Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: Add OAuth2 recipe and introduce shouldTryLinkingWithSessionUser #927

Merged
merged 58 commits into from
Oct 3, 2024
Merged

feat!: Add OAuth2 recipe and introduce shouldTryLinkingWithSessionUser #927

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
03f3914
feat: add boilerplate for oauth2 recipe
porcellus Jun 9, 2024
5a215b9
feat: add a temporary solution to query hydra (until core impl) from …
porcellus Jun 12, 2024
7a29a7a
fix: fix temp solution for hydra calls
porcellus Jun 13, 2024
16e9631
feat: Add a recipe function to create OAuth2Client (#859)
anku255 Jun 17, 2024
fb51f36
feat: Add recipe functions to update/delete OAuth2Client (#863)
anku255 Jun 21, 2024
568a2f3
feat: Add recipe functions to get OAuth2Clients (#865)
anku255 Jun 21, 2024
05b6fb2
Merge remote-tracking branch 'origin/19.0' into feat/oauth2/base
porcellus Jun 26, 2024
2fd8ef4
feat: add initial oauth2 client apis (#866)
porcellus Jul 14, 2024
e84eb49
feat: Add OAuth2Client recipe (#877)
anku255 Jul 23, 2024
9c7a22d
fix: Remove internal redirects in the OAuth2 flow (#896)
anku255 Jul 26, 2024
0b39ad9
fix: Prefer exact api path match in the middleware (#892)
anku255 Jul 26, 2024
92121af
feat: Add userInfoGET endpoint (#890)
anku255 Jul 26, 2024
4ab2410
feat: add functions to validate oauth2 tokens
porcellus Jul 28, 2024
e0cdae5
feat: rename OAuth2 to OAuth2Provider
porcellus Jul 28, 2024
a463b65
feat: expose token validation functions
porcellus Jul 28, 2024
b0984c1
test: update tests
porcellus Jul 28, 2024
a29ffbe
fix: add userinfo_endpoint properly
porcellus Jul 28, 2024
6950da7
feat: removed unnecessary props
porcellus Jul 28, 2024
6974420
fix: add workaround to validate access/idtokens
porcellus Jul 29, 2024
a351c0a
fix: OAuth2 fixes (#900)
anku255 Jul 29, 2024
3736358
Merge remote-tracking branch 'origin/20.0' into feat/oauth2/base
porcellus Aug 1, 2024
aac74df
Merge branch 'feat/oauth2/base' of github.com:supertokens/supertokens…
porcellus Aug 1, 2024
6bab7f5
feat: review fixes
porcellus Aug 1, 2024
be263bd
feat: remove accessTokenStrategy
porcellus Aug 1, 2024
f53853c
test: update tests
porcellus Aug 1, 2024
1271be1
feat: OAuth2Client interface changes (#904)
anku255 Aug 6, 2024
a7a2b87
feat: Add token revocation endpoint (#902)
anku255 Aug 8, 2024
611d860
feat: Add token introspection endpoint (#906)
anku255 Aug 8, 2024
4830f0a
fix: make clientSecret optional (#908)
anku255 Aug 9, 2024
6f45c5f
fix: revokeToken input check
anku255 Aug 9, 2024
905b5cd
feat: add shouldTryLinkingWithSessionUser flag to auth apis and make …
porcellus Aug 11, 2024
9f7866c
feat: add shouldTryRefresh plus self-review and test related fixes
porcellus Aug 18, 2024
d8b0c40
feat: Add APIs for rp-initiated logout (#911)
anku255 Aug 25, 2024
4100705
feat: integrate with OAuth2 core impl (#926)
porcellus Sep 24, 2024
ed182a7
Merge remote-tracking branch 'origin/20.1' into feat/oauth2/base
porcellus Sep 24, 2024
055b29d
fix: Add changes to support unknown type in formField values (#928)
deepjyoti30-st Sep 25, 2024
9506071
feat: make loginGET return the redirection link as a JSON response in…
porcellus Sep 25, 2024
8321e65
ci: add option to run the CI scripts manually (#929)
porcellus Sep 28, 2024
41df730
feat: make the issuer overrideable + fix new status
porcellus Sep 28, 2024
a28471d
fix: fix handling of CLIENT_NOT_FOUND_ERROR
porcellus Sep 28, 2024
aee34f3
feat: error consistency improvements
porcellus Sep 28, 2024
cfec14f
feat: error consistency improvements
porcellus Sep 28, 2024
e95511a
refactor: some cleanup and error handling
porcellus Sep 28, 2024
3d68164
fix: set the jwks cacheMaxAge in MS
porcellus Sep 29, 2024
6865bd4
test: add more debug options into ci
porcellus Sep 29, 2024
a9f7716
Merge remote-tracking branch 'origin/20.1' into feat/oauth2/base
porcellus Sep 30, 2024
6f47455
feat: added more debug logging
porcellus Sep 30, 2024
bc0d216
fix: fix the session loading logic in auth apis
porcellus Sep 30, 2024
fa1cd09
ci: improve forceRunCI mac compatibility
porcellus Sep 30, 2024
bc7403d
ci: add missing env var to test script
porcellus Sep 30, 2024
47df0a2
feat: detect email_change_not_allowed earlier to fix tests
porcellus Sep 30, 2024
a88d3a9
Revert "feat: detect email_change_not_allowed earlier to fix tests"
porcellus Sep 30, 2024
07b7bb2
Merge remote-tracking branch 'origin/20.1' into feat/oauth2/base
porcellus Oct 1, 2024
558069a
feat: self-review fixes and general cleanup
porcellus Oct 1, 2024
8879f10
feat: add emails and phoneNumbers as arrays into the id token as well
porcellus Oct 2, 2024
a1517e5
feat!: separating the OpenId recipe from the Session recipe
porcellus Oct 2, 2024
46c62d8
chore: update version numbers
porcellus Oct 3, 2024
5d5e59e
ci: reset forceCI script to have a default value
porcellus Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 71 additions & 36 deletions .circleci/authReact.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,59 +23,94 @@ done <<< "$version"

