Credentials exchange tweaks

src/mock/events/credentials-exchange.ts

@@ -11,31 +11,37 @@ import { client } from "../client";
 import { chance } from "../chance";
 import { identity } from "../identity";
 
-export const credentialsExchange = define<Auth0.Events.CredentialsExchange>(({ params }) => {
-  const tenantId = params.tenant?.id || chance.auth0().tenantId();
-  const hostname = params.request?.hostname || `${tenantId}.auth0.com`;
+export const credentialsExchange = define<Auth0.Events.CredentialsExchange>(
+  ({ params }) => {
+    const tenantId = params.tenant?.id || chance.auth0().tenantId();
+    const hostname = params.request?.hostname || `${tenantId}.auth0.com`;
 
-  const requestValue = request({
-    hostname,
-    ...params.request,
-    query: {
-      ...params.request?.query,
-    },
-  });
+    const requestValue = request({
+      hostname,
+      ...params.request,
+      query: {
+        ...params.request?.query,
+      },
+    });
 
-  const transactionValue = transaction();
+    const transactionValue = transaction();
 
-  return {
-    accessToken: {
-      customClaims: (params?.accessToken?.customClaims || {}) as Record<string, string>,
-      scope: transactionValue.requested_scopes,
-    },
-    client: client(),
-    request: requestValue,
-    resource_server: {
-      identifier: `https://${hostname}/userinfo`,
-    },
-    tenant: { id: tenantId },
-    transaction: { requested_scopes: transactionValue.requested_scopes },
-  };
-});
+    return {
+      accessToken: {
+        customClaims: (params?.accessToken?.customClaims || {}) as Record<
+          string,
+          string
+        >,
+        scope: transactionValue.requested_scopes,
+      },
+      client: client(),
+      request: requestValue,
+      resource_server: {
+        identifier: `https://${hostname}/userinfo`,
+      },
+      tenant: { id: tenantId },
+      transaction: { requested_scopes: transactionValue.requested_scopes },
+      secrets: {},
+    };
+  }
+);

src/test/api/credentials-exchange.test.ts

@@ -0,0 +1,47 @@
+import test from "node:test";
+import { strictEqual, deepStrictEqual, throws, ok } from "node:assert";
+import { credentialsExchange, cache } from "../../mock/api";
+import { request, user } from "../../mock";
+import { encodeHS256JWT } from "../../jwt/hs256";
+
+test("Credentials Exchange API", async (t) => {
+  await t.test("access", async (t) => {
+    const { implementation: api, state } = credentialsExchange();
+
+    strictEqual(
+      api.access.deny("invalid_request", "Only cool kids allowed"),
+      api
+    );
+
+    deepStrictEqual(state.access, {
+      denied: true,
+      code: "invalid_request",
+      reason: "Only cool kids allowed",
+    });
+  });
+
+  await t.test("accessToken", async (t) => {
+    await t.test("can set custom claims", async (t) => {
+      const { implementation: api, state } = credentialsExchange();
+      strictEqual(api.accessToken.setCustomClaim("favourite_pet", "cat"), api);
+      deepStrictEqual(state.accessToken.claims, { favourite_pet: "cat" });
+    });
+  });
+
+  await t.test("cache", async (t) => {
+    await t.test("can set cache", async (t) => {
+      const { implementation: api, state } = credentialsExchange();
+      strictEqual(api.cache.set("location", "Ōtautahi").type, "success");
+      deepStrictEqual(state.cache.get("location"), "Ōtautahi");
+    });
+
+    await t.test("can get cache", async (t) => {
+      const { implementation: api, state } = credentialsExchange({
+        cache: { location: "Ōtautahi" },
+      });
+
+      strictEqual(state.cache.get("location"), "Ōtautahi");
+      strictEqual(state.cache.get("nonexistent"), undefined);
+    });
+  });
+});

src/types/api/post-login.d.ts

@@ -30,9 +30,6 @@ export interface MultifactorEnableOptions {
   providerOptions?: Record<string, unknown>;
 }
 
-/**
- * TODO: Incomplete interface
- */
 export interface PostLogin {
   /**
    * Modify the user's login access, such as by rejecting the login attempt.

src/types/events/credentials-exchange.d.ts

@@ -17,4 +17,7 @@ export interface CredentialsExchange {
   transaction: {
     requested_scopes: string[];
   };
+  secrets: {
+    [key: string]: string;
+  };
 }