Skip to content

Commit

Permalink
fix: launch-authenticator relatesTo work-around (#1466)
Browse files Browse the repository at this point in the history 
OKTA-659175 fix: launch-authenticator relatesTo work-around
  • Loading branch information
@lesterchoi-okta
lesterchoi-okta authored Oct 18, 2023
1 parent ae12c07 commit 55d982a
Show file tree
Hide file tree
Showing 6 changed files with 323 additions and 2 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## 7.4.3

### Bug Fix

- [#1466](https://github.com/okta/okta-auth-js/pull/1466) Fix: Issues with `launch-authenticator` rememdiation on safari

## 7.4.2

### Bug Fix
Expand Down
13 changes: 12 additions & 1 deletion lib/idx/idxState/v1/idxResponseParser.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,18 @@ export const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthI
const remediationData = idxResponse.remediation?.value || [];

remediationData.forEach(
remediation => expandRelatesTo(idxResponse, remediation)
remediation => {
// TODO: remove once IDX is fixed - OKTA-659181
if (remediation.name === 'launch-authenticator' &&
remediation?.relatesTo?.[0] === 'authenticatorChallenge' &&
!idxResponse?.authenticatorChallenge
) {
delete remediation.relatesTo;
return;
}

return expandRelatesTo(idxResponse, remediation);
}
);

const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"private": true,
"name": "@okta/okta-auth-js",
"description": "The Okta Auth SDK",
"version": "7.4.2",
"version": "7.4.3",
"homepage": "https://github.com/okta/okta-auth-js",
"license": "Apache-2.0",
"main": "build/cjs/exports/default.js",
Expand Down
143 changes: 143 additions & 0 deletions test/spec/idx/idxState/mocks/safari-relatesTo-fixed-response.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
{
"version": "1.0.0",
"stateHandle": "stateHandle",
"expiresAt": "2023-10-18T18:18:41.000Z",
"intent": "LOGIN",
"remediation": {
"type": "array",
"value": [
{
"rel": [
"create-form"
],
"name": "identify",
"href": "http://localhost:3000.com/idp/idx/identify",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "identifier",
"label": "Username",
"required": true
},
{
"name": "rememberMe",
"type": "boolean",
"label": "Remember this device"
},
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
{
"rel": [
"create-form"
],
"name": "launch-authenticator",
"relatesTo": [
"authenticatorChallenge"
],
"href": "http://localhost:3000.com/idp/idx/authenticators/okta-verify/launch",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "rememberMe",
"type": "boolean",
"label": "Remember this device"
},
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
{
"rel": [
"create-form"
],
"name": "select-enroll-profile",
"href": "http://localhost:3000.com/idp/idx/enroll",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
}
]
},
"cancel": {
"rel": [
"create-form"
],
"name": "cancel",
"href": "http://localhost:3000.com/idp/idx/cancel",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
"app": {
"type": "object",
"value": {
"name": "okta_enduser",
"label": "Okta Dashboard",
"id": "srhgsefasef"
}
},
"authentication": {
"type": "object",
"value": {
"protocol": "OAUTH2.0",
"issuer": {
"name": "Mock",
"uri": "http://localhost:3000.com"
},
"request": {
"max_age": -1,
"scope": "openid profile email",
"display": "page",
"response_type": "code",
"redirect_uri": "http://localhost:3000.com/enduser/callback",
"state": "stateValue",
"code_challenge_method": "S256",
"nonce": "nonceValue",
"code_challenge": "code_challenge",
"response_mode": "query"
}
}
},
"authenticatorChallenge": {
"type": "object",
"value": {
"challengeMethod": "CUSTOM_URI",
"href": "http://localhost:3000/foobar",
"downloadHref": "http://localhost:3000/foobar"
}
}
}
135 changes: 135 additions & 0 deletions test/spec/idx/idxState/mocks/safari-relatesTo-response.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
{
"version": "1.0.0",
"stateHandle": "stateHandle",
"expiresAt": "2023-10-18T18:18:41.000Z",
"intent": "LOGIN",
"remediation": {
"type": "array",
"value": [
{
"rel": [
"create-form"
],
"name": "identify",
"href": "http://localhost:3000.com/idp/idx/identify",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "identifier",
"label": "Username",
"required": true
},
{
"name": "rememberMe",
"type": "boolean",
"label": "Remember this device"
},
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
{
"rel": [
"create-form"
],
"name": "launch-authenticator",
"relatesTo": [
"authenticatorChallenge"
],
"href": "http://localhost:3000.com/idp/idx/authenticators/okta-verify/launch",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "rememberMe",
"type": "boolean",
"label": "Remember this device"
},
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
{
"rel": [
"create-form"
],
"name": "select-enroll-profile",
"href": "http://localhost:3000.com/idp/idx/enroll",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
}
]
},
"cancel": {
"rel": [
"create-form"
],
"name": "cancel",
"href": "http://localhost:3000.com/idp/idx/cancel",
"method": "POST",
"produces": "application/ion+json; okta-version=1.0.0",
"value": [
{
"name": "stateHandle",
"required": true,
"value": "stateHande",
"visible": false,
"mutable": false
}
],
"accepts": "application/json; okta-version=1.0.0"
},
"app": {
"type": "object",
"value": {
"name": "okta_enduser",
"label": "Okta Dashboard",
"id": "srhgsefasef"
}
},
"authentication": {
"type": "object",
"value": {
"protocol": "OAUTH2.0",
"issuer": {
"name": "Mock",
"uri": "http://localhost:3000.com"
},
"request": {
"max_age": -1,
"scope": "openid profile email",
"display": "page",
"response_type": "code",
"redirect_uri": "http://localhost:3000.com/enduser/callback",
"state": "stateValue",
"code_challenge_method": "S256",
"nonce": "nonceValue",
"code_challenge": "code_challenge",
"response_mode": "query"
}
}
}
}
26 changes: 26 additions & 0 deletions test/spec/idx/idxState/unit/v1/idxResponseParser.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ const mockComplexContextIdxResponse = require('../../mocks/poll-for-password');
const mockTerminalIdxResponse = require('../../mocks/terminal-return-email');
const mockMessageIdxResponse = require('../../mocks/unknown-user');
const mockSuccessIdxResponse = require('../../mocks/success');
// TODO: OKTA-659181
const mockSafariRelatesToResponse = require('../../mocks/safari-relatesTo-response');
const mockResponseWithFix = require('../../mocks/safari-relatesTo-fixed-response');

