@descope/angular-sdk 0.5.10 → 0.5.11

package/projects/angular-sdk/src/lib/services/descope-auth.service.spec.ts

@@ -0,0 +1,309 @@
+import { TestBed } from '@angular/core/testing';
+
+import { DescopeAuthService } from './descope-auth.service';
+import createSdk from '@descope/web-js-sdk';
+import mocked = jest.mocked;
+import { DescopeAuthConfig } from '../types/types';
+import { of, take, toArray } from 'rxjs';
+
+jest.mock('@descope/web-js-sdk');
+
+describe('DescopeAuthService', () => {
+  let service: DescopeAuthService;
+  let mockedCreateSdk: jest.Mock;
+  let windowSpy: jest.SpyInstance;
+  const onSessionTokenChangeSpy = jest.fn();
+  const onUserChangeSpy = jest.fn();
+  const getSessionTokenSpy = jest.fn();
+  const getRefreshTokenSpy = jest.fn();
+  const isJwtExpiredSpy = jest.fn();
+  const getJwtPermissionsSpy = jest.fn();
+  const getJwtRolesSpy = jest.fn();
+  const meSpy = jest.fn();
+  const refreshSpy = jest.fn();
+  const mockConfig: DescopeAuthConfig = {
+    projectId: 'someProject'
+  };
+
+  beforeEach(() => {
+    mockedCreateSdk = mocked(createSdk);
+    windowSpy = jest.spyOn(window, 'window', 'get');
+
+    mockedCreateSdk.mockReturnValue({
+      onSessionTokenChange: onSessionTokenChangeSpy,
+      onUserChange: onUserChangeSpy,
+      getSessionToken: getSessionTokenSpy,
+      getRefreshToken: getRefreshTokenSpy,
+      isJwtExpired: isJwtExpiredSpy,
+      getJwtPermissions: getJwtPermissionsSpy,
+      getJwtRoles: getJwtRolesSpy,
+      me: meSpy,
+      refresh: refreshSpy
+    });
+
+    onSessionTokenChangeSpy.mockImplementation((fn) => fn());
+    onUserChangeSpy.mockImplementation((fn) => fn());
+
+    TestBed.configureTestingModule({
+      providers: [
+        DescopeAuthConfig,
+        { provide: DescopeAuthConfig, useValue: mockConfig }
+      ]
+    });
+    service = TestBed.inject(DescopeAuthService);
+  });
+
+  afterEach(() => {
+    getSessionTokenSpy.mockReset();
+    getRefreshTokenSpy.mockReset();
+    isJwtExpiredSpy.mockReset();
+    getJwtPermissionsSpy.mockReset();
+    getJwtRolesSpy.mockReset();
+  });
+
+  it('should be created', () => {
+    expect(service).toBeTruthy();
+    expect(mockedCreateSdk).toHaveBeenCalledWith(
+      expect.objectContaining(mockConfig)
+    );
+    expect(onSessionTokenChangeSpy).toHaveBeenCalled();
+    expect(onUserChangeSpy).toHaveBeenCalled();
+  });
+
+  describe('getSessionToken', () => {
+    it('should call getSessionToken from sdk', () => {
+      const token = 'abcd';
+      getSessionTokenSpy.mockReturnValueOnce(token);
+      const result = service.getSessionToken();
+      expect(getSessionTokenSpy).toHaveBeenCalled();
+      expect(result).toStrictEqual(token);
+    });
+
+    it('should warn when using getSessionToken in non browser environment', () => {
+      const warnSpy = jest.spyOn(console, 'warn');
+      windowSpy.mockImplementationOnce(() => undefined);
+
+      service.getSessionToken();
+
+      expect(warnSpy).toHaveBeenCalledWith(
+        'Get session token is not supported in SSR'
+      );
+      expect(getSessionTokenSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('getRefreshToken', () => {
+    it('should call getRefreshToken from sdk', () => {
+      const token = 'abcd';
+      getRefreshTokenSpy.mockReturnValueOnce(token);
+      const result = service.getRefreshToken();
+      expect(getRefreshTokenSpy).toHaveBeenCalled();
+      expect(result).toStrictEqual(token);
+    });
+
+    it('should warn when using getRefreshToken in non browser environment', () => {
+      const warnSpy = jest.spyOn(console, 'warn');
+      windowSpy.mockImplementationOnce(() => undefined);
+
+      service.getRefreshToken();
+
+      expect(warnSpy).toHaveBeenCalledWith(
+        'Get refresh token is not supported in SSR'
+      );
+      expect(getRefreshTokenSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('isSessionTokenExpired', () => {
