fix: update the token exchange profiles handling (#1253)

* fix: update token exchange profiles schema and handling

- src/tools/auth0/handlers/tokenExchangeProfiles.ts: remove unnecessary fields from schema
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: adjust fields to strip during updates and creations
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: sanitize profiles before processing changes
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: ensure required fields are validated during profile creation
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: simplify update logic by removing unused fields

* fix: enhance token exchange profiles validation and error handling
- test/tools/auth0/handlers/tokenExchangeProfiles.tests.js: add checks for undefined fields in token exchange profile creation
- test/tools/auth0/handlers/tokenExchangeProfiles.tests.js: implement error handling for missing required fields during profile creation

* fix: update token exchange profiles handling and validation
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: change actions type from Asset to Action
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: update identifiers to use subject_token_type
- src/tools/auth0/handlers/tokenExchangeProfiles.ts: ensure actions are fetched only if not already available

* fix: update token exchange profile handling in tests
- test/tools/auth0/handlers/tokenExchangeProfiles.tests.js: rename test to reflect update behavior
- test/tools/auth0/handlers/tokenExchangeProfiles.tests.js: modify update function to include execution order tracking
- test/tools/auth0/handlers/tokenExchangeProfiles.tests.js: update expectation to match new execution order

Author: kushalshit27

.gitignore

@@ -17,3 +17,4 @@ Makefile
 .github/chatmodes/*
 .github/prompts/*
 .github/agents/*
+.github/skills/*

src/tools/auth0/handlers/tokenExchangeProfiles.ts

@@ -3,6 +3,7 @@ import DefaultHandler, { order } from './default';
 import { Asset, Assets } from '../../../types';
 import { paginate } from '../client';
 import log from '../../../logger';
+import { Action } from './actions';
 
 // Define TokenExchangeProfile type
 export type TokenExchangeProfile = Management.TokenExchangeProfileResponseContent;
@@ -16,10 +17,6 @@ export const schema = {
         type: 'string',
         description: 'The name of the token exchange profile',
       },
-      id: {
-        type: 'string',
-        description: 'The unique identifier of the token exchange profile',
-      },
       subject_token_type: {
         type: 'string',
         description: 'The URI representing the subject token type',
@@ -33,16 +30,6 @@ export const schema = {
         enum: ['custom_authentication'],
         description: 'The type of token exchange profile',
       },
-      created_at: {
-        type: 'string',
-        format: 'date-time',
-        description: 'The timestamp when the profile was created',
-      },
-      updated_at: {
-        type: 'string',
-        format: 'date-time',
-        description: 'The timestamp when the profile was last updated',
-      },
     },
     required: ['name', 'subject_token_type', 'action', 'type'],
   },
@@ -51,21 +38,24 @@ export const schema = {
 export default class TokenExchangeProfilesHandler extends DefaultHandler {
   existing: TokenExchangeProfile[];
 
-  private actions: Asset[] | null;
+  private actions: Action[] | null;
 
   constructor(config: DefaultHandler) {
     super({
       ...config,
       type: 'tokenExchangeProfiles',
       id: 'id',
-      identifiers: ['id', 'name'],
+      identifiers: ['id', 'subject_token_type'],
       // Only name and subject_token_type can be updated
-      stripUpdateFields: ['id', 'created_at', 'updated_at', 'action_id', 'type'],
-      stripCreateFields: ['id', 'created_at', 'updated_at'],
+      stripUpdateFields: ['created_at', 'updated_at', 'action_id', 'type'],
+      stripCreateFields: ['created_at', 'updated_at'],
     });
   }
 
-  private sanitizeForExport(profile: TokenExchangeProfile, actions: Asset[]): TokenExchangeProfile {
+  private sanitizeForExport(
+    profile: TokenExchangeProfile,
+    actions: Action[]
+  ): TokenExchangeProfile {
     if (profile.action_id) {
       const action = actions?.find((a) => a.id === profile.action_id);
       if (action) {
@@ -126,10 +116,12 @@ export default class TokenExchangeProfilesHandler extends DefaultHandler {
       );
 
       // Fetch all actions to map action_id to action name
-      const actions = await this.getActions();
+      this.actions = await this.getActions();
 
       // Map action_id to action name for each profile
-      this.existing = profiles.map((profile) => this.sanitizeForExport(profile, actions));
+      this.existing = profiles.map((profile) =>
+        this.sanitizeForExport(profile, this.actions ?? [])
+      );
 
       return this.existing;
     } catch (err) {
@@ -150,46 +142,53 @@ export default class TokenExchangeProfilesHandler extends DefaultHandler {
     // Do nothing if not set
     if (!tokenExchangeProfiles) return;
 
-    // Fetch actions to resolve action names to IDs
-    const actions = await this.getActions();
-
-    // Map action names to action_ids before processing
-    const sanitizedProfiles = tokenExchangeProfiles.map((profile) =>
-      this.sanitizeForAPI(profile as TokenExchangeProfile, actions)
-    );
-
-    // Create modified assets with sanitized profiles
-    const modifiedAssets = {
-      ...assets,
-      tokenExchangeProfiles: sanitizedProfiles as TokenExchangeProfile[],
-    };
-
     // Calculate changes
-    const { del, update, create, conflicts } = await this.calcChanges(modifiedAssets);
+    const { del, update, create, conflicts } = await this.calcChanges(assets);
 
     log.debug(
       `Start processChanges for tokenExchangeProfiles [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`
     );
 
