fix: always include nonce in oidc flow

nirinchev · nirinchev · commit 6eb6dd89a2ae · 2024-11-20T17:34:36.000+01:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/arg-parser/src/arg-mapper.spec.ts b/packages/arg-parser/src/arg-mapper.spec.ts
@@ -450,6 +450,22 @@ describe('arg-mapper.mapCliToDriver', function () {
     });
   });
 
+  context('when cli args have oidcNoNonce', function () {
+    const cliOptions: CliOptions = {
+      oidcNoNonce: true,
+    };
+
+    it('maps to oidc skipNonceInAuthCodeRequest', function () {
+      expect(optionsTest(cliOptions)).to.deep.equal({
+        driver: {
+          oidc: {
+            skipNonceInAuthCodeRequest: true,
+          },
+        },
+      });
+    });
+  });
+
   context('when cli args have browser', function () {
     it('maps to oidc command', function () {
       expect(optionsTest({ browser: '/usr/bin/browser' })).to.deep.equal({
diff --git a/packages/arg-parser/src/arg-mapper.ts b/packages/arg-parser/src/arg-mapper.ts
@@ -29,7 +29,7 @@ function setServerApi<Key extends keyof ServerApi>(
   const serverApi =
     typeof previousServerApi === 'string'
       ? { version: previousServerApi }
-      : { ...previousServerApi } ?? {};
+      : { ...previousServerApi };
   serverApi[key] = value;
   return setDriver(i, 'serverApi', serverApi as Required<ServerApi>);
 }
@@ -237,6 +237,7 @@ const MAPPINGS: {
       v.split(',').filter(Boolean) as OIDCOptions['allowedFlows']
     ),
   oidcIdTokenAsAccessToken: (i, v) => setOIDC(i, 'passIdTokenAsAccessToken', v),
+  oidcNoNonce: (i, v) => setOIDC(i, 'skipNonceInAuthCodeRequest', v),
   browser: (i, v) =>
     setOIDC(i, 'openBrowser', typeof v === 'string' ? { command: v } : v),
 };
diff --git a/packages/arg-parser/src/cli-options.ts b/packages/arg-parser/src/cli-options.ts
@@ -56,5 +56,6 @@ export interface CliOptions {
   oidcTrustedEndpoint?: boolean;
   oidcIdTokenAsAccessToken?: boolean;
   oidcDumpTokens?: boolean | 'redacted' | 'include-secrets';
+  oidcNoNonce?: boolean;
   browser?: string | false;
 }
diff --git a/packages/service-provider-node-driver/package.json b/packages/service-provider-node-driver/package.json
@@ -48,7 +48,7 @@
   },
   "dependencies": {
     "@mongodb-js/devtools-connect": "^3.3.3",
-    "@mongodb-js/oidc-plugin": "^1.1.1",
+    "@mongodb-js/oidc-plugin": "^1.1.2",
     "@mongosh/errors": "0.0.0-dev.0",
     "@mongosh/service-provider-core": "0.0.0-dev.0",
     "@mongosh/types": "0.0.0-dev.0",

Original file line number	Diff line number	Diff line change
`@@ -56,5 +56,6 @@ export interface CliOptions {`
`56`	`56`	`oidcTrustedEndpoint?: boolean;`
`57`	`57`	`oidcIdTokenAsAccessToken?: boolean;`
`58`	`58`	`oidcDumpTokens?: boolean \| 'redacted' \| 'include-secrets';`
	`59`	`+ oidcNoNonce?: boolean;`
`59`	`60`	`browser?: string \| false;`
`60`	`61`	`}`