remove token type validation logic

auth0 · Mar 6, 2025 · 79d5326 · 79d5326
1 parent 54e0425
commit 79d5326
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 52 deletions.
diff --git a/__tests__/Auth0Client/exchangeToken.test.ts b/__tests__/Auth0Client/exchangeToken.test.ts
@@ -61,7 +61,7 @@ describe('Auth0Client', () => {
     window.location = oldWindowLocation;
   });
 
-  describe('getTokenWithPopup()', () => {
+  describe('exchangeToken()', () => {
     const localSetup = async (clientOptions?: Partial<Auth0ClientOptions>) => {
       const auth0 = setup(clientOptions);
 
@@ -98,7 +98,7 @@ describe('Auth0Client', () => {
       return auth0;
     };
 
-    it('calls `loginWithPopup` with the correct default options', async () => {
+    it('calls `exchangeToken` with the correct default options', async () => {
       const auth0 = await localSetup();
       const cteOptions: CustomTokenExchangeOptions = {
         subject_token: 'external_token_value',
@@ -113,26 +113,5 @@ describe('Auth0Client', () => {
       expect(result.expires_in).toEqual(3600);
       expect(typeof result.scope).toBe('string');
     });
-
-    it('should throw an error for invalid subject_token_type from reserved namespaces', async () => {
-      // List of reserved token types that must be rejected.
-      const invalidTokenTypes = [
-        'urn:ietf:params:oauth:foo',
-        'https://auth0.com/token',
-        'urn:auth0:token'
-      ];
-
-      const auth0 = await localSetup();
-
-      // Each invalid token type should cause exchangeToken to reject with an Error.
-      for (const tokenType of invalidTokenTypes) {
-        const cteOptions: CustomTokenExchangeOptions = {
-          subject_token: 'external_token_value',
-          subject_token_type: tokenType,
-          audience: 'https://api.test.com'
-        };
-        await expect(auth0.exchangeToken(cteOptions)).rejects.toThrow(Error);
-      }
-    });
   });
 });
diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
@@ -92,7 +92,7 @@ import {
   OLD_IS_AUTHENTICATED_COOKIE_NAME,
   patchOpenUrlWithOnRedirect
 } from './Auth0Client.utils';
-import { CustomTokenExchangeOptions, validateTokenType } from './TokenExchange';
+import { CustomTokenExchangeOptions } from './TokenExchange';
 
 /**
  * @ignore
@@ -1195,8 +1195,6 @@ export class Auth0Client {
   async exchangeToken(
     options: CustomTokenExchangeOptions
   ): Promise<TokenEndpointResponse> {
-    validateTokenType(options.subject_token_type);
-
     return this._requestToken({
       grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
       subject_token: options.subject_token,

diff --git a/src/TokenExchange.ts b/src/TokenExchange.ts
@@ -72,29 +72,3 @@ export type CustomTokenExchangeOptions = {
    */
   [key: string]: unknown;
 };
-
-/**
- * Enforces namespace ownership requirements for token types
- *
- * @param tokenType - Proposed subject_token_type value
- * @throws {Error} When reserved namespace pattern detected
- *
- * @privateRemarks
- * Implements RFC 8693 Section 4.1 requirements for token type URIs
- *
- * @see {@link https://www.rfc-editor.org/rfc/rfc8693#section-4.1 | RFC 8693 Section 4.1}
- */
-export const validateTokenType = (tokenType: string): void => {
-  const reservedPatterns = [
-    /^urn:ietf:params:oauth:/i,
-    /^https:\/\/auth0\.com\//i,
-    /^urn:auth0:/i
-  ];
-
-  if (reservedPatterns.some(pattern => pattern.test(tokenType))) {
-    throw new Error(
-      `Invalid subject_token_type '${tokenType}'. ` +
-        `Reserved namespaces are prohibited. Use URIs under your organization's control.`
-    );
-  }
-};