972 lines
40 KiB
JavaScript
972 lines
40 KiB
JavaScript
|
/**
|
||
|
* Config mocha
|
||
|
*/
|
||
|
|
||
|
mocha.timeout(60000);
|
||
|
mocha.globals(['jQuery*', '__auth0jp*']);
|
||
|
|
||
|
/**
|
||
|
* Test Auth0
|
||
|
*/
|
||
|
|
||
|
describe('Auth0', function () {
|
||
|
afterEach(function () {
|
||
|
global.window.location.hash = '';
|
||
|
});
|
||
|
|
||
|
it('has a semver tag', function (done) {
|
||
|
expect(Auth0.version).to.be.a('string');
|
||
|
done();
|
||
|
});
|
||
|
|
||
|
it('has a client information', function (done) {
|
||
|
expect(Auth0.clientInfo).to.be.a('object');
|
||
|
done();
|
||
|
});
|
||
|
|
||
|
it('sends client information by default', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url).to.contain('auth0Client');
|
||
|
};
|
||
|
|
||
|
auth0.login({nonce: '12345'});
|
||
|
|
||
|
done();
|
||
|
});
|
||
|
|
||
|
it('should not send client information when disabled', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
sendSDKClientInfo: false
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url).to.not.contain('auth0Client');
|
||
|
};
|
||
|
|
||
|
auth0.login({nonce: '12345'});
|
||
|
|
||
|
done();
|
||
|
});
|
||
|
|
||
|
it('should fail if auth0.login is called with {popup: true, callbackOnLocationHash: true} and without callback', function () {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
callbackOnLocationHash: true
|
||
|
});
|
||
|
|
||
|
expect(function () {
|
||
|
auth0.signin({popup: true, nonce: '12345'});
|
||
|
}).to.throwError(/popup mode should receive a mandatory callback/);
|
||
|
});
|
||
|
|
||
|
it('should fail if auth0.loginWithPopup is called with {callbackOnLocationHash: true} without callback', function () {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
callbackOnLocationHash: true
|
||
|
});
|
||
|
|
||
|
expect(function () {
|
||
|
auth0.loginWithPopup({});
|
||
|
}).to.throwError(/popup mode should receive a mandatory callback/);
|
||
|
});
|
||
|
|
||
|
it('should support to use signin as an alias for login', function () {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
callbackOnLocationHash: true
|
||
|
});
|
||
|
|
||
|
expect(auth0.signin).to.be.equal(auth0.login);
|
||
|
});
|
||
|
|
||
|
it('should not contain popupOptions= inside the authorize query string', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url.split('?')[0])
|
||
|
.to.contain('https://aaa.auth0.com/authorize');
|
||
|
|
||
|
var parsed = {};
|
||
|
the_url.split('?')[1].replace(
|
||
|
new RegExp('([^?=&]+)(=([^&]*))?', 'g'),
|
||
|
function($0, $1, $2, $3) { parsed[$1] = decodeURIComponent($3); }
|
||
|
);
|
||
|
|
||
|
expect(parsed.response_type).to.equal('code');
|
||
|
expect(parsed.redirect_uri).to.equal('https://myapp.com/callback');
|
||
|
expect(parsed.client_id).to.equal('aaaabcdefgh');
|
||
|
expect(parsed.scope).to.equal('openid');
|
||
|
expect(parsed.popupOptions).not.to.be.ok;
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.login({
|
||
|
connection: 'google-oauth2',
|
||
|
nonce: '1234',
|
||
|
popupOptions: {}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
if (!navigator.userAgent.match(/iPad|iPhone|iPod/g)) {
|
||
|
it('should return empty SSO data after logout', function (done) {
|
||
|
forceLogout('aaa.auth0.com', function () {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0.getSSOData(function (err, ssoData) {
|
||
|
expect(ssoData.sso).to.eql(false);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
}
|
||
|
|
||
|
describe('Constructor', function () {
|
||
|
it('should fail to construct without a clientID', function () {
|
||
|
expect(function () {
|
||
|
new Auth0({});
|
||
|
}).to.throwError(/clientID is required/);
|
||
|
});
|
||
|
|
||
|
it('should not fail to construct without a callbackURL', function () {
|
||
|
expect(function () {
|
||
|
new Auth0({clientID: '1123sadsd'});
|
||
|
}).not.to.throwError(/callbackURL is required/);
|
||
|
});
|
||
|
|
||
|
it('should fail to construct without a domain', function () {
|
||
|
expect(function () {