coreDriverVersion=`echo $coreDriverArray | jq ". | last"`
coreDriverVersion=`echo $coreDriverVersion | tr -d '"'`
coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
coreFree="null"

if [ -f cdi-core-map.json ]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
cat cdi-core-map.json
echo "coreDriverVersion: $coreDriverVersion"

coreBranchName=`cat cdi-core-map.json | jq -r '.["'$coreDriverVersion'"]'`
if [ "$coreBranchName" != "null" ]
then
coreFree=$coreDriverVersion
fi
fi

if [ "$coreFree" == "null" ]
then
coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')

frontendDriverVersion=$1
frontendDriverVersion=`echo $frontendDriverVersion | tr -d '"'`

nodeVersionXY=`curl -s -X GET \
"https://api.supertokens.io/0/frontend-driver-interface/dependency/driver/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$frontendDriverVersion&driverName=node&frontendName=auth-react" \
-H 'api-version: 1'`
if [[ `echo $nodeVersionXY | jq .driver` == "null" ]]
nodeTag="null"
if [ -f fdi-node-map.json ]
then
echo "fetching latest X.Y version for driver given frontend-driver-interface X.Y version: $frontendDriverVersion gave response: $nodeVersionXY. Please make sure all relevant drivers have been pushed."
exit 1
nodeTag=`cat fdi-node-map.json | jq '.["'$frontendDriverVersion'"]' | tr -d '"'`
fi
nodeVersionXY=$(echo $nodeVersionXY | jq .driver | tr -d '"')

