Use child class for tokens to override parsing implementations.

Author: apognu

bun.lock

@@ -60,6 +60,7 @@
         "@tanstack/react-query-devtools": "5.83.1",
         "@tanstack/react-table": "^8.21.2",
         "@tanstack/react-virtual": "3.13.12",
+        "arctic": "^3.7.0",
         "autosuggest-highlight": "^3.3.4",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
@@ -94,7 +95,6 @@
         "reactflow": "^11.11.4",
         "remeda": "^2.21.2",
         "remix-auth-oauth2": "^3.4.1",
-        "remix-auth-openid": "^0.3.0",
         "remix-i18next": "^6.4.1",
         "remix-utils": "^7.7.0",
         "sharpstate": "^0.0.13",
@@ -2192,8 +2192,6 @@
 
     "jiti": ["[email protected]", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],
 
-    "jose": ["[email protected]", "", {}, "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA=="],
-
     "js-beautify": ["[email protected]", "", { "dependencies": { "config-chain": "^1.1.13", "editorconfig": "^1.0.4", "glob": "^10.4.2", "js-cookie": "^3.0.5", "nopt": "^7.2.1" }, "bin": { "css-beautify": "js/bin/css-beautify.js", "html-beautify": "js/bin/html-beautify.js", "js-beautify": "js/bin/js-beautify.js" } }, "sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA=="],
 
     "js-cookie": ["[email protected]", "", {}, "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw=="],
@@ -2534,14 +2532,12 @@
 
     "object-assign": ["[email protected]", "", {}, "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg=="],
 
-    "object-hash": ["object-hash@2.2.0", "", {}, "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw=="],
+    "object-hash": ["object-hash@3.0.0", "", {}, "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw=="],
 
     "object-inspect": ["[email protected]", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="],
 
     "object-to-formdata": ["[email protected]", "", {}, "sha512-QiM9D0NiU5jV6J6tjE1g7b4Z2tcUnKs1OPUi4iMb2zH+7jwlcUrASghgkFk9GtzqNNq8rTQJtT8AzjBAvLoNMw=="],
 
-    "oidc-token-hash": ["[email protected]", "", {}, "sha512-D7EmwxJV6DsEB6vOFLrBM2OzsVgQzgPWyHlV2OOAVj772n+WTXpudC9e9u5BVKQnYwaD30Ivhi9b+4UeBcGu9g=="],
-
     "on-finished": ["[email protected]", "", { "dependencies": { "ee-first": "1.1.1" } }, "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg=="],
 
     "on-headers": ["[email protected]", "", {}, "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A=="],
@@ -2556,8 +2552,6 @@
 
     "openapi-types": ["[email protected]", "", {}, "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw=="],
 
-    "openid-client": ["[email protected]", "", { "dependencies": { "jose": "^4.15.9", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" } }, "sha512-jDBPgSVfTnkIh71Hg9pRvtJc6wTwqjRkN88+gCFtYWrlP4Yx2Dsrow8uPi3qLr/aeymPF3o2+dS+wOpglK04ew=="],
-
     "opentelemetry-instrumentation-remix": ["[email protected]", "", { "dependencies": { "@opentelemetry/instrumentation": "^0.52.1", "@opentelemetry/semantic-conventions": "^1.25.1" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-2XhIEWfzHeQmxnzv9HzklwkgYMx4NuWwloZuVIwjUb9R28gH5j3rJPqjErTvYSyz0fLbw0gyI+gfYHKHn/v/1Q=="],
 
     "ora": ["[email protected]", "", { "dependencies": { "chalk": "^5.3.0", "cli-cursor": "^5.0.0", "cli-spinners": "^2.9.2", "is-interactive": "^2.0.0", "is-unicode-supported": "^2.0.0", "log-symbols": "^6.0.0", "stdin-discarder": "^0.2.2", "string-width": "^7.2.0", "strip-ansi": "^7.1.0" } }, "sha512-weP+BZ8MVNnlCm8c0Qdc1WSWq4Qn7I+9CJGm7Qali6g44e/PUzbjNqJX5NJ9ljlNMosfJvg1fKEGILklK9cwnw=="],
@@ -2834,8 +2828,6 @@
 
