From abd064646434d5e78c437068aa63ace77a4f2a62 Mon Sep 17 00:00:00 2001 From: Exidex <16986685+Exidex@users.noreply.github.com> Date: Thu, 6 Jul 2023 09:28:54 +0200 Subject: [PATCH 1/3] Support setting client_secret to an empty string when using client_secret_basic or client_secret_post --- lib/helpers/client.js | 4 ++-- test/client/client_instance.test.js | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/helpers/client.js b/lib/helpers/client.js index 62bf9be6..30002328 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -81,7 +81,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { case 'none': return { form: { client_id: this.client_id } }; case 'client_secret_post': - if (!this.client_secret) { + if (!this.client_secret && this.client_secret !== "") { throw new TypeError( 'client_secret_post client authentication method requires a client_secret', ); @@ -120,7 +120,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { // > Appendix B, and the encoded value is used as the username; the client // > password is encoded using the same algorithm and used as the // > password. - if (!this.client_secret) { + if (!this.client_secret && this.client_secret !== "") { throw new TypeError( 'client_secret_basic client authentication method requires a client_secret', ); diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index ba653dec..dac0adbb 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -2253,6 +2253,18 @@ describe('Client', () => { ); }); }); + + it('allows client_secret to be empty string', async function () { + const issuer = new Issuer(); + const client = new issuer.Client({ + client_id: 'an:identifier', + client_secret: '', + token_endpoint_auth_method: 'client_secret_post', + }); + expect(await clientInternal.authFor.call(client, 'token')).to.eql({ + form: { client_id: 'an:identifier', client_secret: '' }, + }); + }); }); describe('when client_secret_basic', function () { @@ -2288,6 +2300,14 @@ describe('Client', () => { ); }); }); + + it('allows client_secret to be empty string', async function () { + const issuer = new Issuer(); + const client = new issuer.Client({ client_id: 'an:identifier', client_secret: '' }); + expect(await clientInternal.authFor.call(client, 'token')).to.eql({ + headers: { Authorization: 'Basic YW4lM0FpZGVudGlmaWVyOg==' }, + }); + }); }); describe('when client_secret_jwt', function () { From 5a1570e11594a25033ca94eb09bea0d60b8b80ca Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 6 Jul 2023 11:00:49 +0200 Subject: [PATCH 2/3] fixup! Support setting client_secret to an empty string when using client_secret_basic or client_secret_post --- lib/helpers/client.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/helpers/client.js b/lib/helpers/client.js index 30002328..d6e60804 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -81,7 +81,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { case 'none': return { form: { client_id: this.client_id } }; case 'client_secret_post': - if (!this.client_secret && this.client_secret !== "") { + if (!this.client_secret && this.client_secret !== '') { throw new TypeError( 'client_secret_post client authentication method requires a client_secret', ); @@ -120,7 +120,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { // > Appendix B, and the encoded value is used as the username; the client // > password is encoded using the same algorithm and used as the // > password. - if (!this.client_secret && this.client_secret !== "") { + if (!this.client_secret && this.client_secret !== '') { throw new TypeError( 'client_secret_basic client authentication method requires a client_secret', ); From f3cf92824f215b1ba5f8499dc6e7af5778914115 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 6 Jul 2023 11:10:02 +0200 Subject: [PATCH 3/3] fixup! Support setting client_secret to an empty string when using client_secret_basic or client_secret_post --- lib/helpers/client.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/helpers/client.js b/lib/helpers/client.js index d6e60804..7c002482 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -81,7 +81,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { case 'none': return { form: { client_id: this.client_id } }; case 'client_secret_post': - if (!this.client_secret && this.client_secret !== '') { + if (typeof this.client_secret !== 'string') { throw new TypeError( 'client_secret_post client authentication method requires a client_secret', ); @@ -120,7 +120,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { // > Appendix B, and the encoded value is used as the username; the client // > password is encoded using the same algorithm and used as the // > password. - if (!this.client_secret && this.client_secret !== '') { + if (typeof this.client_secret !== 'string') { throw new TypeError( 'client_secret_basic client authentication method requires a client_secret', );