Re-use originFromDomain utility function in Auth0 and Keycloak prov…

…iders (#1337) Co-authored-by: pilcrow <[email protected]>
lucia-auth · Jan 16, 2024 · 58e8b82 · 58e8b82
1 parent ee7dd23
commit 58e8b82
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 12 deletions.
diff --git a/.auri/$8h6jkpso.md b/.auri/$8h6jkpso.md
@@ -0,0 +1,6 @@
+---
+package: "@lucia-auth/oauth"
+type: "patch"
+---
+
+Update Keycloak provider to accept domain argument with protocol
diff --git a/packages/oauth/src/providers/auth0.ts b/packages/oauth/src/providers/auth0.ts
@@ -4,7 +4,11 @@ import {
 	validateOAuth2AuthorizationCode
 } from "../core/oauth2.js";
 import { ProviderUserAuth } from "../core/provider.js";
-import { handleRequest, authorizationHeader } from "../utils/request.js";
+import {
+	handleRequest,
+	authorizationHeader,
+	originFromDomain
+} from "../utils/request.js";
 
 import type { Auth } from "lucia";
 
@@ -113,13 +117,6 @@ const getAuth0User = async (appDomain: string, accessToken: string) => {
 	return auth0User;
 };
 
-const originFromDomain = (domain: string): string => {
-	if (domain.startsWith("https://") || domain.startsWith("http://")) {
-		return domain;
-	}
-	return "https://" + domain;
-};
-
 export type Auth0Tokens = {
 	accessToken: string;
 	refreshToken: string;

diff --git a/packages/oauth/src/providers/keycloak.ts b/packages/oauth/src/providers/keycloak.ts
@@ -5,7 +5,11 @@ import {
 } from "../core/oauth2.js";
 import { ProviderUserAuth } from "../core/provider.js";
 import { decodeIdToken } from "../index.js";
-import { handleRequest, authorizationHeader } from "../utils/request.js";
+import {
+	handleRequest,
+	authorizationHeader,
+	originFromDomain
+} from "../utils/request.js";
 
 import type { Auth } from "lucia";
 
@@ -43,7 +47,10 @@ export class KeycloakAuth<
 	> => {
 		const scopeConfig = this.config.scope ?? [];
 		return await createOAuth2AuthorizationUrlWithPKCE(
-			`https://${this.config.domain}/realms/${this.config.realm}/protocol/openid-connect/auth`,
+			new URL(
+				`/realms/${this.config.realm}/protocol/openid-connect/auth`,
+				originFromDomain(this.config.domain)
+			),
 			{
 				clientId: this.config.clientId,
 				scope: ["profile", "openid", ...scopeConfig],
@@ -82,7 +89,10 @@ export class KeycloakAuth<
 		const rawTokens =
 			await validateOAuth2AuthorizationCode<AccessTokenResponseBody>(
 				code,
-				`https://${this.config.domain}/realms/${this.config.realm}/protocol/openid-connect/token`,
+				new URL(
+					`/realms/${this.config.realm}/protocol/openid-connect/token`,
+					originFromDomain(this.config.domain)
+				),
 				{
 					clientId: this.config.clientId,
 					redirectUri: this.config.redirectUri,
@@ -127,7 +137,10 @@ const getKeycloakUser = async (
 	accessToken: string
 ): Promise<KeycloakUser> => {
 	const keycloakUserRequest = new Request(
-		`https://${domain}/realms/${realm}/protocol/openid-connect/userinfo`,
+		new URL(
+			`/realms/${realm}/protocol/openid-connect/userinfo`,
+			originFromDomain(domain)
+		),
 		{
 			headers: {
 				Authorization: authorizationHeader("bearer", accessToken)

diff --git a/packages/oauth/src/utils/request.ts b/packages/oauth/src/utils/request.ts
@@ -36,3 +36,10 @@ export const authorizationHeader = (
 	}
 	throw new TypeError("Invalid token type");
 };
+
+export const originFromDomain = (domain: string): string => {
+	if (domain.startsWith("https://") || domain.startsWith("http://")) {
+		return domain;
+	}
+	return "https://" + domain;
+};