feat(auth): add acrValues for mfa

emdgroup · Apr 19, 2023 · 1a841e3 · 1a841e3
1 parent 3ea729d
commit 1a841e3
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 30 deletions.
diff --git a/packages/auth/README.md b/packages/auth/README.md
@@ -6,12 +6,6 @@
 - [UserInfo](#UserInfo)
 - [UserSession](#UserSession)
 
-## Variables
-
-### UserContext
-
-• **UserContext**: `Context`<[`UserContext`](#usercontext)\>
-
 ## Functions
 
 ### UserContextProvider
@@ -50,7 +44,7 @@ ___
 
 ### useUser
 
-▸ **useUser**(): [`UserContext`](#usercontext)
+▸ **useUser**(): `UserContext`
 
 Returns the user context previously established with `UserContextProvider`.
 
@@ -65,7 +59,7 @@ useEffect(() => {
 
 #### Returns
 
-[`UserContext`](#usercontext)
+`UserContext`
 
 
 ## UserContext
@@ -94,55 +88,79 @@ Provides the `UserInfo` object if the user is authenticated.
 
 ___
 
-### loginUrl
-
-• `Optional` **loginUrl**: `string`
-
-Set to the URL that the user is redirected to initiate the authorization flow. Useful when you need to start the login flow in a separate window or tab. Use in combination with `login({ refresh: false })`.
-
-___
-
-### session
-
-• `Optional` **session**: [`UserSession`](#UserSession)
-
-Provides the `UserSession` object if the user is authenticated.
+### login
 
-## Methods
+• `Optional` **login**: (`opts?`: [`LoginOptions`](#LoginOptions)) => `void`
 
-### login
+#### Type declaration
 
-▸ `Optional` **login**(`opts?`): `void`
+▸ (`opts?`): `void`
 
 Function to initiate the login flow.
 
-#### Parameters
+##### Parameters
 
 | Name | Type |
 | :------ | :------ |
 | `opts?` | [`LoginOptions`](#LoginOptions) |
 
-#### Returns
+##### Returns
 
 `void`
 
 ___
 
+### loginUrl
+
+• `Optional` **loginUrl**: `string`
+
+Set to the URL that the user is redirected to initiate the authorization flow. Useful when you need to start the login flow in a separate window or tab. Use in combination with `login({ refresh: false })`.
+
+___
+
 ### logout
 
-▸ `Optional` **logout**(): `void`
+• `Optional` **logout**: () => `void`
+
+#### Type declaration
+
+▸ (): `void`
 
 Function to log the user out.
 
-#### Returns
+##### Returns
 
 `void`
 
+___
+
+### session
+
+• `Optional` **session**: [`UserSession`](#UserSession)
+
+Provides the `UserSession` object if the user is authenticated.
+
 
 ## ProviderOptions
 
 ## Properties
 
+### acrValues
+
+• `Optional` **acrValues**: `string`
+
+Request a type of multi-factor authentication. Currently, `mfa` is the only supported value.
+
+___
+
+### additionalParameters
+
+• `Optional` **additionalParameters**: `string`
+
+Additional query parameters, such as `state=xyz`.
+
+___
+
 ### autoLogin
 
 • `Optional` **autoLogin**: `boolean`

diff --git a/packages/auth/package.json b/packages/auth/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@emdgroup/react-auth",
-  "version": "1.5.3",
+  "version": "1.6.0",
   "description": "React hooks implementing the Authorization Code Grant Flow with PKCE.",
   "type": "module",
   "main": "./dist/index.js",

diff --git a/packages/auth/src/index.tsx b/packages/auth/src/index.tsx
@@ -166,6 +166,10 @@ export interface ProviderOptions {
     refreshSession?: boolean;
     /** Whether the authorization server prompts the user for re-authentication. */
     prompt?: 'login';
+    /** Request a type of multi-factor authentication. Currently, `mfa` is the only supported value. */
+    acrValues?: string;
+    /** Additional query parameters, such as `state=xyz`. */
+    additionalParameters?: string;
 }
 
 /**
@@ -198,6 +202,8 @@ export function UserContextProvider({
     redirectUri,
     refreshSession: refreshSessionOpt = false,
     prompt,
+    acrValues,
+    additionalParameters,
 }: ProviderOptions): JSX.Element {
     const [session, updateSession, clearSession] = useLocalStorage('session', isSession);
 
@@ -232,12 +238,14 @@ export function UserContextProvider({
             code_challenge_method: 'S256',
             code_challenge: challenge,
             prompt,
+            acr_values: acrValues,
+            ...(additionalParameters ? querystring.parse(additionalParameters) : undefined),
         });
 
         setLoginUrl(url);
 
         if (redirect) document.location.href = url;
-    }, [setKey, idpHost, clientId, domainHint, redirectUri, setEntrypoint, prompt]);
+    }, [setKey, idpHost, clientId, domainHint, redirectUri, setEntrypoint, prompt, acrValues, additionalParameters]);
 
     const logout = useCallback((): void => {
         clearSession();