atlassian-oauth2 - npm Package Compare versions

Comparing version 0.2.0 to 0.2.1

lib/oauth2.js

@@ -18,5 +18,6 @@ var request = require('request'),
  * @param {String} userKey - The user key (not username) of the user to retrieve an access token for
- * @returns {Object>} A claimset to be encoded and sent with the token request
+ * @param {String=} audience - The user key (not username) of the user to retrieve an access token for
+ * @returns {Object} A claimset to be encoded and sent with the token request
  */
-function _createAssertionPayload (hostBaseUrl, oauthClientId, userKey) {
+function _createAssertionPayload (hostBaseUrl, oauthClientId, userKey, audience) {
     var now = Math.floor(Date.now() / 1000);
@@ -29,3 +30,3 @@ var exp = now + EXPIRE_IN_SECONDS;
         "tnt": hostBaseUrl,
-        "aud": AUTHORIZATION_SERVER_URL,
+        "aud": audience || AUTHORIZATION_SERVER_URL,
         "iat": now,
@@ -46,5 +47,8 @@ "exp": exp
  * @param {String} opts.scopes - An array of scopes to request for when creating the access token
+ * @param {String=} opts.authorizationServerBaseUrl - An alternative authorization server to use (intended for internal use by Atlassian only)
+ * @param {String=} opts.authorizationPath - An alternative authorization path to use (intended for internal use by Atlassian only)
  * @returns {Promise.<Object, Error>} A promise that returns the access token if resolved, or an error if rejected
  */
 function getAccessToken (opts) {
+    opts = opts || {};
     return new RSVP.Promise(function (resolve, reject) {
@@ -54,10 +58,15 @@ var jwtClaims = _createAssertionPayload(opts.hostBaseUrl, opts.oauthClientId, opts.userKey);
 
+        var formData = {
+            grant_type: GRANT_TYPE,
+            assertion: assertion
+        };
+
+        if (opts.scopes) {
+            formData.scope = opts.scopes.join(SCOPE_SEPARATOR).toUpperCase()
+        }
+
         request({
             method: 'POST',
-            url: AUTHORIZATION_SERVER_URL + '/oauth2/token',
-            form: {
-                grant_type: GRANT_TYPE,
-                assertion: assertion,
-                scope: opts.scopes.join(SCOPE_SEPARATOR).toUpperCase()
-            },
+            url: (opts.authorizationServerBaseUrl || AUTHORIZATION_SERVER_URL) + (opts.authorizationPath || '/oauth2/token'),
+            form: formData,
             json: true,
@@ -64,0 +73,0 @@ headers: {

package.json

 {
   "name": "atlassian-oauth2",
   "description": "Atlassian Connect OAuth2 library",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "author": "Seb Ruiz <sruiz@atlassian.com>",
@@ -6,0 +6,0 @@ "repository": {

test/oauth2_test.js

@@ -42,2 +42,9 @@ var should = require('should'),
 
+        it('Claimset should respect custom aud parameter', function (done) {
+            var token = oauth2._createAssertionPayload(hostBaseUrl, oauthClientId, "admin", "custom-aud");
+            token.aud.should.be.eql("custom-aud");
+            done();
+        });
+
+
         it('Claimset should have correct tnt claim', function (done) {
@@ -75,4 +82,5 @@ var token = oauth2._createAssertionPayload(hostBaseUrl, oauthClientId, "admin");
         function interceptRequest(testCallback, replyCallback, opts) {
-            var interceptor = nock('https://auth.atlassian.io')
-                                .post('/oauth2/token')
+            opts = opts || {};
+            var interceptor = nock(opts.authorizationServerBaseUrl || 'https://auth.atlassian.io')
+                                .post(opts.authorizationPath || '/oauth2/token')
                                 .reply(replyCallback);
@@ -83,4 +91,4 @@
                 testCallback();
-            }, function () {
-                interceptor.done(err || new Error('access token retrieval should have reported success'))
+            }, function (err) {
+                testCallback(err || new Error('access token retrieval should have reported success'));
             });
@@ -107,2 +115,9 @@ }
 
+        it('Retrieves access token from alternative OAuth service', function (done) {
+            interceptRequest(done, 200, {
+                authorizationServerBaseUrl: 'https://auth2.atlassian.io',
+                authorizationPath: '/some/other/path'
+            });
+        });
+
         it('Rejects if access token response code is > 299', function (done) {
@@ -151,2 +166,9 @@ interceptFailedRequest(done, 400, 'should reject if response code is 400');
         describe('scopes', function () {
+            it('no scopes', function (done) {
+                interceptRequest(done, function (uri, requestBody) {
+                    var body = qs.parse(requestBody);
+                    should.not.exist(body.scope);
+                }, { scopes: false });
+            });
+
             it('one scope', function (done) {
@@ -153,0 +175,0 @@ interceptRequest(done, function (uri, requestBody) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

82591

increased by4.87%

Lines of code

250

increased by11.11%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes