Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AggregateError#message from Issuer.discover includes stack trace #236

Merged
merged 2 commits into from
Jan 13, 2021
Merged

AggregateError#message from Issuer.discover includes stack trace #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3bf0a2a
AggregateError#message from `Issuer.discover` includes stack trace
adamjmcgrath Jan 12, 2021
494e70c
Merge branch 'beta' into normalize-aggregate-error
adamjmcgrath Jan 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion src/auth0-session/client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,17 @@ function sortSpaceDelimitedString(str: string): string {
return str.split(' ').sort().join(' ');
}

// Issuer.discover throws an `AggregateError` in some cases, this error includes the stack trace in the
// message which causes the stack to be exposed when reporting the error in production. Am using the non standard
// `_errors` property to identify the polyfilled `AggregateError`
// See https://github.com/sindresorhus/aggregate-error/issues/4#issuecomment-488356468
function normalizeAggregateError(e: Error | (Error & { _errors: Error[] })): Error {
if ('_errors' in e) {
return e._errors[0];
}
return e;
}

export default function get(config: Config, { name, version }: Telemetry): ClientFactory {
let client: Client | null = null;

Expand Down Expand Up @@ -54,7 +65,12 @@ export default function get(config: Config, { name, version }: Telemetry): Clien
};

applyHttpOptionsCustom(Issuer);
const issuer = await Issuer.discover(config.issuerBaseURL);
let issuer: Issuer<Client>;
try {
issuer = await Issuer.discover(config.issuerBaseURL);
} catch (e) {
throw normalizeAggregateError(e);
}
applyHttpOptionsCustom(issuer);

const issuerTokenAlgs = Array.isArray(issuer.id_token_signing_alg_values_supported)
Expand Down
14 changes: 13 additions & 1 deletion tests/auth0-session/client.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import nock from 'nock';
import { Client } from 'openid-client';
import { Client, Issuer } from 'openid-client';
import { getConfig, clientFactory, ConfigParameters } from '../../src/auth0-session';
import { jwks } from './fixtures/cert';
import pkg from '../../package.json';
Expand Down Expand Up @@ -132,4 +132,16 @@ describe('clientFactory', function () {
})
).resolves.not.toThrow();
});

it('should not disclose stack trace in AggregateError message when discovery fails', async () => {
nock.cleanAll();
nock('https://op.example.com').get('/.well-known/oauth-authorization-server').reply(500);
nock('https://op.example.com').get('/.well-known/openid-configuration').reply(500);
await expect(getClient()).rejects.toThrowError(new Error('expected 200 OK, got: 500 Internal Server Error'));
});

it('should not normalize individual errors from discovery', async () => {
jest.spyOn(Issuer, 'discover').mockRejectedValue(new Error('foo'));
await expect(getClient()).rejects.toThrowError(new Error('foo'));
});
});