feat(journey-client): wellknown-endpoint-config-support #525
Conversation
🦋 Changeset detectedLatest commit: 95eee18 The changes in this PR will be included in the next version bump. This PR includes changesets to release 12 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
📝 WalkthroughWalkthroughAdds shared OIDC well-known discovery across packages: a new RTK Query wellknown API and error utilities, well-known URL/realm utilities, journey/davinci/oidc clients refactored to consume the shared module, tests added, and workspace/tsconfig dependency/reference updates. Changes
Sequence Diagram(s)sequenceDiagram
participant Client as Journey Factory
participant Store as Redux Store
participant WKApi as wellknownApi (RTK Query)
participant OIDC as OIDC Server
participant Utils as Wellknown Utils
Client->>Utils: isValidWellknownUrl(wellknownUrl)
Utils-->>Client: boolean
alt valid well-known
Client->>WKApi: dispatch fetch configuration (endpoint)
WKApi->>OIDC: GET /.well-known/openid-configuration
OIDC-->>WKApi: WellKnownResponse
WKApi-->>Client: cached WellKnownResponse
Client->>Utils: inferRealmFromIssuer(response.issuer)
Utils-->>Client: inferred realm?
Client->>Store: dispatch setConfig(InternalJourneyClientConfig)
Store-->>Client: config persisted in state
else invalid / fetch error
WKApi-->>Client: error
Client->>Utils: createWellknownError(error)
Utils-->>Client: GenericError
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
View your CI Pipeline Execution ↗ for commit 95eee18
☁️ Nx Cloud last updated this comment at |
@forgerock/davinci-client
@forgerock/device-client
@forgerock/journey-client
@forgerock/oidc-client
@forgerock/protect
@forgerock/sdk-types
@forgerock/sdk-utilities
@forgerock/iframe-manager
@forgerock/sdk-logger
@forgerock/sdk-oidc
@forgerock/sdk-request-middleware
@forgerock/storage
commit: |
Codecov Report❌ Patch coverage is ❌ Your project status has failed because the head coverage (19.36%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #525 +/- ##
==========================================
+ Coverage 18.79% 19.36% +0.57%
==========================================
Files 140 148 +8
Lines 27640 28005 +365
Branches 980 1028 +48
==========================================
+ Hits 5195 5424 +229
- Misses 22445 22581 +136
🚀 New features to boost your workflow:
|
|
Deployed bf383c5 to https://ForgeRock.github.io/ping-javascript-sdk/pr-525/bf383c5de59f21b2e7a6ffa8239192bf56991316 branch gh-pages in ForgeRock/ping-javascript-sdk |
📦 Bundle Size Analysis📦 Bundle Size Analysis🚨 Significant Changes🔺 @forgerock/sdk-utilities - 9.9 KB (+1.4 KB, +16.0%) 📊 Minor Changes📈 @forgerock/oidc-client - 23.8 KB (+0.3 KB) ➖ No Changes➖ @forgerock/device-client - 9.2 KB 13 packages analyzed • Baseline from latest Legend🆕 New package ℹ️ How bundle sizes are calculated
🔄 Updated automatically on each push to this PR |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/journey-client/src/lib/client.store.ts (1)
68-179: Apply request middleware to well-known discovery.
The discovery call is made via a temp store that doesn’t includerequestMiddleware, so any custom headers/auth/fetch logic won’t apply to the well-known request. That can break environments that rely on middleware.🔧 Proposed fix
async function resolveAsyncConfig( config: JourneyConfigInput & { serverConfig: { wellknown: string } }, log: ReturnType<typeof loggerFn>, + requestMiddleware?: RequestMiddleware[], ): Promise<InternalJourneyClientConfig> { @@ - const tempStore = createJourneyStore({ config: tempConfig, logger: log }); + const tempStore = createJourneyStore({ config: tempConfig, logger: log, requestMiddleware }); @@ - resolvedConfig = await resolveAsyncConfig(config, log); + resolvedConfig = await resolveAsyncConfig(config, log, requestMiddleware);
🤖 Fix all issues with AI agents
In `@packages/sdk-effects/oidc/package.json`:
- Line 31: Replace the explicit version for the dependency key
"@reduxjs/toolkit" in package.json (currently "^2.8.0") with the monorepo
catalog spec so it follows the workspace pattern — set the version to
"catalog:^2.8.2" (i.e., change the value for "@reduxjs/toolkit" to
"catalog:^2.8.2") so the package uses the single source of truth defined in
pnpm-workspace.yaml.
🧹 Nitpick comments (4)
packages/sdk-utilities/src/lib/wellknown/wellknown.utils.ts (1)
85-98: Consider adding IPv6 localhost support.The function allows HTTP for
localhostand127.0.0.1, but not for::1(IPv6 localhost) or[::1]. This is a minor edge case but could cause unexpected behavior in IPv6-only development environments.♻️ Optional: Add IPv6 localhost support
// Allow HTTP only for localhost (development) - const isLocalhost = url.hostname === 'localhost' || url.hostname === '127.0.0.1'; + const isLocalhost = + url.hostname === 'localhost' || + url.hostname === '127.0.0.1' || + url.hostname === '[::1]' || + url.hostname === '::1'; const isSecure = url.protocol === 'https:'; const isHttpLocalhost = url.protocol === 'http:' && isLocalhost;packages/oidc-client/src/lib/wellknown.api.ts (2)
33-38: Selector created on every call defeats memoization.
createSelectoris invoked inside the function body, creating a new memoized selector on each call towellknownSelector. This negates the memoization benefits since each call produces a fresh selector instance.Consider creating the selector once per
wellknownUrlor usingcreateWellknownSelectorfrom the re-exported utilities if it handles this pattern.♻️ Option: Cache selectors by URL
+const selectorCache = new Map<string, ReturnType<typeof createSelector>>(); + export function wellknownSelector(wellknownUrl: string, state: RootState) { - const selector = createSelector( - wellknownApi.endpoints.configuration.select(wellknownUrl), - (result) => result?.data, - ); + let selector = selectorCache.get(wellknownUrl); + if (!selector) { + selector = createSelector( + wellknownApi.endpoints.configuration.select(wellknownUrl), + (result) => result?.data, + ); + selectorCache.set(wellknownUrl, selector); + } return selector(state); }Alternatively, if
createWellknownSelector(already exported) provides this functionality, consider using it directly instead of this wrapper.
18-21: Consider combining export and import statements.The separate re-export (line 18) and import (line 21) from the same package can be consolidated.
♻️ Suggested consolidation
-export { wellknownApi, createWellknownSelector } from '@forgerock/sdk-oidc'; - -// Import locally for use in selector below -import { wellknownApi } from '@forgerock/sdk-oidc'; +import { wellknownApi, createWellknownSelector } from '@forgerock/sdk-oidc'; + +export { wellknownApi, createWellknownSelector };packages/journey-client/src/lib/wellknown.utils.test.ts (1)
64-69: Consider adding a comment explaining intentional type casts.The type assertions (
as AsyncJourneyClientConfig,as JourneyClientConfig) are used to bypass TypeScript's checks and test edge cases with invalid inputs. A brief comment would clarify this intent for future maintainers.const config: JourneyConfigInput = { serverConfig: { baseUrl: 'https://am.example.com/am/', wellknown: '', }, - } as AsyncJourneyClientConfig; + } as AsyncJourneyClientConfig; // Intentionally cast to test runtime behavior with empty wellknown
![nx-cloud[bot]](https://avatars.githubusercontent.com/in/80458?s=60&v=4){kind=small}
There was a problem hiding this comment.
Important
At least one additional CI pipeline execution has run since the conclusion below was written and it may no longer be applicable.
Nx Cloud is proposing a fix for your failed CI:
These changes fix the e2e test failure by replacing RTK Query with native fetch API in the wellknown configuration resolution. The original implementation created a temporary Redux store to fetch wellknown config, but RTK Query APIs are singletons with global middleware that caused conflicts when multiple journey client instances were created (e.g., after logout). By using fetch directly, we eliminate the store singleton issues while maintaining the wellknown endpoint discovery functionality.
Tip
✅ We verified this fix by re-running @forgerock/journey-suites:e2e-ci--src/protect.test.ts.
Suggested Fix changes
diff --git a/packages/journey-client/src/lib/client.store.ts b/packages/journey-client/src/lib/client.store.ts
index 35c130bd..d7f3ac61 100644
--- a/packages/journey-client/src/lib/client.store.ts
+++ b/packages/journey-client/src/lib/client.store.ts
@@ -17,7 +17,6 @@ import { journeyApi } from './journey.api.js';
import { setConfig } from './journey.slice.js';
import { createStorage } from '@forgerock/storage';
import { createJourneyObject } from './journey.utils.js';
-import { wellknownApi } from './wellknown.api.js';
import {
hasWellknownConfig,
inferRealmFromIssuer,
@@ -80,19 +79,22 @@ async function resolveAsyncConfig(
throw error;
}
- // Create a temporary store to fetch well-known (we need the RTK Query infrastructure)
- const tempConfig: InternalJourneyClientConfig = {
- serverConfig: { baseUrl: baseUrl || '', paths, timeout },
- realmPath: config.realmPath,
- };
- const tempStore = createJourneyStore({ config: tempConfig, logger: log });
-
- // Fetch the well-known configuration
- const { data: wellknownResponse, error: fetchError } = await tempStore.dispatch(
- wellknownApi.endpoints.configuration.initiate(wellknown),
- );
+ // Fetch the well-known configuration directly using fetch API
+ // We avoid using RTK Query here to prevent store singleton issues
+ let wellknownResponse: any;
+ try {
+ const response = await fetch(wellknown, {
+ headers: {
+ Accept: 'application/json',
+ },
+ });
+
+ if (!response.ok) {
+ throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+ }
- if (fetchError || !wellknownResponse) {
+ wellknownResponse = await response.json();
+ } catch (fetchError: any) {
const genericError = createWellknownError(fetchError);
log.error(`${genericError.error}: ${genericError.message}`);
throw new Error(genericError.message);
Or Apply changes locally with:
npx nx-cloud apply-locally o3Fs-SUDD
Apply fix locally with your editor ↗ View interactive diff ↗
🎓 Learn more about Self-Healing CI on nx.dev
| "body-parser": "^2.2.0", | ||
| "body-parser": "^2.2.2", | ||
| "cookie-parser": "^1.4.7", | ||
| "cors": "^2.8.5", | ||
| "express": "^4.21.2", | ||
| "express": "^5.2.1", | ||
| "superagent": "^10.2.3", | ||
| "uuid": "^13.0.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/express": "^4.17.17" |
There was a problem hiding this comment.
This is because i rebased my open deps pr because i was having issues with commands that were fixed via upgrading
| export default function (app) { | ||
| // Passthrough route that enforces authentication | ||
| app.all('/resource/*', async (req, res, next) => { | ||
| app.all('/resource/{*splat}', async (req, res, next) => { |
There was a problem hiding this comment.
fixed when i rebased open-deps (part of this express upgrade)
| "lint-staged": "^15.0.0", | ||
| "madge": "8.0.0", | ||
| "nx": "21.2.3", | ||
| "nx": "22.3.3", |
There was a problem hiding this comment.
all of this is because of dependency upgrades
| return async () => { | ||
| await serverInfo.set(serverSlice); | ||
| const setResult = await serverInfo.set(serverSlice); | ||
| if (isGenericError(setResult)) { |
There was a problem hiding this comment.
helps prevent type casting.
| end_session_endpoint: 'https://example.com/logout', | ||
| pushed_authorization_request_endpoint: '', | ||
| check_session_iframe: '', | ||
| introspection_endpoint: '', |
There was a problem hiding this comment.
Per the https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata, only a few properties are REQUIRED - most are optional.
There was a problem hiding this comment.
Actionable comments posted: 8
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/journey-client/src/lib/journey.api.ts (1)
118-186: Guard against missingjourneyslice to avoid a TypeError.If the store is misconfigured,
state.journeycan be undefined and throw before the explicit error is raised.🛡️ Suggested defensive guard
- const state = api.getState() as JourneyRootState; - const config = state.journey.config; + const state = api.getState() as JourneyRootState; + const config = state?.journey?.config; if (!config?.serverConfig) { throw new Error('Server configuration is missing.'); } @@ - const state = api.getState() as JourneyRootState; - const config = state.journey.config; + const state = api.getState() as JourneyRootState; + const config = state?.journey?.config; if (!config?.serverConfig) { throw new Error('Server configuration is missing.'); } @@ - const state = api.getState() as JourneyRootState; - const config = state.journey.config; + const state = api.getState() as JourneyRootState; + const config = state?.journey?.config; if (!config?.serverConfig) { throw new Error('Server configuration is missing.'); }
🤖 Fix all issues with AI agents
In `@e2e/am-mock-api/package.json`:
- Line 14: Update the devDependency entry for "@types/express" to a
v5-compatible range (e.g., "^5.0.0") so it matches the installed "express" v5.x
and avoids type mismatches; modify the "@types/express" version in package.json
(devDependencies) and then reinstall/update the lockfile (npm/yarn) to ensure
the new types are applied.