|
||
|
new Auth0({clientID: '1123sadsd', callbackURL: 'aaaa'});
|
||
|
}).to.throwError(/domain is required/);
|
||
|
});
|
||
|
|
||
|
it('should use constructor if called as function', function () {
|
||
|
var auth0 = Auth0;
|
||
|
var initialized_without_new = auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
expect(initialized_without_new).to.be.an(Auth0);
|
||
|
});
|
||
|
|
||
|
it('should set forceJSONP to the provided Boolean value', function(done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
forceJSONP: false
|
||
|
});
|
||
|
expect(auth0._useJSONP).to.be(false);
|
||
|
|
||
|
auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
forceJSONP: true
|
||
|
});
|
||
|
expect(auth0._useJSONP).to.be(true);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe('In redirect mode', function () {
|
||
|
it('should redirect to /authorize with google (callbackOnLocationHash: on)', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
callbackOnLocationHash: true
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url.split('?')[0])
|
||
|
.to.contain('https://aaa.auth0.com/authorize');
|
||
|
|
||
|
var parsed = {};
|
||
|
the_url.split('?')[1].replace(
|
||
|
new RegExp('([^?=&]+)(=([^&]*))?', 'g'),
|
||
|
function($0, $1, $2, $3) { parsed[$1] = decodeURIComponent($3); }
|
||
|
);
|
||
|
|
||
|
expect(parsed.response_type).to.equal('token');
|
||
|
expect(parsed.redirect_uri).to.equal('https://myapp.com/callback');
|
||
|
expect(parsed.client_id).to.equal('aaaabcdefgh');
|
||
|
expect(parsed.scope).to.equal('openid');
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.login({ connection: 'google-oauth2', nonce:'12345' });
|
||
|
});
|
||
|
|
||
|
it('should disable phonegap by default', function () {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
expect(auth0._useCordovaSocialPlugins).not.to.be.ok();
|
||
|
});
|
||
|
|
||
|
it('should redirect to /authorize with values set on login (overriding constructor)', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
domain: 'aaa.auth0.com',
|
||
|
callbackURL: 'http://fakeCallback.com',
|
||
|
callbackOnLocationHash: false
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url.split('?')[0])
|
||
|
.to.contain('https://aaa.auth0.com/authorize');
|
||
|
|
||
|
var parsed = {};
|
||
|
the_url.split('?')[1].replace(
|
||
|
new RegExp('([^?=&]+)(=([^&]*))?', 'g'),
|
||
|
function($0, $1, $2, $3) { parsed[$1] = decodeURIComponent($3); }
|
||
|
);
|
||
|
|
||
|
expect(parsed.response_type).to.equal('token');
|
||
|
expect(parsed.redirect_uri).to.equal('https://myapp.com/callback');
|
||
|
expect(parsed.client_id).to.equal('aaaabcdefgh');
|
||
|
expect(parsed.scope).to.equal('openid');
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.login({
|
||
|
connection: 'google-oauth2',
|
||
|
callbackOnLocationHash: true,
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
nonce:'12345'
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should redirect to /authorize with google (callbackOnLocationHash: off)', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (the_url) {
|
||
|
expect(the_url.split('?')[0])
|
||
|
.to.contain('https://aaa.auth0.com/authorize');
|
||
|
|
||
|
var parsed = {};
|
||
|
the_url.split('?')[1].replace(
|
||
|
new RegExp('([^?=&]+)(=([^&]*))?', 'g'),
|
||
|
function($0, $1, $2, $3) { parsed[$1] = decodeURIComponent($3); }
|
||
|
);
|
||
|
|
||
|
expect(parsed.response_type).to.equal('code');
|
||
|
expect(parsed.redirect_uri).to.equal('https://myapp.com/callback');
|
||
|
expect(parsed.client_id).to.equal('aaaabcdefgh');
|
||
|
expect(parsed.scope).to.equal('openid');
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.login({
|
||
|
connection: 'google-oauth2',
|
||
|
nonce:'12345'
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('contains client version information within authorize redirection url', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0._redirect = function (url) {
|
||
|
expect(url).to.contain('auth0Client=');
