[CF-447] Use paginated requests #61
Conversation
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
|
Code Climate has analyzed commit 467349a and detected 3 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 93.5% (50% is the threshold). This pull request will bring the total coverage in the repository to 89.9%. View more on Code Climate. |
server/routes/api.js
Outdated
| @@ -39,11 +39,13 @@ export default (storage) => { | |||
| })); | |||
|
|
|||
| const auth0 = middlewares.managementApiClient({ | |||
| domain: config('AUTH0_DOMAIN') | |||
| domain: config('AUTH0_DOMAIN'), | |||
| clientId: config('AUTH0_CLIENT_ID'), | |||
There was a problem hiding this comment.
Why did this work without a clientID/clientSecret? It shouldn't had: https://github.com/auth0-extensions/auth0-extension-tools/blob/c8d9b88e37c3174cf4eaeb7bf7e3c3c0f20550bf/src/auth0/managementApi.js#L72
There was a problem hiding this comment.
This is using the express middleware that uses the token issued to the user to call API2 so there is no need to have a client ID https://github.com/auth0-extensions/auth0-extension-express-tools/blob/master/src/middlewares/managementApiClient.js#L7-L11
There was a problem hiding this comment.
Thanks, missed the access token was being resolved from the req.user 🙇 .
| @@ -4,10 +4,10 @@ import config from '../lib/config'; | |||
| import * as authorization from '../lib/authorization'; | |||
| import { requireScope } from '../lib/middlewares'; | |||
|
|
|||
| export default (storage) => { | |||
| export default (auth0, storage) => { | |||
There was a problem hiding this comment.
Follows the same patter as in applications, where the middleware is passed as parameter.
| @@ -183,7 +192,7 @@ export const deleteResourceServer = req => | |||
| }); | |||
|
|
|||
| const getGrantId = req => | |||
| makeRequest(req, 'client-grants', 'GET') | |||
| makeRequest(req, 'client-grants', 'GET', { client_id: config('AUTH0_CLIENT_ID'), audience: 'urn:auth0-authz-api' }) | |||
There was a problem hiding this comment.
Pass the options supported in https://auth0.com/docs/api/management/v2#!/Client_Grants/get_client_grants to filter instead of getting all results.
There was a problem hiding this comment.
I believe so, because this will only return 1 or 0 results (depending on if there's a grant for the client_id/API combination or not).
| @@ -151,7 +160,7 @@ const makeRequest = (req, path, method, payload) => | |||
| ); | |||
|
|
|||
| export const getResourceServer = (req, audience) => | |||
| makeRequest(req, 'resource-servers', 'GET') | |||
| multipartRequest(req.auth0, 'resourceServers') | |||
There was a problem hiding this comment.
req.auth0 injected by middlewares.
✏️ Changes
Use paginated requests for resource servers and client grants.
The call to resource servers was verified by enabling
ALLOW_AUTHZand checking that it fetched results correctly.🎯 Testing
✅ This change has been tested in a Webtask
✅ This change has unit test coverage
✅ This change has integration test coverage
🚫 This change has been tested for performance
🚀 Deployment
✅ This can be deployed any time