fix(scope): Add support for 123done to request a scope key

packages/123done/oauth.js

@@ -146,16 +146,17 @@ module.exports = function (app, db) {
   });
 
   app.get('/api/two_step_authentication', function (req, res) {
-    setupOAuthFlow(req, 'email', { acrValues: 'AAL2' }, function (
-      err,
-      params,
-      oauthConfig
-    ) {
-      if (err) {
-        return res.send(400, err);
+    setupOAuthFlow(
+      req,
+      'email',
+      { acrValues: 'AAL2' },
+      function (err, params, oauthConfig) {
+        if (err) {
+          return res.send(400, err);
+        }
+        return res.redirect(redirectUrl(params, oauthConfig));
       }
-      return res.redirect(redirectUrl(params, oauthConfig));
-    });
+    );
   });
 
   // begin a force auth flow
@@ -169,22 +170,24 @@ module.exports = function (app, db) {
   });
 
   app.get('/api/prompt_none', function (req, res) {
-    setupOAuthFlow(req, null, { prompt: 'none' }, function (
-      err,
-      params,
-      oauthConfig
-    ) {
-      if (err) {
-        return res.send(400, err);
+    setupOAuthFlow(
+      req,
+      null,
+      { prompt: 'none' },
+      function (err, params, oauthConfig) {
+        if (err) {
+          return res.send(400, err);
+        }
+        // If there is an email specified on the query params,
+        // save it in case FxA returns an error code saying
+        // the user needs to authenticate. FxA will be
+        // re-opened with the email in the query params
+        // and asked to sign in as that user.
+        req.session.requestedLoginHint =
+          req.query.email || req.query.login_hint;
+        return res.redirect(redirectUrl(params, oauthConfig));
       }
-      // If there is an email specified on the query params,
-      // save it in case FxA returns an error code saying
-      // the user needs to authenticate. FxA will be
-      // re-opened with the email in the query params
-      // and asked to sign in as that user.
-      req.session.requestedLoginHint = req.query.email || req.query.login_hint;
-      return res.redirect(redirectUrl(params, oauthConfig));
-    });
+    );
   });
 
   app.get('/api/oauth', function (req, res) {
@@ -235,6 +238,7 @@ module.exports = function (app, db) {
           console.log(err, body); //eslint-disable-line no-console
           req.session.scopes = body.scopes;
           req.session.token_type = body.token_type;
+          req.session.keys_jwe = body.keys_jwe;
           var token = (req.session.token = body.access_token);
           var id_token = body.id_token;
 

packages/123done/server.js

@@ -71,6 +71,7 @@ app.get('/api/auth_status', function (req, res) {
       subscriptions: req.session.subscriptions || [],
       amr: req.session.amr || null,
       acr: req.session.acr || '0',
+      keys_jwe: req.session.keys_jwe || null,
     })
   );
 });

packages/123done/static/index.html

@@ -54,6 +54,12 @@
       >
         Sign In (prompt=none)
       </button>
+        <button
+          class="btn btn-large btn-info btn-persona scope-keys"
+          type="submit"
+        >
+          Sign In (scopeKeys)
+        </button>
       <button
         class="btn btn-large btn-info btn-persona force-auth"
         type="submit"
@@ -205,6 +211,10 @@
       </section>
     </div>
 
+    <section class="keys-data">
+      <div id="keys"></div>
+    </section>
+
     <footer id="footer-main">
       <div class="container">
         <div class="subscription-buttons">

packages/123done/static/js/123done.js

@@ -167,6 +167,10 @@ $(document).ready(function () {
       } else {
         $('body').removeClass('is-subscribed');
       }
+
+      if (loggedInState.keys_jwe) {
+        $('#keys').text(`Scoped key: ${loggedInState.keys_jwe}`);
+      }
     }
 
     function updateListArea(email) {
@@ -259,6 +263,16 @@ $(document).ready(function () {
       });
     });
 
+    $('button.scope-keys').click(function (ev) {
+      authenticate('best_choice', {
+        keys_jwk:
+          'eyJrdHkiOiJFQyIsImtpZCI6Im9DNGFudFBBSFZRX1pmQ09RRUYycTRaQlZYblVNZ2xISGpVRzdtSjZHOEEiLCJjcnYiOi' +
+          'JQLTI1NiIsIngiOiJDeUpUSjVwbUNZb2lQQnVWOTk1UjNvNTFLZVBMaEg1Y3JaQlkwbXNxTDk0IiwieSI6IkJCWDhfcFVZeHpTaldsdX' +
+          'U5MFdPTVZwamIzTlpVRDAyN0xwcC04RW9vckEifQ',
+        scope: 'profile openid https://identity.mozilla.com/apps/123done',
+      });
+    });
+
     $('button.force-auth').click(function (ev) {
       if (
         !window.location.search.includes('email=') &&

packages/fxa-auth-server/config/dev.json

@@ -205,7 +205,8 @@
         "imageUri": "https://mozorg.cdn.mozilla.net/media/img/firefox/new/header-firefox.png",
         "redirectUri": "http://localhost:8080/api/oauth",
         "trusted": true,
-        "canGrant": false
+        "canGrant": false,
+        "allowedScopes": "https://identity.mozilla.com/apps/123done"
       },
       {
         "id": "38a6b9b3a65a1871",
@@ -402,6 +403,10 @@
         "scope": "https://identity.mozilla.com/apps/notes",
         "hasScopedKeys": true
       },
+      {
+        "scope": "https://identity.mozilla.com/apps/123done",
+        "hasScopedKeys": true
+      },
       {
         "scope": "https://identity.mozilla.com/apps/oldsync",
         "hasScopedKeys": true

packages/fxa-content-server/server/lib/configuration.js

@@ -609,6 +609,12 @@ const conf = (module.exports = convict({
             'https://send2.dev.lcip.org/oauth',
           ],
         },
+        'https://identity.mozilla.com/apps/123done': {
+          redirectUris: [
+            'http://localhost:8080/api/oauth',
+            'https://stage-123done.herokuapp.com/api/oauth',
+          ],
+        },
       },
       doc: 'Validates redirect uris for requested scopes',
       env: 'SCOPED_KEYS_VALIDATION',