+    it('should call isSessionTokenExpired from sdk', () => {
+      const token = 'abcd';
+      getSessionTokenSpy.mockReturnValueOnce(token);
+      service.isSessionTokenExpired();
+      expect(getSessionTokenSpy).toHaveBeenCalled();
+      expect(isJwtExpiredSpy).toHaveBeenCalledWith(token);
+    });
+
+    it('should warn when using isSessionTokenExpired in non browser environment', () => {
+      const warnSpy = jest.spyOn(console, 'warn');
+      windowSpy.mockImplementationOnce(() => undefined);
+
+      service.isSessionTokenExpired('some token');
+      expect(warnSpy).toHaveBeenCalledWith(
+        'isSessionTokenExpired is not supported in SSR'
+      );
+      expect(isJwtExpiredSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('isRefreshTokenExpired', () => {
+    it('should call isRefreshTokenExpired from sdk', () => {
+      const token = 'abcd';
+      getRefreshTokenSpy.mockReturnValueOnce(token);
+      service.isRefreshTokenExpired();
+      expect(getRefreshTokenSpy).toHaveBeenCalled();
+      expect(isJwtExpiredSpy).toHaveBeenCalledWith(token);
+    });
+
+    it('should warn when using isRefreshTokenExpired in non browser environment', () => {
+      const warnSpy = jest.spyOn(console, 'warn');
+      windowSpy.mockImplementationOnce(() => undefined);
+
+      service.isRefreshTokenExpired('some token');
+      expect(warnSpy).toHaveBeenCalledWith(
+        'isRefreshTokenExpired is not supported in SSR'
+      );
+      expect(isJwtExpiredSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('getJwtPermissions', () => {
+    it('should return permissions for token from sdk', () => {
+      const permissions = ['edit'];
+      getJwtPermissionsSpy.mockReturnValueOnce(permissions);
+      const result = service.getJwtPermissions('token');
+      expect(getJwtPermissionsSpy).toHaveBeenCalledWith('token', undefined);
+      expect(result).toStrictEqual(permissions);
+    });
+
+    it('should return empty array and log error when there is no token', () => {
+      const errorSpy = jest.spyOn(console, 'error');
+      getSessionTokenSpy.mockReturnValueOnce(null);
+      const result = service.getJwtPermissions();
+      expect(errorSpy).toHaveBeenCalledWith(
+        'Could not get JWT Permissions - not authenticated'
+      );
+      expect(getJwtPermissionsSpy).not.toHaveBeenCalled();
+      expect(result).toStrictEqual([]);
+    });
+  });
+
+  describe('getJwtRoles', () => {
+    it('should return roles for token from sdk', () => {
+      const roles = ['admin'];
+      getJwtRolesSpy.mockReturnValueOnce(roles);
+      const result = service.getJwtRoles('token');
+      expect(getJwtRolesSpy).toHaveBeenCalledWith('token', undefined);
+      expect(result).toStrictEqual(roles);
+    });
+
+    it('should return empty array and log error when there is no token', () => {
+      const errorSpy = jest.spyOn(console, 'error');
+      getSessionTokenSpy.mockReturnValueOnce(null);
+      const result = service.getJwtRoles();
+      expect(errorSpy).toHaveBeenCalledWith(
+        'Could not get JWT Roles - not authenticated'
+      );
+      expect(getJwtRolesSpy).not.toHaveBeenCalled();
+      expect(result).toStrictEqual([]);
+    });
+  });
+
+  describe('refreshSession', () => {
+    it('correctly handle descopeSession stream when session is successfully refreshed', (done: jest.DoneCallback) => {
+      refreshSpy.mockReturnValueOnce(
+        of({ ok: true, data: { sessionJwt: 'newToken' } })
+      );
+      // Taking 4 values from stream: first is initial value, next 3 are the result of refreshSession
+      service.session$.pipe(take(4), toArray()).subscribe({
+        next: (result) => {
+          expect(result.slice(1)).toStrictEqual([
+            {
+              isAuthenticated: false,
+              isSessionLoading: true,
