fix: ensure authorization_details is correctly returned as an array

Author: frederikprijck

src/auth/backchannel.ts

@@ -73,7 +73,9 @@ const getLoginHint = (userId: string, domain: string): string => {
 /**
  * Options for the authorize request.
  */
-export type AuthorizeOptions = {
+export interface AuthorizeOptions<
+  TAuthorizationDetails extends AuthorizationDetails = AuthorizationDetails
+> {
   /**
    * A human-readable string intended to be displayed on both the device calling /bc-authorize and the user’s authentication device.
    */
@@ -102,18 +104,28 @@ export type AuthorizeOptions = {
    * Optional authorization details to use Rich Authorization Requests (RAR).
    * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests
    */
-  authorization_details?: string;
-} & Record<string, string>;
+  authorization_details?: string | TAuthorizationDetails[];
+
+  [key: string]: unknown;
+}
 
 type AuthorizeRequest = Omit<AuthorizeOptions, 'userId'> &
   AuthorizeCredentialsPartial & {
     login_hint: string;
-  };
+    authorization_details?: string;
+  } & Record<string, string>;
+
+interface AuthorizationDetails {
+  readonly type: string;
+  readonly [parameter: string]: unknown;
+}
 
 /**
  * The response from the token endpoint.
  */
-export type TokenResponse = {
+export interface TokenResponse<
+  TAuthorizationDetails extends AuthorizationDetails = AuthorizationDetails
+> {
   /**
    * The access token.
    */
@@ -142,8 +154,8 @@ export type TokenResponse = {
    * Optional authorization details when using Rich Authorization Requests (RAR).
    * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests
    */
-  authorization_details?: string;
-};
+  authorization_details?: TAuthorizationDetails[];
+}
 
 /**
  * Options for the token request.
@@ -185,8 +197,18 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel {
    * @throws {Error} - If the request fails.
    */
   async authorize({ userId, ...options }: AuthorizeOptions): Promise<AuthorizeResponse> {
+    const { authorization_details, ...authorizeOptions } = options;
+
+    if (authorization_details) {
+      // Convert to string if not already
+      authorizeOptions.authorization_details =
+        typeof authorization_details !== 'string'
+          ? JSON.stringify(authorization_details)
+          : authorization_details;
+    }
+
     const body: AuthorizeRequest = {
-      ...options,
+      ...authorizeOptions,
       login_hint: getLoginHint(userId, this.domain),
       client_id: this.clientId,
     };
@@ -239,7 +261,9 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel {
    * }
    * ```
    */
-  async backchannelGrant({ auth_req_id }: TokenOptions): Promise<TokenResponse> {
+  async backchannelGrant<
+    TAuthorizationDetails extends AuthorizationDetails = AuthorizationDetails
+  >({ auth_req_id }: TokenOptions): Promise<TokenResponse<TAuthorizationDetails>> {
     const body: TokenRequestBody = {
       client_id: this.clientId,
       auth_req_id,
@@ -258,7 +282,8 @@ export class Backchannel extends BaseAuthAPI implements IBackchannel {
       {}
     );
 
-    const r: JSONApiResponse<TokenResponse> = await JSONApiResponse.fromResponse(response);
+    const r: JSONApiResponse<TokenResponse<TAuthorizationDetails>> =
+      await JSONApiResponse.fromResponse(response);
     return r.data;
   }
 }

test/auth/backchannel.test.ts

@@ -238,7 +238,7 @@ describe('Backchannel', () => {
     });
 
     it('should return token response, including authorization_details when available', async () => {
-      const authorization_details = JSON.stringify([{ type: 'test-type' }]);
+      const authorization_details = [{ type: 'test-type' }];
       nock(`https://${opts.domain}`).post('/oauth/token').reply(200, {
         access_token: 'test-access-token',
         id_token: 'test-id-token',