fix oauth

Gemfile

@@ -18,4 +18,5 @@ group :test do
   gem 'super_diff', require: false
   gem 'factory_bot', require: 'false'
   gem 'mailmock', git: '[email protected]:descope/mailmock.git', glob: 'sdk/ruby/*.gemspec'
+  gem 'selenium-webdriver', require: false
 end

Gemfile.lock

@@ -142,6 +142,12 @@ GEM
       rubocop-ast (>= 1.30.0, < 2.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    selenium-webdriver (4.17.0)
+      base64 (~> 0.2)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 3.0)
+      websocket (~> 1.0)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -173,6 +179,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    websocket (1.2.10)
     zache (0.13.1)
 
 PLATFORMS
@@ -197,6 +204,7 @@ DEPENDENCIES
   rspec (~> 3.11)
   rubocop
   rubocop-rails
+  selenium-webdriver
   simplecov (~> 0.9)
   simplecov-cobertura
   super_diff

lib/descope/api/v1/auth/oauth.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'cgi'
 
 module Descope
   module Api
@@ -10,10 +11,11 @@ module OAuth
           include Descope::Mixins::Common::EndpointsV1
           include Descope::Mixins::Common::EndpointsV2
 
-          def oauth_start(provider: nil, return_url: nil, login_options: nil, refresh_token: nil)
-            verify_provider(provider)
-            request_params = compose_start_params(provider:, return_url:, login_options:)
-            post(OAUTH_START_PATH, request_params, {}, refresh_token)
+          def oauth_start(provider: nil, return_url: nil, login_options: nil, refresh_token: nil, template_options: nil)
+            body = compose_start_params(login_options:, template_options:)
+            url = "#{OAUTH_START_PATH}?provider=#{provider}"
+            url += "&redirect_uri=#{CGI.escape(return_url)}" if return_url
+            post(url, body, {}, refresh_token)
           end
 
           def oauth_exchange_token(code = nil)
@@ -44,7 +46,7 @@ def oauth_create_redirect_url_for_sign_up_request(stepup: false, custom_claims:
 
           private
 
-          def compose_start_params(provider: nil, return_url: nil, login_options: nil)
+          def compose_start_params(login_options: nil, template_options: nil)
             login_options ||= {}
 
             unless login_options.is_a?(Hash)
@@ -54,13 +56,13 @@ def compose_start_params(provider: nil, return_url: nil, login_options: nil)
               )
             end
 
-            request_params = { provider: }
-            request_params[:returnUrl] = return_url if return_url
-            request_params[:stepup] = login_options.fetch(:stepup, false)
-            request_params[:mfa] = login_options.fetch(:mfa, false)
-            request_params[:customClaims] = login_options.fetch(:custom_claims, {})
-            request_params[:ssoAppId] = login_options.fetch(:sso_app_id, nil)
-            request_params
+            body = {}
+            body[:stepup] = login_options.fetch(:stepup, false)
+            body[:mfa] = login_options.fetch(:mfa, false)
+            body[:customClaims] = login_options.fetch(:custom_claims, {})
+            body[:ssoAppId] = login_options.fetch(:sso_app_id, nil) if login_options.key?(:sso_app_id)
+            body[:templateOptions] = template_options unless template_options.nil?
+            body
           end
         end
       end

lib/descope/mixins/http.rb

@@ -52,10 +52,9 @@ def safe_parse_json(body)
       end
 
       def encode_uri(uri)
-        # if a base_uri is set then the uri can be encoded as a path
-        path = base_uri ? Addressable::URI.new(path: uri).normalized_path : Addressable::URI.escape(uri)
-        @logger.debug "will call #{url(path)}"
-        url(path)
+        encoded_uri = base_uri ? Addressable::URI.parse(uri).normalize : Addressable::URI.escape(uri)
+        @logger.debug "will call #{url(encoded_uri)}"
+        url(encoded_uri)
       end
 
       def url(path)

spec/integration/lib.descope/api/v1/auth/oauth_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'selenium-webdriver'
+
+describe Descope::Api::V1::Auth::OAuth do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    @driver = Selenium::WebDriver.for :chrome
+  end
+
+  context 'test OAuth methods' do
+    it 'should sign up with OAuth Github' do
+      user = ENV['SANITY_GITHUB_EMAIL']
+      password = ENV['SANITY_GITHUB_PASSWORD']
+
+      start_url = @client.oauth_start(provider: 'github', return_url: 'http://127.0.0.1:1234/path')['url']
+      puts "Start URL: #{start_url}"
+      @driver.navigate.to start_url
+      @driver.find_element(:id, 'login_field').send_keys(user)
+      @driver.find_element(:id, 'password').send_keys(password)
+      @driver.find_element(:name, 'commit').click
+
+      # Handle Confirmation page
+      begin
+        puts "Confirmation page found"
+        @driver.find_element(:name, 'authorize').click
+      rescue Selenium::WebDriver::Error::NoSuchElementError
+        puts 'could not find confirmation button'
+        # Handle case where confirmation page isn't present
+      end
+
+      # Parse returned code from URL
+      current_url = @driver.current_url
+      puts "Current URL: #{current_url}"
+      parsed_url = URI.parse(current_url)
+      code = CGI.parse(parsed_url.query)['code'].first
+      puts "Code: #{code}"
+
+      # Exchange code for token
+      token = @client.oauth_exchange_token(code)
+      puts "Token: #{token}"
+      my_details = @client.me(token[Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME]['jwt'])
+      puts "My Details: #{my_details}"
+    ensure
+      @driver.quit
+    end
+  end
+end