IE-11/credentials-test = change to using sdk getAccessToken to check …

…credentials
agiledigital-labs · Nov 27, 2023 · 41b973c · dspasojevic · Nov 27, 2023 · 41b973c
1 parent 9f846a4
commit 41b973c
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 12 deletions.
diff --git a/src/scripts/list-users.ts b/src/scripts/list-users.ts
@@ -17,7 +17,7 @@ import {
 } from './services/group-service';
 import {
   validateOktaServerIsRunning,
-  validateCredentials,
+  mapCredentialErrors,
 } from './ping-okta-server';
 
 /**
@@ -120,7 +120,7 @@ export default (
               ? users(userService)
               : usersInGroup(userService, groupService, args.groupId)
         ),
-        validateCredentials
+        mapCredentialErrors
       )();
 
       // eslint-disable-next-line functional/no-conditional-statement

diff --git a/src/scripts/ping-okta-server.ts b/src/scripts/ping-okta-server.ts
@@ -5,12 +5,12 @@ import * as Console from 'fp-ts/lib/Console';
 import { pipe } from 'fp-ts/lib/function';
 import { Argv } from 'yargs';
 import { oktaAPIError } from '../schema';
-import { oktaReadOnlyClient } from './services/client-service';
-import { OktaUserService, UserService } from './services/user-service';
+import {
+  oktaReadOnlyClient,
+  validateCredentials,
+} from './services/client-service';
 import { pingOktaServer } from './services/validation-service';
 
-export const callListUsers = (service: UserService) => service.listUsers();
-
 /**
  * Pings the okta server to see if it is up and running.
  * @param clientId - the client id of the okta application.
@@ -33,7 +33,7 @@ export const validateOktaServerIsRunning = (
         }: {
           readonly organisationUrl: string;
           readonly clientId: string;
-        }) => pingOktaServer(organisationUrl, clientId)
+        }) => pingOktaServer(clientId, organisationUrl)
       )(TE.right({ organisationUrl, clientId }))
     ),
     // eslint-disable-next-line @typescript-eslint/prefer-readonly-parameter-types
@@ -70,11 +70,11 @@ export const validateOktaServerIsRunning = (
   );
 
 /**
- * Validates the credentials of a service.
+ * Maps errors relating to credentials to a more specific error message.
  * @param result - the result of a service
  * @returns the result of the service if it was successful, otherwise a refined error in consideration to credentials.
  */
-export const validateCredentials = <T>(
+export const mapCredentialErrors = <T>(
   result: TE.TaskEither<Error, T>
 ): TE.TaskEither<Error, T> =>
   pipe(
@@ -134,15 +134,15 @@ export default (
       readonly organisationUrl: string;
     }) => {
       const client = oktaReadOnlyClient({ ...args });
-      const userService = new OktaUserService(client);
 
       const { clientId, organisationUrl } = args;
       const result = await pipe(
         validateOktaServerIsRunning(clientId, organisationUrl),
         TE.tapIO(Console.info),
         // eslint-disable-next-line functional/functional-parameters
-        TE.chain(() => callListUsers(userService)),
-        validateCredentials
+        TE.chain(() => validateCredentials(client)),
+        // eslint-disable-next-line functional/functional-parameters
+        mapCredentialErrors
       )();
       // eslint-disable-next-line functional/no-conditional-statement
       if (E.isLeft(result)) {

diff --git a/src/scripts/services/client-service.ts b/src/scripts/services/client-service.ts
@@ -1,4 +1,7 @@
 import * as okta from '@okta/okta-sdk-nodejs';
+import { TokenEndpointResponse } from '@okta/okta-sdk-nodejs/src/types/oauth';
+import * as TE from 'fp-ts/lib/TaskEither';
+import { pipe } from 'fp-ts/lib/function';
 
 /**
  * Configuration required to create an Okta client.
@@ -43,3 +46,25 @@ export const oktaManageClient = (
     authorizationMode: 'PrivateKey',
     scopes: scopes.map((scope) => 'okta.' + scope + '.manage'),
   });
+
+/**
+ * Validates the credentials provided to the tool.
+ * @param client - the Okta client to use to validate the credentials.
+ * @returns a TaskEither that resolves to the token endpoint response if the credentials are valid, otherwise an error.
+ */
+// eslint-disable-next-line functional/functional-parameters
+export const validateCredentials = (
+  // eslint-disable-next-line @typescript-eslint/prefer-readonly-parameter-types
+  client: okta.Client
+): TE.TaskEither<Error, TokenEndpointResponse> => {
+  return pipe(
+    TE.tryCatch(
+      // eslint-disable-next-line functional/functional-parameters, functional/no-this-expression
+      () => client.oauth.getAccessToken(),
+      (error) =>
+        new Error('Failed to get access token', {
+          cause: error,
+        })
+    )
+  );
+};