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.login({
|
||
|
connection: 'google-oauth2',
|
||
|
nonce:'12345'
|
||
|
});
|
||
|
})
|
||
|
});
|
||
|
|
||
|
describe('parseHash', function () {
|
||
|
context('response_type=token + scope=openid offline_access + state', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=AdyWpLVbQi2GA0fy&refresh_token=8m8M2Dk7BWsmpyumpguR4ZVKpZDy6bhFrZacaq6kmEVtt&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTYzOTQyLCJpYXQiOjE0NzA5Mjc5NDJ9.KcxIWhnTHeL_kNwUq74ef3REOCFDxiOH_NiNMqNNZks&token_type=Bearer&state=hello';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('AdyWpLVbQi2GA0fy');
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTYzOTQyLCJpYXQiOjE0NzA5Mjc5NDJ9.KcxIWhnTHeL_kNwUq74ef3REOCFDxiOH_NiNMqNNZks');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('copies the refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be('8m8M2Dk7BWsmpyumpguR4ZVKpZDy6bhFrZacaq6kmEVtt');
|
||
|
});
|
||
|
|
||
|
it('copies the sate', function() {
|
||
|
expect(this.parsedHash.state).to.be('hello');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=token + scope=openid offline_access', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=meZc5MnnwwL0LyZO&refresh_token=Xqs1iD2F4IxL3C9WaOaDllZd5ns411967JPPZubuf8K8H&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MDU2LCJpYXQiOjE0NzA5MjgwNTZ9.zM12OViHQQkSogcW_-CXat_2cOMIHy0JShbbNIxKRkM&token_type=Bearer';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('meZc5MnnwwL0LyZO');
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MDU2LCJpYXQiOjE0NzA5MjgwNTZ9.zM12OViHQQkSogcW_-CXat_2cOMIHy0JShbbNIxKRkM');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('copies the refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be('Xqs1iD2F4IxL3C9WaOaDllZd5ns411967JPPZubuf8K8H');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include sate', function() {
|
||
|
expect(this.parsedHash.state).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=token + scope=openid + state', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=I6MceMUVoKxyWhJN&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MTIwLCJpYXQiOjE0NzA5MjgxMjB9.tkUFnd9oi5AAo9yraQwkrn5Z1D-G4HX3wzQ1yWSM81g&token_type=Bearer&state=hello';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('I6MceMUVoKxyWhJN');
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MTIwLCJpYXQiOjE0NzA5MjgxMjB9.tkUFnd9oi5AAo9yraQwkrn5Z1D-G4HX3wzQ1yWSM81g');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('copies the sate', function() {
|
||
|
expect(this.parsedHash.state).to.be('hello');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=token + scope=openid', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=kb1t8RwAmevjnV2F&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MTY5LCJpYXQiOjE0NzA5MjgxNjl9.KC6stFcLPFnEPMmRfRVoM3Fe2WMNLBn68Aa63kyZ5gI&token_type=Bearer';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('kb1t8RwAmevjnV2F');
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0MTY5LCJpYXQiOjE0NzA5MjgxNjl9.KC6stFcLPFnEPMmRfRVoM3Fe2WMNLBn68Aa63kyZ5gI');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include state', function() {
|
||
|
expect(this.parsedHash.state).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=token + state', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=thu2az95NNmhCfeZ&token_type=Bearer&state=hello';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('thu2az95NNmhCfeZ');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include an id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t decode an id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('copies the state', function() {
|
||
|
expect(this.parsedHash.state).to.be('hello');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=token', function() {
|
||
|
before(function() {
|
||
|
var hash = '#access_token=cpiUDP1E8zX1Dfyw&token_type=Bearer';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be('cpiUDP1E8zX1Dfyw');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include an id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t decode an id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include state', function() {