nodeInfo=`curl -s -X GET \
"https://api.supertokens.io/0/driver/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$nodeVersionXY&name=node" \
-H 'api-version: 0'`
if [[ `echo $nodeInfo | jq .tag` == "null" ]]
if [ "$nodeTag" == "null" ]
then
echo "fetching latest X.Y.Z version for driver, X.Y version: $nodeVersionXY gave response: $nodeInfo"
exit 1
nodeVersionXY=`curl -s -X GET \
"https://api.supertokens.io/0/frontend-driver-interface/dependency/driver/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$frontendDriverVersion&driverName=node&frontendName=auth-react" \
-H 'api-version: 1'`
if [[ `echo $nodeVersionXY | jq .driver` == "null" ]]
then
echo "fetching latest X.Y version for driver given frontend-driver-interface X.Y version: $frontendDriverVersion gave response: $nodeVersionXY. Please make sure all relevant drivers have been pushed."
exit 1
fi
nodeVersionXY=$(echo $nodeVersionXY | jq .driver | tr -d '"')

nodeInfo=`curl -s -X GET \
"https://api.supertokens.io/0/driver/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$nodeVersionXY&name=node" \
-H 'api-version: 0'`
if [[ `echo $nodeInfo | jq .tag` == "null" ]]
then
echo "fetching latest X.Y.Z version for driver, X.Y version: $nodeVersionXY gave response: $nodeInfo"
exit 1
fi
nodeTag=$(echo $nodeInfo | jq .tag | tr -d '"')
fi
nodeTag=$(echo $nodeInfo | jq .tag | tr -d '"')

frontendAuthReactVersionXY=`curl -s -X GET \
"https://api.supertokens.io/0/frontend-driver-interface/dependency/frontend/latest?password=$SUPERTOKENS_API_KEY&frontendName=auth-react&mode=DEV&version=$frontendDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $frontendAuthReactVersionXY | jq .frontend` == "null" ]]
frontendAuthReactTag="null"
if [ -f fdi-auth-react-map.json ]
then
echo "fetching latest X.Y version for frontend given frontend-driver-interface X.Y version: $frontendDriverVersion, name: auth-react gave response: $frontend. Please make sure all relevant frontend libs have been pushed."
exit 1
frontendAuthReactTag=`cat fdi-auth-react-map.json | jq '.["'$frontendDriverVersion'"]' | tr -d '"'`
fi
frontendAuthReactVersionXY=$(echo $frontendAuthReactVersionXY | jq .frontend | tr -d '"')

frontendAuthReactInfo=`curl -s -X GET \
"https://api.supertokens.io/0/frontend/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$frontendAuthReactVersionXY&name=auth-react" \
-H 'api-version: 0'`
if [[ `echo $frontendAuthReactInfo | jq .tag` == "null" ]]
if [ "$frontendAuthReactTag" == "null" ]
then
echo "fetching latest X.Y.Z version for frontend, X.Y version: $frontendAuthReactVersionXY gave response: $frontendAuthReactInfo"
exit 1
frontendAuthReactVersionXY=`curl -s -X GET \
"https://api.supertokens.io/0/frontend-driver-interface/dependency/frontend/latest?password=$SUPERTOKENS_API_KEY&frontendName=auth-react&mode=DEV&version=$frontendDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $frontendAuthReactVersionXY | jq .frontend` == "null" ]]
then
echo "fetching latest X.Y version for frontend given frontend-driver-interface X.Y version: $frontendDriverVersion, name: auth-react gave response: $frontend. Please make sure all relevant frontend libs have been pushed."
exit 1
fi
frontendAuthReactVersionXY=$(echo $frontendAuthReactVersionXY | jq .frontend | tr -d '"')