In `@package.json`:
- Around line 62-73: Run the NX migration to apply breaking-change updates by
executing npx nx migrate latest and npx nx migrate --run-migrations, then update
configuration related to the nx-release-publish target (verify its release
config structure matches NX 22 expectations), ensure any custom plugins use
createNodesV2 and that TypeScript settings explicitly set
useLegacyTypescriptPlugin if needed (defaults changed to false), and remove
references or reliance on removed items like NX_DISABLE_DB, experimental JS
executor inlining, and legacy options; finally run the workspace
lint/build/tests to confirm everything works.
- Around line 87-88: Upgrade to Vitest 4.0.9 may introduce breaking changes; run
the full test suite (unit, integration, and snapshot tests) and verify
mocking/reporters after bumping "@vitest/coverage-v8" and "@vitest/ui". If
failures occur, update test config and code references: replace any legacy
pool/worker options with modern names (e.g., maxThreads → maxWorkers), ensure
coverage settings use coverage.include and provider: 'v8' (remove
coverage.all/coverage.extensions), adapt any deprecated test API signatures and
mocking/snapshot usage, and regenerate snapshots where appropriate; confirm
reporter output still matches expected formats.
In `@packages/davinci-client/src/lib/config.types.test-d.ts`:
- Around line 94-122: Tests assert that introspection_endpoint and
revocation_endpoint are required, but the comment (and RFC 8414) says they're
optional; fix by making the test and comment consistent: update the comment near
WellKnownResponse to state that only issuer, authorization_endpoint,
token_endpoint, and userinfo_endpoint are required, then remove the expectTypeOf
assertions for introspection_endpoint and revocation_endpoint (the other
expectTypeOf calls for
issuer/authorization_endpoint/token_endpoint/userinfo_endpoint should remain),
or alternatively change the WellKnownResponse type to mark
introspection_endpoint and revocation_endpoint optional if you control that
type; reference symbols: WellKnownResponse and the expectTypeOf assertions in
the test.
In `@packages/journey-client/package.json`:
- Around line 33-34: Remove the build/test tools from the runtime dependencies:
delete the "vite" and "vitest-canvas-mock" entries from the dependencies block
so they exist only under devDependencies; locate the package.json dependencies
array (look for the "vite" and "vitest-canvas-mock" keys) and remove those keys,
leaving the current devDependencies entries intact.
In `@packages/journey-client/src/lib/wellknown.api.ts`:
- Line 14: Add createWellknownError to the barrel export so consumers can import
it alongside wellknownApi and createWellknownSelector; update the export
statement in wellknown.api.ts (currently exporting wellknownApi and
createWellknownSelector) to also export createWellknownError from
'@forgerock/sdk-oidc' to maintain API parity with davinci-client and support
usage in client.store.ts and wellknown.utils.ts.
In `@packages/journey-client/src/lib/wellknown.utils.ts`:
- Around line 38-46: The type guard hasWellknownConfig currently only checks for
serverConfig.wellknown and can incorrectly narrow JourneyConfigInput to
AsyncJourneyClientConfig; update hasWellknownConfig to also validate that
config.serverConfig has a non-empty string baseUrl (i.e., check 'baseUrl' in
config.serverConfig && typeof config.serverConfig.baseUrl === 'string' &&
config.serverConfig.baseUrl.length > 0) so the guard reliably asserts
AsyncJourneyClientConfig.
In `@tools/user-scripts/package.json`:
- Around line 25-26: The package.json currently lists "vitest" under
dependencies; remove the duplicate "vitest" entry from the dependencies object
so vitest remains only in devDependencies (leave "@effect/vitest" as-is if
intended); update the dependencies block to delete the "vitest" key to ensure
test-only packages are not shipped in runtime dependencies.
