Skip to content

Commit

Permalink
Throw an error when an invalid applicationId is specified.
Browse files Browse the repository at this point in the history
  • Loading branch information
wparad committed Apr 1, 2024
1 parent 7a99638 commit 9f39cec
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ This is the changelog for [Authress Login](readme.md).

## 2.4 ##
* Prevent silent returns from `authenticate` when a different connectionId is used to have the user log in.
* Throw error on invalid application specified from inside the SDK for improved debugging.

## 2.3 ##
* Add MFA device methods.
Expand Down
6 changes: 6 additions & 0 deletions src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ class LoginClient {
}

this.applicationId = settingsWithDefault.applicationId;
if (!this.applicationId || this.applicationId.match(/^(sc_|ext_)/)) {
const error = Error("You have incorrectly specified an Authress Service Client or Extension as the applicationId instead of a valid application. The applicationId is your application that your users will log into, usually hosted on your domain https://example.yourdomain.com. Users cannot log *into* a Service Client, but they can log in *with* one. Users can use a Service Client to log in, by setting the connection ID in the *authenticate({ connectionId })* method to be the Authress Service Client.\n(1) If you are building an Custom Login Portal, then the application ID should correspond to this login portal.\n(2) If you are replacing or extending an Authress connection, then specify the Service Client as the connectionId and the end user application as the applicationId.\n(3) If you are building a platform or plugin marketplace, where users will log into third party extensions or apps, then distribute in your SDK a wrapper for the Authress Extension Client using: import { extensionClient } from '@authress/login' found within this SDK.");
error.code = 'InvalidApplication';
throw error;
}

this.hostUrl = sanitizeUrl(hostUrl);
this.httpClient = new HttpClient(this.hostUrl, logger);
this.lastSessionCheck = 0;
Expand Down

0 comments on commit 9f39cec

Please sign in to comment.