+    // Fetch actions to resolve action names to IDs
+    if (!this.actions || this.actions.length === 0) {
+      this.actions = await this.getActions();
+    }
+
     // Process changes in order: delete, create, update
     if (del.length > 0) {
-      await this.deleteTokenExchangeProfiles(del);
+      await this.deleteTokenExchangeProfiles(
+        del.map((profile) => this.sanitizeForAPI(profile, this.actions ?? []))
+      );
     }
 
     if (create.length > 0) {
-      await this.createTokenExchangeProfiles(create);
+      await this.createTokenExchangeProfiles(
+        create.map((profile) => this.sanitizeForAPI(profile, this.actions ?? []))
+      );
     }
 
     if (update.length > 0) {
-      await this.updateTokenExchangeProfiles(update);
+      await this.updateTokenExchangeProfiles(
+        update.map((profile) => this.sanitizeForAPI(profile, this.actions ?? []))
+      );
     }
   }
 
   async createTokenExchangeProfile(profile: TokenExchangeProfile): Promise<TokenExchangeProfile> {
-    const { id, created_at, updated_at, ...createParams } = profile;
-    const created = await this.client.tokenExchangeProfiles.create(
-      createParams as Management.CreateTokenExchangeProfileRequestContent
-    );
+    if (!profile.name || !profile.subject_token_type || !profile.action_id || !profile.type) {
+      throw new Error(`Cannot create token exchange profile missing required fields`);
+    }
+
+    const createParams: Management.CreateTokenExchangeProfileRequestContent & {
+      type: Management.TokenExchangeProfileTypeEnum;
+    } = {
+      name: profile.name,
+      subject_token_type: profile.subject_token_type,
+      action_id: profile.action_id,
+      type: profile.type,
+    };
+
+    const created = await this.client.tokenExchangeProfiles.create(createParams);
     return created;
   }
 
@@ -211,12 +210,17 @@ export default class TokenExchangeProfilesHandler extends DefaultHandler {
   }
 
   async updateTokenExchangeProfile(profile: TokenExchangeProfile): Promise<void> {
-    const { id, created_at, updated_at, action_id, type, ...updateParams } = profile;
+    const { id, name, subject_token_type } = profile;
 
     if (!id) {
       throw new Error(`Cannot update token exchange profile "${profile.name}" - missing id`);
     }
 
+    const updateParams: Management.UpdateTokenExchangeProfileRequestContent = {
+      name,
+      subject_token_type,
+    };
+
     await this.client.tokenExchangeProfiles.update(id, updateParams);
   }
 

test/tools/auth0/handlers/tokenExchangeProfiles.tests.js

@@ -225,6 +225,10 @@ describe('#tokenExchangeProfiles handler', () => {
             expect(data.name).to.equal('CIS token exchange');
             expect(data.subject_token_type).to.equal('https://acme.com/cis-token');
             expect(data.action_id).to.equal('action_123'); // Should be mapped to action_id
+            expect(data.type).to.equal('custom_authentication');
+            expect(data.id).to.be.undefined;
+            expect(data.created_at).to.be.undefined;
+            expect(data.updated_at).to.be.undefined;
             return Promise.resolve({
               data: {
                 ...data,
@@ -268,6 +272,29 @@ describe('#tokenExchangeProfiles handler', () => {
       ]);
     });
 
+    it('should throw when creating token exchange profile without required fields', async () => {
+      const auth0 = {
+        tokenExchangeProfiles: {
+          create: () => Promise.resolve({}),
+        },
+        pool,
+      };
+
+      const handler = new tokenExchangeProfiles.default({ client: pageClient(auth0), config });
+
+      try {
+        await handler.createTokenExchangeProfile({
+          name: 'Incomplete token exchange',
+          subject_token_type: 'https://acme.com/cis-token',
+          type: 'custom_authentication',
+          // action_id missing
+        });
+        expect.fail('Should have thrown an error');
+      } catch (err) {
+        expect(err.message).to.include('missing required fields');
+      }
+    });
+
     it('should update token exchange profile', async () => {
       const auth0 = {
         tokenExchangeProfiles: {
@@ -358,15 +385,18 @@ describe('#tokenExchangeProfiles handler', () => {
       await stageFn.apply(handler, [{ tokenExchangeProfiles: [] }]);
     });
 
-    it('should process deletes before creates to avoid race conditions', async () => {
+    it('should update when subject_token_type matches existing profile', async () => {
       const executionOrder = [];
       const auth0 = {
         tokenExchangeProfiles: {
           create: function (data) {
             executionOrder.push('create');
             return Promise.resolve({ data: { ...data, id: 'tep_new' } });
           },
-          update: () => Promise.resolve({ data: [] }),
+          update: function (id, data) {
+            executionOrder.push('update');
+            return Promise.resolve({ data: { id, ...data } });
+          },
           delete: function (id) {
             executionOrder.push('delete');
             return new Promise((resolve) => setTimeout(() => resolve({ id }), 10));
@@ -417,7 +447,7 @@ describe('#tokenExchangeProfiles handler', () => {
         },
       ]);
 
-      expect(executionOrder).to.deep.equal(['delete', 'create']);
+      expect(executionOrder).to.deep.equal(['update']);
     });
 
     it('should throw error when action is not found during create', async () => {