feat: add support for strict options

packages/medusa-plugin-auth/src/auth-strategies/auth0/admin.ts

@@ -10,7 +10,8 @@ export class Auth0AdminStrategy extends PassportStrategy(Auth0Strategy, AUTH0_AD
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: Auth0Options
+		protected readonly strategyOptions: Auth0Options,
+		protected readonly strictOptions: { admin_strict: boolean; strict: boolean }
 	) {
 		super({
 			domain: strategyOptions.auth0Domain,
@@ -47,6 +48,7 @@ export class Auth0AdminStrategy extends PassportStrategy(Auth0Strategy, AUTH0_AD
 		const validateRes = await validateAdminCallback(profile, {
 			container: this.container,
 			strategyErrorIdentifier: 'auth0',
+			strict: this.strictOptions.admin_strict ?? this.strictOptions.strict,
 		});
 		return {
 			...validateRes,

packages/medusa-plugin-auth/src/auth-strategies/auth0/index.ts

@@ -11,11 +11,17 @@ export * from './types';
 export default {
 	load: (container: MedusaContainer, configModule: ConfigModule, options: AuthOptions): void => {
 		if (options.auth0?.admin) {
-			new Auth0AdminStrategy(container, configModule, options.auth0);
+			new Auth0AdminStrategy(container, configModule, options.auth0, {
+				admin_strict: options.admin_strict,
+				strict: options.strict,
+			});
 		}
 
 		if (options.auth0?.store) {
-			new Auth0StoreStrategy(container, configModule, options.auth0);
+			new Auth0StoreStrategy(container, configModule, options.auth0, {
+				store_strict: options.store_strict,
+				strict: options.strict,
+			});
 		}
 	},
 	getRouter: (configModule: ConfigModule, options: AuthOptions): Router[] => {

packages/medusa-plugin-auth/src/auth-strategies/auth0/store.ts

@@ -10,7 +10,8 @@ export class Auth0StoreStrategy extends PassportStrategy(Auth0Strategy, AUTH0_ST
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: Auth0Options
+		protected readonly strategyOptions: Auth0Options,
+		protected readonly strictOptions: { store_strict: boolean; strict: boolean }
 	) {
 		super({
 			domain: strategyOptions.auth0Domain,
@@ -44,9 +45,11 @@ export class Auth0StoreStrategy extends PassportStrategy(Auth0Strategy, AUTH0_ST
 				accessToken,
 			};
 		}
+
 		const validateRes = await validateStoreCallback(profile, {
 			container: this.container,
 			strategyErrorIdentifier: 'auth0',
+			strict: this.strictOptions.store_strict ?? this.strictOptions.strict,
 		});
 		return {
 			...validateRes,

packages/medusa-plugin-auth/src/auth-strategies/azure-oidc/admin.ts

@@ -10,7 +10,8 @@ export class AzureAdminStrategy extends PassportStrategy(AzureStrategy, AZURE_AD
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: AzureAuthOptions
+		protected readonly strategyOptions: AzureAuthOptions,
+		protected readonly strictOptions: { admin_strict: boolean; strict: boolean }
 	) {
 		super({
 			identityMetadata: strategyOptions.admin.identityMetadata,
@@ -36,9 +37,11 @@ export class AzureAdminStrategy extends PassportStrategy(AzureStrategy, AZURE_AD
 			emails: [{ value: profile?.upn }],
 			name: { givenName: profile?.name?.givenName, familyName: profile?.name?.familyName },
 		};
+
 		return await validateAdminCallback(authprofile, {
 			container: this.container,
 			strategyErrorIdentifier: 'azure_oidc',
+			strict: this.strictOptions.admin_strict ?? this.strictOptions.strict,
 		});
 	}
 }

packages/medusa-plugin-auth/src/auth-strategies/azure-oidc/index.ts

@@ -11,11 +11,17 @@ export * from './store';
 export default {
 	load: (container: MedusaContainer, configModule: ConfigModule, options: AuthOptions): void => {
 		if (options.azure_oidc?.admin) {
-			new AzureAdminStrategy(container, configModule, options.azure_oidc);
+			new AzureAdminStrategy(container, configModule, options.azure_oidc,{
+				admin_strict: options.admin_strict,
+				strict: options.strict,
+			});
 		}
 
 		if (options.azure_oidc?.store) {
-			new AzureStoreStrategy(container, configModule, options.azure_oidc);
+			new AzureStoreStrategy(container, configModule, options.azure_oidc, {
+				store_strict: options.store_strict,
+				strict: options.strict,
+			});
 		}
 	},
 	getRouter: (configModule: ConfigModule, options: AuthOptions): Router[] => {

packages/medusa-plugin-auth/src/auth-strategies/azure-oidc/store.ts

@@ -10,7 +10,8 @@ export class AzureStoreStrategy extends PassportStrategy(AzureStrategy, AZURE_ST
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: AzureAuthOptions
+		protected readonly strategyOptions: AzureAuthOptions,
+		protected readonly strictOptions: { store_strict: boolean; strict: boolean }
 	) {
 		super({
 			identityMetadata: strategyOptions.store.identityMetadata,
@@ -36,9 +37,11 @@ export class AzureStoreStrategy extends PassportStrategy(AzureStrategy, AZURE_ST
 			emails: [{ value: profile?.upn }],
 			name: { givenName: profile?.name?.givenName, familyName: profile?.name?.familyName },
 		};
+
 		return await validateStoreCallback(authprofile, {
 			container: this.container,
 			strategyErrorIdentifier: 'azure_oidc',
+			strict: this.strictOptions.store_strict ?? this.strictOptions.strict,
 		});
 	}
 }

packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts

@@ -10,7 +10,8 @@ export class FacebookAdminStrategy extends PassportStrategy(FacebookStrategy, FA
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: FacebookAuthOptions
+		protected readonly strategyOptions: FacebookAuthOptions,
+		protected readonly strictOptions: { admin_strict: boolean; strict: boolean }
 	) {
 		super({
 			clientID: strategyOptions.clientID,
@@ -36,7 +37,12 @@ export class FacebookAdminStrategy extends PassportStrategy(FacebookStrategy, FA
 				profile
 			);
 		}
-		return await validateAdminCallback(profile, { container: this.container, strategyErrorIdentifier: 'facebook' });
+
+		return await validateAdminCallback(profile, {
+			container: this.container,
+			strategyErrorIdentifier: 'facebook',
+			strict: this.strictOptions.admin_strict ?? this.strictOptions.strict,
+		});
 	}
 }
 

packages/medusa-plugin-auth/src/auth-strategies/facebook/index.ts

@@ -11,11 +11,17 @@ export * from './types';
 export default {
 	load: (container: MedusaContainer, configModule: ConfigModule, options: AuthOptions): void => {
 		if (options.facebook?.admin) {
-			new FacebookAdminStrategy(container, configModule, options.facebook);
+			new FacebookAdminStrategy(container, configModule, options.facebook, {
+				admin_strict: options.admin_strict,
+				strict: options.strict,
+			});
 		}
 
 		if (options.facebook?.store) {
-			new FacebookStoreStrategy(container, configModule, options.facebook);
+			new FacebookStoreStrategy(container, configModule, options.facebook, {
+				store_strict: options.store_strict,
+				strict: options.strict,
+			});
 		}
 	},
 	getRouter: (configModule: ConfigModule, options: AuthOptions): Router[] => {

packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts

@@ -10,7 +10,8 @@ export class FacebookStoreStrategy extends PassportStrategy(FacebookStrategy, FA
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: FacebookAuthOptions
+		protected readonly strategyOptions: FacebookAuthOptions,
+		protected readonly strictOptions: { store_strict: boolean; strict: boolean }
 	) {
 		super({
 			clientID: strategyOptions.clientID,
@@ -36,7 +37,12 @@ export class FacebookStoreStrategy extends PassportStrategy(FacebookStrategy, FA
 				profile
 			);
 		}
-		return await validateStoreCallback(profile, { container: this.container, strategyErrorIdentifier: 'facebook' });
+
+		return await validateStoreCallback(profile, {
+			container: this.container,
+			strategyErrorIdentifier: 'facebook',
+			strict: this.strictOptions.store_strict ?? this.strictOptions.strict,
+		});
 	}
 }
 

packages/medusa-plugin-auth/src/auth-strategies/firebase/admin.ts

@@ -11,7 +11,8 @@ export class FirebaseAdminStrategy extends PassportStrategy(FirebaseStrategy, FI
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: FirebaseAuthOptions
+		protected readonly strategyOptions: FirebaseAuthOptions,
+		protected readonly strictOptions: { admin_strict: boolean; strict: boolean }
 	) {
 		super({
 			jwtFromRequest: strategyOptions.store.jwtFromRequest ?? ExtractJwt.fromAuthHeaderAsBearerToken(),
@@ -26,7 +27,11 @@ export class FirebaseAdminStrategy extends PassportStrategy(FirebaseStrategy, FI
 		}
 
 		const profile: Profile = { emails: [{ value: decodedToken.email }] };
-		return await validateAdminCallback(profile, { container: this.container, strategyErrorIdentifier: 'firebase' });
+		return await validateAdminCallback(profile, {
+			container: this.container,
+			strategyErrorIdentifier: 'firebase',
+			strict: this.strictOptions.admin_strict ?? this.strictOptions.strict,
+		});
 	}
 }
 

packages/medusa-plugin-auth/src/auth-strategies/firebase/index.ts

@@ -32,11 +32,17 @@ export default {
 		}
 
 		if (options.firebase?.admin) {
-			new FirebaseAdminStrategy(container, configModule, options.firebase);
+			new FirebaseAdminStrategy(container, configModule, options.firebase, {
+				admin_strict: options.admin_strict,
+				strict: options.strict,
+			});
 		}
 
 		if (options.firebase?.store) {
-			new FirebaseStoreStrategy(container, configModule, options.firebase);
+			new FirebaseStoreStrategy(container, configModule, options.firebase, {
+				store_strict: options.store_strict,
+				strict: options.strict,
+			});
 		}
 	},
 	getRouter: (configModule: ConfigModule, options: AuthOptions): Router[] => {

packages/medusa-plugin-auth/src/auth-strategies/firebase/store.ts

@@ -11,7 +11,8 @@ export class FirebaseStoreStrategy extends PassportStrategy(FirebaseStrategy, FI
 	constructor(
 		protected readonly container: MedusaContainer,
 		protected readonly configModule: ConfigModule,
-		protected readonly strategyOptions: FirebaseAuthOptions
+		protected readonly strategyOptions: FirebaseAuthOptions,
+		protected readonly strictOptions: { store_strict: boolean; strict: boolean }
 	) {
 		super({
 			jwtFromRequest: strategyOptions.store.jwtFromRequest ?? ExtractJwt.fromAuthHeaderAsBearerToken(),
@@ -26,7 +27,11 @@ export class FirebaseStoreStrategy extends PassportStrategy(FirebaseStrategy, FI
 		}
 
 		const profile: Profile = { emails: [{ value: decodedToken.email }] };
-		return await validateStoreCallback(profile, { container: this.container, strategyErrorIdentifier: 'firebase' });
+		return await validateStoreCallback(profile, {
+			container: this.container,
+			strategyErrorIdentifier: 'firebase',
+			strict: this.strictOptions.store_strict ?? this.strictOptions.strict,
+		});
 	}
 }