feat: add mapLoginMethodParamsForUrl and improved typing and default values.

Author: DanielRivers

lib/main.test.ts

@@ -0,0 +1,107 @@
+import { describe, it, expect } from 'vitest';
+import { base64UrlEncode, sanitizeRedirect, mapLoginMethodParamsForUrl, generateAuthUrl } from './main';
+import { LoginMethodParams, IssuerRouteTypes, LoginOptions, Scopes } from './types';
+
+describe('base64UrlEncode', () => {
+  it('should encode a string to base64 URL safe format', () => {
+    const input = 'test string';
+    const expectedOutput = 'dGVzdCBzdHJpbmc';
+    expect(base64UrlEncode(input)).toBe(expectedOutput);
+  });
+});
+
+describe('sanitizeRedirect', () => {
+  it('should remove trailing slash from URL', () => {
+    const input = 'https://example.com/';
+    const expectedOutput = 'https://example.com';
+    expect(sanitizeRedirect(input)).toBe(expectedOutput);
+  });
+
+  it('should return the same URL if no trailing slash', () => {
+    const input = 'https://example.com';
+    const expectedOutput = 'https://example.com';
+    expect(sanitizeRedirect(input)).toBe(expectedOutput);
+  });
+});
+
+describe('mapLoginMethodParamsForUrl', () => {
+  it('should map login method params to URL params', () => {
+    const options: Partial<LoginMethodParams> = {
+      loginHint: '[email protected]',
+      isCreateOrg: true,
+      connectionId: 'conn123',
+      redirectURL: 'https://example.com/',
+      audience: 'audience123',
+    };
+    const expectedOutput = {
+      login_hint: '[email protected]',
+      is_create_org: 'true',
+      connection_id: 'conn123',
+      redirect_uri: 'https://example.com',
+      audience: 'audience123',
+      scope: "email profile openid offline"
+    };
+    expect(mapLoginMethodParamsForUrl(options)).toEqual(expectedOutput);
+  });
+
+  it('should handle undefined values in options', () => {
+    const options: Partial<LoginMethodParams> = {};
+    const expectedOutput = {
+        scope: "email profile openid offline"
+    };
+    expect(mapLoginMethodParamsForUrl(options)).toEqual(expectedOutput);
+  });
+});
+
+describe('generateAuthUrl', () => {
+    it('should generate the correct auth URL with required parameters', () => {
+      const domain = 'https://auth.example.com';
+      const options: LoginOptions = {
+        clientId: 'client123',
+        responseType: 'code',
+        scope: [Scopes.openid, Scopes.profile],
+        loginHint: '[email protected]',
+        isCreateOrg: true,
+        connectionId: 'conn123',
+        redirectURL: 'https://example.com',
+        audience: 'audience123',
+        prompt: 'login',
+      };
+      const expectedUrl = 'https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&login_hint=user%40example.com&is_create_org=true&connection_id=conn123&redirect_uri=https%3A%2F%2Fexample.com&audience=audience123&scope=openid+profile&prompt=login';
+  
+      const result = generateAuthUrl(domain, IssuerRouteTypes.login, options);
+      expect(result.toString()).toBe(expectedUrl);
+    });
+  
+    it('should include optional parameters if provided', () => {
+      const domain = 'https://auth.example.com';
+      const options: LoginOptions = {
+        clientId: 'client123',
+        responseType: 'code',
+        scope: [Scopes.openid, Scopes.profile],
+        state: 'state123',
+        codeChallenge: 'challenge123',
+        codeChallengeMethod: 'S256',
+        redirectURL: 'https://example2.com',
+        prompt: 'create',
+      };
+      const expectedUrl = 'https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&redirect_uri=https%3A%2F%2Fexample2.com&scope=openid+profile&prompt=create&state=state123&code_challenge=challenge123&code_challenge_method=S256';
+  
+      const result = generateAuthUrl(domain, IssuerRouteTypes.login, options);
+      expect(result.toString()).toBe(expectedUrl);
+    });
+  
+    it('should handle default responseType if not provided', () => {
+      const domain = 'https://auth.example.com';
+      const options: LoginOptions = {
+        clientId: 'client123',
+        scope: [Scopes.openid, Scopes.profile, Scopes.offline_access],
+        redirectURL: 'https://example2.com',
+        prompt: 'create',
+      };
+      const expectedUrl = 'https://auth.example.com/oauth2/auth?client_id=client123&response_type=code&start_page=login&redirect_uri=https%3A%2F%2Fexample2.com&scope=openid+profile+offline_access&prompt=create';
+  
+      const result = generateAuthUrl(domain, IssuerRouteTypes.login, options);
+      expect(result.toString()).toBe(expectedUrl);
+    });
+  });