|
||
|
expect(this.parsedHash.state).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=id_token + scope=openid + state', function() {
|
||
|
before(function() {
|
||
|
var hash = '#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0NzE0LCJpYXQiOjE0NzA5Mjg3MTR9.mQ-OLmCuoveYeH3PhDBXYJOwq8sSfdOieXzUoZqZT2k&state=hello';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include an access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0NzE0LCJpYXQiOjE0NzA5Mjg3MTR9.mQ-OLmCuoveYeH3PhDBXYJOwq8sSfdOieXzUoZqZT2k');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('copies the state', function() {
|
||
|
expect(this.parsedHash.state).to.be('hello');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context('response_type=id_token', function() {
|
||
|
before(function() {
|
||
|
var hash = '#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0NzU0LCJpYXQiOjE0NzA5Mjg3NTR9.gsjJQyYJzIShiBcI02i4fsGk68nbSCOLojReI2czI7Y';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include an access_token', function() {
|
||
|
expect(this.parsedHash.accessToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('copies the id_token', function() {
|
||
|
expect(this.parsedHash.idToken).to.be('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2duYW5kcmV0dGEuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU3MmNhOWYzMGRjMjhkOGQ3YmY3MzRhYSIsImF1ZCI6Iks2bkFFT2dFZVN3b2dDR3Y2TjZtOXdOZlFodmJGQW0wIiwiZXhwIjoxNDcwOTY0NzU0LCJpYXQiOjE0NzA5Mjg3NTR9.gsjJQyYJzIShiBcI02i4fsGk68nbSCOLojReI2czI7Y');
|
||
|
});
|
||
|
|
||
|
it('decodes the id_token', function() {
|
||
|
expect(this.parsedHash.idTokenPayload.aud).to.be('K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include a refresh_token', function() {
|
||
|
expect(this.parsedHash.refreshToken).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include state', function() {
|
||
|
expect(this.parsedHash.state).to.be(undefined);
|
||
|
});
|
||
|
|
||
|
it('doesn\'t have an error', function() {
|
||
|
expect(this.parsedHash.error).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context("error + state", function() {
|
||
|
before(function() {
|
||
|
var hash = '#error=unauthorized&error_description=My%20custom%20error%20message&state=hello';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the error', function() {
|
||
|
expect(this.parsedHash.error).to.be('unauthorized');
|
||
|
});
|
||
|
|
||
|
it('copies the error message', function() {
|
||
|
expect(this.parsedHash.error_description).to.be('My custom error message');
|
||
|
});
|
||
|
|
||
|
it('copies the state', function() {
|
||
|
expect(this.parsedHash.state).to.be('hello');
|
||
|
});
|
||
|
});
|
||
|
|
||
|
context("error", function() {
|
||
|
before(function() {
|
||
|
var hash = '#error=unauthorized&error_description=My%20custom%20error%20message';
|
||
|
this.parsedHash = new Auth0({
|
||
|
clientID: 'K6nAEOgEeSwogCGv6N6m9wNfQhvbFAm0',
|
||
|
domain: 'gnandretta.auth0.com'
|
||
|
}).parseHash(hash);
|
||
|
});
|
||
|
|
||
|
it('copies the error', function() {
|
||
|
expect(this.parsedHash.error).to.be('unauthorized');
|
||
|
});
|
||
|
|
||
|
it('copies the error message', function() {
|
||
|
expect(this.parsedHash.error_description).to.be('My custom error message');
|
||
|
});
|
||
|
|
||
|
it('doesn\'t include state', function() {
|
||
|
expect(this.parsedHash.state).to.be(undefined);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should be able to parse the profile (if it starts with a slash)', function () {
|
||
|
