Skip to content

Commit

Permalink
feat: support custom scope delimiter
Browse files Browse the repository at this point in the history
  • Loading branch information
jasonraimondi committed Aug 2, 2024
1 parent ed5a702 commit a3a88f7
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 5 deletions.
1 change: 1 addition & 0 deletions src/authorization_server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ export interface AuthorizationServerOptions {
requiresS256: boolean;
tokenCID: "id" | "name";
issuer?: string;
scopeDelimiter: string;
}

export type EnableableGrants =
Expand Down
13 changes: 8 additions & 5 deletions src/grants/abstract/abstract.grant.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ export interface ITokenData {
export abstract class AbstractGrant implements GrantInterface {
protected authCodeRepository?: OAuthAuthCodeRepository;
protected userRepository?: OAuthUserRepository;
protected readonly scopeDelimiterString = " ";
protected readonly supportedGrantTypes: GrantIdentifier[] = [
"client_credentials",
"authorization_code",
Expand All @@ -56,13 +55,17 @@ export abstract class AbstractGrant implements GrantInterface {
public readonly options: AuthorizationServerOptions,
) {}

get scopeDelimiter(): string {
return this.options.scopeDelimiter;
}

async makeBearerTokenResponse(
client: OAuthClient,
accessToken: OAuthToken,
scopes: OAuthScope[] = [],
extraJwtFields: ExtraAccessTokenFields = {},
): Promise<BearerTokenResponse> {
const scope = scopes.map(scope => scope.name).join(this.scopeDelimiterString);
const scope = scopes.map(scope => scope.name).join(this.scopeDelimiter);

const encryptedAccessToken = await this.encryptAccessToken(client, accessToken, scopes, extraJwtFields);

Expand Down Expand Up @@ -91,7 +94,7 @@ export abstract class AbstractGrant implements GrantInterface {
client_id: client.id,
access_token_id: refreshToken.accessToken,
refresh_token_id: refreshToken.refreshToken,
scope: scopes.map(scope => scope.name).join(this.scopeDelimiterString),
scope: scopes.map(scope => scope.name).join(this.scopeDelimiter),
user_id: refreshToken.user?.id,
expire_time: Math.ceil(expiresAtMs / 1000),
});
Expand All @@ -114,7 +117,7 @@ export abstract class AbstractGrant implements GrantInterface {

// non-standard claims over which this library asserts control
cid: client[this.options.tokenCID],
scope: scopes.map(scope => scope.name).join(this.scopeDelimiterString),
scope: scopes.map(scope => scope.name).join(this.scopeDelimiter),

// standard claims over which this library asserts control
sub: accessToken.user?.id, // @see https://tools.ietf.org/html/rfc7519#section-4.1.2
Expand Down Expand Up @@ -194,7 +197,7 @@ export abstract class AbstractGrant implements GrantInterface {
redirectUri?: string,
): Promise<OAuthScope[]> {
if (typeof scopes === "string") {
scopes = scopes.split(this.scopeDelimiterString);
scopes = scopes.split(this.scopeDelimiter);
}

if (!scopes || scopes.length === 0 || scopes[0] === "") {
Expand Down
1 change: 1 addition & 0 deletions src/options.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ export const DEFAULT_AUTHORIZATION_SERVER_OPTIONS: AuthorizationServerOptions =
notBeforeLeeway: 0,
tokenCID: "id",
issuer: undefined,
scopeDelimiter: " ",
};

0 comments on commit a3a88f7

Please sign in to comment.