search

badgateway / oauth2-client

OAuth2 client for Node and browsers
https://www.npmjs.com/package/@badgateway/oauth2-client
MIT License
284 stars 34 forks source link

Possible difference between source and compiled output in 2.0.17 #82

Closed lunaris closed 1 year ago

lunaris commented 1 year ago

I'm currently trying to get authorization code flows to work with 2.0.17. This version is supposed to include a fix for passing scope correctly, but despite this my code is still not working. Upon digging into node_modules, it looks like the src folder contains the correct code, but the dist folder's built code does not correspond to it (and is thus missing the fixes required to get scope to work):

$ cat package.json | grep oauth2-client                                                                 
    "@badgateway/oauth2-client": "^2.0.17",

$ cat node_modules/@badgateway/oauth2-client/src/client/authorization-code.ts | grep "const query:" -A15 
    const query: AuthorizationQueryParams = {
      client_id: this.client.settings.clientId,
      response_type: 'code',
      redirect_uri: params.redirectUri,
      code_challenge_method: codeChallenge?.[0],
      code_challenge: codeChallenge?.[1],
    };
    if (params.state) {
      query.state = params.state;
    }
    if (params.scope) {
      query.scope = params.scope.join(' ');
    }

    return authorizationEndpoint + '?' + generateQueryString(query);

$ cat node_modules/@badgateway/oauth2-client/dist/client/authorization-code.js | grep "const query =" -A15
        const query = {
            client_id: this.client.settings.clientId,
            response_type: 'code',
            redirect_uri: params.redirectUri,
            code_challenge_method: codeChallenge === null || codeChallenge === void 0 ? void 0 : codeChallenge[0],
            code_challenge: codeChallenge === null || codeChallenge === void 0 ? void 0 : codeChallenge[1],
        };
        if (params.state) {
            query.state = params.state;
        }
        return authorizationEndpoint + '?' + (0, client_1.generateQueryString)(query);
    }
    async getTokenFromCodeRedirect(url, params) {
        const { code } = await this.validateResponse(url, {
            state: params.state
        });

Can anyone else reproduce this? I don't think it's just my setup -- the "Code" tab on npmjs.com seems to confirm that dist and src are out of sync in the packaged version of 2.0.17 (https://www.npmjs.com/package/@badgateway/oauth2-client?activeTab=explore). Cloning the repository and running npm install && make build produces correct artifacts, so perhaps something went wrong with the release?

Thanks for the great library and any time you are able to give to this!

multiplehats commented 1 year ago

Just ran into this same issue. For some reason it's not attaching scopes correctly.

Currently working my way around it.

    const scopes = ['sales_invoices', 'documents', 'bank', 'time_entries', 'settings'];

    const baseAuthUrl = await moneybirdAuthClient.authorizationCode.getAuthorizeUri({
        redirectUri: `${protocol}//${host}${callback_path}`,
        state: 'my-string',
        scope: scopes
    });

    // Misses scopes
    console.log('base', baseAuthUrl);

    // Has scopes
    const authUrl = `${baseAuthUrl}&scope=${scopes.join(' ')}`;
    console.log(authUrl);
evert commented 1 year ago

I must have originally missed this! I'm gonna cut a new build right now

evert commented 1 year ago

Just released 2.0.18 which should fix this!