add prompt param to OIDC auth url creation (#3794)

matrix-org · Oct 11, 2023 · 1de6de0 · 1de6de0
1 parent c8f8fb5
commit 1de6de0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/spec/unit/oidc/authorize.spec.ts b/spec/unit/oidc/authorize.spec.ts
@@ -134,6 +134,25 @@ describe("oidc authorization", () => {
 
             expect(authUrl.searchParams.get("code_challenge")).toBeTruthy();
         });
+
+        it("should generate url with create prompt", async () => {
+            const nonce = "abc123";
+
+            const metadata = delegatedAuthConfig.metadata;
+
+            const authUrl = new URL(
+                await generateOidcAuthorizationUrl({
+                    metadata,
+                    homeserverUrl: baseUrl,
+                    clientId,
+                    redirectUri: baseUrl,
+                    nonce,
+                    prompt: "create",
+                }),
+            );
+
+            expect(authUrl.searchParams.get("prompt")).toEqual("create");
+        });
     });
 
     describe("completeAuthorizationCodeGrant", () => {

diff --git a/src/oidc/authorize.ts b/src/oidc/authorize.ts
@@ -122,8 +122,13 @@ export const generateAuthorizationUrl = async (
  * @experimental
  * Generate a URL to attempt authorization with the OP
  * See https://openid.net/specs/openid-connect-basic-1_0.html#CodeRequest
- * @param oidcClientSettings - oidc configuration
- * @param homeserverName - used as state
+ * @param metadata - validated metadata from OP discovery
+ * @param clientId - this client's id as registered with the OP
+ * @param homeserverUrl - used to establish the session on return from the OP
+ * @param identityServerUrl - used to establish the session on return from the OP
+ * @param nonce - state
+ * @param prompt - indicates to the OP which flow the user should see - eg login or registration
+ *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
  * @returns a Promise with the url as a string
  */
 export const generateOidcAuthorizationUrl = async ({
@@ -133,13 +138,15 @@ export const generateOidcAuthorizationUrl = async ({
     homeserverUrl,
     identityServerUrl,
     nonce,
+    prompt,
 }: {
     clientId: string;
     metadata: ValidatedIssuerMetadata;
     homeserverUrl: string;
     identityServerUrl?: string;
     redirectUri: string;
     nonce: string;
+    prompt?: string;
 }): Promise<string> => {
     const scope = await generateScope();
     const oidcClient = new OidcClient({
@@ -156,6 +163,7 @@ export const generateOidcAuthorizationUrl = async ({
     const request = await oidcClient.createSigninRequest({
         state: userState,
         nonce,
+        prompt,
     });
 
     return request.url;