From d030e41a3ed5ae9706a2083a84826b121cd81743 Mon Sep 17 00:00:00 2001 From: Nathan Lie Date: Wed, 24 Jul 2024 16:32:59 -0700 Subject: [PATCH] feat: new auth server introspection behavior --- packages/auth/src/access/utils.ts | 2 +- packages/auth/src/accessToken/routes.ts | 8 +++----- packages/auth/src/accessToken/service.ts | 9 +++++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/packages/auth/src/access/utils.ts b/packages/auth/src/access/utils.ts index cd6e0a2d10..5951bc0fab 100644 --- a/packages/auth/src/access/utils.ts +++ b/packages/auth/src/access/utils.ts @@ -36,7 +36,7 @@ export function compareRequestAndGrantAccessItems( ) { return false } else if ( - restOfRequestAccessItem[key as keyof typeof restOfRequestAccessItem] !== + requestAccessItemValue !== restOfgrantAccessItem[key as keyof typeof restOfgrantAccessItem] ) { return false diff --git a/packages/auth/src/accessToken/routes.ts b/packages/auth/src/accessToken/routes.ts index 06b3bc9e6b..3c064e0297 100644 --- a/packages/auth/src/accessToken/routes.ts +++ b/packages/auth/src/accessToken/routes.ts @@ -105,10 +105,10 @@ async function introspectToken( 'introspected access token' ) - ctx.body = grantToTokenInfo(tokenInfo?.grant, tokenInfo?.accessItem) + ctx.body = grantToTokenInfo(tokenInfo?.grant, tokenInfo?.access) } -function grantToTokenInfo(grant?: Grant, accessItem?: Access): TokenInfo { +function grantToTokenInfo(grant?: Grant, access?: Access[]): TokenInfo { if (!grant) { return { active: false @@ -117,9 +117,7 @@ function grantToTokenInfo(grant?: Grant, accessItem?: Access): TokenInfo { return { active: true, grant: grant.id, - access: accessItem - ? [toOpenPaymentsAccess(accessItem)] - : grant.access.map(toOpenPaymentsAccess), + access: access?.map(toOpenPaymentsAccess) ?? [], client: grant.client } } diff --git a/packages/auth/src/accessToken/service.ts b/packages/auth/src/accessToken/service.ts index 98dcc29977..7dfcfd6a9f 100644 --- a/packages/auth/src/accessToken/service.ts +++ b/packages/auth/src/accessToken/service.ts @@ -15,7 +15,7 @@ export interface AccessTokenService { introspect( tokenValue: string, access?: AccessItem[] - ): Promise<{ grant: Grant; accessItem?: Access } | undefined> + ): Promise<{ grant: Grant, access: Access[] } | undefined> create(grantId: string, trx?: TransactionOrKnex): Promise revoke(id: string, trx?: TransactionOrKnex): Promise revokeByGrantId(grantId: string, trx?: TransactionOrKnex): Promise @@ -77,12 +77,13 @@ async function introspect( deps: ServiceDependencies, tokenValue: string, access?: AccessItem[] -): Promise<{ grant: Grant; accessItem?: Access } | undefined> { +): Promise<{ grant: Grant, access: Access[] } | undefined> { const token = await AccessToken.query(deps.knex) .findOne({ value: tokenValue }) .withGraphFetched('grant.access') let foundAccessItem: Access | undefined + const foundAccess: Access[] = [] if (!token) return if (isTokenExpired(token)) { return undefined @@ -102,12 +103,12 @@ async function introspect( if (!foundAccessItem) { return undefined } else { - return { grant: token.grant, accessItem: foundAccessItem } + foundAccess.push(foundAccessItem) } } } - return { grant: token.grant } + return { grant: token.grant, access: foundAccess } } }