feat: Add OAuth2Client recipe

.gitignore

@@ -1,4 +1,5 @@
 /node_modules
+test/test-server/node_modules
 /examples/**/node_modules
 .DS_Store
 /.history
@@ -12,4 +13,4 @@ releasePassword
 /test_report
 /temp_test_exports
 /temp_*
-/.nyc_output
+/.nyc_output

lib/build/recipe/emailpassword/recipeImplementation.js

@@ -190,6 +190,7 @@ function getRecipeInterface(querier, getEmailPasswordConfig) {
                     email: input.email,
                     password: input.password,
                 },
+                {},
                 input.userContext
             );
             if (response.status === "OK") {

lib/build/recipe/jwt/api/implementation.js

@@ -21,6 +21,15 @@ function getAPIImplementation() {
             if (resp.validityInSeconds !== undefined) {
                 options.res.setHeader("Cache-Control", `max-age=${resp.validityInSeconds}, must-revalidate`, false);
             }
+            const oauth2 = require("../../oauth2");
+            // TODO: dirty hack until we get core support
+            if (oauth2 !== undefined) {
+                const oauth2JWKSRes = await fetch("http://localhost:4444/.well-known/jwks.json");
+                if (oauth2JWKSRes.ok) {
+                    const oauth2RespBody = await oauth2JWKSRes.json();
+                    resp.keys = resp.keys.concat(oauth2RespBody.keys);
+                }
+            }
             return {
                 keys: resp.keys,
             };

lib/build/recipe/jwt/recipeImplementation.js

@@ -54,6 +54,7 @@ function getRecipeInterface(querier, config, appInfo) {
             const { body, headers } = await querier.sendGetRequestWithResponseHeaders(
                 new normalisedURLPath_1.default("/.well-known/jwks.json"),
                 {},
+                undefined,
                 userContext
             );
             let validityInSeconds = defaultJWKSMaxAge;

lib/build/recipe/multitenancy/recipeImplementation.js

@@ -16,6 +16,7 @@ function getRecipeInterface(querier) {
             let response = await querier.sendPutRequest(
                 new normalisedURLPath_1.default(`/recipe/multitenancy/tenant`),
                 Object.assign({ tenantId }, config),
+                {},
                 userContext
             );
             return response;
@@ -62,6 +63,7 @@ function getRecipeInterface(querier) {
                     config,
                     skipValidation,
                 },
+                {},
                 userContext
             );
             return response;

lib/build/recipe/oauth2/api/auth.d.ts

@@ -0,0 +1,8 @@
+// @ts-nocheck
+import { APIInterface, APIOptions } from "..";
+import { UserContext } from "../../../types";
+export default function authGET(
+    apiImplementation: APIInterface,
+    options: APIOptions,
+    userContext: UserContext
+): Promise<boolean>;

lib/build/recipe/oauth2/api/auth.js

@@ -0,0 +1,70 @@
+"use strict";
+/* Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+var __importDefault =
+    (this && this.__importDefault) ||
+    function (mod) {
+        return mod && mod.__esModule ? mod : { default: mod };
+    };
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("../../../utils");
+const set_cookie_parser_1 = __importDefault(require("set-cookie-parser"));
+const session_1 = __importDefault(require("../../session"));
+async function authGET(apiImplementation, options, userContext) {
+    if (apiImplementation.authGET === undefined) {
+        return false;
+    }
+    const origURL = options.req.getOriginalURL();
+    const splitURL = origURL.split("?");
+    const params = new URLSearchParams(splitURL[1]);
+    let session;
+    try {
+        session = await session_1.default.getSession(options.req, options.res, { sessionRequired: false }, userContext);
+    } catch (_a) {
+        // TODO: explain
+        // ignore
+    }
+    let response = await apiImplementation.authGET({
+        options,
+        params: Object.fromEntries(params.entries()),
+        cookie: options.req.getHeaderValue("cookie"),
+        session,
+        userContext,
+    });
+    if ("redirectTo" in response) {
+        // TODO:
+        if (response.setCookie) {
+            const cookieStr = set_cookie_parser_1.default.splitCookiesString(response.setCookie);
+            const cookies = set_cookie_parser_1.default.parse(cookieStr);
+            for (const cookie of cookies) {
+                options.res.setCookie(
+                    cookie.name,
+                    cookie.value,
+                    cookie.domain,
+                    !!cookie.secure,
+                    !!cookie.httpOnly,
+                    new Date(cookie.expires).getTime(),
+                    cookie.path || "/",
+                    cookie.sameSite
+                );
+            }
+        }
+        options.res.original.redirect(response.redirectTo);
+    } else {
+        utils_1.send200Response(options.res, response);
+    }
+    return true;
+}
+exports.default = authGET;

lib/build/recipe/oauth2/api/consent.d.ts

@@ -0,0 +1,8 @@
+// @ts-nocheck
+import { APIInterface, APIOptions } from "..";
+import { UserContext } from "../../../types";
+export default function consent(
+    apiImplementation: APIInterface,
+    options: APIOptions,
+    userContext: UserContext
+): Promise<boolean>;

lib/build/recipe/oauth2/api/consent.js

@@ -0,0 +1,63 @@
+"use strict";
+/* Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("../../../utils");
+// TODO: separate post and get?
+async function consent(apiImplementation, options, userContext) {
+    var _a;
+    if (utils_1.normaliseHttpMethod(options.req.getMethod()) === "post") {
+        if (apiImplementation.consentPOST === undefined) {
+            return false;
+        }
+        const reqBody = await options.req.getJSONBody();
+        let response = await apiImplementation.consentPOST({
+            options,
+            accept: reqBody.accept,
+            consentChallenge: reqBody.consentChallenge,
+            grantScope: reqBody.grantScope,
+            remember: reqBody.remember,
+            userContext,
+        });
+        if ("status" in response) {
+            utils_1.send200Response(options.res, response);
+        } else {
+            options.res.original.redirect(response.redirectTo);
+        }
+    } else {
+        if (apiImplementation.consentGET === undefined) {
+            return false;
+        }
+        const consentChallenge =
+            (_a = options.req.getKeyValueFromQuery("consentChallenge")) !== null && _a !== void 0
+                ? _a
+                : options.req.getKeyValueFromQuery("consent_challenge");
+        if (consentChallenge === undefined) {
+            throw new Error("TODO");
+        }
+        let response = await apiImplementation.consentGET({
+            options,
+            consentChallenge,
+            userContext,
+        });
+        if ("status" in response) {
+            utils_1.send200Response(options.res, response);
+        } else {
+            options.res.original.redirect(response.redirectTo);
+        }
+    }
+    return true;
+}
+exports.default = consent;