Merge pull request #76 from Koosha-Owji/feat/migrate-jose-to-kinde-jwt-validator

Feat/migrate jose to kinde jwt validator/decoder

Author: coel

lib/__tests__/mocks.ts

@@ -129,3 +129,24 @@ class ServerSessionManager implements SessionManager {
 export const sessionManager = new ServerSessionManager();
 
 global.fetch = fetchClient;
+
+// Mock @kinde/jwt-validator
+export const createJwtValidatorMock = () => ({
+  validateToken: vi.fn().mockImplementation(async ({ token, domain }) => {
+    if (!token) {
+      return { valid: false, message: 'Token is required' };
+    }
+
+    if (!domain) {
+      return { valid: false, message: 'Domain is required' };
+    }
+
+    const jwtParts = token.split('.');
+    if (jwtParts.length !== 3) {
+      return { valid: false, message: 'Invalid JWT format' };
+    }
+
+    // If it passes basic validation, return true (simplified for testing)
+    return { valid: true, message: 'Token is valid' };
+  }),
+});

lib/__tests__/sdk/oauth2-flows/AuthCodeWithPKCE.spec.ts

@@ -6,7 +6,7 @@ import { base64UrlEncode, sha256 } from '../../../sdk/utilities';
 import { AuthCodeWithPKCE } from '../../../sdk/oauth2-flows';
 import { getSDKHeader } from '../../../sdk/version';
 import * as mocks from '../../mocks';
-import { describe, it, expect, beforeAll, afterEach } from 'vitest';
+import { describe, it, expect, afterEach } from 'vitest';
 
 describe('AuthCodeWitPKCE', () => {
   const { sessionManager } = mocks;
@@ -17,11 +17,6 @@ describe('AuthCodeWitPKCE', () => {
     clientId: 'client-id',
   };
 
-  beforeAll(async () => {
-    const { publicKey } = await mocks.getKeys();
-    clientConfig.jwks = { keys: [publicKey] };
-  });
-
   describe('new AuthCodeWithPKCE', () => {
     it('can construct AuthCodeWithPKCE instance', () => {
       expect(() => new AuthCodeWithPKCE(clientConfig)).not.toThrowError();

lib/__tests__/sdk/oauth2-flows/AuthorizationCode.spec.ts

@@ -10,7 +10,7 @@ import {
 
 import { KindeSDKError, KindeSDKErrorCode } from '../../../sdk/exceptions';
 import { generateRandomString } from '../../../sdk/utilities';
-import { describe, it, expect, beforeAll, afterEach } from 'vitest';
+import { describe, it, expect, afterEach } from 'vitest';
 
 describe('AuthorizationCode', () => {
   const { sessionManager } = mocks;
@@ -22,11 +22,6 @@ describe('AuthorizationCode', () => {
     clientId: 'client-id',
   };
 
-  beforeAll(async () => {
-    const { publicKey } = await mocks.getKeys();
-    clientConfig.jwks = { keys: [publicKey] };
-  });
-
   describe('new AuthorizationCode', () => {
     it('can construct AuthorizationCode instance', () => {
       expect(

lib/__tests__/sdk/oauth2-flows/ClientCredentials.spec.ts

@@ -1,4 +1,3 @@
-import { importJWK } from 'jose';
 import { ClientCredentials } from '../../../sdk/oauth2-flows/ClientCredentials';
 import { type ClientCredentialsOptions } from '../../../sdk/oauth2-flows/types';
 import {
@@ -32,14 +31,9 @@ describe('ClientCredentials', () => {
     let validationDetails: TokenValidationDetailsType;
 
     beforeAll(async () => {
-      const { publicKey } = await mocks.getKeys();
-
       validationDetails = {
         issuer: clientConfig.authDomain,
-        keyProvider: async () => await importJWK(publicKey, mocks.mockJwtAlg),
       };
-
-      clientConfig.jwks = { keys: [publicKey] };
     });
 
     const body = new URLSearchParams({

lib/__tests__/sdk/utilities/feature-flags.spec.ts

@@ -7,20 +7,17 @@ import {
   getFlag,
   type TokenValidationDetailsType,
 } from '../../../sdk/utilities';
-import { importJWK } from 'jose';
 
 describe('feature-flags', () => {
   let mockAccessToken: Awaited<ReturnType<typeof mocks.getMockAccessToken>>;
   const { sessionManager } = mocks;
+  const authDomain = 'local-testing@kinde.com';
 
   let validationDetails: TokenValidationDetailsType;
 
   beforeAll(async () => {
-    const { publicKey } = await mocks.getKeys();
-
     validationDetails = {
-      issuer: '',
-      keyProvider: async () => await importJWK(publicKey, mocks.mockJwtAlg),
+      issuer: authDomain,
     };
   });
 