+              sessionToken: undefined
+            },
+            {
+              isAuthenticated: true,
+              isSessionLoading: true,
+              sessionToken: 'newToken'
+            },
+            {
+              isAuthenticated: true,
+              isSessionLoading: false,
+              sessionToken: 'newToken'
+            }
+          ]);
+          expect(service.isAuthenticated()).toBeTruthy();
+          done();
+        },
+        error: (err) => {
+          done.fail(err);
+        }
+      });
+      service.refreshSession().subscribe();
+    });
+
+    it('correctly handle descopeSession stream when refresh session failed', (done: jest.DoneCallback) => {
+      refreshSpy.mockReturnValueOnce(
+        of({ ok: false, data: { sessionJwt: 'newToken' } })
+      );
+      // Taking 4 values from stream: first is initial value, next 3 are the result of refreshSession
+      service.session$.pipe(take(4), toArray()).subscribe({
+        next: (result) => {
+          expect(result.slice(1)).toStrictEqual([
+            {
+              isAuthenticated: false,
+              isSessionLoading: true,
+              sessionToken: undefined
+            },
+            {
+              isAuthenticated: false,
+              isSessionLoading: true,
+              sessionToken: ''
+            },
+            {
+              isAuthenticated: false,
+              isSessionLoading: false,
+              sessionToken: ''
+            }
+          ]);
+          expect(service.isAuthenticated()).toBeFalsy();
+          done();
+        },
+        error: (err) => {
+          done.fail(err);
+        }
+      });
+      service.refreshSession().subscribe();
+    });
+  });
+
+  describe('refreshUser', () => {
+    it('correctly handle descopeUser stream when user is successfully refreshed', (done: jest.DoneCallback) => {
+      meSpy.mockReturnValueOnce(of({ ok: true, data: { name: 'test' } }));
+      // Taking 4 values from stream: first is initial value, next 3 are the result of refreshUser
+      service.user$.pipe(take(4), toArray()).subscribe({
+        next: (result) => {
+          expect(result.slice(1)).toStrictEqual([
+            { isUserLoading: true, user: undefined },
+            { isUserLoading: true, user: { name: 'test' } },
+            { isUserLoading: false, user: { name: 'test' } }
+          ]);
+          done();
+        },
+        error: (err) => {
+          done.fail(err);
+        }
+      });
+      service.refreshUser().subscribe();
+    });
+
+    it('correctly handle descopeUser stream when refresh session failed', (done: jest.DoneCallback) => {
+      meSpy.mockReturnValueOnce(of({ ok: false }));
+      // Taking 3 values from stream: first is initial value, next 2 are the result of refreshUser
+      service.user$.pipe(take(3), toArray()).subscribe({
+        next: (result) => {
+          expect(result.slice(1)).toStrictEqual([
+            { isUserLoading: true, user: undefined },
+            { isUserLoading: false, user: undefined }
+          ]);
+          done();
+        },
+        error: (err) => {
+          done.fail(err);
+        }
+      });
+      service.refreshUser().subscribe();
+    });
+  });
+});

package/projects/angular-sdk/src/lib/services/descope-auth.service.ts

@@ -0,0 +1,200 @@
+// workaround for TS issue https://github.com/microsoft/TypeScript/issues/42873
+// eslint-disable-next-line
+import type * as _1 from '@descope/core-js-sdk';
+import { Injectable } from '@angular/core';
+import type { UserResponse } from '@descope/web-js-sdk';
+import createSdk from '@descope/web-js-sdk';
+import { BehaviorSubject, finalize, Observable, tap } from 'rxjs';
+import { observabilify, Observablefied } from '../utils/helpers';
+import { baseHeaders, isBrowser } from '../utils/constants';
+import { DescopeAuthConfig } from '../types/types';
+