🧹 Nitpick comments (2)
package.json (1)
52-52: Emptydependenciesobject is unnecessary.The root package.json typically doesn't need a
dependenciesfield for a monorepo. If this was added intentionally for a specific tooling requirement, consider adding a comment explaining its purpose; otherwise, it can be removed.packages/oidc-client/src/lib/wellknown.api.ts (1)
12-38: Use the shared selector factory instead of recreating selectors.The
createWellknownSelectorhelper from@forgerock/sdk-oidcreturns a memoized selector function, which can be directly called with state. Refactoring to use it aligns with the documented intent and avoids recreating the selector on each call.♻️ Proposed refactor
-import { createSelector } from '@reduxjs/toolkit'; - import type { RootState } from './client.types.js'; /** * Re-export the shared wellknown RTK Query API from `@forgerock/sdk-oidc`. @@ export { wellknownApi, createWellknownSelector } from '@forgerock/sdk-oidc'; // Import locally for use in selector below -import { wellknownApi } from '@forgerock/sdk-oidc'; +import { wellknownApi, createWellknownSelector } from '@forgerock/sdk-oidc'; @@ export function wellknownSelector(wellknownUrl: string, state: RootState) { - const selector = createSelector( - wellknownApi.endpoints.configuration.select(wellknownUrl), - (result) => result?.data, - ); - return selector(state); + return createWellknownSelector(wellknownUrl)(state); }
| "cookie-parser": "^1.4.7", | ||
| "cors": "^2.8.5", | ||
| "express": "^4.21.2", | ||
| "express": "^5.2.1", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat e2e/am-mock-api/package.jsonRepository: ForgeRock/ping-javascript-sdk
Length of output: 484
🌐 Web query:
Express 5.0 TypeScript types support @types/express compatibility
💡 Result:
- Express 5 does not ship its own TypeScript declarations (there’s no
"types"/"typings"field in theexpresspackage metadata), so TypeScript support still comes from DefinitelyTyped (@types/*). [1] - Compatibility rule: match the major versions:
express@5→ install@types/express@5express@4→ install/pin@types/express@4(don’t mix with@types/express@5). [3]
- This matters because projects on Express 4 have hit type-breakage when the resolver pulls in
@types/express@5(incompatible). [4] - The
@types/expresspackage is actively published in the 5.x line for Express 5. [2]
Practical install/pin examples
npm i express@5
npm i -D `@types/express`@^5npm i express@^4
npm i -D `@types/express`@^4Sources: [1] [2] [3] [4]
🌐 Web query:
body-parser 2.2.2 Express 5.x compatibility
💡 Result:
body-parser@2.2.2 is compatible with Express 5.x.
- No Express peer-dependency:
body-parseris framework-agnostic middleware that you mount withapp.use(bodyParser.json()),app.use(bodyParser.urlencoded(...)), etc. (it just populatesreq.body). [1] - Node requirement aligns with Express 5:
body-parser@2.2.2requires Node >= 18, which matches Express 5’s Node baseline. [2] [3] - In Express 5, prefer built-ins when possible: Express 5 expects you to explicitly enable parsing;
req.bodyisundefinedunless you use a parser (e.g.,express.json()/express.urlencoded()). [4] - Security note:
2.2.0had a DoS advisory; upgrading to >= 2.2.1 (including2.2.2) is the fix. [5]
Recommended (Express 5):
app.use(express.json());
app.use(express.urlencoded({ extended: false }));(You only need body-parser directly if you specifically want its APIs/options beyond Express’s built-ins.) [4]
Sources: [1] [2] [3] [4] [5]
🌐 Web query:
cookie-parser 1.4.7 Express 5.x compatibility
💡 Result:
cookie-parser@1.4.7 is compatible with Express 5.x in practice:
- It has no Express peer dependency and is just standard Connect/Express middleware that reads the
Cookieheader and populatesreq.cookies/req.signedCookies. [1] - Express 5.x docs still describe
req.cookiesas being provided when using cookie-parser middleware, indicating the integration model is unchanged. [2] - Express 5 requires Node.js 18+, while
cookie-parser@1.4.7’senginesisnode >= 0.8.0, so there’s no Node version conflict. [1], [2]
Typical usage remains the same:
import express from "express";
import cookieParser from "cookie-parser";
const app = express();
app.use(cookieParser(process.env.COOKIE_SECRET)); // optional secretSources: [1] (cookie-parser 1.4.7 package.json on UNPKG), [2] (Express 5.x API docs req.cookies).
Update @types/express to v5.x for Express 5 compatibility.
Express has been upgraded from v4 to v5, a major version with breaking changes. The type definitions (@types/express) remain at ^4.17.17, which only provides types for Express 4.x. Express 5.x does not ship built-in TypeScript declarations and relies on @types/express@^5 from DefinitelyTyped.
