feat: add support for client id and secret tokens

feat: add dummy-implementation of management API
fix: use correct return-variable
2022-04-28 09:38:05 +02:00 · 2022-04-26 16:54:03 +02:00 · 2022-04-26 15:37:19 +02:00
2 changed files with 96 additions and 41 deletions
@@ -40,10 +40,17 @@ const addCustomClaims = (email, customClaims, token) => {

 }

+const signToken = (token) => {
+  return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+    algorithm: 'RS256',
+    keyid: thumbprint
+  })
+}
+
 // Configure our small auth0-mock-server
 app.options('*', cors(corsOpts))
  .use(cors())
-  .use(bodyParser.json())
+  .use(bodyParser.json({ strict: false }))
  .use(bodyParser.urlencoded({ extended: true }))
  .use(cookieParser())
  .use(express.static(`${__dirname}/public`))
@@ -51,47 +58,73 @@ app.options('*', cors(corsOpts))

 // This route can be used to generate a valid jwt-token.
 app.post('/oauth/token', (req, res) => {
-  const code = req.body.code
-  const session = sessions[code]
-
  let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
-    iss: jwksOrigin,
-    aud: [audience],
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId
-  }))), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+  if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
+    let accessToken = signToken({
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id
+    })

-  let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
-    iss: jwksOrigin,
-    aud: session.clientId,
-    nonce: session.nonce,
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId,
-    name: 'Example Person',
-    picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  }))), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+    let idToken = signToken({
+      iss: jwksOrigin,
+      aud: req.body.client_id,
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id,
+      name: 'Management API'
+    })

-  debug('Signed token for ' + session.email)
-  // res.json({ token });
+    debug('Signed token for management API')

-  res.json({
-    access_token: accessToken,
-    id_token: idToken,
-    scope: 'openid%20profile%20email',
-    expires_in: 7200,
-    token_type: 'Bearer'
-  })
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else if (req.body.code) {
+    const code = req.body.code
+    const session = sessions[code]
+    let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId
+    }))
+
+    let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: session.clientId,
+      nonce: session.nonce,
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId,
+      name: 'Example Person',
+      picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+    }))
+
+    debug('Signed token for ' + session.email)
+
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else {
+    res.status(401)
+    res.send('Missing client_id or client_secret')
+  }
 })

 // This route can be used to generate a valid jwt-token.
@@ -264,7 +297,7 @@ app.post('/issuer', (req, res) => {
  }
  issuer = req.body.issuer
  jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbPrint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const { privateKey: key, certDer: der, thumbprint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
  privateKey = key
  certDer = der
  thumbprint = thumb
@@ -274,6 +307,28 @@ app.post('/issuer', (req, res) => {
  res.send('ok')
 })

+app.get('/api/v2/users-by-email', (req, res) => {
+  res.json([])
+})
+
+app.post('/api/v2/users', (req, res) => {
+  const email = req.body.email
+  res.json({
+    user_id: `auth0|${email}`
+  })
+})
+
+app.post('/api/v2/tickets/password-change', (req, res) => {
+  res.json({
+    ticket: `https://some-url`
+  })
+})
+
+app.use(function(req, res, next) {
+  console.log('404', req.path)
+  res.status(404).send('error: 404 Not Found ' + req.path)
+})
+
 app.listen(3333, () => {
  debug('Auth0-Mock-Server listening on port 3333!')
 })
@@ -122,8 +122,8 @@ const setup = (jwksOrigin) => {

  return {
    privateKey: forge.pki.privateKeyToPem(privateKey),
-    certDer: certDer,
-    thumbPrint: thumbprint.toString(),
+    certDer,
+    thumbprint: thumbprint.toString(),
    exponent: bnToB64(exponent),
    modulus: modulus.toString('base64')
  }
Author	SHA1	Message	Date
argoyle	4229508bba	feat: add support for client id and secret tokens	2022-04-28 09:38:05 +02:00
argoyle	b4d5dbe9e3	feat: add dummy-implementation of management API	2022-04-26 16:54:03 +02:00
argoyle	b476cf0e36	fix: use correct return-variable	2022-04-26 15:37:19 +02:00