frontendAuthReactInfo=`curl -s -X GET \
"https://api.supertokens.io/0/frontend/latest?password=$SUPERTOKENS_API_KEY&mode=DEV&version=$frontendAuthReactVersionXY&name=auth-react" \
-H 'api-version: 0'`
if [[ `echo $frontendAuthReactInfo | jq .tag` == "null" ]]
then
echo "fetching latest X.Y.Z version for frontend, X.Y version: $frontendAuthReactVersionXY gave response: $frontendAuthReactInfo"
exit 1
fi
frontendAuthReactTag=$(echo $frontendAuthReactInfo | jq .tag | tr -d '"')
frontendAuthReactVersion=$(echo $frontendAuthReactInfo | jq .version | tr -d '"')
fi
frontendAuthReactTag=$(echo $frontendAuthReactInfo | jq .tag | tr -d '"')
frontendAuthReactVersion=$(echo $frontendAuthReactInfo | jq .version | tr -d '"')

if [[ $frontendDriverVersion == '1.3' || $frontendDriverVersion == '1.8' ]]; then
# we skip this since the tests for auth-react here are not reliable due to race conditions...
Expand Down
30 changes: 23 additions & 7 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,27 @@ orbs:
continuation: circleci/[email protected]
slack: circleci/[email protected]
jq: circleci/[email protected]

parameters:
force:
type: boolean
default: false
cdi-core-map:
type: string
default: "{}"
cdi-plugin-interface-map:
type: string
default: "{}"
fdi-node-map:
type: string
default: "{}"
fdi-auth-react-map:
type: string
default: "{}"
fdi-website-map:
type: string
default: "{}"

jobs:
publish:
docker:
Expand Down Expand Up @@ -36,7 +57,7 @@ jobs:
- run:
name: Generate config
command: |
cd .circleci && ./generateConfig.sh
cd .circleci && ./generateConfig.sh << pipeline.parameters.force >> '<< pipeline.parameters.cdi-core-map >>' '<< pipeline.parameters.cdi-plugin-interface-map >>' '<< pipeline.parameters.fdi-node-map >>' '<< pipeline.parameters.fdi-auth-react-map >>' '<< pipeline.parameters.fdi-website-map >>'
- continuation/continue:
configuration_path: .circleci/config_continue.yml # use newly generated config to continue

Expand All @@ -52,12 +73,7 @@ workflows:
only: /v[0-9]+(\.[0-9]+)*/
branches:
ignore: /.*/
- setup:
filters:
tags:
only: /dev-v[0-9]+(\.[0-9]+)*/
branches:
only: /test-cicd\/.*/
- setup
- update-docs:
context:
- slack-notification
Expand Down
45 changes: 37 additions & 8 deletions .circleci/config_continue.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,27 @@ orbs:
continuation: circleci/[email protected]
slack: circleci/[email protected]
jq: circleci/[email protected]

parameters:
force:
type: boolean
default: false
cdi-core-map:
type: string
default: "{}"
cdi-plugin-interface-map:
type: string
default: "{}"
fdi-node-map:
type: string
default: "{}"
fdi-auth-react-map:
type: string
default: "{}"
fdi-website-map:
type: string
default: "{}"

