      task: DebuggerTaskValues.ENCODE,
-      input: DebuggerInputValues.HEADER,
-      message: `Invalid MAC algorithm. Only use MAC "alg" parameter values in the header as defined by [RFC 7518 (JSON Web Algorithms)](https://datatracker.ietf.org/doc/html/rfc7518#section-3.1).`,
+    return ok<EncodingResult>({
+      jwt: signWithSymmetricSecretKeyResult.value,
+      signingErrors: signingError,
     });
   }
 
@@ -534,7 +553,7 @@ class _TokenEncoderService {
     payload: DecodedJwtPayloadModel,
     key: string,
     keyFormat: AsymmetricKeyFormatValues,
-  ): Promise<Result<string, DebuggerErrorModel>> {
+  ): Promise<Result<EncodingResult, DebuggerErrorModel>> {
     if (isDigitalSignatureAlg(header.alg)) {
       if (!key) {
         return err({
@@ -544,12 +563,25 @@ class _TokenEncoderService {
         });
       }
 
-      return await signWithAsymmetricPrivateKey(
+      const jwt = await signWithAsymmetricPrivateKey(
         header as CompactJWSHeaderParameters,
         payload,
         key,
         keyFormat,
       );
+
+      if (jwt.isErr()) {
+        return err({
+          task: DebuggerTaskValues.ENCODE,
+          input: DebuggerInputValues.KEY,
+          message: "Private key must not be empty.",
+        })
+      }
+
+      return ok({
+        jwt: jwt.value,
+        signingErrors: null,
+      });
     }
 
     return err({
@@ -684,9 +716,7 @@ class _TokenEncoderService {
     symmetricSecretKeyEncoding: EncodingValues;
   }): Promise<
     Result<
-      {
-        jwt: string;
-      },
+      EncodingResult,
       EncodingSymmetricSecretKeyErrors
     >
   > {
@@ -767,6 +797,7 @@ class _TokenEncoderService {
 
     return ok({
       jwt: encodeJwtResult.value.jwt.trim(),
+      signingErrors: encodeJwtResult.value.signingErrors,
     });
   }
 
@@ -861,17 +892,15 @@ class _TokenEncoderService {
         },
   ): Promise<
     Result<
-      {
-        jwt: string;
-      },
+      EncodingResult,
       EncodingJwtErrors
     >
   > {
     const algType = params.algType;
     const header = params.header;
     const payload = params.payload;
 
-    let encodeJWTResult: Result<string, DebuggerErrorModel> | null = null;
+    let encodeJWTResult: Result<EncodingResult, DebuggerErrorModel> | null = null;
 
     if (algType === SigningAlgCategoryValues.ANY) {
       const symmetricSecretKey = params.symmetricSecretKey;
@@ -998,8 +1027,9 @@ class _TokenEncoderService {
       }
     }
 
-    return ok({
-      jwt: encodeJWTResult.value,
+    return ok<EncodingResult>({
+      jwt: encodeJWTResult.value.jwt,
+      signingErrors: encodeJWTResult.value.signingErrors,
     });
   }
 
@@ -1235,6 +1265,7 @@ class _TokenEncoderService {
     }
 
     stateUpdate.jwt = processSymmetricSecretKeyResult.value.jwt.trim();
+    stateUpdate.signingErrors = processSymmetricSecretKeyResult.value.signingErrors;
 
     return stateUpdate;
   }
@@ -1269,6 +1300,7 @@ class _TokenEncoderService {
     }
 
     stateUpdate.jwt = processSymmetricSecretKeyResult.value.jwt.trim();
+    stateUpdate.signingErrors = processSymmetricSecretKeyResult.value.signingErrors;
 
     return stateUpdate;
   }