Update @types/express in devDependencies to ^5.0.0 (or later) to match the Express 5.x major version and avoid type errors and incorrect type hints.
🤖 Prompt for AI Agents
In `@e2e/am-mock-api/package.json` at line 14, Update the devDependency entry for
"@types/express" to a v5-compatible range (e.g., "^5.0.0") so it matches the
installed "express" v5.x and avoids type mismatches; modify the "@types/express"
version in package.json (devDependencies) and then reinstall/update the lockfile
(npm/yarn) to ensure the new types are applied.
| "vite": "catalog:vite", | ||
| "vitest-canvas-mock": "catalog:vitest" |
There was a problem hiding this comment.
Move vite and vitest-canvas-mock to devDependencies only.
These are build/test tools and should not be listed under dependencies. They are already correctly present in devDependencies (lines 38, 40). Having them in both sections is redundant and could cause issues with production builds.
Proposed fix
"@forgerock/storage": "workspace:*",
"@reduxjs/toolkit": "catalog:",
- "tslib": "^2.3.0",
- "vite": "catalog:vite",
- "vitest-canvas-mock": "catalog:vitest"
+ "tslib": "^2.3.0"
},📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "vite": "catalog:vite", | |
| "vitest-canvas-mock": "catalog:vitest" | |
| "@forgerock/storage": "workspace:*", | |
| "@reduxjs/toolkit": "catalog:", | |
| "tslib": "^2.3.0" | |
| }, |
🤖 Prompt for AI Agents
In `@packages/journey-client/package.json` around lines 33 - 34, Remove the
build/test tools from the runtime dependencies: delete the "vite" and
"vitest-canvas-mock" entries from the dependencies block so they exist only
under devDependencies; locate the package.json dependencies array (look for the
"vite" and "vitest-canvas-mock" keys) and remove those keys, leaving the current
devDependencies entries intact.
| export function hasWellknownConfig(config: JourneyConfigInput): config is AsyncJourneyClientConfig { | ||
| return ( | ||
| 'serverConfig' in config && | ||
| typeof config.serverConfig === 'object' && | ||
| config.serverConfig !== null && | ||
| 'wellknown' in config.serverConfig && | ||
| typeof config.serverConfig.wellknown === 'string' && | ||
| config.serverConfig.wellknown.length > 0 | ||
| ); |
There was a problem hiding this comment.
Validate baseUrl in the type guard.
AsyncJourneyClientConfig requires serverConfig.baseUrl. As written, a config with only wellknown will be narrowed to the async type, which can lead to runtime errors later.
✅ Proposed fix
export function hasWellknownConfig(config: JourneyConfigInput): config is AsyncJourneyClientConfig {
return (
'serverConfig' in config &&
typeof config.serverConfig === 'object' &&
config.serverConfig !== null &&
+ 'baseUrl' in config.serverConfig &&
+ typeof config.serverConfig.baseUrl === 'string' &&
+ config.serverConfig.baseUrl.length > 0 &&
'wellknown' in config.serverConfig &&
typeof config.serverConfig.wellknown === 'string' &&
config.serverConfig.wellknown.length > 0
);
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| export function hasWellknownConfig(config: JourneyConfigInput): config is AsyncJourneyClientConfig { | |
| return ( | |
| 'serverConfig' in config && | |
| typeof config.serverConfig === 'object' && | |
| config.serverConfig !== null && | |
| 'wellknown' in config.serverConfig && | |
| typeof config.serverConfig.wellknown === 'string' && | |
| config.serverConfig.wellknown.length > 0 | |
| ); | |
| export function hasWellknownConfig(config: JourneyConfigInput): config is AsyncJourneyClientConfig { | |
| return ( | |
| 'serverConfig' in config && | |
| typeof config.serverConfig === 'object' && | |
| config.serverConfig !== null && | |
| 'baseUrl' in config.serverConfig && | |
| typeof config.serverConfig.baseUrl === 'string' && | |
| config.serverConfig.baseUrl.length > 0 && | |
| 'wellknown' in config.serverConfig && | |
| typeof config.serverConfig.wellknown === 'string' && | |
| config.serverConfig.wellknown.length > 0 | |
| ); | |
| } |
🤖 Prompt for AI Agents
In `@packages/journey-client/src/lib/wellknown.utils.ts` around lines 38 - 46, The
type guard hasWellknownConfig currently only checks for serverConfig.wellknown
and can incorrectly narrow JourneyConfigInput to AsyncJourneyClientConfig;
update hasWellknownConfig to also validate that config.serverConfig has a
non-empty string baseUrl (i.e., check 'baseUrl' in config.serverConfig && typeof
config.serverConfig.baseUrl === 'string' && config.serverConfig.baseUrl.length >
0) so the guard reliably asserts AsyncJourneyClientConfig.
