Add some more tests for pkce inferrence

Author: deepjyoti30-st

test/thirdparty/oidc.test.js

@@ -13,20 +13,13 @@
  * under the License.
  */
 
-const { printPath, setupST, startSTWithMultitenancy, killAllST, cleanST, removeAppAndTenants } = require("../utils");
+const { printPath, setupST, startSTWithMultitenancy, killAllST, cleanST } = require("../utils");
 let STExpress = require("../../");
 let assert = require("assert");
 let { ProcessState } = require("../../lib/build/processState");
 let ThirdPartyRecipe = require("../../lib/build/recipe/thirdparty/recipe").default;
 let Multitenancy = require("../../lib/build/recipe/multitenancy");
-let Session = require("../../lib/build/recipe/session");
 let ThirdParty = require("../../lib/build/recipe/thirdparty");
-let nock = require("nock");
-const express = require("express");
-const request = require("supertest");
-const { default: fetch } = require("cross-fetch");
-let { middleware, errorHandler } = require("../../framework/express");
-const { configsForVerification, providers } = require("./tpConfigsForVerification");
 
 describe(`oidcTest: ${printPath("[test/thirdparty/oidc.test.js]")}`, function () {
     beforeEach(async function () {
@@ -40,7 +33,7 @@ describe(`oidcTest: ${printPath("[test/thirdparty/oidc.test.js]")}`, function ()
         await cleanST();
     });
 
-    it("test the code challenge method is used if supported by the provider", async function () {
+    it("should use code challenge method S256 if supported by the provider", async function () {
         const connectionURI = await startSTWithMultitenancy();
 
         STExpress.init({
@@ -91,4 +84,102 @@ describe(`oidcTest: ${printPath("[test/thirdparty/oidc.test.js]")}`, function ()
         assert.ok(codeChallengeMethod);
         assert.strictEqual(codeChallengeMethod, "S256");
     });
+
+    it("should not use pkce if oidc response does not support S256", async function () {
+        const connectionURI = await startSTWithMultitenancy();
+
+        STExpress.init({
+            supertokens: {
+                connectionURI,
+            },
+            appInfo: {
+                apiDomain: "api.supertokens.io",
+                appName: "SuperTokens",
+                websiteDomain: "supertokens.io",
+            },
+            recipeList: [ThirdPartyRecipe.init()],
+        });
+
+        await Multitenancy.createOrUpdateThirdPartyConfig("public", {
+            thirdPartyId: "custom-fb",
+            name: "Custom provider",
+            clients: [
+                {
+                    clientId: "...",
+                    clientSecret: "...",
+                    scope: ["profile", "email"],
+                },
+            ],
+            oidcDiscoveryEndpoint: "https://facebook.com/.well-known/openid-configuration",
+            userInfoMap: {
+                fromIdTokenPayload: {
+                    userId: "id",
+                    email: "email",
+                    emailVerified: "email_verified",
+                },
+            },
+        });
+
+        const providerInfo = await ThirdParty.getProvider("public", "custom-fb");
+        assert.deepStrictEqual(providerInfo.config.codeChallengeMethodsSupported, undefined);
+
+        const authUrl = await providerInfo.getAuthorisationRedirectURL({
+            redirectURIOnProviderDashboard: "http://localhost:3000/callback",
+        });
+        assert.strictEqual(authUrl.urlWithQueryParams.includes("code_challenge"), false);
+        assert.strictEqual(authUrl.urlWithQueryParams.includes("code_challenge_method"), false);
+    });
+
+    it("should use pkce if oidc response does not support S256 but forcePKCE is true", async function () {
+        const connectionURI = await startSTWithMultitenancy();
+
+        STExpress.init({
+            supertokens: {
+                connectionURI,
+            },
+            appInfo: {
+                apiDomain: "api.supertokens.io",
+                appName: "SuperTokens",
+                websiteDomain: "supertokens.io",
+            },
+            recipeList: [ThirdPartyRecipe.init()],
+        });
+
+        await Multitenancy.createOrUpdateThirdPartyConfig("public", {
+            thirdPartyId: "custom-fb",
+            name: "Custom provider",
+            clients: [
+                {
+                    clientId: "...",
+                    clientSecret: "...",
+                    scope: ["profile", "email"],
+                    forcePKCE: true,
+                },
+            ],
+            oidcDiscoveryEndpoint: "https://facebook.com/.well-known/openid-configuration",
+            userInfoMap: {
+                fromIdTokenPayload: {
+                    userId: "id",
+                    email: "email",
+                    emailVerified: "email_verified",
+                },
+            },
+        });
+
+        const providerInfo = await ThirdParty.getProvider("public", "custom-fb");
+        assert.deepStrictEqual(providerInfo.config.codeChallengeMethodsSupported, undefined);
+
+        const authUrl = await providerInfo.getAuthorisationRedirectURL({
+            redirectURIOnProviderDashboard: "http://localhost:3000/callback",
+        });
+        assert.ok(authUrl.pkceCodeVerifier);
+        const authUrlObject = new URL(authUrl.urlWithQueryParams);
+        const codeChallengeMethod = authUrlObject.searchParams.get("code_challenge_method");
+        const codeChallenge = authUrlObject.searchParams.get("code_challenge");
+
+        // Check for existence of code_challenge and code_challenge_method
+        assert.ok(codeChallenge);
+        assert.ok(codeChallengeMethod);
+        assert.strictEqual(codeChallengeMethod, "S256");
+    });
 });