+type DescopeSDK = ReturnType<typeof createSdk>;
+type AngularDescopeSDK = Observablefied<DescopeSDK>;
+
+export interface DescopeSession {
+  isAuthenticated: boolean;
+  isSessionLoading: boolean;
+  sessionToken: string | null;
+}
+
+export type DescopeUser = { user?: UserResponse; isUserLoading: boolean };
+
+@Injectable({
+  providedIn: 'root'
+})
+export class DescopeAuthService {
+  public descopeSdk: AngularDescopeSDK;
+  private readonly sessionSubject: BehaviorSubject<DescopeSession>;
+  private readonly userSubject: BehaviorSubject<DescopeUser>;
+  readonly session$: Observable<DescopeSession>;
+  readonly user$: Observable<DescopeUser>;
+
+  constructor(config: DescopeAuthConfig) {
+    this.descopeSdk = observabilify<DescopeSDK>(
+      createSdk({
+        persistTokens: isBrowser() as true,
+        ...config,
+        storeLastAuthenticatedUser: isBrowser() as true,
+        autoRefresh: isBrowser() as true,
+        baseHeaders
+      })
+    );
+
+    this.sessionSubject = new BehaviorSubject<DescopeSession>({
+      isAuthenticated: false,
+      isSessionLoading: false,
+      sessionToken: ''
+    });
+    this.session$ = this.sessionSubject.asObservable();
+    this.userSubject = new BehaviorSubject<DescopeUser>({
+      isUserLoading: false
+    });
+    this.user$ = this.userSubject.asObservable();
+    this.descopeSdk.onSessionTokenChange(this.setSession.bind(this));
+    this.descopeSdk.onUserChange(this.setUser.bind(this));
+  }
+
+  refreshSession() {
+    const beforeRefreshSession = this.sessionSubject.value;
+    this.sessionSubject.next({
+      ...beforeRefreshSession,
+      isSessionLoading: true
+    });
+    return this.descopeSdk.refresh().pipe(
+      tap((data) => {
+        const afterRequestSession = this.sessionSubject.value;
+        if (data.ok && data.data) {
+          this.sessionSubject.next({
+            ...afterRequestSession,
+            sessionToken: data.data.sessionJwt,
+            isAuthenticated: !!data.data.sessionJwt
+          });
+        } else {
+          this.sessionSubject.next({
+            ...afterRequestSession,
+            sessionToken: '',
+            isAuthenticated: false
+          });
+        }
+      }),
+      finalize(() => {
+        const afterRefreshSession = this.sessionSubject.value;
+        this.sessionSubject.next({
+          ...afterRefreshSession,
+          isSessionLoading: false
+        });
+      })
+    );
+  }
+
+  refreshUser() {
+    const beforeRefreshUser = this.userSubject.value;
+    this.userSubject.next({
+      ...beforeRefreshUser,
+      isUserLoading: true
+    });
+    return this.descopeSdk.me().pipe(
+      tap((data) => {
+        const afterRequestUser = this.userSubject.value;
+        if (data.data) {
+          this.userSubject.next({
+            ...afterRequestUser,
+            user: {
+              ...data.data
+            }
+          });
+        }
+      }),
+      finalize(() => {
+        const afterRefreshUser = this.userSubject.value;
+        this.userSubject.next({
+          ...afterRefreshUser,
+          isUserLoading: false
+        });
+      })
+    );
+  }
+
+  getSessionToken() {
+    if (isBrowser()) {
+      return (
+        this.descopeSdk as AngularDescopeSDK & {
+          getSessionToken: () => string | null;
+        }
+      ).getSessionToken();
+    }
+    console.warn('Get session token is not supported in SSR');
+    return '';
+  }
+
+  getRefreshToken() {
+    if (isBrowser()) {
+      return (
+        this.descopeSdk as AngularDescopeSDK & {
+          getRefreshToken: () => string | null;
+        }
+      ).getRefreshToken();
+    }
+    this.descopeSdk.getJwtPermissions;
+    console.warn('Get refresh token is not supported in SSR');
+    return '';
+  }
+
+  isSessionTokenExpired(token = this.getSessionToken()) {
+    if (isBrowser()) {
+      return this.descopeSdk.isJwtExpired(token ?? '');