     "remix-auth-oauth2": ["[email protected]", "", { "dependencies": { "@edgefirst-dev/data": "^0.0.4", "@mjackson/headers": "^0.10.0", "arctic": "^3.0.0" }, "peerDependencies": { "remix-auth": "^4.0.0" } }, "sha512-ZhGon1czdIsOw1/O9EcTCzapZB6FpT3u9vtXSVeEMwGNs+iWljRsibnUC1RtwJbzzCdLBSwIXTNTbiRmLZ4cZw=="],
 
-    "remix-auth-openid": ["[email protected]", "", { "dependencies": { "@mjackson/headers": "^0.9.0", "openid-client": "^5.0.0", "react-router": "^7.0.0" }, "peerDependencies": { "remix-auth": "^4.0.0" } }, "sha512-DUe7B+ITkHj6xYeCwmMtRpooLk6jJm3alSs2SDoolgvhiQXrekmvS67SlzdKI2yU+P3rPP+UTflQp7zn4UgIhg=="],
-
     "remix-development-tools": ["[email protected]", "", { "dependencies": { "@radix-ui/react-accordion": "^1.1.2", "@radix-ui/react-select": "^1.2.2", "beautify": "^0.0.8", "chalk": "^5.3.0", "clsx": "^2.0.0", "date-fns": "^4.1.0", "es-module-lexer": "^1.4.1", "react-d3-tree": "^3.6.2", "react-diff-viewer-continued": "^3.3.1", "react-hotkeys-hook": "^4.5.0", "tailwind-merge": "^1.14.0" }, "peerDependencies": { "@remix-run/react": ">=1.15", "react": ">=17", "react-dom": ">=17", "vite": ">=5.0.0" } }, "sha512-yJlLm1hxhZhLr2Q4CqPyEtaIrg9GsTvU72Eu9moLkR5azVZeVepJcuHwACZJN0vGVdV4eto1IRPljYuODcG4Vw=="],
 
     "remix-flat-routes": ["[email protected]", "", { "dependencies": { "fs-extra": "^11.2.0", "minimatch": "^10.0.1" }, "bin": { "migrate-flat-routes": "dist/cli.cjs" } }, "sha512-30GcEpvwqFXCyTKiCTeqI3QSNyTg+f0qLGeIc95y6o3gaOEIhbC37qWpe8HrVEkdnj48xUyaUK03jm1zYFkhfA=="],
@@ -3742,8 +3734,6 @@
 
     "oazapfts/typescript": ["[email protected]", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
 
-    "openid-client/lru-cache": ["[email protected]", "", { "dependencies": { "yallist": "^4.0.0" } }, "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA=="],
-
     "opentelemetry-instrumentation-remix/@opentelemetry/instrumentation": ["@opentelemetry/[email protected]", "", { "dependencies": { "@opentelemetry/api-logs": "0.52.1", "@types/shimmer": "^1.0.2", "import-in-the-middle": "^1.8.1", "require-in-the-middle": "^7.1.1", "semver": "^7.5.2", "shimmer": "^1.2.1" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-uXJbYU/5/MBHjMp1FqrILLRuiJCs3Ofk0MeRDk8g1S1gD47U8X3JnSwcMO1rtRo1x1a7zKaQHaoYu49p/4eSKw=="],
 
     "ora/chalk": ["[email protected]", "", {}, "sha512-46QrSQFyVSEyYAgQ22hQ+zDa60YHA4fBstHmtSApj1Y5vKtG27fWowW03jCk5KcbXEWPZUIR894aARCA/G1kfQ=="],
@@ -3790,10 +3780,6 @@
 