| * @param value - The value to check | ||
| * @returns True if value is a non-null object | ||
| */ | ||
| function isObject(value: unknown): value is Record<string, unknown> { |
There was a problem hiding this comment.
Can't add a generic to this since the type guard would become unsafe.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@packages/journey-client/src/lib/config.types.ts`:
- Around line 11-30: The JourneyClientConfig docs require baseUrl but the type
inherits optional serverConfig from BaseConfig; update JourneyClientConfig to
override serverConfig as required with baseUrl enforced (e.g., replace the
inherited optional serverConfig with a non-optional field that ensures baseUrl:
string is present) so the type matches the documentation; alternatively, if
serverConfig may remain optional, update the doc comment to remove the
"required" wording — change either the JourneyClientConfig type (override
serverConfig) or the doc text to keep them consistent (refer to
JourneyClientConfig, BaseConfig, and serverConfig/baseUrl in your change).
🧹 Nitpick comments (7)
e2e/davinci-app/package.json (1)
19-19: Optional: drop emptydevDependenciesblock.
Keeps the manifest leaner if no dev-only deps are required.♻️ Proposed cleanup
- "devDependencies": {},package.json (1)
52-52: Optional: remove emptydependencies.
Avoids a redundant block if not needed.♻️ Proposed cleanup
- "dependencies": {},packages/journey-client/src/lib/device/device-profile.test.ts (1)
10-10: Type update fromSpyInstancetoMockis correct.The change aligns with Vitest's API evolution where
SpyInstancewas deprecated in favor ofMock. However, the explicit callable signatures in the generic parameter are verbose and may not be necessary.Consider simplifying to:
let warnSpy: Mock<typeof console.warn>;This achieves the same type safety with less boilerplate.
Also applies to: 89-92
packages/sdk-utilities/src/lib/wellknown/wellknown.utils.test.ts (1)
12-72: Test coverage is good; consider simplifying nested describe blocks.The test cases cover the main validation scenarios well. However, the nested
describeblocks are redundant—each wraps only a singleit()and duplicates the test description.♻️ Suggested simplification
describe('isValidWellknownUrl', () => { - describe('isValidWellknownUrl_HttpsUrl_ReturnsTrue', () => { - it('should return true for HTTPS URL', () => { - expect(isValidWellknownUrl('https://am.example.com/.well-known/openid-configuration')).toBe( - true, - ); - }); - }); + it('should return true for HTTPS URL', () => { + expect(isValidWellknownUrl('https://am.example.com/.well-known/openid-configuration')).toBe( + true, + ); + }); // ... similarly for other test casesAdditionally, consider adding edge cases:
- URLs without ports (e.g.,
https://am.example.com/.well-known/openid-configuration)- URLs with query strings or fragments
- Null/undefined inputs (if the function signature allows)
packages/journey-client/src/lib/config.types.ts (1)
32-50: Reduce duplication by extending PathsConfig.
WellknownServerConfigmirrorsPathsConfigfields. ExtendingPathsConfigkeeps future additions consistent.♻️ Proposed refactor
-export interface WellknownServerConfig { - /** Base URL for AM-specific endpoints (authenticate, sessions) */ - baseUrl: string; - /** URL to the OIDC well-known configuration endpoint */ - wellknown: string; - /** Custom path overrides for endpoints */ - paths?: PathsConfig['paths']; - /** Request timeout in milliseconds */ - timeout?: number; -} +export interface WellknownServerConfig extends PathsConfig { + /** URL to the OIDC well-known configuration endpoint */ + wellknown: string; +}packages/journey-client/src/lib/journey.api.ts (1)
118-123: Consider extracting config retrieval into a helper function.The same config retrieval and validation pattern is repeated in
start,next, andterminateendpoints (lines 118-123, 152-157, 183-188). A helper could reduce duplication:♻️ Optional refactor
function getConfigFromState(api: BaseQueryApi): { realmPath?: string; serverConfig: ServerConfig } { const state = api.getState() as JourneyRootState; const config = state.journey.config; if (!config?.serverConfig) { throw new Error('Server configuration is missing.'); } return { realmPath: config.realmPath, serverConfig: config.serverConfig }; }Then in each endpoint:
-const state = api.getState() as JourneyRootState; -const config = state.journey.config; -if (!config?.serverConfig) { - throw new Error('Server configuration is missing.'); -} -const { realmPath, serverConfig } = config; +const { realmPath, serverConfig } = getConfigFromState(api);packages/journey-client/src/lib/client.store.ts (1)
131-135: Structured error information is discarded.
