Mismatched signature for createSession function

[allertonm]

Library version

2.0.0

Providers

Custom (in-house OIDC implementation.)

Tech stack

Example app

Environments with the issue

Chrome 123, Node 18

Environments without the issue

No response

Current behavior

The signature of createSession in operations.ts is export async function createSession(params: string, provider: string, localState: string, host: string, pkce?: string)

However in interceptor.ts (line 37) this function is invoked like so await createSession(params, provider, localState, pkce);

(i.e there are 4 arguments rather than 5, and the variable pkce is passed as the value of host parameter.)

This naturally blows up downstream.

It seems to me this problem would affect any authorization-code based flow.

Expected behavior

I was able to fix this by passing url.origin as the 4th parameter.

await createSession(params, provider, localState, url.origin, pkce);

Reproduction steps

1.Test example app with an authorization-code based provider
2. Our custom provider looks like this

// we use hostname to determine tenant
const customProfile: ICodeProfile = {
	grantType: 0, // GrantFlow.AuthorizationCode
	loginUrl: "http://d3m.localdev.local:8080/VServer/oauth2/authorize",
	tokenUrl: "http://d3m.localdev.local:8080/VServer/oauth2/token",
	authorizationCodeParam: 'code',
	userInfoTokenName: "id_token",
}

[allertonm]

To be more specific, this problem manifests itself by the createSession function throwing an exception from line 53, where it is constructing the redirect_uri parameter to be passed to the token endpoint at the provider.

[DarkoKukovec]

Hi @allertonm

Funny enough, I already fixed this issue half a year ago, but did not push it 😅
Anyways, the fix should be published in the version 2.0.1