From bdabd9952e2fe46fc7dd7dcc8af1fd06f38c86e0 Mon Sep 17 00:00:00 2001
From: Patrik Oldsberg <poldsberg@gmail.com>
Date: Mon, 13 May 2024 14:04:05 +0200
Subject: [PATCH] auth-*: test fixes for new CookieScopeManager

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
---
 .../auth-backend-module-github-provider/src/module.test.ts    | 1 +
 .../auth-backend-module-microsoft-provider/src/module.test.ts | 2 +-
 plugins/auth-backend-module-oidc-provider/src/module.test.ts  | 1 +
 plugins/auth-backend-module-okta-provider/src/module.test.ts  | 4 +---
 plugins/auth-node/src/oauth/CookieScopeManager.ts             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/auth-backend-module-github-provider/src/module.test.ts b/plugins/auth-backend-module-github-provider/src/module.test.ts
index 437e002bc3..b592f07d4b 100644
--- a/plugins/auth-backend-module-github-provider/src/module.test.ts
+++ b/plugins/auth-backend-module-github-provider/src/module.test.ts
@@ -72,6 +72,7 @@ describe('authModuleGithubProvider', () => {
     expect(decodeOAuthState(startUrl.searchParams.get('state')!)).toEqual({
       env: 'development',
       nonce: decodeURIComponent(nonceCookie.value),
+      scope: '',
     });
   });
 });
diff --git a/plugins/auth-backend-module-microsoft-provider/src/module.test.ts b/plugins/auth-backend-module-microsoft-provider/src/module.test.ts
index 2ef92c0b44..b50956b9eb 100644
--- a/plugins/auth-backend-module-microsoft-provider/src/module.test.ts
+++ b/plugins/auth-backend-module-microsoft-provider/src/module.test.ts
@@ -67,7 +67,7 @@ describe('authModuleMicrosoftProvider', () => {
     expect(startUrl.pathname).toBe('/my-tenant-id/oauth2/v2.0/authorize');
     expect(Object.fromEntries(startUrl.searchParams)).toEqual({
       response_type: 'code',
-      scope: 'user.read User.Read.All',
+      scope: 'User.Read.All',
       client_id: 'my-client-id',
       redirect_uri: `http://localhost:${server.port()}/api/auth/microsoft/handler/frame`,
       state: expect.any(String),
diff --git a/plugins/auth-backend-module-oidc-provider/src/module.test.ts b/plugins/auth-backend-module-oidc-provider/src/module.test.ts
index 0edb43f9f3..8ceec1df15 100644
--- a/plugins/auth-backend-module-oidc-provider/src/module.test.ts
+++ b/plugins/auth-backend-module-oidc-provider/src/module.test.ts
@@ -212,6 +212,7 @@ describe('authModuleOidcProvider', () => {
     expect(decodeOAuthState(startUrl.searchParams.get('state')!)).toEqual({
       env: 'development',
       nonce: decodeURIComponent(nonceCookie.value),
+      scope: '',
     });
   });
 
diff --git a/plugins/auth-backend-module-okta-provider/src/module.test.ts b/plugins/auth-backend-module-okta-provider/src/module.test.ts
index e469067b3f..ee410e4d2e 100644
--- a/plugins/auth-backend-module-okta-provider/src/module.test.ts
+++ b/plugins/auth-backend-module-okta-provider/src/module.test.ts
@@ -21,9 +21,7 @@ import { decodeOAuthState } from '@backstage/plugin-auth-node';
 
 describe('authModuleOktaProvider', () => {
   it('should start', async () => {
-    const defaultScopes = 'openid profile email';
     const additionalScopes = 'groups phone';
-    const combinedScopes = `${defaultScopes} ${additionalScopes}`;
     const { server } = await startTestBackend({
       features: [
         import('@backstage/plugin-auth-backend'),
@@ -68,7 +66,7 @@ describe('authModuleOktaProvider', () => {
     expect(startUrl.pathname).toBe('/oauth2/v1/authorize');
     expect(Object.fromEntries(startUrl.searchParams)).toEqual({
       response_type: 'code',
-      scope: combinedScopes,
+      scope: additionalScopes,
       client_id: 'my-client-id',
       redirect_uri: `http://localhost:${server.port()}/api/auth/okta/handler/frame`,
       state: expect.any(String),
diff --git a/plugins/auth-node/src/oauth/CookieScopeManager.ts b/plugins/auth-node/src/oauth/CookieScopeManager.ts
index f012536755..3cbf977e09 100644
--- a/plugins/auth-node/src/oauth/CookieScopeManager.ts
+++ b/plugins/auth-node/src/oauth/CookieScopeManager.ts
@@ -119,7 +119,7 @@ export class CookieScopeManager {
     }
 
     const scope = ctx.state.scope;
-    if (!scope) {
+    if (scope === undefined) {
       throw new AuthenticationError('No scope found in OAuth state');
     }