const mockIdxResponseWithBadRelationship = () => {
const mock = require('../../mocks/authenticator-verification-password');
mock.remediation.value[1].value[0].options[0].relatesTo = '$.authenticatorEnrollments.value[999]';
Expand Down Expand Up @@ -173,5 +177,27 @@ describe('idxResponseParser', () => {
const fn = () => parseIdxResponse( {}, mockIdxResponseWithBadRelationship() );
expect(fn).toThrowError('Cannot resolve relatesTo: $.authenticatorEnrollments.value[999]');
});

// TODO: OKTA-659181
describe('OKTA-659175', () => {
it('removes `relatesTo` when reference is invalid', () => {
const { remediations } = parseIdxResponse({}, mockSafariRelatesToResponse, {});
expect(remediations[1].name).toEqual('launch-authenticator');
expect(remediations[1].relatesTo).toBeUndefined();
});

it('resolves `relatesTo` when reference is valid', () => {
const { remediations } = parseIdxResponse({}, mockResponseWithFix, {});
expect(remediations[1].name).toEqual('launch-authenticator');
expect(remediations[1].relatesTo).toEqual({
'type': 'object',
'value': {
'challengeMethod': 'CUSTOM_URI',
'href': 'http://localhost:3000/foobar',
'downloadHref': 'http://localhost:3000/foobar'
}
});
});
});
});
});

0 comments on commit 55d982a

Please sign in to comment.