diff --git a/apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts index eb0f8f190..022ec99b4 100644 --- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts +++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts @@ -1,4 +1,5 @@ import { encodeBase64Url } from "@stackframe/stack-shared/dist/utils/bytes"; +import { encodeBasicAuthorizationHeader } from "@stackframe/stack-shared/dist/utils/http"; import { expect } from "vitest"; import { it, updateCookiesFromResponse } from "../../../../../../helpers"; import { Auth, InternalApiKey, Project, backendContext, niceBackendFetch } from "../../../../../backend-helpers"; @@ -202,7 +203,7 @@ it(`should exchange the authorization code for an admin API key that works`, asy redirect_uri: "http://localhost:30000/api/v2/auth/authorize", }, headers: { - "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY3JldA==" + "Authorization": encodeBasicAuthorizationHeader("custom-local", "custom-local-secret") }, }); expect(tokenResponse).toMatchInlineSnapshot(` @@ -256,7 +257,7 @@ it(`should not exchange the authorization code when the client secret is incorre redirect_uri: "http://localhost:30000/api/v2/auth/authorize", }, headers: { - "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY2JldA==" + "Authorization": encodeBasicAuthorizationHeader("custom-local", "wrong-secret") }, }); expect(tokenResponse).toMatchInlineSnapshot(` diff --git a/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts index 398d87e0a..4d5a6ea1a 100644 --- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts +++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts @@ -1,4 +1,5 @@ import { encodeBase64Url } from "@stackframe/stack-shared/dist/utils/bytes"; +import { encodeBasicAuthorizationHeader } from "@stackframe/stack-shared/dist/utils/http"; import { expect } from "vitest"; import { it, updateCookiesFromResponse } from "../../../../../../helpers"; import { Auth, InternalApiKey, Project, backendContext, niceBackendFetch } from "../../../../../backend-helpers"; @@ -202,7 +203,7 @@ it(`should exchange the authorization code for an admin API key that works`, asy redirect_uri: "http://localhost:30000/api/v2/auth/authorize", }, headers: { - "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY3JldA==" + "Authorization": encodeBasicAuthorizationHeader("neon-local", "neon-local-secret") }, }); expect(tokenResponse).toMatchInlineSnapshot(` @@ -256,7 +257,7 @@ it(`should not exchange the authorization code when the client secret is incorre redirect_uri: "http://localhost:30000/api/v2/auth/authorize", }, headers: { - "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY2JldA==" + "Authorization": encodeBasicAuthorizationHeader("neon-local", "wrong-secret") }, }); expect(tokenResponse).toMatchInlineSnapshot(` diff --git a/packages/stack-shared/src/schema-fields.ts b/packages/stack-shared/src/schema-fields.ts index 5936cc66b..dfb06fd85 100644 --- a/packages/stack-shared/src/schema-fields.ts +++ b/packages/stack-shared/src/schema-fields.ts @@ -482,6 +482,7 @@ export const basicAuthorizationHeaderSchema = yupString().test('is-basic-authori // Neon integration export const neonAuthorizationHeaderSchema = basicAuthorizationHeaderSchema.test('is-neon-authorization-header', 'Invalid client_id:client_secret values; did you use the correct values for the Neon integration?', (value) => { if (!value) return true; + console.log("????????????", value, decodeBasicAuthorizationHeader(value)); const [clientId, clientSecret] = decodeBasicAuthorizationHeader(value) ?? throwErr(`Neon authz header invalid? This should've been validated by basicAuthorizationHeaderSchema: ${value}`); for (const neonClientConfig of JSON.parse(process.env.STACK_INTEGRATION_CLIENTS_CONFIG || '[]')) { if (clientId === neonClientConfig.client_id && clientSecret === neonClientConfig.client_secret) return true;