     "remark-mdx-frontmatter/estree-util-is-identifier-name": ["[email protected]", "", {}, "sha512-OVJZ3fGGt9By77Ix9NhaRbzfbDV/2rx9EP7YIDJTmsZSEc5kYn2vWcNccYyahJL2uAQZK2a5Or2i0wtIKTPoRQ=="],
 
-    "remix-auth-openid/@mjackson/headers": ["@mjackson/[email protected]", "", {}, "sha512-1WFCu2iRaqbez9hcYYI611vcH1V25R+fDfOge/CyKc8sdbzniGfy/FRhNd3DgvFF4ZEEX2ayBrvFHLtOpfvadw=="],
-
-    "remix-auth-openid/react-router": ["[email protected]", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-pfAByjcTpX55mqSDGwGnY9vDCpxqBLASg0BMNAuMmpSGESo/TaOUG6BllhAtAkCGx8Rnohik/XtaqiYUJtgW2g=="],
-
     "remix-development-tools/@radix-ui/react-select": ["@radix-ui/[email protected]", "", { "dependencies": { "@babel/runtime": "^7.13.10", "@radix-ui/number": "1.0.1", "@radix-ui/primitive": "1.0.1", "@radix-ui/react-collection": "1.0.3", "@radix-ui/react-compose-refs": "1.0.1", "@radix-ui/react-context": "1.0.1", "@radix-ui/react-direction": "1.0.1", "@radix-ui/react-dismissable-layer": "1.0.4", "@radix-ui/react-focus-guards": "1.0.1", "@radix-ui/react-focus-scope": "1.0.3", "@radix-ui/react-id": "1.0.1", "@radix-ui/react-popper": "1.1.2", "@radix-ui/react-portal": "1.0.3", "@radix-ui/react-primitive": "1.0.3", "@radix-ui/react-slot": "1.0.2", "@radix-ui/react-use-callback-ref": "1.0.1", "@radix-ui/react-use-controllable-state": "1.0.1", "@radix-ui/react-use-layout-effect": "1.0.1", "@radix-ui/react-use-previous": "1.0.1", "@radix-ui/react-visually-hidden": "1.0.3", "aria-hidden": "^1.1.1", "react-remove-scroll": "2.5.5" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0", "react-dom": "^16.8 || ^17.0 || ^18.0" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-zI7McXr8fNaSrUY9mZe4x/HC0jTLY9fWNhO1oLWYMQGDXuV4UCivIGTxwioSzO0ZCYX9iSLyWmAh/1TOmX3Cnw=="],
 
     "remix-development-tools/chalk": ["[email protected]", "", {}, "sha512-46QrSQFyVSEyYAgQ22hQ+zDa60YHA4fBstHmtSApj1Y5vKtG27fWowW03jCk5KcbXEWPZUIR894aARCA/G1kfQ=="],
@@ -4394,8 +4380,6 @@
 
     "marble-api/tailwind-preset/tailwindcss/lilconfig": ["[email protected]", "", {}, "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ=="],
 
-    "marble-api/tailwind-preset/tailwindcss/object-hash": ["[email protected]", "", {}, "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw=="],
-
     "marble-api/tailwind-preset/tailwindcss/postcss-load-config": ["[email protected]", "", { "dependencies": { "lilconfig": "^2.0.5", "yaml": "^1.10.2" }, "peerDependencies": { "postcss": ">=8.0.9", "ts-node": ">=9.0.0" }, "optionalPeers": ["postcss", "ts-node"] }, "sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg=="],
 
