fix(auth): both array and Im.List scopes can be added to redirectURL (#6416)

src/core/oauth2-authorize.js

@@ -1,4 +1,5 @@
 import win from "core/window"
+import Im from "immutable"
 import { btoa, sanitizeUrl, generateCodeVerifier, createCodeChallenge } from "core/utils"
 
 export default function authorize ( { auth, authActions, errActions, configs, authConfigs={} } ) {
@@ -52,10 +53,17 @@ export default function authorize ( { auth, authActions, errActions, configs, au
   }
   query.push("redirect_uri=" + encodeURIComponent(redirectUrl))
 
-  if (Array.isArray(scopes) && 0 < scopes.length) {
+  let scopesArray = []
+  if (Array.isArray(scopes)) {
+    scopesArray = scopes
+  } else if (Im.List.isList(scopes)) {
+    scopesArray = scopes.toArray()
+  }
+
+  if (scopesArray.length > 0)  {
     let scopeSeparator = authConfigs.scopeSeparator || " "
 
-    query.push("scope=" + encodeURIComponent(scopes.join(scopeSeparator)))
+    query.push("scope=" + encodeURIComponent(scopesArray.join(scopeSeparator)))
   }
 
   let state = btoa(new Date())

test/unit/core/oauth2-authorize.js

@@ -1,5 +1,6 @@
 
 import win from "core/window"
+import Im from "immutable"
 import oauth2Authorize from "core/oauth2-authorize"
 import * as utils from "core/utils"
 
@@ -11,7 +12,15 @@ describe("oauth2", () => {
   }
 
   let authConfig = {
-    auth: { schema: { get: (key)=> mockSchema[key] } }, 
+    auth: { schema: { get: (key)=> mockSchema[key] }, scopes: ["scope1", "scope2"] },
+    authActions: {},
+    errActions: {},
+    configs: { oauth2RedirectUrl: "" },
+    authConfigs: {}
+  }
+
+  let authConfig2 = {
+    auth: { schema: { get: (key)=> mockSchema[key] }, scopes: Im.List(["scope2","scope3"]) },
     authActions: {},
     errActions: {},
     configs: { oauth2RedirectUrl: "" },
@@ -27,7 +36,7 @@ describe("oauth2", () => {
       const windowOpenSpy = jest.spyOn(win, "open")
       oauth2Authorize(authConfig)
       expect(windowOpenSpy.mock.calls.length).toEqual(1)
-      expect(windowOpenSpy.mock.calls[0][0]).toMatch("https://testAuthorizationUrl?response_type=code&redirect_uri=&state=")
+      expect(windowOpenSpy.mock.calls[0][0]).toMatch("https://testAuthorizationUrl?response_type=code&redirect_uri=&scope=scope1%20scope2&state=")
 
       windowOpenSpy.mockReset()
     })
@@ -37,7 +46,7 @@ describe("oauth2", () => {
       mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1"
       oauth2Authorize(authConfig)
       expect(windowOpenSpy.mock.calls.length).toEqual(1)
-      expect(windowOpenSpy.mock.calls[0][0]).toMatch("https://testAuthorizationUrl?param=1&response_type=code&redirect_uri=&state=")
+      expect(windowOpenSpy.mock.calls[0][0]).toMatch("https://testAuthorizationUrl?param=1&response_type=code&redirect_uri=&scope=scope1%20scope2&state=")
 
       windowOpenSpy.mockReset()
     })
@@ -73,5 +82,16 @@ describe("oauth2", () => {
       generateCodeVerifierSpy.mockReset()
       createCodeChallengeSpy.mockReset()
     })
+
+    it("should add list of scopes to authorizeUrl", () => {
+      const windowOpenSpy = jest.spyOn(win, "open")
+      mockSchema.authorizationUrl = "https://testAuthorizationUrl?param=1"
+
+      oauth2Authorize(authConfig2)
+      expect(windowOpenSpy.mock.calls.length).toEqual(1)
+      expect(windowOpenSpy.mock.calls[0][0]).toMatch("https://testAuthorizationUrl?param=1&response_type=code&redirect_uri=&scope=scope2%20scope3&state=")
+
+      windowOpenSpy.mockReset()
+    })
   })
 })