var hash = '#/access_token=jFxsZUQTJXXwcwIm&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSIsImF1ZCI6IjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIiwiZXhwIjoxMzgwMjU4NzU4LCJpYXQiOjEzODAyMjI3NTgsImNsaWVudElEIjoiMEhQNzFHU2Q2UHVvUllKM0RYS2RpWENVVWRHbUJidXAiLCJlbWFpbCI6Impvc2Uucm9tYW5pZWxsb0BxcmFmdGxhYnMuY29tIiwiZmFtaWx5X25hbWUiOiJSb21hbmllbGxvIiwiZ2VuZGVyIjoibWFsZSIsImdpdmVuX25hbWUiOiJKb3NlIiwiaWRlbnRpdGllcyI6W3siYWNjZXNzX3Rva2VuIjoieWEyOS5BSEVTNlpUSllmQnN3a1NFbUU2YTQ2SlpHYVgxV1Jqc2ZrUzd5Vm81RXNPdktKWVhnenpEZl9ZUiIsInByb3ZpZGVyIjoiZ29vZ2xlLW9hdXRoMiIsInVzZXJfaWQiOiIxMTgzMDQyMzE2NDAzMDE2ODU1NzkiLCJjb25uZWN0aW9uIjoiZ29vZ2xlLW9hdXRoMiIsImlzU29jaWFsIjp0cnVlfV0sImxvY2FsZSI6ImVuIiwibmFtZSI6Ikpvc2UgUm9tYW5pZWxsbyIsIm5pY2tuYW1lIjoiam9zZS5yb21hbmllbGxvIiwicGljdHVyZSI6Imh0dHBzOi8vbGg2Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tcF81dUwxTDFkdkUvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQlEvaVBIRUQ0ajlxblkvcGhvdG8uanBnIiwidXNlcl9pZCI6Imdvb2dsZS1vYXV0aDJ8MTE4MzA0MjMxNjQwMzAxNjg1NTc5In0.Qrhrkp7hCYFyN_Ax9yVPKztuJNFHjnGbyUfLJsccLGU&token_type=bearer&state=Ttct3tBlHDhRnXCv';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'login.auth0.com'
|
||
|
});
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.idTokenPayload.name).to.eql('Jose Romaniello');
|
||
|
expect(result.accessToken).to.eql('jFxsZUQTJXXwcwIm');
|
||
|
expect(result.state).to.eql('Ttct3tBlHDhRnXCv');
|
||
|
|
||
|
});
|
||
|
|
||
|
it('should return error if iss is invalid', function () {
|
||
|
var hash = '#access_token=jFxsZUQTJXXwcwIm&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSIsImF1ZCI6IjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIiwiZXhwIjoxMzgwMjU4NzU4LCJpYXQiOjEzODAyMjI3NTgsImNsaWVudElEIjoiMEhQNzFHU2Q2UHVvUllKM0RYS2RpWENVVWRHbUJidXAiLCJlbWFpbCI6Impvc2Uucm9tYW5pZWxsb0BxcmFmdGxhYnMuY29tIiwiZmFtaWx5X25hbWUiOiJSb21hbmllbGxvIiwiZ2VuZGVyIjoibWFsZSIsImdpdmVuX25hbWUiOiJKb3NlIiwiaWRlbnRpdGllcyI6W3siYWNjZXNzX3Rva2VuIjoieWEyOS5BSEVTNlpUSllmQnN3a1NFbUU2YTQ2SlpHYVgxV1Jqc2ZrUzd5Vm81RXNPdktKWVhnenpEZl9ZUiIsInByb3ZpZGVyIjoiZ29vZ2xlLW9hdXRoMiIsInVzZXJfaWQiOiIxMTgzMDQyMzE2NDAzMDE2ODU1NzkiLCJjb25uZWN0aW9uIjoiZ29vZ2xlLW9hdXRoMiIsImlzU29jaWFsIjp0cnVlfV0sImxvY2FsZSI6ImVuIiwibmFtZSI6Ikpvc2UgUm9tYW5pZWxsbyIsIm5pY2tuYW1lIjoiam9zZS5yb21hbmllbGxvIiwicGljdHVyZSI6Imh0dHBzOi8vbGg2Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tcF81dUwxTDFkdkUvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQlEvaVBIRUQ0ajlxblkvcGhvdG8uanBnIiwidXNlcl9pZCI6Imdvb2dsZS1vYXV0aDJ8MTE4MzA0MjMxNjQwMzAxNjg1NTc5In0.Qrhrkp7hCYFyN_Ax9yVPKztuJNFHjnGbyUfLJsccLGU&token_type=bearer&state=Ttct3tBlHDhRnXCv';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'wrong.auth0.com'
|
||
|
});
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.error).to.be.equal('invalid_token');
|
||
|
expect(result.error_description).to.be.equal('The domain configured (https://wrong.auth0.com/) does not match with the domain set in the token (https://login.auth0.com/).');
|
||
|
|
||
|
});
|
||
|
|
||
|
it('should be able to parse an aud array', function () {
|
||
|
var hash = '#access_token=jFxsZUQTJXXwcwIm&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSIsImF1ZCI6WyIwSFA3MUdTZDZQdW9SWUozRFhLZGlYQ1VVZEdtQmJ1cCIsIjFKUTgyR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIl0sImV4cCI6MTM4MDI1ODc1OCwiaWF0IjoxMzgwMjIyNzU4LCJjbGllbnRJRCI6IjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIiwiZW1haWwiOiJqb3NlLnJvbWFuaWVsbG9AcXJhZnRsYWJzLmNvbSIsImZhbWlseV9uYW1lIjoiUm9tYW5pZWxsbyIsImdlbmRlciI6Im1hbGUiLCJnaXZlbl9uYW1lIjoiSm9zZSIsImlkZW50aXRpZXMiOlt7ImFjY2Vzc190b2tlbiI6InlhMjkuQUhFUzZaVEpZZkJzd2tTRW1FNmE0NkpaR2FYMVdSanNma1M3eVZvNUVzT3ZLSllYZ3p6RGZfWVIiLCJwcm92aWRlciI6Imdvb2dsZS1vYXV0aDIiLCJ1c2VyX2lkIjoiMTE4MzA0MjMxNjQwMzAxNjg1NTc5IiwiY29ubmVjdGlvbiI6Imdvb2dsZS1vYXV0aDIiLCJpc1NvY2lhbCI6dHJ1ZX1dLCJsb2NhbGUiOiJlbiIsIm5hbWUiOiJKb3NlIFJvbWFuaWVsbG8iLCJuaWNrbmFtZSI6Impvc2Uucm9tYW5pZWxsbyIsInBpY3R1cmUiOiJodHRwczovL2xoNi5nb29nbGV1c2VyY29udGVudC5jb20vLXBfNXVMMUwxZHZFL0FBQUFBQUFBQUFJL0FBQUFBQUFBQUJRL2lQSEVENGo5cW5ZL3Bob3RvLmpwZyIsInVzZXJfaWQiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSJ9.9j4aVz2Kx5pdY8dxdu59tNe8xxNAXa4b2_IPgpCW0wA&token_type=bearer&state=Ttct3tBlHDhRnXCv';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'login.auth0.com'
|
||
|
});
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.error).to.not.be.ok();
|
||
|
expect(result.error_description).to.not.be.ok();
|
||
|
});
|
||
|
|
||
|