+    }
+    console.warn('isSessionTokenExpired is not supported in SSR');
+    return true;
+  }
+
+  isRefreshTokenExpired(token = this.getRefreshToken()) {
+    if (isBrowser()) {
+      return (
+        this.descopeSdk as AngularDescopeSDK & {
+          isJwtExpired: (token: string) => boolean | null;
+        }
+      ).isJwtExpired(token ?? '');
+    }
+    console.warn('isRefreshTokenExpired is not supported in SSR');
+    return true;
+  }
+
+  getJwtPermissions(token = this.getSessionToken(), tenant?: string) {
+    if (token === null) {
+      console.error('Could not get JWT Permissions - not authenticated');
+      return [];
+    }
+    return this.descopeSdk.getJwtPermissions(token, tenant);
+  }
+
+  getJwtRoles(token = this.getSessionToken(), tenant?: string) {
+    if (token === null) {
+      console.error('Could not get JWT Roles - not authenticated');
+      return [];
+    }
+    return this.descopeSdk.getJwtRoles(token, tenant);
+  }
+
+  isAuthenticated() {
+    return this.sessionSubject.value.isAuthenticated;
+  }
+
+  private setSession(sessionToken: string | null) {
+    const currentSession = this.sessionSubject.value;
+    this.sessionSubject.next({
+      sessionToken,
+      isAuthenticated: !!sessionToken,
+      isSessionLoading: currentSession.isSessionLoading
+    });
+  }
+
+  private setUser(user: UserResponse) {
+    const currentUser = this.userSubject.value;
+    this.userSubject.next({
+      isUserLoading: currentUser.isUserLoading,
+      user
+    });
+  }
+}

package/projects/angular-sdk/src/lib/services/descope.interceptor.spec.ts

@@ -0,0 +1,102 @@
+import { TestBed } from '@angular/core/testing';
+import {
+  HttpTestingController,
+  provideHttpClientTesting
+} from '@angular/common/http/testing';
+import {
+  HttpClient,
+  provideHttpClient,
+  withInterceptors
+} from '@angular/common/http';
+import { of } from 'rxjs';
+import { DescopeAuthService } from './descope-auth.service';
+import { DescopeAuthConfig } from '../types/types';
+import createSdk from '@descope/web-js-sdk';
+import { descopeInterceptor } from './descope.interceptor';
+import mocked = jest.mocked;
+
+jest.mock('@descope/web-js-sdk');
+
+describe('DescopeInterceptor', () => {
+  let authService: DescopeAuthService;
+  let httpTestingController: HttpTestingController;
+  let httpClient: HttpClient;
+  let mockedCreateSdk: jest.Mock;
+
+  beforeEach(() => {
+    mockedCreateSdk = mocked(createSdk);
+    mockedCreateSdk.mockReturnValue({
+      onSessionTokenChange: jest.fn(),
+      onUserChange: jest.fn()
+    });
+
+    TestBed.configureTestingModule({
+      providers: [
+        DescopeAuthService,
+        {
+          provide: DescopeAuthConfig,
+          useValue: { pathsToIntercept: ['/api'], projectId: 'test' }
+        },
+        provideHttpClient(withInterceptors([descopeInterceptor])),
+        provideHttpClientTesting()
+      ]
+    });
+
+    authService = TestBed.inject(DescopeAuthService);
+    httpTestingController = TestBed.inject(HttpTestingController);
+    httpClient = TestBed.inject(HttpClient);
+  });
+
+  afterEach(() => {
+    httpTestingController.verify();
+  });
+
+  it('should intercept requests for specified paths', () => {
+    jest.spyOn(authService, 'getSessionToken').mockReturnValue('fakeToken');
+
+    httpClient.get('/api/data').subscribe();
+    httpClient.get('/other').subscribe();
+
+    const req1 = httpTestingController.expectOne('/api/data');
+    const req2 = httpTestingController.expectOne('/other');
+
+    expect(req1.request.headers.get('Authorization')).toEqual(
+      'Bearer fakeToken'
+    );
+    expect(req2.request.headers.get('Authorization')).toEqual(null);
+    req1.flush({});
+    req2.flush({});
+  });
+
+  it('should refresh token and retry request on 401 or 403 error', () => {
