refactor: Update WebAuth0Client, WebCredentialsManager, and WebWebAuthProvider to use Auth0Client directly and add unit tests for WebWebAuthProvider

Author: subhankarmaiti

src/platforms/web/adapters/WebAuth0Client.ts

@@ -74,8 +74,8 @@ export class WebAuth0Client implements IAuth0Client {
 
     this.handleRedirect(client);
 
-    this.webAuth = new WebWebAuthProvider(this);
-    this.credentialsManager = new WebCredentialsManager(this);
+    this.webAuth = new WebWebAuthProvider(this.client);
+    this.credentialsManager = new WebCredentialsManager(this.client);
   }
 
   users(token: string): IUsersClient {

src/platforms/web/adapters/WebCredentialsManager.ts

@@ -4,10 +4,10 @@ import {
   AuthError,
   Credentials as CredentialsModel,
 } from '../../../core/models';
-import type { WebAuth0Client } from './WebAuth0Client';
+import type { Auth0Client } from '@auth0/auth0-spa-js';
 
 export class WebCredentialsManager implements ICredentialsManager {
-  constructor(private parent: WebAuth0Client) {}
+  constructor(private client: Auth0Client) {}
 
   async saveCredentials(_credentials: Credentials): Promise<void> {
     console.warn(
@@ -23,13 +23,13 @@ export class WebCredentialsManager implements ICredentialsManager {
     forceRefresh?: boolean
   ): Promise<Credentials> {
     try {
-      const tokenResponse = await this.parent.client.getTokenSilently({
+      const tokenResponse = await this.client.getTokenSilently({
         cacheMode: forceRefresh ? 'off' : 'on',
         authorizationParams: { ...parameters, scope },
         detailedResponse: true,
       });
 
-      const claims = await this.parent.client.getIdTokenClaims();
+      const claims = await this.client.getIdTokenClaims();
       if (!claims || !claims.exp) {
         throw new AuthError(
           'IdTokenMissing',
@@ -61,10 +61,10 @@ export class WebCredentialsManager implements ICredentialsManager {
   }
 
   async hasValidCredentials(): Promise<boolean> {
-    return this.parent.client.isAuthenticated();
+    return this.client.isAuthenticated();
   }
 
   async clearCredentials(): Promise<void> {
-    await this.parent.client.logout({ openUrl: false });
+    await this.client.logout({ openUrl: false });
   }
 }

src/platforms/web/adapters/WebWebAuthProvider.ts

@@ -6,20 +6,21 @@ import type {
 } from '../../../types';
 import { AuthError } from '../../../core/models';
 import { finalizeScope } from '../../../core/utils';
-import type { WebAuth0Client } from './WebAuth0Client';
+import type { Auth0Client } from '@auth0/auth0-spa-js';
 
 export class WebWebAuthProvider implements IWebAuthProvider {
-  constructor(private parent: WebAuth0Client) {}
+  constructor(private client: Auth0Client) {}
 
   async authorize(
     parameters: WebAuthorizeParameters = {}
   ): Promise<Credentials> {
     const finalScope = finalizeScope(parameters.scope);
-    await this.parent.client.loginWithRedirect({
+    const { redirectUrl, ...restParams } = parameters;
+    await this.client.loginWithRedirect({
       authorizationParams: {
-        ...parameters,
+        ...restParams,
         scope: finalScope,
-        redirect_uri: parameters.redirectUrl,
+        redirect_uri: redirectUrl,
       },
     });
 
@@ -32,7 +33,7 @@ export class WebWebAuthProvider implements IWebAuthProvider {
 
   async clearSession(parameters: ClearSessionParameters = {}): Promise<void> {
     try {
-      await this.parent.client.logout({
+      await this.client.logout({
         logoutParams: {
           federated: parameters.federated,
           returnTo: parameters.returnToUrl,

