refactor: rename config opt to authenticateIntrospect & authenticateR…

…evoke
jasonraimondi · Aug 12, 2024 · cf41704 · cf41704
1 parent 36f0182
commit cf41704
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 23 deletions.
diff --git a/.idea/ts-oauth2-server.iml b/.idea/ts-oauth2-server.iml
diff --git a/docs/docs/authorization_server/configuration.mdx b/docs/docs/authorization_server/configuration.mdx
@@ -8,15 +8,15 @@ The default configuration is great for most users. You might not need to tweak a
 
 The authorization server has a few optional settings with the following default values;
 
-| Option                            | Type                | Default   | Details                                                                                                                                                                                    |
-| --------------------------------- | ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `requiresPKCE`                    | boolean             | true      | PKCE is enabled by default and recommended for all users. To support a legacy client without PKCE, disable this option. [[Learn more]][requires-pkce]                                      |
-| `requiresS256`                    | boolean             | true      | Disabled by default. If you want to require all clients to use S256, you can enable that here. [[Learn more]][requires-s256]                                                               |
-| `notBeforeLeeway`                 | number              | 0         | Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value.                  |
-| `tokenCID`                        | "id" or "name"      | "id"      | Sets the JWT `accessToken.cid` to either the `client.id` or `client.name`.<br /><br />In 3.x the default is **"id"**, in v2.x the default was **"name"**. [[Learn more]][token-cid]        |
-| `issuer`                          | string \| undefined | undefined | Sets the JWT `accessToken.iss` to this value.                                                                                                                                              |
-| `introspectWithClientCredentials` | boolean             | true      | Authorize [the /introspect endpoint](../endpoints/introspect.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) |
-| `revokeWithClientCredentials`     | boolean             | true      | Authorize [the /revoke endpoint](../endpoints/revoke.mdx) using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header)         |
+| Option                   | Type                | Default   | Details                                                                                                                                                                                                                                                                   |
+| ------------------------ | ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `requiresPKCE`           | boolean             | true      | PKCE is enabled by default and recommended for all users. To support a legacy client without PKCE, disable this option. [[Learn more]][requires-pkce]                                                                                                                     |
+| `requiresS256`           | boolean             | true      | Disabled by default. If you want to require all clients to use S256, you can enable that here. [[Learn more]][requires-s256]                                                                                                                                              |
+| `notBeforeLeeway`        | number              | 0         | Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value.                                                                                                 |
+| `tokenCID`               | "id" or "name"      | "id"      | Sets the JWT `accessToken.cid` to either the `client.id` or `client.name`.<br /><br />In 3.x the default is **"id"**, in v2.x the default was **"name"**. [[Learn more]][token-cid]                                                                                       |
+| `issuer`                 | string \| undefined | undefined | Sets the JWT `accessToken.iss` to this value.                                                                                                                                                                                                                             |
+| `authenticateIntrospect` | boolean             | true      | Authorize the [/introspect](../endpoints/introspect.mdx) endpoint using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) <br /><br />In 4.x the default is **true**, in v3.x the default was **false**. |
+| `authenticateRevoke`     | boolean             | true      | Authorize the [/revoke](../endpoints/revoke.mdx) endpoint using `client_credentials`, this requires users to pass in a valid client_id and client_secret (or Authorization header) <br /><br />In 4.x the default is **true**, in v3.x the default was **false**.                             |
 
 ```ts
 type AuthorizationServerOptions = {
@@ -25,8 +25,8 @@ type AuthorizationServerOptions = {
   notBeforeLeeway: 0;
   tokenCID: "id" | "name";
   issuer: undefined;
-  introspectWithClientCredentials: boolean;
-  revokeWithClientCredentials: boolean;
+  authenticateIntrospect: boolean;
+  authenticateRevoke: boolean;
 };
 ```
 

diff --git a/src/authorization_server.ts b/src/authorization_server.ts
@@ -30,8 +30,8 @@ export interface AuthorizationServerOptions {
   tokenCID: "id" | "name";
   issuer?: string;
   scopeDelimiter: string;
-  introspectWithClientCredentials: boolean;
-  revokeWithClientCredentials: boolean;
+  authenticateIntrospect: boolean;
+  authenticateRevoke: boolean;
 }
 
 export type EnableableGrants =

diff --git a/src/grants/auth_code.grant.ts b/src/grants/auth_code.grant.ts
@@ -314,7 +314,7 @@ export class AuthCodeGrant extends AbstractAuthorizedGrant {
   async respondToRevokeRequest(req: RequestInterface): Promise<ResponseInterface> {
     req.body["grant_type"] = this.identifier;
 
-    if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+    if (this.options.authenticateRevoke) await this.validateClient(req);
 
     const token = this.getRequestParameter("token", req);
 

diff --git a/src/grants/client_credentials.grant.ts b/src/grants/client_credentials.grant.ts
@@ -32,7 +32,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
   async respondToIntrospectRequest(req: RequestInterface): Promise<ResponseInterface> {
     req.body["grant_type"] = this.identifier;
 
-    if (this.options.introspectWithClientCredentials) await this.validateClient(req);
+    if (this.options.authenticateIntrospect) await this.validateClient(req);
 
     const { parsedToken, oauthToken, expiresAt, tokenType } = await this.tokenFromRequest(req);
 
@@ -60,7 +60,7 @@ export class ClientCredentialsGrant extends AbstractGrant {
   async respondToRevokeRequest(req: RequestInterface): Promise<ResponseInterface> {
     req.body["grant_type"] = this.identifier;
 
-    if (this.options.revokeWithClientCredentials) await this.validateClient(req);
+    if (this.options.authenticateRevoke) await this.validateClient(req);
 
     let { oauthToken } = await this.tokenFromRequest(req);
 

diff --git a/src/options.ts b/src/options.ts
@@ -7,6 +7,6 @@ export const DEFAULT_AUTHORIZATION_SERVER_OPTIONS: AuthorizationServerOptions =
   tokenCID: "id",
   issuer: undefined,
   scopeDelimiter: " ",
-  introspectWithClientCredentials: true,
-  revokeWithClientCredentials: true,
+  authenticateIntrospect: true,
+  authenticateRevoke: true,
 };
diff --git a/test/e2e/authorization_server.spec.ts b/test/e2e/authorization_server.spec.ts
@@ -359,15 +359,15 @@ describe("authorization_server", () => {
       inMemoryDatabase.clients[client.id] = client;
     });
 
-    describe("without option introspectWithClientCredentials=false", () => {
+    describe("without option authenticateIntrospect=false", () => {
       it("does not require client credentials", async () => {
         authorizationServer = new AuthorizationServer(
           inMemoryClientRepository,
           inMemoryAccessTokenRepository,
           inMemoryScopeRepository,
           new JwtService("secret-key"),
           {
-            introspectWithClientCredentials: false,
+            authenticateIntrospect: false,
           },
         );
 
@@ -548,15 +548,15 @@ describe("authorization_server", () => {
       inMemoryDatabase.clients[client.id] = client;
     });
 
-    describe("without option revokeWithClientCredentials=false", () => {
+    describe("without option authenticateRevoke=false", () => {
       it("does not require client credentials", async () => {
         authorizationServer = new AuthorizationServer(
           inMemoryClientRepository,
           inMemoryAccessTokenRepository,
           inMemoryScopeRepository,
           new JwtService("secret-key"),
           {
-            revokeWithClientCredentials: false,
+            authenticateRevoke: false,
           },
         );