New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[nan-638] add in credentials override and scopes override #1906
Changes from all commits
c0d0e5f
3f57a5c
ca4af7b
2989d74
1eff44a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,7 +16,7 @@ import type { | |
TemplateOAuth2 as ProviderTemplateOAuth2, | ||
OAuthSession, | ||
OAuth1RequestTokenResult, | ||
AuthCredentials, | ||
OAuth2Credentials, | ||
ConnectionConfig | ||
} from '@nangohq/shared'; | ||
import { | ||
|
@@ -95,6 +95,7 @@ class OAuthController { | |
const callbackUrl = await getOauthCallbackUrl(environmentId); | ||
const connectionConfig = req.query['params'] != null ? getConnectionConfig(req.query['params']) : {}; | ||
const authorizationParams = req.query['authorization_params'] != null ? getAdditionalAuthorizationParams(req.query['authorization_params']) : {}; | ||
const overrideCredentials = req.query['credentials'] != null ? getAdditionalAuthorizationParams(req.query['credentials']) : {}; | ||
|
||
if (connectionId == null) { | ||
await createActivityLogMessageAndEnd({ | ||
|
@@ -214,6 +215,24 @@ class OAuthController { | |
|
||
await updateSessionIdActivityLog(activityLogId as number, session.id); | ||
|
||
// certain providers need the credentials to be specified in the config | ||
if (overrideCredentials) { | ||
if (overrideCredentials['oauth_client_id'] && overrideCredentials['oauth_client_secret']) { | ||
config.oauth_client_id = overrideCredentials['oauth_client_id']; | ||
config.oauth_client_secret = overrideCredentials['oauth_client_secret']; | ||
|
||
session.connectionConfig = { | ||
...session.connectionConfig, | ||
oauth_client_id: config.oauth_client_id, | ||
oauth_client_secret: config.oauth_client_secret | ||
}; | ||
} | ||
} | ||
|
||
if (connectionConfig['oauth_scopes']) { | ||
config.oauth_scopes = connectionConfig['oauth_scopes']; | ||
} | ||
|
||
if (config?.oauth_client_id == null || config?.oauth_client_secret == null || config.oauth_scopes == null) { | ||
await createActivityLogMessageAndEnd({ | ||
level: 'error', | ||
|
@@ -852,6 +871,16 @@ class OAuthController { | |
return publisher.notifySuccess(res, channel, providerConfigKey, connectionId); | ||
} | ||
|
||
// check for oauth overrides in the connnection config | ||
if (session.connectionConfig['oauth_client_id'] && session.connectionConfig['oauth_client_secret']) { | ||
config.oauth_client_id = session.connectionConfig['oauth_client_id']; | ||
config.oauth_client_secret = session.connectionConfig['oauth_client_secret']; | ||
} | ||
|
||
if (session.connectionConfig['oauth_scopes']) { | ||
config.oauth_scopes = session.connectionConfig['oauth_scopes']; | ||
} | ||
|
||
const simpleOAuthClient = new simpleOauth2.AuthorizationCode(oauth2Client.getSimpleOAuth2ClientConfig(config, template, session.connectionConfig)); | ||
|
||
let additionalTokenParams: Record<string, string> = {}; | ||
|
@@ -919,10 +948,10 @@ class OAuthController { | |
|
||
const tokenMetadata = getConnectionMetadataFromTokenResponse(rawCredentials, template); | ||
|
||
let parsedRawCredentials: AuthCredentials; | ||
let parsedRawCredentials: OAuth2Credentials; | ||
|
||
try { | ||
parsedRawCredentials = connectionService.parseRawCredentials(rawCredentials, ProviderAuthModes.OAuth2); | ||
parsedRawCredentials = connectionService.parseRawCredentials(rawCredentials, ProviderAuthModes.OAuth2) as OAuth2Credentials; | ||
} catch { | ||
await createActivityLogMessageAndEnd({ | ||
level: 'error', | ||
|
@@ -989,6 +1018,40 @@ class OAuthController { | |
}; | ||
} | ||
|
||
if (connectionConfig['oauth_client_id'] && connectionConfig['oauth_client_secret']) { | ||
parsedRawCredentials = { | ||
...parsedRawCredentials, | ||
config_override: { | ||
client_id: connectionConfig['oauth_client_id'], | ||
client_secret: connectionConfig['oauth_client_secret'] | ||
} | ||
}; | ||
|
||
connectionConfig = Object.keys(session.connectionConfig).reduce((acc: Record<string, string>, key: string) => { | ||
if (key !== 'oauth_client_id' && key !== 'oauth_client_secret') { | ||
acc[key] = connectionConfig[key] as string; | ||
} | ||
return acc; | ||
}, {}); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe it's just me but I have hard time reading reducer, I don't really understand what's going on There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't mind There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would have rather just done
but eslint was yelling at me. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ah yes I see, I think it's fair to disable some eslint errors when we don't find them relevant. |
||
} | ||
|
||
if (connectionConfig['oauth_scopes']) { | ||
parsedRawCredentials = { | ||
...parsedRawCredentials, | ||
config_override: { | ||
...parsedRawCredentials.config_override, | ||
scopes: Array.isArray(connectionConfig['oauth_scopes']) ? connectionConfig['oauth_scopes'].join(',') : connectionConfig['oauth_scopes'] | ||
} | ||
}; | ||
|
||
connectionConfig = Object.keys(session.connectionConfig).reduce((acc: Record<string, string>, key: string) => { | ||
if (key !== 'oauth_scopes') { | ||
acc[key] = connectionConfig[key] as string; | ||
} | ||
return acc; | ||
}, {}); | ||
} | ||
|
||
const [updatedConnection] = await connectionService.upsertConnection( | ||
connectionId, | ||
providerConfigKey, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here what about making it clearer with
override_oauth_client_id
andoverride_oauth_client_secret
keys?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think this is necessary here if the interface is
OAuthCredentialsOverride
as this is just what we push to our server so it is just an internal name