Skip to content

Commit dcdc92f

Browse files
author
itsuki
committed
add resource parameter when building authorization url
as specified in https://www.rfc-editor.org/rfc/rfc9068.html#name-data-structure
1 parent 956094b commit dcdc92f

File tree

2 files changed

+8
-3
lines changed

2 files changed

+8
-3
lines changed

src/client/auth.test.ts

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -320,6 +320,7 @@ describe("OAuth Authorization", () => {
320320

321321
it("generates authorization URL with PKCE challenge", async () => {
322322
const { authorizationUrl, codeVerifier } = await startAuthorization(
323+
"https://resource.example.com",
323324
"https://auth.example.com",
324325
{
325326
clientInformation: validClientInfo,
@@ -338,11 +339,13 @@ describe("OAuth Authorization", () => {
338339
expect(authorizationUrl.searchParams.get("redirect_uri")).toBe(
339340
"http://localhost:3000/callback"
340341
);
342+
expect(authorizationUrl.searchParams.get("resource")).toBe("https://resource.example.com");
341343
expect(codeVerifier).toBe("test_verifier");
342344
});
343345

344346
it("uses metadata authorization_endpoint when provided", async () => {
345347
const { authorizationUrl } = await startAuthorization(
348+
"https://resource.example.com",
346349
"https://auth.example.com",
347350
{
348351
metadata: validMetadata,
@@ -363,7 +366,7 @@ describe("OAuth Authorization", () => {
363366
};
364367

365368
await expect(
366-
startAuthorization("https://auth.example.com", {
369+
startAuthorization( "https://resource.example.com", "https://auth.example.com",{
367370
metadata,
368371
clientInformation: validClientInfo,
369372
redirectUrl: "http://localhost:3000/callback",
@@ -379,7 +382,7 @@ describe("OAuth Authorization", () => {
379382
};
380383

381384
await expect(
382-
startAuthorization("https://auth.example.com", {
385+
startAuthorization( "https://resource.example.com", "https://auth.example.com", {
383386
metadata,
384387
clientInformation: validClientInfo,
385388
redirectUrl: "http://localhost:3000/callback",

src/client/auth.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ export async function auth(
157157
}
158158

159159
// Start new authorization flow
160-
const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, {
160+
const { authorizationUrl, codeVerifier } = await startAuthorization(resourceServerUrl, authorizationServerUrl, {
161161
metadata,
162162
clientInformation,
163163
redirectUrl: provider.redirectUrl
@@ -288,6 +288,7 @@ export async function discoverOAuthMetadata(
288288
* Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
289289
*/
290290
export async function startAuthorization(
291+
resourceServerUrl: string | URL,
291292
authorizationServerUrl: string | URL,
292293
{
293294
metadata,
@@ -337,6 +338,7 @@ export async function startAuthorization(
337338
codeChallengeMethod,
338339
);
339340
authorizationUrl.searchParams.set("redirect_uri", String(redirectUrl));
341+
authorizationUrl.searchParams.set("resource", String(resourceServerUrl));
340342

341343
return { authorizationUrl, codeVerifier };
342344
}

0 commit comments

Comments
 (0)