src/platforms/web/adapters/__tests__/WebWebAuthProvider.spec.ts

@@ -0,0 +1,120 @@
+import { Auth0Client } from '@auth0/auth0-spa-js';
+import { WebWebAuthProvider } from '../WebWebAuthProvider';
+import { finalizeScope } from '../../../../core/utils';
+import { AuthError } from '../../../../core/models';
+
+// Mock the direct dependencies
+jest.mock('@auth0/auth0-spa-js');
+jest.mock('../../../../core/utils/scope');
+
+const MockAuth0Client = Auth0Client as jest.MockedClass<typeof Auth0Client>;
+const mockFinalizeScope = finalizeScope as jest.Mock;
+
+describe('WebWebAuthProvider', () => {
+  let mockSpaClient: jest.Mocked<Auth0Client>;
+  let provider: WebWebAuthProvider;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    // Create a mock instance of the underlying spa-js client.
+    // This is the object that will be passed into our provider's constructor.
+    mockSpaClient = new MockAuth0Client({} as any);
+
+    // Construct the provider with the mock dependency.
+    provider = new WebWebAuthProvider(mockSpaClient);
+
+    // Provide a default mock implementation for the scope utility.
+    mockFinalizeScope.mockImplementation(
+      (scope) => scope || 'openid profile email'
+    );
+  });
+
+  describe('authorize', () => {
+    it('should call finalizeScope with the provided scope', () => {
+      // The promise from authorize() is designed to never resolve, so we don't await it.
+      // We are only testing the synchronous calls that happen before the redirect.
+      provider.authorize({ scope: 'read:data' });
+      expect(mockFinalizeScope).toHaveBeenCalledWith('read:data');
+    });
+
+    it('should call loginWithRedirect on the spa-js client with all parameters', () => {
+      const parameters = {
+        audience: 'https://api.example.com',
+        connection: 'Username-Password-Authentication',
+        redirectUrl: 'https://app.com/callback',
+        scope: 'openid profile read:data',
+      };
+
+      // Re-configure the mock scope utility for this specific test
+      mockFinalizeScope.mockReturnValue('openid profile read:data');
+
+      provider.authorize(parameters);
+
+      expect(mockSpaClient.loginWithRedirect).toHaveBeenCalledTimes(1);
+      expect(mockSpaClient.loginWithRedirect).toHaveBeenCalledWith({
+        authorizationParams: {
+          audience: parameters.audience,
+          connection: parameters.connection,
+          scope: 'openid profile read:data',
+          redirect_uri: parameters.redirectUrl,
+        },
+      });
+    });
+
+    it('should throw an error to interrupt the app flow, as it redirects', async () => {
+      // This confirms the promise doesn't resolve with credentials, which is correct behavior for a redirect.
+      // It should hang until Jest times it out, but we can check if it throws our specific Redirecting error.
+      // In your latest implementation, it just returns a hanging promise. Let's test that it doesn't resolve or reject quickly.
+      const authorizePromise = provider.authorize({});
+
+      const timeout = new Promise((resolve) => setTimeout(resolve, 100));
+
+      // We expect the test to finish (due to timeout) before the authorizePromise resolves.
+      // This confirms it's a hanging promise.
+      await expect(
+        Promise.race([authorizePromise, timeout])
+      ).resolves.toBeUndefined();
+    });
+  });
+
+  describe('clearSession', () => {
+    it("should call the client's logout method with correct parameters", async () => {
+      const parameters = {
+        returnToUrl: 'https://app.com/logout',
+        federated: true,
+      };
+
+      await provider.clearSession(parameters);
+
+      expect(mockSpaClient.logout).toHaveBeenCalledTimes(1);
+      expect(mockSpaClient.logout).toHaveBeenCalledWith({
+        logoutParams: {
+          returnTo: parameters.returnToUrl,
+          federated: parameters.federated,
+        },
+      });
+    });
+
+    it('should throw an AuthError if the client logout fails', async () => {
+      const logoutError = {
+        error: 'logout_failed',
+        error_description: 'Could not log out',
+      };
+      mockSpaClient.logout.mockRejectedValue(logoutError);
+
+      await expect(provider.clearSession()).rejects.toThrow(AuthError);
+      await expect(provider.clearSession()).rejects.toMatchObject({
+        name: 'logout_failed',
+      });
+    });
+  });
+
+  describe('cancelWebAuth', () => {
+    it('should resolve immediately as it is a no-op on the web', async () => {
+      await expect(provider.cancelWebAuth()).resolves.toBeUndefined();
+      expect(mockSpaClient.loginWithRedirect).not.toHaveBeenCalled();
+      expect(mockSpaClient.logout).not.toHaveBeenCalled();
+    });
+  });
+});