Neon Identity -> Auth rebrand

2026-06-04 21:04:37 +08:00 · 2025-02-03 13:15:37 -08:00 · 2025-02-03 13:15:37 -08:00 · 38323ce660
commit 38323ce660
parent c857003f9c
2 changed files with 39 additions and 7 deletions
--- a/apps/backend/.env.development
+++ b/apps/backend/.env.development
@ -42,4 +42,4 @@ STACK_ARTIFICIAL_DEVELOPMENT_DELAY_MS=50

 STACK_ENABLE_HARDCODED_PASSKEY_CHALLENGE_FOR_TESTING=yes

-STACK_NEON_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-local", "client_secret": "neon-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize"]}]
+STACK_NEON_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-local", "client_secret": "neon-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}]
--- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
@ -3,14 +3,14 @@ import { expect } from "vitest";
 import { it, updateCookiesFromResponse } from "../../../../../../helpers";
 import { ApiKey, Auth, Project, backendContext, niceBackendFetch } from "../../../../../backend-helpers";

-async function authorizePart1() {
+async function authorizePart1(redirectUri: string = "http://localhost:30000/api/v2/auth/authorize") {
  let cookies = "";
  const first = await niceBackendFetch("/api/v1/integrations/neon/oauth/authorize", {
    method: "GET",
    query: {
      response_type: "code",
      client_id: "neon-local",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: redirectUri,
      state: encodeBase64Url(new TextEncoder().encode(JSON.stringify({ details: { neon_project_name: 'neon-project' } }))),
      code_challenge: "xf6HY7PIgoaCf_eMniSt-45brYE2J_05C9BnfIbueik",
      code_challenge_method: "S256",
@ -135,9 +135,9 @@ async function authorize(projectId: string) {
      },
      NiceResponse {
        "status": 303,
-        "body": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&amp=",
+        "body": "http://localhost:30000/api/v2/auth/authorize?code=%3Cstripped+query+param%3E&amp=",
        "headers": Headers {
-          "location": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&iss=http%3A%2F%2Flocalhost%3A8102%2Fapi%2Fv1%2Fintegrations%2Fneon%2Foauth%2Fidp",
+          "location": "http://localhost:30000/api/v2/auth/authorize?code=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&iss=http%3A%2F%2Flocalhost%3A8102%2Fapi%2Fv1%2Fintegrations%2Fneon%2Foauth%2Fidp",
          "set-cookie": <setting cookie "_interaction_resume" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
          "set-cookie": <setting cookie "_interaction_resume.sig" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
          <some fields may have been hidden>,
@ -156,6 +156,38 @@ it(`should redirect to the correct callback URL`, async ({}) => {
  await authorize(createdProject.projectId);
 });

+it(`should not redirect to the incorrect callback URL`, async ({}) => {
+  await Auth.Otp.signIn();
+  await Project.create();
+
+  const result = await authorizePart1("http://localhost:30000/api/v2/wrong-url/authorize");
+  expect(result).toMatchInlineSnapshot(`
+    {
+      "cookies": "",
+      "responses": [
+        NiceResponse {
+          "status": 307,
+          "headers": Headers {
+            "location": "http://localhost:8102/api/v1/integrations/neon/oauth/idp/auth?response_type=code&client_id=neon-local&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
+            <some fields may have been hidden>,
+          },
+        },
+        NiceResponse {
+          "status": 400,
+          "body": {
+            "error": "invalid_redirect_uri",
+            "error_description": "redirect_uri did not match any of the client's registered redirect_uris",
+            "iss": "http://localhost:8102/api/v1/integrations/neon/oauth/idp",
+            "state": "eyJkZXRhaWxzIjp7Im5lb25fcHJvamVjdF9uYW1lIjoibmVvbi1wcm9qZWN0In19",
+          },
+          "headers": Headers { <some fields may have been hidden> },
+        },
+        undefined,
+      ],
+    }
+  `);
+});
+
 it(`should exchange the authorization code for an admin API key that works`, async ({}) => {
  await Auth.Otp.signIn();
  const createdProject = await Project.create();
@ -167,7 +199,7 @@ it(`should exchange the authorization code for an admin API key that works`, asy
      grant_type: "authorization_code",
      code: authorizationCode,
      code_verifier: "W2LPAD4M4ES-3wBjzU6J5ApykmuxQy5VTs3oSmtboDM",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
    },
    headers: {
      "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY3JldA=="
@ -221,7 +253,7 @@ it(`should not exchange the authorization code when the client secret is incorre
      grant_type: "authorization_code",
      code: authorizationCode,
      code_verifier: "W2LPAD4M4ES-3wBjzU6J5ApykmuxQy5VTs3oSmtboDM",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
    },
    headers: {
      "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY2JldA=="