feat(core): support private_key_jwt token auth method (#11132)

leemcmullen · web-flow · commit d8a918852c60 · 2024-06-18T14:32:27.000+02:00
diff --git a/packages/core/src/lib/actions/callback/oauth/callback.ts b/packages/core/src/lib/actions/callback/oauth/callback.ts
@@ -105,6 +105,7 @@ export async function handleOAuth(
   if (!options.isOnRedirectProxy && provider.redirectProxyUrl) {
     redirect_uri = provider.redirectProxyUrl
   }
+
   let codeGrantResponse = await o.authorizationCodeGrantRequest(
     as,
     client,
@@ -121,6 +122,7 @@ export async function handleOAuth(
         }
         return fetch(...args)
       },
+      clientPrivateKey: provider.token?.clientPrivateKey,
     }
   )
 
diff --git a/packages/core/src/lib/utils/providers.ts b/packages/core/src/lib/utils/providers.ts
@@ -151,7 +151,12 @@ function normalizeEndpoint(
       url.searchParams.set(key, String(value))
     }
   }
-  return { url, request: e?.request, conform: e?.conform }
+  return {
+    url,
+    request: e?.request,
+    conform: e?.conform,
+    ...(e?.clientPrivateKey ? { clientPrivateKey: e?.clientPrivateKey } : null),
+  }
 }
 
 export function isOIDCProvider(
diff --git a/packages/core/src/providers/oauth.ts b/packages/core/src/providers/oauth.ts
@@ -1,4 +1,4 @@
-import type { Client } from "oauth4webapi"
+import type { Client, PrivateKey } from "oauth4webapi"
 import type { CommonProviderOptions } from "../providers/index.js"
 import type { Awaitable, Profile, TokenSet, User } from "../types.js"
 import type { AuthConfig } from "../index.js"
@@ -45,6 +45,7 @@ interface AdvancedEndpointHandler<P extends UrlParams, C, R> {
   request?: EndpointRequest<C, R, P>
   /** @internal */
   conform?: (response: Response) => Awaitable<Response | undefined>
+  clientPrivateKey?: CryptoKey | PrivateKey
 }
 
 /**
@@ -263,6 +264,7 @@ export type OAuthConfigInternal<Profile> = Omit<
   token?: {
     url: URL
     request?: TokenEndpointHandler["request"]
+    clientPrivateKey?: CryptoKey | PrivateKey
     /** @internal */
     conform?: TokenEndpointHandler["conform"]
   }

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,7 @@ export async function handleOAuth(`
`105`	`105`	`if (!options.isOnRedirectProxy && provider.redirectProxyUrl) {`
`106`	`106`	`redirect_uri = provider.redirectProxyUrl`
`107`	`107`	`}`
	`108`	`+`
`108`	`109`	`let codeGrantResponse = await o.authorizationCodeGrantRequest(`
`109`	`110`	`as,`
`110`	`111`	`client,`
`@@ -121,6 +122,7 @@ export async function handleOAuth(`
`121`	`122`	`}`
`122`	`123`	`return fetch(...args)`
`123`	`124`	`},`
	`125`	`+ clientPrivateKey: provider.token?.clientPrivateKey,`
`124`	`126`	`}`
`125`	`127`	`)`
`126`	`128`
Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,12 @@ function normalizeEndpoint(`
`151`	`151`	`url.searchParams.set(key, String(value))`
`152`	`152`	`}`
`153`	`153`	`}`
`154`		`- return { url, request: e?.request, conform: e?.conform }`
	`154`	`+ return {`
	`155`	`+ url,`
	`156`	`+ request: e?.request,`
	`157`	`+ conform: e?.conform,`
	`158`	`+ ...(e?.clientPrivateKey ? { clientPrivateKey: e?.clientPrivateKey } : null),`
	`159`	`+ }`
`155`	`160`	`}`
`156`	`161`
`157`	`162`	`export function isOIDCProvider(`