Merge pull request #43 from bennovakovic/bmn/enable-additional-cors-h…

…eaders

Improvement: Abstract cors configuration away from the user, and just allow them to turn it on or off.

src/ICorsOptions.ts

@@ -0,0 +1,5 @@
+export default interface ICorsOptions {
+  credentials?: 'omit' | 'same-origin' | 'include',
+  // RFC for mode options: https://fetch.spec.whatwg.org/#concept-request-mode
+  mode?: 'cors' | 'no-cors' | 'same-origin' | 'navigate'
+}

src/PKCE.ts

@@ -5,11 +5,13 @@ import IAuthResponse from './IAuthResponse';
 import IConfig from './IConfig';
 import IObject from './IObject';
 import ITokenResponse from './ITokenResponse';
+import ICorsOptions from './ICorsOptions';
 
 export default class PKCE {
   private config: IConfig;
   private state: string = '';
   private codeVerifier: string = '';
+  private corsRequestOptions:ICorsOptions = {};
 
   /**
    * Initialize the instance with configuration
@@ -19,6 +21,20 @@ export default class PKCE {
     this.config = config;
   }
 
+  /**
+   * Allow the user to enable cross domain cors requests
+   * @param  enable turn the cross domain request options on.
+   * @return ICorsOptions
+   */
+  public enableCorsCredentials(enable: boolean): ICorsOptions {
+
+    this.corsRequestOptions = (enable) ? {
+      credentials: 'include',
+      mode: 'cors'
+    } : {}
+    return this.corsRequestOptions
+  }
+
   /**
    * Generate the authorize url
    * @param  {object} additionalParams include additional parameters in the query
@@ -71,6 +87,7 @@ export default class PKCE {
           Accept: 'application/json',
           'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
         },
+        ...this.corsRequestOptions
       }).then((response) => response.json());
     });
   }

tests/PKCE.test.ts

@@ -113,11 +113,27 @@ describe('Test PKCE exchange code for token', () => {
     expect(body.get('test_param')).toEqual('testing');
   });
 
-  async function mockRequest(additionalParams: object = {}) {
+  it('Should have set the cors credentials options correctly', async () => {
+    // enable cors credentials
+    await mockRequest({}, true)
+    expect(fetch.mock.calls[0][1]?.mode).toEqual('cors')
+    expect(fetch.mock.calls[0][1]?.credentials).toEqual('include')
+  })
+
+  it('Should _not_ have cors credentials options set', async () => {
+    // enable cors credentials
+    await mockRequest({}, false)
+    expect(fetch.mock.calls[0][1]?.mode).toBeUndefined()
+    expect(fetch.mock.calls[0][1]?.credentials).toBeUndefined()
+  })
+
+  async function mockRequest(additionalParams: object = {}, enableCorsCredentials = false) {
     sessionStorage.setItem('pkce_state', 'teststate');
     const url = 'https://example.com?state=teststate&code=123';
     const instance = new PKCE(config);
 
+    instance.enableCorsCredentials(enableCorsCredentials)
+
     const mockSuccessResponse = {
       access_token: 'token',
       expires_in: 123,
@@ -161,7 +177,8 @@ describe('Test PCKE refresh token', () => {
     expect(body.get('grant_type')).toEqual('refresh_token');
     expect(body.get('client_id')).toEqual(config.client_id);
     expect(body.get('refresh_token')).toEqual(refreshToken);
-  });  
+  });
+
 
   async function mockRequest() {
     const instance = new PKCE(config);
@@ -179,7 +196,7 @@ describe('Test PCKE refresh token', () => {
     fetch.mockResponseOnce(JSON.stringify(mockSuccessResponse))
 
     await instance.refreshAccessToken(refreshToken);
-  }  
+  }
 });
 
 
@@ -192,7 +209,7 @@ describe('Test storage types', () => {
     instance.authorizeUrl();
 
     expect(sessionStorage.getItem('pkce_code_verifier')).not.toEqual(null);
-    expect(localStorage.getItem('pkce_code_verifier')).toEqual(null);    
+    expect(localStorage.getItem('pkce_code_verifier')).toEqual(null);
   });
 
   it('Should allow for using localStorage, sessionStorage emtpy', async () => {