fix: passport strategy runtime authenticate parameters regression

resolves #167
panva · May 15, 2019 · 36e741e · 36e741e
1 parent 8d15d30
commit 36e741e
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/lib/passport_strategy.js b/lib/passport_strategy.js
@@ -91,7 +91,7 @@ OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, option
       const params = {
         state: random(),
         ...this._params,
-        options,
+        ...options,
       };
 
       if (!params.nonce && params.response_type.includes('id_token')) {

diff --git a/test/passport/passport_strategy.test.js b/test/passport/passport_strategy.test.js
@@ -126,6 +126,26 @@ describe('OpenIDConnectStrategy', () => {
       expect(target).to.include('scope=openid%20profile');
     });
 
+    it('can have authorization parameters specified at runtime', function () {
+      const strategy = new Strategy({
+        client: this.client,
+        params: {
+          redirect_uri: 'https://example.com/cb',
+          scope: 'openid profile',
+        },
+      }, () => {});
+
+      const req = new MockRequest('GET', '/login/oidc');
+      req.session = {};
+
+      strategy.redirect = sinon.spy();
+      strategy.authenticate(req, { resource: 'urn:example:foo' });
+
+      expect(strategy.redirect.calledOnce).to.be.true;
+      const target = strategy.redirect.firstCall.args[0];
+      expect(target).to.include(`resource=${encodeURIComponent('urn:example:foo')}`);
+    });
+
     it('automatically includes nonce for where it applies', function () {
       const strategy = new Strategy({
         client: this.client,