+    jest.spyOn(authService, 'getSessionToken').mockReturnValue(null);
+    const refreshSessionSpy = jest
+      .spyOn(authService, 'refreshSession')
+      .mockReturnValue(of({ ok: true, data: { sessionJwt: 'newToken' } }));
+
+    httpClient.get('/api/data').subscribe();
+
+    const req = httpTestingController.expectOne('/api/data');
+
+    expect(req.request.headers.get('Authorization')).toEqual('Bearer newToken');
+    expect(refreshSessionSpy).toHaveBeenCalled();
+    req.flush({}, { status: 401, statusText: 'Not authorized' });
+  });
+
+  it('should throw an error if refreshing the session fails', () => {
+    jest.spyOn(authService, 'getSessionToken').mockReturnValue(null);
+    jest
+      .spyOn(authService, 'refreshSession')
+      .mockReturnValue(of({ ok: false, data: undefined }));
+
+    httpClient.get('/api/data').subscribe({
+      next: () => {},
+      error: (error) => {
+        expect(error.message).toEqual('Could not refresh session!');
+      },
+      complete: () => {}
+    });
+
+    httpTestingController.expectNone('/api/data');
+  });
+});

package/projects/angular-sdk/src/lib/services/descope.interceptor.ts

@@ -0,0 +1,76 @@
+import { inject } from '@angular/core';
+import {
+  HttpErrorResponse,
+  HttpHandlerFn,
+  HttpInterceptorFn,
+  HttpRequest
+} from '@angular/common/http';
+import { throwError } from 'rxjs';
+import { catchError, switchMap } from 'rxjs/operators';
+import { DescopeAuthService } from './descope-auth.service';
+import { DescopeAuthConfig } from '../types/types';
+
+export const descopeInterceptor: HttpInterceptorFn = (request, next) => {
+  const config = inject(DescopeAuthConfig);
+  const authService = inject(DescopeAuthService);
+
+  function refreshAndRetry(
+    request: HttpRequest<unknown>,
+    next: HttpHandlerFn,
+    error?: HttpErrorResponse
+  ) {
+    return authService.refreshSession().pipe(
+      switchMap((refreshed) => {
+        if (refreshed.ok && refreshed.data) {
+          const requestWithRefreshedToken = addTokenToRequest(
+            request,
+            refreshed.data?.sessionJwt
+          );
+          return next(requestWithRefreshedToken);
+        } else {
+          return throwError(
+            () => error ?? new Error('Could not refresh session!')
+          );
+        }
+      })
+    );
+  }
+
+  function shouldIntercept(request: HttpRequest<unknown>): boolean {
+    return (
+      (config.pathsToIntercept?.length === 0 ||
+        config.pathsToIntercept?.some((path) => request.url.includes(path))) ??
+      true
+    );
+  }
+
+  function addTokenToRequest(
+    request: HttpRequest<unknown>,
+    token: string
+  ): HttpRequest<unknown> {
+    return request.clone({
+      setHeaders: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+  }
+
+  if (shouldIntercept(request)) {
+    const token = authService.getSessionToken();
+    if (!token) {
+      return refreshAndRetry(request, next);
+    }
+    const requestWithToken = addTokenToRequest(request, token);
+    return next(requestWithToken).pipe(
+      catchError((error: HttpErrorResponse) => {
+        if (error.status === 401 || error.status === 403) {
+          return refreshAndRetry(request, next, error);
+        } else {
+          return throwError(() => error);
+        }
+      })
+    );
+  } else {
+    return next(request);
+  }
+};

package/projects/angular-sdk/src/lib/types/types.ts

@@ -0,0 +1,15 @@
+import { ILogger } from '@descope/web-component';
+
+export class DescopeAuthConfig {
+  projectId = '';
+  baseUrl?: string;
+  baseStaticUrl?: string;
+  // If true, tokens will be stored on local storage
+  persistTokens?: boolean;
+  sessionTokenViaCookie?: boolean;
+  // If true, last authenticated user will be stored on local storage and can accessed with getUser function
+  storeLastAuthenticatedUser?: boolean;
+  pathsToIntercept?: string[];
+}
+
+export type { ILogger };