jobs:
test-dev-tag-as-not-passed:
docker:
Expand All @@ -12,16 +33,16 @@ jobs:
- run: echo "Testing branch << pipeline.git.branch >>"
- when:
condition:
not:
matches:
pattern: "^test-cicd/.*$"
value: << pipeline.git.branch >>
matches:
pattern: "^[0-9]+\\.[0-9]+$" # X.Y branches
value: << pipeline.git.branch >>
steps:
- checkout
- run: (cd .circleci/ && ./markDevTagAsTestNotPassed.sh)
test-unit:
docker:
- image: rishabhpoddar/supertokens_node_driver_testing_node_20
- image: rishabhpoddar/oauth-server-cicd
resource_class: large
parameters:
cdi-version:
Expand All @@ -39,6 +60,7 @@ jobs:
test-backend-sdk-testing:
docker:
- image: rishabhpoddar/supertokens_node_driver_testing_node_20
- image: rishabhpoddar/oauth-server-cicd
resource_class: large
parameters:
cdi-version:
Expand All @@ -57,6 +79,7 @@ jobs:
test-website:
docker:
- image: rishabhpoddar/supertokens_website_sdk_testing
- image: rishabhpoddar/oauth-server-cicd
resource_class: large
parameters:
fdi-version:
Expand All @@ -75,6 +98,7 @@ jobs:
test-authreact:
docker:
- image: rishabhpoddar/supertokens_website_sdk_testing_node_16
- image: rishabhpoddar/oauth-server-cicd
resource_class: large
parameters:
fdi-version:
Expand All @@ -92,6 +116,12 @@ jobs:
- store_artifacts:
path: test_report/backend.log
destination: logs
- store_artifacts:
path: test_report/screenshots
destination: screenshots
- store_artifacts:
path: test_report/react-logs
destination: react-logs
- slack/status
test-success:
docker:
Expand All @@ -100,10 +130,9 @@ jobs:
- run: echo "Testing passed for branch << pipeline.git.branch >>"
- when:
condition:
not:
matches:
pattern: "^test-cicd/.*$"
value: << pipeline.git.branch >>
matches:
pattern: "^[0-9]+\\.[0-9]+$" # X.Y branches
value: << pipeline.git.branch >>
steps:
- checkout
- run: (cd .circleci/ && ./markAsSuccess.sh)
Expand Down
22 changes: 22 additions & 0 deletions .circleci/configs/hydra.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
serve:
cookies:
same_site_mode: Lax

urls:
self:
issuer: http://localhost:4444
consent: http://localhost:3001/auth/oauth/consent
login: http://localhost:3001/auth/oauth/login
logout: http://localhost:3001/auth/oauth/logout

secrets:
system:
- youReallyNeedToChangeThis

oidc:
subject_identifiers:
supported_types:
- pairwise
- public
pairwise:
salt: youReallyNeedToChangeThis
32 changes: 24 additions & 8 deletions .circleci/doBackendSDKTests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,33 @@ fi
coreDriverVersion=$1
coreDriverVersion=`echo $coreDriverVersion | tr -d '"'`

frontendDriverVersion=$2
frontendDriverVersion=`echo $2 | tr -d '"'`

coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
coreFree="null"
if [ -f cdi-core-map.json ]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
cat cdi-core-map.json
echo "coreDriverVersion: $coreDriverVersion"

coreBranchName=`cat cdi-core-map.json | jq -r '.["'$coreDriverVersion'"]'`
if [ "$coreBranchName" != "null" ]
then
coreFree=$coreDriverVersion
fi
fi

if [ "$coreFree" == "null" ]
then
coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')

cd ..
./test/testExports.sh
Expand Down
30 changes: 23 additions & 7 deletions .circleci/doUnitTests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,31 @@ fi
coreDriverVersion=$1
coreDriverVersion=`echo $coreDriverVersion | tr -d '"'`

coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
coreFree="null"
if [ -f cdi-core-map.json ]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
cat cdi-core-map.json
echo "coreDriverVersion: $coreDriverVersion"

coreBranchName=`cat cdi-core-map.json | jq -r '.["'$coreDriverVersion'"]'`
if [ "$coreBranchName" != "null" ]
then
coreFree=$coreDriverVersion
fi
fi

if [ "$coreFree" == "null" ]
then
coreFree=`curl -s -X GET \
"https://api.supertokens.io/0/core-driver-interface/dependency/core/latest?password=$SUPERTOKENS_API_KEY&planType=FREE&mode=DEV&version=$coreDriverVersion&driverName=node" \
-H 'api-version: 1'`
if [[ `echo $coreFree | jq .core` == "null" ]]
then
echo "fetching latest X.Y version for core given core-driver-interface X.Y version: $coreDriverVersion, planType: FREE gave response: $coreFree. Please make sure all relevant cores have been pushed."
exit 1
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')
fi
coreFree=$(echo $coreFree | jq .core | tr -d '"')

cd ..
./test/testExports.sh
Expand Down
Loading
Loading