     "mdast-util-mdx/mdast-util-from-markdown/micromark/micromark-core-commonmark": ["[email protected]", "", { "dependencies": { "decode-named-character-reference": "^1.0.0", "micromark-factory-destination": "^1.0.0", "micromark-factory-label": "^1.0.0", "micromark-factory-space": "^1.0.0", "micromark-factory-title": "^1.0.0", "micromark-factory-whitespace": "^1.0.0", "micromark-util-character": "^1.0.0", "micromark-util-chunked": "^1.0.0", "micromark-util-classify-character": "^1.0.0", "micromark-util-html-tag-name": "^1.0.0", "micromark-util-normalize-identifier": "^1.0.0", "micromark-util-resolve-all": "^1.0.0", "micromark-util-subtokenize": "^1.0.0", "micromark-util-symbol": "^1.0.0", "micromark-util-types": "^1.0.1", "uvu": "^0.5.0" } }, "sha512-BgHO1aRbolh2hcrzL2d1La37V0Aoz73ymF8rAcKnohLy93titmv62E0gP8Hrx9PKcKrqCZ1BbLGbP3bEhoXYlw=="],

packages/app-builder/package.json

@@ -78,6 +78,7 @@
     "@tanstack/react-query-devtools": "5.83.1",
     "@tanstack/react-table": "^8.21.2",
     "@tanstack/react-virtual": "3.13.12",
+    "arctic": "^3.7.0",
     "autosuggest-highlight": "^3.3.4",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",

packages/app-builder/src/services/auth/oidc.server.ts

@@ -1,6 +1,7 @@
 import { AppConfigRepository } from '@app-builder/repositories/AppConfigRepository';
 import { Tokens } from '@app-builder/routes/oidc+/auth';
 import { getServerEnv } from '@app-builder/utils/environment';
+import { OAuth2Tokens } from 'arctic';
 import { OAuth2Strategy } from 'remix-auth-oauth2';
 
 let oidcStrategy: MarbleOidcStrategy<Tokens> | undefined = undefined;
@@ -33,13 +34,15 @@ export const makeOidcService = async (configRepository: AppConfigRepository) =>
       redirectURI: config.auth.oidc.redirect_uri,
       scopes: config.auth.oidc.scopes,
     },
-    async ({ tokens }): Promise<Tokens> => {
+    async ({ tokens: rawTokens }): Promise<Tokens> => {
+      const tokens: CompatOAuth2Tokens = new CompatOAuth2Tokens(rawTokens.data);
+
       const credentials: Tokens = {
         sub: 'DOES NOT MATTER',
         accessToken: tokens.accessToken() ?? '',
         refreshToken: tokens.hasRefreshToken() ? tokens.refreshToken() : '',
         idToken: tokens.idToken(),
-        expiredAt: tokens.accessTokenExpiresAt().getTime() ?? 0,
+        expiredAt: (tokens as CompatOAuth2Tokens).accessTokenExpiresAt().getTime() ?? 0,
       };
 
       return credentials;
@@ -50,3 +53,33 @@ export const makeOidcService = async (configRepository: AppConfigRepository) =>
 
   return oidcStrategy;
 };
+
+//
+// Some OpenID Connect providers do not follow the specification. This class
+// extends the one we receive from the IDP to implement more relaxed parsing
+// methods in order to accept more kinds of responses.
+//
+class CompatOAuth2Tokens extends OAuth2Tokens {
+  // Microsoft Azure's implementation of OpenID Connect sends the `expires_in`
+  // field as a stringified integer, instead of a real integer. This breaks our
+  // library, we therefore override their functions in order to parse it anyway.
+  override accessTokenExpiresInSeconds(): number {
+    if ('expires_in' in this.data) {
+      if (typeof this.data.expires_in === 'number') {
+        return this.data.expires_in;
+      }
+
+      if (typeof this.data.expires_in === 'string') {
+        const expiresInInt = parseInt(this.data.expires_in);
+
+        if (!isNaN(expiresInInt) && expiresInInt.toString() === this.data.expires_in) {
+          return expiresInInt;
+        }
+
+        return expiresInInt;
+      }
+    }
+
+    throw new Error("Missing or invalid 'expires_in' field");
+  }
+}