Skip to content

Commit 45076c7

Browse files
2underscores2underscores
committed
Clearer naming and descriptions
1 parent e0c2b35 commit 45076c7

File tree

1 file changed

+22
-9
lines changed

1 file changed

+22
-9
lines changed

src/client/auth.ts

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -606,14 +606,27 @@ async function discoverMetadataWithFallback(
606606
}
607607

608608
/**
609-
* Identify common providers from metadata
610-
* Used for providers that have quirks needing conditional handling
609+
* Using metadata, identifies common issuers that need special handling.
610+
* Only for large, unusual issuers, fully spec compliant issuers should not be identified, small issuers should not be given special treatment.
611611
* e.g. Azure no PKCE advertised, scope param instead of resource param.
612612
*/
613-
function identifyProvider(metadata: AuthorizationServerMetadata): "azure_v2" | undefined {
614-
if (metadata.issuer.includes("login.microsoftonline.com")) {
615-
return "azure_v2"
613+
function identifyQuirkyIssuer(metadata: AuthorizationServerMetadata): "azure_v2" | undefined {
614+
const issuerString = metadata.issuer;
615+
let issuerUrl: URL;
616+
// Parse issuer URL and treat failed parse as normal issuer.
617+
try {
618+
issuerUrl = new URL(issuerString);
619+
} catch (e) {
620+
if (e instanceof TypeError && e.message === "Invalid URL") {
621+
return undefined;
622+
}
623+
throw e;
616624
}
625+
// Check for known issuer types needing conditional handling
626+
if (issuerUrl.hostname === "login.microsoftonline.com" && issuerUrl.pathname.endsWith('/v2.0')) {
627+
return "azure_v2";
628+
}
629+
return undefined;
617630
}
618631

619632
/**
@@ -790,7 +803,7 @@ export async function discoverAuthorizationServerMetadata(
790803
} else {
791804
const metadata = OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());
792805
// Azure Bypass
793-
if (identifyProvider(metadata) === "azure_v2" && !metadata.code_challenge_methods_supported) {
806+
if (identifyQuirkyIssuer(metadata) === "azure_v2" && !metadata.code_challenge_methods_supported) {
794807
metadata.code_challenge_methods_supported = ["S256"];
795808
}
796809

@@ -884,7 +897,7 @@ export async function startAuthorization(
884897
}
885898

886899
if (resource) {
887-
if (metadata && identifyProvider(metadata) === "azure_v2") {
900+
if (metadata && identifyQuirkyIssuer(metadata) === "azure_v2") {
888901
authorizationUrl.searchParams.set("scope", `${resource.href}/.default`);
889902
} else {
890903
authorizationUrl.searchParams.set("resource", resource.href);
@@ -966,7 +979,7 @@ export async function exchangeAuthorization(
966979
}
967980

968981
if (resource) {
969-
if (metadata && identifyProvider(metadata) === "azure_v2") {
982+
if (metadata && identifyQuirkyIssuer(metadata) === "azure_v2") {
970983
params.set("scope", `${resource.href}/.default`);
971984
} else {
972985
params.set("resource", resource.href);
@@ -1054,7 +1067,7 @@ export async function refreshAuthorization(
10541067
}
10551068

10561069
if (resource) {
1057-
if (metadata && identifyProvider(metadata) === "azure_v2") {
1070+
if (metadata && identifyQuirkyIssuer(metadata) === "azure_v2") {
10581071
params.set("scope", `${resource.href}/.default`);
10591072
} else {
10601073
params.set("resource", resource.href);

0 commit comments

Comments
 (0)