lib/main.ts

@@ -1,5 +1,4 @@
-// import { getRandomValues,subtle } from "uncrypto";
-import { IssuerRouteTypes, LoginOptions } from "./types";
+import { IssuerRouteTypes, LoginMethodParams, LoginOptions } from "./types";
 
 /**
  *
@@ -21,6 +20,28 @@ export const sanitizeRedirect = (url: string): string => {
   return url.replace(/\/$/, "");
 };
 
+export const mapLoginMethodParamsForUrl = (
+  options: Partial<LoginMethodParams>,
+): Record<string, string> => {
+  const translate: Record<string, string | undefined> = {
+    login_hint: options.loginHint,
+    is_create_org: options.isCreateOrg?.toString(),
+    connection_id: options.connectionId,
+    redirect_uri: options.redirectURL ? sanitizeRedirect(options.redirectURL) : undefined,
+    audience: options.audience,
+    scope: options.scope?.join(" ") || 'email profile openid offline',
+    prompt: options.prompt,
+    lang: options.lang,
+    org_code: options.orgCode,
+    org_name: options.orgName,
+  };
+
+  Object.keys(translate).forEach(
+    (key) => translate[key] === undefined && delete translate[key],
+  );
+  return translate as Record<string, string>;
+};
+
 /**
  *
  * @param options
@@ -35,14 +56,16 @@ export const generateAuthUrl = (
   const authUrl = new URL(`${domain}/oauth2/auth`);
 
   const searchParams: Record<string, string> = {
-    redirect_uri: sanitizeRedirect(options.callbackURL),
     client_id: options.clientId,
     response_type: options.responseType || "code",
-    scope: options.scope.join(" "),
-    state: options.state,
     start_page: type,
+    ...mapLoginMethodParamsForUrl(options),
   };
 
+  if (options.state) {
+    searchParams["state"] = options.state;
+  }
+
   if (options.codeChallenge) {
     searchParams["code_challenge"] = options.codeChallenge;
     searchParams["code_challenge_method"] = "S256";
@@ -52,81 +75,7 @@ export const generateAuthUrl = (
     searchParams["code_challenge_method"] = options.codeChallengeMethod;
   }
 
-  if (options.audience) {
-    searchParams["audience"] = options.audience;
-  }
-
   authUrl.search = new URLSearchParams(searchParams).toString();
   return authUrl;
 };
 
