fix(oidc-service-worker): bad request on many token request at the sa…

…me time (#1300) (release)

packages/oidc-client-service-worker/src/OidcServiceWorker.ts

@@ -14,7 +14,7 @@ import {
 	serializeHeaders,
 	sleep,
 } from './utils';
-import { replaceCodeVerifier } from './utils/codeVerifier';
+import {extractConfigurationNameFromCodeVerifier, replaceCodeVerifier} from './utils/codeVerifier';
 import { normalizeUrl } from './utils/normalizeUrl';
 import version from './version';
 
@@ -51,7 +51,6 @@ const handleActivate = (event: ExtendableEvent) => {
 	event.waitUntil(_self.clients.claim());
 };
 
-let currentLoginCallbackConfigurationName: string | null = null;
 const database: Database = {};
 
 const getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {
@@ -136,10 +135,16 @@ const handleFetch = async (event: FetchEvent) => {
 				...serializeHeaders(originalRequest.headers),
 			};
 		} else {
+
+			const authorization = originalRequest.headers.get('authorization');
+			if (!authorization ) {
+				throw new Error('No authorization header');
+			}
+			const authentificationMode = authorization.split(" ")[0];
 			headers = {
 				...serializeHeaders(originalRequest.headers),
 				authorization:
-					'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,
+				 authentificationMode + ' ' + currentDatabaseForRequestAccessToken.tokens.access_token,
 			};
 		}
 		let init: RequestInit;
@@ -232,21 +237,24 @@ const handleFetch = async (event: FetchEvent) => {
 							return new Response(text, response);
 						});
 					}
-					return fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW
+					return fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); 
 				} else if (
 					actualBody.includes('code_verifier=') &&
-					currentLoginCallbackConfigurationName
+					extractConfigurationNameFromCodeVerifier(actualBody) != null
 				) {
+					const currentLoginCallbackConfigurationName = extractConfigurationNameFromCodeVerifier(
+						actualBody,
+					);
+					// @ts-ignore
 					currentDatabase = database[currentLoginCallbackConfigurationName];
-					currentLoginCallbackConfigurationName = null;
 					let newBody = actualBody;
 					if (currentDatabase && currentDatabase.codeVerifier != null) {
 						newBody = replaceCodeVerifier(
 							newBody,
 							currentDatabase.codeVerifier,
 						);
 					}
-
+					
 					return fetch(originalRequest, {
 						body: newBody,
 						method: clonedRequest.method,
@@ -259,6 +267,7 @@ const handleFetch = async (event: FetchEvent) => {
 						referrer: clonedRequest.referrer,
 						credentials: clonedRequest.credentials,
 						integrity: clonedRequest.integrity,
+						// @ts-ignore
 					}).then(hideTokens(currentDatabase));
 				}
 
@@ -338,7 +347,7 @@ const handleMessage = (event: ExtendableMessageEvent) => {
 			trustedDomains[configurationName] = [];
 		}
 	}
-
+	console.log('[OidcServiceWorker] handleMessage', data.type);
 	switch (data.type) {
 		case 'clear':
 			currentDatabase.tokens = null;
@@ -363,15 +372,6 @@ const handleMessage = (event: ExtendableMessageEvent) => {
 			}
 			currentDatabase.oidcServerConfiguration = oidcServerConfiguration;
 			currentDatabase.oidcConfiguration = data.data.oidcConfiguration;
-			const where = data.data.where;
-			if (
-				where === 'loginCallbackAsync' ||
-				where === 'tryKeepExistingSessionAsync'
-			) {
-				currentLoginCallbackConfigurationName = configurationName;
-			} else {
-				currentLoginCallbackConfigurationName = null;
-			}
 
 			if (!currentDatabase.tokens) {
 				port.postMessage({
@@ -487,8 +487,9 @@ const handleMessage = (event: ExtendableMessageEvent) => {
 			return;
 		}
 		default: {
-			currentDatabase.items = { ...data.data };
-			port.postMessage({ configurationName });
+			return;
+			// currentDatabase.items = { ...data.data };
+			// port.postMessage({ configurationName });
 		}
 	}
 };

packages/oidc-client-service-worker/src/utils/__tests__/codeVerifier.spec.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from 'vitest';
 
-import { replaceCodeVerifier } from '../codeVerifier';
+import { replaceCodeVerifier, extractConfigurationNameFromCodeVerifier } from '../codeVerifier';
 
 describe('replaceCodeVerifier should', () => {
     it.each([
@@ -11,3 +11,19 @@ describe('replaceCodeVerifier should', () => {
         expect(bodyExpected).toEqual(result);
     });
 });
+
+
+describe('extractConfigurationNameFromCodeVerifier should', () => {
+    it.each([
+        { body: "code=56DB8E3592FBD48DCF6F65B38B12845FF0186ECF6D66ECB5425C0F7E658B7951-1&grant_type=authorization_code&client_id=interactive.public.short&redirect_uri=https%3A%2F%2Fblack-rock-0dc6b0d03.1.azurestaticapps.net%2Fauthentication%2Fcallback&code_verifier=CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_default", expected: 'default' },
+        { body: "code=56DB8E3592FBD48DCF6F65B38B12845FF0186ECF6D66ECB5425C0F7E658B7951-1&code_verifier=CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_youhou&grant_type=authorization_code&client_id=interactive.public.short&redirect_uri=https%3A%2F%2Fblack-rock-0dc6b0d03.1.azurestaticapps.net%2Fauthentication%2Fcallback", expected: 'youhou' },
+    ])('inject new codeVerifier', async ({ body, expected }) => {
+
+        const configurationName = extractConfigurationNameFromCodeVerifier(body);
+        console.log(configurationName);
+        expect(configurationName).toEqual(expected);
+    });
+});
+
+
+

packages/oidc-client-service-worker/src/utils/codeVerifier.ts

@@ -2,3 +2,14 @@ export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string)
     const regex = /code_verifier=[A-Za-z0-9_-]+/i;
     return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);
 }
+
+export const extractConfigurationNameFromCodeVerifier = (chaine:string):string | null => {
+    const regex = /CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_([^&\s]+)/;
+    const result = chaine.match(regex);
+
+    if (result && result.length > 1) {
+        return result[1];
+    } else {
+        return null;
+    }
+}