it('should return an error if aud string is invalid', function () {
|
||
|
var hash = '#access_token=jFxsZUQTJXXwcwIm&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSIsImF1ZCI6IjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIiwiZXhwIjoxMzgwMjU4NzU4LCJpYXQiOjEzODAyMjI3NTgsImNsaWVudElEIjoiMEhQNzFHU2Q2UHVvUllKM0RYS2RpWENVVWRHbUJidXAiLCJlbWFpbCI6Impvc2Uucm9tYW5pZWxsb0BxcmFmdGxhYnMuY29tIiwiZmFtaWx5X25hbWUiOiJSb21hbmllbGxvIiwiZ2VuZGVyIjoibWFsZSIsImdpdmVuX25hbWUiOiJKb3NlIiwiaWRlbnRpdGllcyI6W3siYWNjZXNzX3Rva2VuIjoieWEyOS5BSEVTNlpUSllmQnN3a1NFbUU2YTQ2SlpHYVgxV1Jqc2ZrUzd5Vm81RXNPdktKWVhnenpEZl9ZUiIsInByb3ZpZGVyIjoiZ29vZ2xlLW9hdXRoMiIsInVzZXJfaWQiOiIxMTgzMDQyMzE2NDAzMDE2ODU1NzkiLCJjb25uZWN0aW9uIjoiZ29vZ2xlLW9hdXRoMiIsImlzU29jaWFsIjp0cnVlfV0sImxvY2FsZSI6ImVuIiwibmFtZSI6Ikpvc2UgUm9tYW5pZWxsbyIsIm5pY2tuYW1lIjoiam9zZS5yb21hbmllbGxvIiwicGljdHVyZSI6Imh0dHBzOi8vbGg2Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tcF81dUwxTDFkdkUvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQlEvaVBIRUQ0ajlxblkvcGhvdG8uanBnIiwidXNlcl9pZCI6Imdvb2dsZS1vYXV0aDJ8MTE4MzA0MjMxNjQwMzAxNjg1NTc5In0.Qrhrkp7hCYFyN_Ax9yVPKztuJNFHjnGbyUfLJsccLGU&token_type=bearer&state=Ttct3tBlHDhRnXCv';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'wrong',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'login.auth0.com'
|
||
|
});
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.error).to.be.equal('invalid_token');
|
||
|
expect(result.error_description).to.be.equal('The clientID configured (wrong) does not match with the clientID set in the token (0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup).');
|
||
|
});
|
||
|
|
||
|
it('should return an error if aud array is invalid', function () {
|
||
|
var hash = '#access_token=jFxsZUQTJXXwcwIm&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSIsImF1ZCI6WyIwSFA3MUdTZDZQdW9SWUozRFhLZGlYQ1VVZEdtQmJ1cCIsIjFKUTgyR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIl0sImV4cCI6MTM4MDI1ODc1OCwiaWF0IjoxMzgwMjIyNzU4LCJjbGllbnRJRCI6IjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIiwiZW1haWwiOiJqb3NlLnJvbWFuaWVsbG9AcXJhZnRsYWJzLmNvbSIsImZhbWlseV9uYW1lIjoiUm9tYW5pZWxsbyIsImdlbmRlciI6Im1hbGUiLCJnaXZlbl9uYW1lIjoiSm9zZSIsImlkZW50aXRpZXMiOlt7ImFjY2Vzc190b2tlbiI6InlhMjkuQUhFUzZaVEpZZkJzd2tTRW1FNmE0NkpaR2FYMVdSanNma1M3eVZvNUVzT3ZLSllYZ3p6RGZfWVIiLCJwcm92aWRlciI6Imdvb2dsZS1vYXV0aDIiLCJ1c2VyX2lkIjoiMTE4MzA0MjMxNjQwMzAxNjg1NTc5IiwiY29ubmVjdGlvbiI6Imdvb2dsZS1vYXV0aDIiLCJpc1NvY2lhbCI6dHJ1ZX1dLCJsb2NhbGUiOiJlbiIsIm5hbWUiOiJKb3NlIFJvbWFuaWVsbG8iLCJuaWNrbmFtZSI6Impvc2Uucm9tYW5pZWxsbyIsInBpY3R1cmUiOiJodHRwczovL2xoNi5nb29nbGV1c2VyY29udGVudC5jb20vLXBfNXVMMUwxZHZFL0FBQUFBQUFBQUFJL0FBQUFBQUFBQUJRL2lQSEVENGo5cW5ZL3Bob3RvLmpwZyIsInVzZXJfaWQiOiJnb29nbGUtb2F1dGgyfDExODMwNDIzMTY0MDMwMTY4NTU3OSJ9.9j4aVz2Kx5pdY8dxdu59tNe8xxNAXa4b2_IPgpCW0wA&token_type=bearer&state=Ttct3tBlHDhRnXCv';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'wrong',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'login.auth0.com'
|
||
|
});
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.error).to.be.equal('invalid_token');
|
||
|
expect(result.error_description).to.be.equal('The clientID configured (wrong) does not match with the clientID set in the token (0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup, 1JQ82GSd6PuoRYJ3DXKdiXCUUdGmBbup).');
|
||
|
});
|
||
|
|
||
|
it('should be able to parse an error (if it starts with a slash)', function () {
|
||
|
var hash = '#/error=invalid_grant&error_description=this%20is%20a%20cool%20error%20description';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
function neverCall() {
|
||
|
// should never call success as it fails
|
||
|
expect(false).to.be.equal(true);
|
||
|
}
|
||
|
|
||
|
var result = auth0.parseHash(hash);
|
||
|
expect(result.error).to.be.equal('invalid_grant');
|
||
|
expect(result.error_description).to.be.equal('this is a cool error description');
|
||
|
|
||
|
});
|
||
|
|
||
|
|
||
|
it('should return null if the hash URL doesn\'t contain access_token/error', function () {
|
||
|
var hash = '#myfooobarrr=123';
