add resource param to authorization requests

brockallen · brockallen · commit 99ae40d7e61f · 2016-10-03T18:36:40.000-04:00
diff --git a/src/OidcClient.js b/src/OidcClient.js
@@ -44,7 +44,7 @@ export default class OidcClient {
         // have round tripped, but people were getting confused, so i added state (since that matches the spec) 
         // and so now if data is not passed, but state is then state will be used
         data, state,
-        prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values} = {},
+        prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource} = {},
         stateStore
     ) {
         Log.info("OidcClient.createSigninRequest");
@@ -60,6 +60,7 @@ export default class OidcClient {
         max_age = max_age || this._settings.max_age;
         ui_locales = ui_locales || this._settings.ui_locales;
         acr_values = acr_values || this._settings.acr_values;
+        resource = resource || this._settings.resource;
         
         let authority = this._settings.authority;
 
@@ -74,7 +75,7 @@ export default class OidcClient {
                 scope,
                 data: data || state,
                 authority,
-                prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values
+                prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource
             });
 
             var signinState = request.state;
diff --git a/src/OidcClientSettings.js b/src/OidcClientSettings.js
@@ -21,7 +21,7 @@ export default class OidcClientSettings {
         client_id, response_type = DefaultResponseType, scope = DefaultScope,
         redirect_uri, post_logout_redirect_uri,
         // optional protocol
-        prompt, display, max_age, ui_locales, acr_values,
+        prompt, display, max_age, ui_locales, acr_values, resource,
         // behavior flags
         filterProtocolClaims = true, loadUserInfo = true,
         staleStateAge = DefaultStaleStateAge, clockSkew = DefaultClockSkewInSeconds,
@@ -47,6 +47,7 @@ export default class OidcClientSettings {
         this._max_age = max_age;
         this._ui_locales = ui_locales;
         this._acr_values = acr_values;
+        this._resource = resource;
 
         this._filterProtocolClaims = !!filterProtocolClaims;
         this._loadUserInfo = !!loadUserInfo;
@@ -102,6 +103,9 @@ export default class OidcClientSettings {
     get acr_values() {
         return this._acr_values;
     }
+    get resource() {
+        return this._resource;
+    }
 
 
     // metadata
diff --git a/src/SigninRequest.js b/src/SigninRequest.js
@@ -10,7 +10,7 @@ export default class SigninRequest {
         // mandatory
         url, client_id, redirect_uri, response_type, scope, authority,
         // optional
-        data, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values
+        data, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource
     }) {
         if (!url) {
             Log.error("No url passed to SigninRequest");
@@ -50,7 +50,7 @@ export default class SigninRequest {
             url = UrlUtility.addQueryParam(url, "nonce", this.state.nonce);
         }
 
-        var optional = { prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values };
+        var optional = { prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource };
         for(let key in optional){
             if (optional[key]) {
                 url = UrlUtility.addQueryParam(url, key, optional[key]);
diff --git a/test/unit/OidcClient.spec.js b/test/unit/OidcClient.spec.js
@@ -126,7 +126,8 @@ describe("OidcClient", function () {
                 ui_locales: 'u',
                 id_token_hint: 'ith',
                 login_hint: 'lh',
-                acr_values: 'av'
+                acr_values: 'av',
+                resource: 'res'
             });
 
             p.then(request => {
@@ -144,6 +145,7 @@ describe("OidcClient", function () {
                 url.should.contain("id_token_hint=ith");
                 url.should.contain("login_hint=lh");
                 url.should.contain("acr_values=av");
+                url.should.contain("resource=res");
 
                 done();
             });
@@ -163,7 +165,8 @@ describe("OidcClient", function () {
                 ui_locales: 'u',
                 id_token_hint: 'ith',
                 login_hint: 'lh',
-                acr_values: 'av'
+                acr_values: 'av',
+                resource: 'res'
             });
 
             p.then(request => {
@@ -181,6 +184,7 @@ describe("OidcClient", function () {
                 url.should.contain("id_token_hint=ith");
                 url.should.contain("login_hint=lh");
                 url.should.contain("acr_values=av");
+                url.should.contain("resource=res");
 
                 done();
             });
diff --git a/test/unit/SigninRequest.spec.js b/test/unit/SigninRequest.spec.js
@@ -169,6 +169,13 @@ describe("SigninRequest", function() {
             subject.url.should.contain("acr_values=foo");
         });
 
+        it("should include resource", function() {
+            settings.resource = "foo";
+            subject = new SigninRequest(settings);
+            subject.url.should.contain("resource=foo");
+        });
+
+
     });
 
     describe("isOidc", function() {
