From 781773736614230be74c28448f15e8b38e8488be Mon Sep 17 00:00:00 2001
From: Alex Nachbaur <mike.nachbaur@okta.com>
Date: Wed, 11 Dec 2024 13:36:23 -0800
Subject: [PATCH] Ensure the authentication flow config is included in all
 appropriate requests

---
 Sources/OktaDirectAuth/Extensions/Array+Extensions.swift | 9 +++++++++
 .../Internal/Requests/ChallengeRequest.swift             | 4 ++++
 .../Internal/Requests/OOBAuthenticateRequest.swift       | 4 ++++
 .../OktaDirectAuth/Internal/Requests/TokenRequest.swift  | 8 ++++----
 .../Internal/Requests/WebAuthnRequest.swift              | 4 ++++
 5 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/Sources/OktaDirectAuth/Extensions/Array+Extensions.swift b/Sources/OktaDirectAuth/Extensions/Array+Extensions.swift
index 050f85260..a6805130d 100644
--- a/Sources/OktaDirectAuth/Extensions/Array+Extensions.swift
+++ b/Sources/OktaDirectAuth/Extensions/Array+Extensions.swift
@@ -14,6 +14,15 @@ import Foundation
 
 extension Array where Element == GrantType {
     /// The list of all grants that the Direct Authentication SDK supports.
+    ///
+    /// Currently this library supports the following authentication grant types:
+    /// * ``GrantType.password``
+    /// * ``GrantType.oob``
+    /// * ``GrantType.otp``
+    /// * ``GrantType.webAuthn``
+    /// * ``GrantType.oobMFA``
+    /// * ``GrantType.otpMFA``
+    /// * ``GrantType.webAuthnMFA``
     public static var directAuth: [GrantType] {
         [ .password, .oob, .otp, .oobMFA, .otpMFA, .webAuthn, .webAuthnMFA ]
     }
diff --git a/Sources/OktaDirectAuth/Internal/Requests/ChallengeRequest.swift b/Sources/OktaDirectAuth/Internal/Requests/ChallengeRequest.swift
index 5f044230b..57b4ac54c 100644
--- a/Sources/OktaDirectAuth/Internal/Requests/ChallengeRequest.swift
+++ b/Sources/OktaDirectAuth/Internal/Requests/ChallengeRequest.swift
@@ -22,11 +22,13 @@ extension OpenIdConfiguration {
 struct ChallengeRequest {
     let url: URL
     let clientConfiguration: OAuth2Client.Configuration
+    let authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?
     let mfaToken: String
     let challengeTypesSupported: [GrantType]
     
     init(openIdConfiguration: OpenIdConfiguration,
          clientConfiguration: OAuth2Client.Configuration,
+         authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?,
          mfaToken: String,
          challengeTypesSupported: [GrantType]) throws
     {
@@ -36,6 +38,7 @@ struct ChallengeRequest {
         
         self.url = url
         self.clientConfiguration = clientConfiguration
+        self.authenticationFlowConfiguration = authenticationFlowConfiguration
         self.mfaToken = mfaToken
         self.challengeTypesSupported = challengeTypesSupported
     }
@@ -85,6 +88,7 @@ extension ChallengeRequest: APIRequest, APIRequestBody {
         ]
         
         result.merge(clientConfiguration.authentication)
+        result.merge(authenticationFlowConfiguration)
 
         return result
     }
diff --git a/Sources/OktaDirectAuth/Internal/Requests/OOBAuthenticateRequest.swift b/Sources/OktaDirectAuth/Internal/Requests/OOBAuthenticateRequest.swift
index 5ef864847..ad0b30a94 100644
--- a/Sources/OktaDirectAuth/Internal/Requests/OOBAuthenticateRequest.swift
+++ b/Sources/OktaDirectAuth/Internal/Requests/OOBAuthenticateRequest.swift
@@ -44,12 +44,14 @@ struct OOBResponse: Codable, HasTokenParameters {
 struct OOBAuthenticateRequest {
     let url: URL
     let clientConfiguration: OAuth2Client.Configuration
+    let authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?
     let loginHint: String
     let channelHint: DirectAuthenticationFlow.OOBChannel
     let challengeHint: GrantType
     