|
||
|
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
expect(auth0.parseHash(hash)).to.eql(null);
|
||
|
|
||
|
});
|
||
|
|
||
|
});
|
||
|
|
||
|
describe('getUserInfo', function () {
|
||
|
describe('when called with an object', function () {
|
||
|
it('should call the callback with error', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0.getUserInfo({foo: 'bar'}, function (err) {
|
||
|
expect(err.message).to.eql('Invalid token');
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe('when called with an null', function () {
|
||
|
it('should call the callback with error', function (done) {
|
||
|
var auth0 = Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0.getUserInfo(null, function (err) {
|
||
|
expect(err.message).to.eql('Invalid token');
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe('from token', function () {
|
||
|
|
||
|
it('should be able to fetch the profile from auth0', function (done) {
|
||
|
var auth0 = Auth0({
|
||
|
clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'mdocs.auth0.com'
|
||
|
});
|
||
|
|
||
|
var parseHashResult = {
|
||
|
access_token: 'EwmMATEAtRwfu2bJ'
|
||
|
};
|
||
|
|
||
|
auth0.getUserInfo = function (access_token, callback) {
|
||
|
expect(access_token).to.eql(parseHashResult.access_token);
|
||
|
done();
|
||
|
};
|
||
|
|
||
|
auth0.getUserInfo(parseHashResult.access_token, function () {});
|
||
|
});
|
||
|
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should fail when an invalid token is sent to the server', function (done) {
|
||
|
|
||
|
var auth0 = Auth0({
|
||
|
clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'mdocs.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0.getUserInfo("invalid token", function(err, profile) {
|
||
|
expect(profile).to.be(undefined);
|
||
|
expect(err).to.have.property('error');
|
||
|
expect(err).to.have.property('error_description');
|
||
|
done();
|
||
|
});
|
||
|
|
||
|
});
|
||
|
|
||
|
describe('getSSOData', function () {
|
||
|
it('should return SSO data', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
clientID: 'aaaabcdefgh',
|
||
|
callbackURL: 'https://myapp.com/callback',
|
||
|
domain: 'aaa.auth0.com'
|
||
|
});
|
||
|
|
||
|
auth0.getSSOData(function (err, ssoData) {
|
||
|
expect(ssoData.sso).to.exist;
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe('getConnections', function () {
|
||
|
it('should return configured connections', function (done) {
|
||
|
var auth0 = new Auth0({
|
||
|
domain: 'mdocs.auth0.com',
|
||
|
callbackURL: 'http://localhost:3000/',
|
||
|
clientID: 'ptR6URmXef0OfBDHK0aCIy7iPKpdCG4t'
|
||
|
});
|
||
|
|
||
|
auth0.getConnections(function (err, conns) {
|
||
|
expect(conns.length).to.be.above(0);
|
||
|
expect(conns[0].name).to.eql('Apprenda.com');
|
||
|
expect(conns[0].strategy).to.eql('adfs');
|
||
|
expect(conns[0].status).to.eql(true);
|
||
|
expect(conns[0].domain).to.eql('Apprenda.com');
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe.skip('getDelegationToken', function () {
|
||
|
var auth0 = Auth0({
|
||
|
domain: 'samples.auth0.com',
|
||
|
callbackURL: 'http://localhost:3000/',
|
||
|
clientID: 'BUIJSW9x60sIHBw8Kd9EmCbj8eDIFxDC',
|
||
|
// forceJSONP: ('XDomainRequest' in window) //force JSONP in IE8 and IE9
|
||
|
});
|
||
|
|
||
|
it('should refresh the token', function (done) {
|
||
|
var id_token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NhbXBsZXMuYXV0aDAuY29tLyIsInN1YiI6ImdpdGh1Ynw3MjM3MjMiLCJhdWQiOiJCVUlKU1c5eDYwc0lIQnc4S2Q5RW1DYmo4ZURJRnhEQyIsImlhdCI6MTM5MDUxMjU0OH0.Rd3wjlFhRk6CBzsB371V5x41HITzx5880ezK9rwYzuM';
|
||
|
|
||
|
auth0.getDelegationToken({
|
||
|
id_token: id_token,
|
||
|
api: 'auth0'
|
||
|
}, function (err, delegationResult) {
|
||
|
if (err) {
|
||
|
throw new Error(err.message);
|
||
|
}
|
||
|
expect(delegationResult.id_token).to.exist;
|
||
|
expect(delegationResult.token_type).to.eql('Bearer');
|
||
|
expect(delegationResult.expires_in).to.eql(36000);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should refresh the token when calling refresh as well', function (done) {