createWellknownErrorreturns aGenericErrorwitherror,message,type, andstatusfields, but onlymessageis used when throwing. Consider preserving the structured error or using a custom error class:♻️ Preserve structured error information
Option 1 - Create a custom error class:
class WellknownError extends Error { constructor(public readonly genericError: GenericError) { super(genericError.message); this.name = 'WellknownError'; } } // Usage: throw new WellknownError(genericError);Option 2 - Add cause to the error:
-throw new Error(genericError.message); +throw new Error(genericError.message, { cause: genericError });
| /** | ||
| * Standard journey client configuration with explicit baseUrl. | ||
| * | ||
| * Use this when you want to configure the AM server directly without | ||
| * OIDC well-known endpoint discovery. | ||
| * | ||
| * @example | ||
| * ```typescript | ||
| * const config: JourneyClientConfig = { | ||
| * serverConfig: { | ||
| * baseUrl: 'https://am.example.com/am/', | ||
| * }, | ||
| * realmPath: 'alpha', | ||
| * }; | ||
| * ``` | ||
| */ | ||
| export interface JourneyClientConfig extends BaseConfig { | ||
| middleware?: Array<RequestMiddleware>; | ||
| realmPath?: string; | ||
| // Add any journey-specific config options here | ||
| } |
There was a problem hiding this comment.
Align JourneyClientConfig typing with the “baseUrl required” doc.
Docs state baseUrl is required, but BaseConfig keeps serverConfig optional. If the intent is to require baseUrl for this config shape, consider overriding serverConfig to be required (or soften the doc if optional is still valid).
🔧 Suggested type tightening (if requirement is intended)
export interface JourneyClientConfig extends BaseConfig {
+ serverConfig: PathsConfig;
middleware?: Array<RequestMiddleware>;
realmPath?: string;
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| /** | |
| * Standard journey client configuration with explicit baseUrl. | |
| * | |
| * Use this when you want to configure the AM server directly without | |
| * OIDC well-known endpoint discovery. | |
| * | |
| * @example | |
| * ```typescript | |
| * const config: JourneyClientConfig = { | |
| * serverConfig: { | |
| * baseUrl: 'https://am.example.com/am/', | |
| * }, | |
| * realmPath: 'alpha', | |
| * }; | |
| * ``` | |
| */ | |
| export interface JourneyClientConfig extends BaseConfig { | |
| middleware?: Array<RequestMiddleware>; | |
| realmPath?: string; | |
| // Add any journey-specific config options here | |
| } | |
| /** | |
| * Standard journey client configuration with explicit baseUrl. | |
| * | |
| * Use this when you want to configure the AM server directly without | |
| * OIDC well-known endpoint discovery. | |
| * | |
| * `@example` | |
| * |
🤖 Prompt for AI Agents
In `@packages/journey-client/src/lib/config.types.ts` around lines 11 - 30, The
JourneyClientConfig docs require baseUrl but the type inherits optional
serverConfig from BaseConfig; update JourneyClientConfig to override
serverConfig as required with baseUrl enforced (e.g., replace the inherited
optional serverConfig with a non-optional field that ensures baseUrl: string is
present) so the type matches the documentation; alternatively, if serverConfig
may remain optional, update the doc comment to remove the "required" wording —
change either the JourneyClientConfig type (override serverConfig) or the doc
text to keep them consistent (refer to JourneyClientConfig, BaseConfig, and
serverConfig/baseUrl in your change).
JIRA Ticket
https://pingidentity.atlassian.net/browse/SDKS-4665
Description
Add support for well known endpoint
Summary by CodeRabbit
New Features
Improvements
✏️ Tip: You can customize this high-level summary in your review settings.