     init(openIdConfiguration: OpenIdConfiguration,
          clientConfiguration: OAuth2Client.Configuration,
+         authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?,
          loginHint: String,
          channelHint: DirectAuthenticationFlow.OOBChannel,
          challengeHint: GrantType) throws
@@ -60,6 +62,7 @@ struct OOBAuthenticateRequest {
         
         self.url = url
         self.clientConfiguration = clientConfiguration
+        self.authenticationFlowConfiguration = authenticationFlowConfiguration
         self.loginHint = loginHint
         self.channelHint = channelHint
         self.challengeHint = challengeHint
@@ -87,6 +90,7 @@ extension OOBAuthenticateRequest: APIRequest, APIRequestBody {
         ]
         
         result.merge(clientConfiguration.authentication)
+        result.merge(authenticationFlowConfiguration)
 
         return result
     }
diff --git a/Sources/OktaDirectAuth/Internal/Requests/TokenRequest.swift b/Sources/OktaDirectAuth/Internal/Requests/TokenRequest.swift
index 4c431d645..4275b3805 100644
--- a/Sources/OktaDirectAuth/Internal/Requests/TokenRequest.swift
+++ b/Sources/OktaDirectAuth/Internal/Requests/TokenRequest.swift
@@ -16,30 +16,30 @@ import AuthFoundation
 struct TokenRequest {
     let openIdConfiguration: OpenIdConfiguration
     let clientConfiguration: OAuth2Client.Configuration
+    let authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?
     let currentStatus: DirectAuthenticationFlow.Status?
     let loginHint: String?
     let factor: any AuthenticationFactor
     let intent: DirectAuthenticationFlow.Intent
     let parameters: (any HasTokenParameters)?
-    let authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?
     
     init(openIdConfiguration: OpenIdConfiguration,
          clientConfiguration: OAuth2Client.Configuration,
+         authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?,
          currentStatus: DirectAuthenticationFlow.Status?,
          loginHint: String? = nil,
          factor: any AuthenticationFactor,
          intent: DirectAuthenticationFlow.Intent,
-         parameters: (any HasTokenParameters)? = nil,
-         authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)? = nil)
+         parameters: (any HasTokenParameters)? = nil)
     {
         self.openIdConfiguration = openIdConfiguration
         self.clientConfiguration = clientConfiguration
+        self.authenticationFlowConfiguration = authenticationFlowConfiguration
         self.currentStatus = currentStatus
         self.loginHint = loginHint
         self.factor = factor
         self.intent = intent
         self.parameters = parameters
-        self.authenticationFlowConfiguration = authenticationFlowConfiguration
     }
 }
 
diff --git a/Sources/OktaDirectAuth/Internal/Requests/WebAuthnRequest.swift b/Sources/OktaDirectAuth/Internal/Requests/WebAuthnRequest.swift
index 08475bc6b..cb59c59ea 100644
--- a/Sources/OktaDirectAuth/Internal/Requests/WebAuthnRequest.swift
+++ b/Sources/OktaDirectAuth/Internal/Requests/WebAuthnRequest.swift
@@ -16,11 +16,13 @@ import AuthFoundation
 struct WebAuthnChallengeRequest {
     let url: URL
     let clientConfiguration: OAuth2Client.Configuration
+    let authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?
     let loginHint: String?
     let mfaToken: String?
 
     init(openIdConfiguration: OpenIdConfiguration,
          clientConfiguration: OAuth2Client.Configuration,
+         authenticationFlowConfiguration: (any AuthenticationFlowConfiguration)?,
          loginHint: String? = nil,
          mfaToken: String? = nil) throws
     {
@@ -30,6 +32,7 @@ struct WebAuthnChallengeRequest {
         
         self.url = url
         self.clientConfiguration = clientConfiguration
+        self.authenticationFlowConfiguration = authenticationFlowConfiguration
         self.loginHint = loginHint
         self.mfaToken = mfaToken
     }
@@ -56,6 +59,7 @@ extension WebAuthnChallengeRequest: APIRequest, APIRequestBody {
         }
         
         result.merge(clientConfiguration.authentication)
+        result.merge(authenticationFlowConfiguration)
 
         return result
     }