|
||
|
var id_token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NhbXBsZXMuYXV0aDAuY29tLyIsInN1YiI6ImdpdGh1Ynw3MjM3MjMiLCJhdWQiOiJCVUlKU1c5eDYwc0lIQnc4S2Q5RW1DYmo4ZURJRnhEQyIsImlhdCI6MTM5MDUxMjU0OH0.Rd3wjlFhRk6CBzsB371V5x41HITzx5880ezK9rwYzuM';
|
||
|
|
||
|
auth0.renewIdToken(id_token, function (err, delegationResult) {
|
||
|
expect(delegationResult.id_token).to.exist;
|
||
|
expect(delegationResult.token_type).to.eql('Bearer');
|
||
|
expect(delegationResult.expires_in).to.eql(36000);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should throw error if no token is sent', function () {
|
||
|
expect(function () {
|
||
|
auth0.getDelegationToken(null, function(err, delegation) {});
|
||
|
}).to.throwError(/You must send either an id_token or a refresh_token to get a delegation token./);
|
||
|
});
|
||
|
|
||
|
|
||
|
|
||
|
it('should return a Firebase token by default since it\'s active', function (done) {
|
||
|
var id_token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NhbXBsZXMuYXV0aDAuY29tLyIsInN1YiI6ImdpdGh1Ynw3MjM3MjMiLCJhdWQiOiJCVUlKU1c5eDYwc0lIQnc4S2Q5RW1DYmo4ZURJRnhEQyIsImlhdCI6MTM5MDUxMjU0OH0.Rd3wjlFhRk6CBzsB371V5x41HITzx5880ezK9rwYzuM';
|
||
|
|
||
|
auth0.getDelegationToken({
|
||
|
id_token: id_token
|
||
|
}, function (err, delegationResult) {
|
||
|
expect(delegationResult.id_token).to.exist;
|
||
|
expect(delegationResult.token_type).to.eql('Bearer');
|
||
|
expect(delegationResult.expires_in).to.eql(36000);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it('should return a Firebase token by default or when asked', function (done) {
|
||
|
var id_token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NhbXBsZXMuYXV0aDAuY29tLyIsInN1YiI6ImdpdGh1Ynw3MjM3MjMiLCJhdWQiOiJCVUlKU1c5eDYwc0lIQnc4S2Q5RW1DYmo4ZURJRnhEQyIsImlhdCI6MTM5MDUxMjU0OH0.Rd3wjlFhRk6CBzsB371V5x41HITzx5880ezK9rwYzuM';
|
||
|
|
||
|
auth0.getDelegationToken({
|
||
|
id_token: id_token
|
||
|
}, function (err, delegationResult) {
|
||
|
auth0.getDelegationToken({
|
||
|
id_token: id_token,
|
||
|
api: 'firebase'
|
||
|
}, function(err, delegationResult2) {
|
||
|
expect(delegationResult2.id_token).to.exist;
|
||
|
expect(delegationResult2.token_type).to.eql('Bearer');
|
||
|
expect(delegationResult2.expires_in).to.eql(36000);
|
||
|
done();
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
|
||
|
});
|
||
|
|
||
|
describe('_buildAuthorizeQueryString', function () {
|
||
|
it('should filter elements in blacklist', function () {
|
||
|
var blacklist = ['hello', 'foo', 'bar'];
|
||
|
|
||
|
var queryString = Auth0.prototype._buildAuthorizeQueryString([
|
||
|
{hello: 'world', useful: 'info'},
|
||
|
{foo: 'bar', baz: true},
|
||
|
{bar: 9}
|
||
|
], blacklist);
|
||
|
|
||
|
expect(queryString).to.equal('useful=info&baz=true');
|
||
|
});
|
||
|
|
||
|
it('should handle connection_scope array', function () {
|
||
|
var connection_scope = ['grant1', 'grant2', 'grant3'];
|
||
|
|
||
|
var queryString = Auth0.prototype._buildAuthorizeQueryString([
|
||
|
{ connection_scope: connection_scope }
|
||
|
], []);
|
||
|
|
||
|
expect(queryString).to.equal('connection_scope=grant1%2Cgrant2%2Cgrant3');
|
||
|
});
|
||
|
|
||
|
it('should add offline mode', function () {
|
||
|
var c = new Auth0({
|
||
|
clientID: "1",
|
||
|
domain: "example.auth0.com",
|
||
|
sendSDKClientInfo: false
|
||
|
});
|
||
|
var queryString = c._buildAuthorizeQueryString([
|
||
|
c._getMode(), { scope: 'openid offline_access'}
|
||
|
], []);
|
||
|
expect(queryString).to.equal('scope=openid%20offline_access&response_type=code&device=Browser');
|
||
|
});
|
||
|
|
||
|
it('should handle connection_scope string', function () {
|
||
|
var connection_scope = 'grant1,grant2,grant3';
|
||
|
|
||
|
var queryString = Auth0.prototype._buildAuthorizeQueryString([
|
||
|
{ connection_scope: connection_scope }
|
||
|
], []);
|
||
|
|
||
|
expect(queryString).to.equal('connection_scope=grant1%2Cgrant2%2Cgrant3');
|
||
|
});
|
||
|
});
|
||
|
});
|