-// /**
-//  * Creates a random string of provided length.
-//  * @param {number} length
-//  * @returns {string} required secret
-//  */
-// export const generateRandomString = (length: number = 28): string => {
-//   const bytesNeeded = Math.ceil(length / 2);
-//   const array = new Uint32Array(bytesNeeded);
-//   getRandomValues(array);
-//   let result = Array.from(array, (dec) =>
-//     ("0" + dec.toString(16)).slice(-2),
-//   ).join("");
-//   if (length % 2 !== 0) {
-//     // If the requested length is odd, remove the last character to adjust the length
-//     result = result.slice(0, -1);
-//   }
-//   return result;
-// };
-
-// //////
-
-// /**
-//  *
-//  * @param code_verifier Verifier to generate challenge from
-//  * @returns URL safe base64 encoded string
-//  */
-// export async function pkceChallengeFromVerifier(
-//   code_verifier: string,
-// ): Promise<string> {
-//   const hashed = await sha256(code_verifier);
-//   const hashedString = Array.from(new Uint8Array(hashed))
-//     .map((byte) => String.fromCharCode(byte))
-//     .join("");
-//   return base64UrlEncode(hashedString);
-// }
-
-// /**
-//  * setups up PKCE challenge
-//  * @returns
-//  */
-// export const setupChallenge = () => {
-//   return { state: generateRandomString(), ...pkceChallenge() };
-// };
-
-// /**
-//  * Calculate the SHA256 hash of the input text.
-//  * @param plain the text to hash
-//  * @returns a promise that resolves to an ArrayBuffer
-//  */
-// export const sha256 = (plain: string) => {
-//   const encoder = new TextEncoder();
-//   const data = encoder.encode(plain);
-//   return subtle.digest("SHA-256", data);
-// };
-
-// export async function generateChallenge(code_verifier: string) {
-//   return (await sha256(code_verifier)).toString();
-// }
-
-// /**
-//  *
-//  * @returns
-//  */
-// export const pkceChallenge = async (): Promise<PKCEChallenge> => {
-//   const codeVerifier = generateRandomString();
-//   return {
-//     codeVerifier,
-//     codeChallenge: await generateChallenge(codeVerifier),
-//   };
-// };

lib/types.ts

@@ -20,22 +20,90 @@ export type LoginMethodParams = Pick<
 >;
 
 export type LoginOptions = {
+  /** Audience to include in the token */
   audience?: string;
+  /** Client ID of the application
+   * 
+   * This can be found in the application settings in the Kinde dashboard
+   */
   clientId: string;
+  /**
+   * Code challenge for PKCE
+   */
   codeChallenge?: string;
+  /**
+   * Code challenge method for PKCE
+   */
   codeChallengeMethod?: string;
+  /**
+   * Connection ID to use for the login
+   * 
+   * This is found in the authentication settings in the Kinde dashboard
+   */
   connectionId?: string;
-  isCreateOrg: string;
-  lang: string;
-  loginHint: string;
-  orgCode: string;
-  orgName: string;
+  /**
+   * Whether the user is creating an organization on registration
+   */
+  isCreateOrg?: boolean;
+  /**
+   * Language to use for the login in 2 letter ISO format
+   */
+  lang?: string;
+  /**
+   * Login hint to use for the login
+   * 
+   * This can be in one of the following formats:
+   * - [email protected]
+   * - phone:+447700900000:gb
+   * - username:joebloggs
+   */
+  loginHint?: string;
+  /**
+   * Organization code to use for the login
+   */
+  orgCode?: string;
+  /**
+   * Organization name to be used when creating an organization at registration
+   */
+  orgName?: string;
+  /**
+   * Prompt to use for the login
+   * 
+   * This can be one of the following:
+   * - login
+   * - create
+   * - none
+   * 
+   */
   prompt: string;
+  /**
+   * Redirect URL to use for the login
+   */
   redirectURL: string;
-  responseType: string;
-  scope: Scopes[];
-  state: string;
-  callbackURL: string;
+  /**
+   * Response type to use for the login
+   * 
+   * Kinde currently only supports `code`
+   */
+  responseType?: string;
+  /**
+   * Scopes to include in the token
+   * 
+   * This can be one or more of the following:
+   * - email
+   * - profile
+   * - openid
+   * - offline_access
+   */
+  scope?: Scopes[];
+  /**
+   * State to use for the login
+   */
+  state?: string;
+  /**
+   * Whether to show the complete screen at the end of the flow, this is most useful when the callback is not a webpage.
+   */
+  showCompleteScreen?: boolean;
 };
 
 export enum IssuerRouteTypes {