RU-T48 PR#231 fixes

Author: ucswift

src/app/login/index.tsx

@@ -47,7 +47,7 @@ export default function Login() {
 
   // ── Local login ───────────────────────────────────────────────────────────
   const onSubmit: LoginFormProps['onSubmit'] = async (data) => {
-    logger.info({ message: 'Starting Login (button press)', context: { username: data.username } });
+    logger.info({ message: 'Starting Login (button press)' });
     await login({ username: data.username, password: data.password });
   };
 

src/app/login/sso.tsx

@@ -46,7 +46,7 @@ export default function SsoLogin() {
     clientId: ssoConfig?.clientId ?? '',
   });
 
-  const { startSamlLogin, handleDeepLink, isSamlCallback } = useSamlLogin();
+  const { startSamlLogin, isSamlCallback } = useSamlLogin();
 
   const {
     control,
@@ -73,16 +73,16 @@ export default function SsoLogin() {
 
     setIsSsoLoading(true);
     oidc
-      .exchangeForResgridToken(pendingUsernameRef.current)
-      .then((result) => {
-        if (!result) {
+      .exchangeForResgridToken()
+      .then((idToken) => {
+        if (!idToken) {
           setIsSsoLoading(false);
           setIsErrorModalVisible(true);
           return;
         }
         ssoLogin({
           provider: 'oidc',
-          externalToken: result.access_token,
+          externalToken: idToken,
           username: pendingUsernameRef.current,
         });
       })
@@ -97,16 +97,17 @@ export default function SsoLogin() {
   useEffect(() => {
     const subscription = Linking.addEventListener('url', async ({ url }: { url: string }) => {
       if (!isSamlCallback(url)) return;
-      setIsSsoLoading(true);
-      const result = await handleDeepLink(url, pendingUsernameRef.current);
-      if (!result) {
+      const parsed = Linking.parse(url);
+      const samlResponse = parsed.queryParams?.saml_response as string | undefined;
+      if (!samlResponse) {
         setIsSsoLoading(false);
         setIsErrorModalVisible(true);
         return;
       }
+      setIsSsoLoading(true);
       await ssoLogin({
         provider: 'saml2',
-        externalToken: result.access_token,
+        externalToken: samlResponse,
         username: pendingUsernameRef.current,
       });
     });

src/hooks/__tests__/use-oidc-login.test.ts

@@ -1,22 +1,15 @@
 import { renderHook } from '@testing-library/react-native';
-import axios from 'axios';
 import * as AuthSession from 'expo-auth-session';
-import * as WebBrowser from 'expo-web-browser';
 
 import { useOidcLogin } from '../use-oidc-login';
 
 jest.mock('expo-auth-session');
 jest.mock('expo-web-browser');
-jest.mock('axios');
-jest.mock('@/lib/storage/app', () => ({
-  getBaseApiUrl: jest.fn(() => 'https://api.resgrid.com/api/v4'),
-}));
 jest.mock('@/lib/logging', () => ({
   logger: { info: jest.fn(), warn: jest.fn(), error: jest.fn() },
 }));
 
 const mockedAuthSession = AuthSession as jest.Mocked<typeof AuthSession>;
-const mockedAxios = axios as jest.Mocked<typeof axios>;
 
 describe('useOidcLogin', () => {
   const mockPromptAsync = jest.fn();
@@ -61,7 +54,7 @@ describe('useOidcLogin', () => {
       useOidcLogin({ authority: 'https://idp.example.com', clientId: 'client123' }),
     );
 
-    const tokenResult = await result.current.exchangeForResgridToken('john.doe');
+    const tokenResult = await result.current.exchangeForResgridToken();
     expect(tokenResult).toBeNull();
   });
 
@@ -81,11 +74,11 @@ describe('useOidcLogin', () => {
       useOidcLogin({ authority: 'https://idp.example.com', clientId: 'client123' }),
     );
 
-    const tokenResult = await result.current.exchangeForResgridToken('john.doe');
+    const tokenResult = await result.current.exchangeForResgridToken();
     expect(tokenResult).toBeNull();
   });
 
-  it('exchanges id_token for Resgrid token on success', async () => {
+  it('returns the IdP id_token string on success', async () => {
     (mockedAuthSession.useAuthRequest as jest.Mock).mockReturnValue([
       { codeVerifier: 'verifier123' },
       { type: 'success', params: { code: 'auth-code-123' } },
@@ -97,53 +90,29 @@ describe('useOidcLogin', () => {
       accessToken: 'oidc-access',
     });
 
-    mockedAxios.post = jest.fn().mockResolvedValueOnce({
-      data: {
-        access_token: 'rg-access',
-        refresh_token: 'rg-refresh',
-        expires_in: 3600,
-        token_type: 'Bearer',
-      },
-    });
-
     const { result } = renderHook(() =>
       useOidcLogin({ authority: 'https://idp.example.com', clientId: 'client123' }),
     );
 
-    const tokenResult = await result.current.exchangeForResgridToken('john.doe');
-
-    expect(tokenResult).toEqual({
-      access_token: 'rg-access',
-      refresh_token: 'rg-refresh',
-      expires_in: 3600,
-      token_type: 'Bearer',
-    });
+    const tokenResult = await result.current.exchangeForResgridToken();
 