lib/__tests__/sdk/utilities/token-claims.spec.ts

@@ -8,25 +8,20 @@ import {
   getClaim,
   type TokenValidationDetailsType,
 } from '../../../sdk/utilities';
-import { importJWK } from 'jose';
 import { describe, it, expect, beforeAll, afterAll } from 'vitest';
 
 describe('token-claims', () => {
   let mockAccessToken: Awaited<ReturnType<typeof mocks.getMockAccessToken>>;
   let mockIdToken: Awaited<ReturnType<typeof mocks.getMockIdToken>>;
-  const authDomain = 'https://local-testing@kinde.com';
+  const authDomain = 'local-testing@kinde.com';
   const { sessionManager } = mocks;
 
   let validationDetails: TokenValidationDetailsType;
 
   beforeAll(async () => {
-    const { publicKey } = await mocks.getKeys();
-
     validationDetails = {
       issuer: authDomain,
-      keyProvider: async () => await importJWK(publicKey, mocks.mockJwtAlg),
     };
-
     mockAccessToken = await mocks.getMockAccessToken();
     mockIdToken = await mocks.getMockIdToken();
     await sessionManager.setSessionItem('access_token', mockAccessToken.token);

lib/__tests__/sdk/utilities/token-utils.spec.ts

@@ -10,19 +10,15 @@ import {
 } from '../../../sdk/utilities';
 
 import { KindeSDKError, KindeSDKErrorCode } from '../../../sdk/exceptions';
-import { importJWK } from 'jose';
 
 describe('token-utils', () => {
   const domain = 'local-testing@kinde.com';
   const { sessionManager } = mocks;
   let validationDetails: TokenValidationDetailsType;
 
   beforeAll(async () => {
-    const { publicKey } = await mocks.getKeys();
-
     validationDetails = {
       issuer: domain,
-      keyProvider: async () => await importJWK(publicKey, mocks.mockJwtAlg),
     };
   });
 

lib/sdk/clients/server/index.ts

@@ -1,5 +1,4 @@
 import createAuthCodeClient from './authorization-code.js';
-import { isNodeEnvironment } from '../../environment.js';
 import createCCClient from './client-credentials.js';
 import { GrantType } from '../../oauth2-flows/index.js';
 
@@ -30,10 +29,6 @@ export const createKindeServerClient = <G extends GrantType>(
   grantType: G,
   options: Options<G>
 ) => {
-  if (!isNodeEnvironment()) {
-    throw new Error('this method must be invoked in a node.js environment');
-  }
-
   switch (grantType) {
     case GrantType.AUTHORIZATION_CODE: {
       const clientOptions = options as ACClientOptions;

lib/sdk/oauth2-flows/AuthCodeAbstract.ts

@@ -11,8 +11,6 @@ import type {
   AuthorizationCodeOptions,
   AuthURLOptions,
 } from './types.js';
-import { createLocalJWKSet } from 'jose';
-import { getRemoteJwks } from '../utilities/remote-jwks-cache.js';
 import type { GeneratePortalUrlParams } from '@kinde/js-utils';
 
 /**
@@ -37,17 +35,9 @@ export abstract class AuthCodeAbstract {
     this.userProfileEndpoint = `${authDomain}/oauth2/v2/user_profile`;
     this.authorizationEndpoint = `${authDomain}/oauth2/auth`;
     this.tokenEndpoint = `${authDomain}/oauth2/token`;
-    const keyProvider = async () => {
-      const func =
-        config.jwks !== undefined
-          ? createLocalJWKSet(config.jwks)
-          : await getRemoteJwks(authDomain);
-      return await func({ alg: 'RS256' });
-    };
     this.tokenValidationDetails = {
       issuer: config.authDomain,
       audience: config.audience,
-      keyProvider,
     };
   }
 

lib/sdk/oauth2-flows/ClientCredentials.ts

@@ -1,4 +1,3 @@
-import { createLocalJWKSet } from 'jose';
 import { type SessionManager } from '../session-managers/index.js';
 import * as utilities from '../utilities/index.js';
 import { getSDKHeader } from '../version.js';
@@ -8,7 +7,6 @@ import type {
   ClientCredentialsOptions,
   OAuth2CCTokenResponse,
 } from './types.js';
-import { getRemoteJwks } from '../utilities/remote-jwks-cache.js';
 
 /**
  * Class provides implementation for the client credentials OAuth2.0 flow.
@@ -24,17 +22,9 @@ export class ClientCredentials {
     this.logoutEndpoint = `${authDomain}/logout?redirect=${logoutRedirectURL ?? ''}`;
     this.tokenEndpoint = `${authDomain}/oauth2/token`;
     this.config = config;
-    const keyProvider = async () => {
-      const func =
-        config.jwks !== undefined
-          ? createLocalJWKSet(config.jwks)
-          : await getRemoteJwks(authDomain);
-      return await func({ alg: 'RS256' });
-    };
     this.tokenValidationDetails = {
       issuer: config.authDomain,
       audience: config.audience,
-      keyProvider,
     };
   }