-    expect(mockedAxios.post).toHaveBeenCalledWith(
-      'https://api.resgrid.com/api/v4/connect/external-token',
-      expect.stringContaining('external_token=oidc-id-token'),
-      expect.objectContaining({ headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }),
-    );
+    expect(tokenResult).toBe('oidc-id-token');
   });
 
-  it('returns null when Resgrid API call fails', async () => {
+  it('returns null when IdP code exchange fails', async () => {
     (mockedAuthSession.useAuthRequest as jest.Mock).mockReturnValue([
       { codeVerifier: 'verifier123' },
       { type: 'success', params: { code: 'auth-code-123' } },
       mockPromptAsync,
     ]);
 
-    (mockedAuthSession.exchangeCodeAsync as jest.Mock).mockResolvedValueOnce({
-      idToken: 'oidc-id-token',
-    });
-
-    mockedAxios.post = jest.fn().mockRejectedValueOnce(new Error('API Error'));
+    (mockedAuthSession.exchangeCodeAsync as jest.Mock).mockRejectedValueOnce(new Error('IdP Error'));
 
     const { result } = renderHook(() =>
       useOidcLogin({ authority: 'https://idp.example.com', clientId: 'client123' }),
     );
 
-    const tokenResult = await result.current.exchangeForResgridToken('john.doe');
+    const tokenResult = await result.current.exchangeForResgridToken();
     expect(tokenResult).toBeNull();
   });
 });

src/hooks/use-oidc-login.ts

@@ -1,9 +1,7 @@
-import axios from 'axios';
 import * as AuthSession from 'expo-auth-session';
 import * as WebBrowser from 'expo-web-browser';
 
 import { logger } from '@/lib/logging';
-import { getBaseApiUrl } from '@/lib/storage/app';
 
 // Required for iOS / Android to close the browser after redirect
 WebBrowser.maybeCompleteAuthSession();
@@ -13,26 +11,18 @@ export interface UseOidcLoginOptions {
   clientId: string;
 }
 
-export interface OidcExchangeResult {
-  access_token: string;
-  refresh_token: string;
-  id_token?: string;
-  expires_in: number;
-  token_type: string;
-  expiration_date?: string;
-}
-
 /**
  * Hook that drives the OIDC Authorization-Code + PKCE flow.
  *
  * Usage:
  *   const { request, promptAsync, exchangeForResgridToken } = useOidcLogin({ authority, clientId });
  *   // 1. call promptAsync() on button press
- *   // 2. watch response inside a useEffect and call exchangeForResgridToken(username) when type === 'success'
+ *   // 2. watch response inside a useEffect and call exchangeForResgridToken() when type === 'success'
+ *   // 3. pass the returned id_token to ssoLogin({ provider: 'oidc', externalToken: idToken, username })
  */
 export function useOidcLogin({ authority, clientId }: UseOidcLoginOptions) {
   const redirectUri = AuthSession.makeRedirectUri({
-    scheme: 'ResgridUnit',
+    scheme: 'resgridunit',
     path: 'auth/callback',
   });
 
@@ -50,10 +40,11 @@ export function useOidcLogin({ authority, clientId }: UseOidcLoginOptions) {
   );
 
   /**
-   * Exchange the OIDC authorization code for a Resgrid access token.
+   * Exchange the OIDC authorization code for the IdP id_token.
    * Should be called after `response?.type === 'success'`.
+   * Returns the raw id_token string for use as the externalToken in ssoLogin.
    */
-  async function exchangeForResgridToken(username: string): Promise<OidcExchangeResult | null> {
+  async function exchangeForResgridToken(): Promise<string | null> {
     if (response?.type !== 'success' || !request?.codeVerifier || !discovery) {
       logger.warn({
         message: 'OIDC exchange called in invalid state',
@@ -63,7 +54,7 @@ export function useOidcLogin({ authority, clientId }: UseOidcLoginOptions) {
     }
 
     try {
-      // Step 1: exchange auth code for id_token at the IdP
+      // Exchange auth code for id_token at the IdP
       const tokenResponse = await AuthSession.exchangeCodeAsync(
         {
           clientId,
@@ -80,18 +71,8 @@ export function useOidcLogin({ authority, clientId }: UseOidcLoginOptions) {
         return null;
       }
 
-      // Step 2: exchange id_token for Resgrid access/refresh tokens
-      const params = new URLSearchParams({
-        provider: 'oidc',
-        external_token: idToken,
-        username,
-        scope: 'openid email profile offline_access mobile',
-      });
-
-      const resgridResponse = await axios.post<OidcExchangeResult>(`${getBaseApiUrl()}/connect/external-token`, params.toString(), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } });
-
-      logger.info({ message: 'OIDC Resgrid token exchange successful' });
-      return resgridResponse.data;
+      logger.info({ message: 'OIDC code exchange successful, id_token obtained' });
+      return idToken;
     } catch (error) {
       logger.error({
         message: 'OIDC token exchange failed',