auth0 · christiansamaniego-okta · Oct 8, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025
diff --git a/api/auth_data.js b/api/auth_data.js
@@ -1,31 +1,34 @@
 const crypto = require("crypto");
-const cookie = require("cookie")
-const signature = require("cookie-signature")
+const cookie = require("cookie");
+const signature = require("cookie-signature");
 
 export default function handler(req, res) {
-    const secret = process.env.JWT_SECRET
-    const cookies = cookie.parse(req.headers.cookie || '')
-    const refresh = cookies.refresh?.startsWith('s:') ? signature.unsign(cookies.refresh.slice(2), secret) : null
-    const authCode = cookies.authCode?.startsWith('s:') ? signature.unsign(cookies.authCode.slice(2), secret) : null
-    let code = null;
-    if (refresh === "false" && authCode) {
-        code = authCode;
-        res.setHeader("Set-Cookie", [
-            cookie.serialize("refresh", "true", {
-                httpOnly: true,
-                secure: true,
-                path: "/",
-                sameSite: "Lax"
-            })
-        ]);
-    }
-    const state = crypto.randomBytes(20).toString("hex")
-    res.status(200).json({
-        redirect_uri: process.env.REDIRECT_URI,
-        clientId: process.env.CLIENT_ID,
-        clientSecret: process.env.CLIENT_SECRET,
-        state,
-        code
-    })
-
-}
+  const secret = process.env.JWT_SECRET;
+  const cookies = cookie.parse(req.headers.cookie || "");
+  const refresh = cookies.refresh?.startsWith("s:")
+    ? signature.unsign(cookies.refresh.slice(2), secret)
+    : null;
+  const authCode = cookies.authCode?.startsWith("s:")
+    ? signature.unsign(cookies.authCode.slice(2), secret)
+    : null;
+  let code = null;
+  if (refresh === "false" && authCode) {
+    code = authCode;
+    res.setHeader("Set-Cookie", [
+      cookie.serialize("refresh", "true", {
+        httpOnly: true,
+        secure: true,
+        path: "/",
+        sameSite: "Lax",
+      }),
+    ]);
+  }
+  const state = crypto.randomBytes(20).toString("hex");
+  res.status(200).json({
+    redirect_uri: process.env.REDIRECT_URI,
+    clientId: process.env.CLIENT_ID,
+    clientSecret: process.env.CLIENT_SECRET,
+    state,
+    code,
+  });
+}
diff --git a/api/callback.js b/api/callback.js
@@ -1,33 +1,33 @@
-const cookie = require('cookie')
-const signature = require('cookie-signature')
+const cookie = require("cookie");
+const signature = require("cookie-signature");
 
-export default function handler(req,res) {
-    if(req.method === "GET") {
-        const { code } = req.query
-        if(code) {
-            const secret = process.env.JWT_SECRET
-            const signedRefresh = 's:' + signature.sign('false', secret)
-            const signedAuthCode = 's:' + signature.sign(code, secret) 
-            res.setHeader("Set-Cookie", [
-                cookie.serialize("authCode", signedAuthCode, {
-                    httpOnly: true,
-                    secure: true,
-                    path: "/",
-                    sameSite: "Lax"
-                }),
-                cookie.serialize("refresh", signedRefresh, {
-                    httpOnly: true,
-                    secure: true,
-                    path: "/",
-                    sameSite: "Lax"
-                })
-            ]);
-            res.writeHead(302, { Location: "/"})
-            res.end()
-        } else {
-            res.status(400).send("Missing Code")
-        }
+export default function handler(req, res) {
+  if (req.method === "GET") {
+    const { code } = req.query;
+    if (code) {
+      const secret = process.env.JWT_SECRET;
+      const signedRefresh = "s:" + signature.sign("false", secret);
+      const signedAuthCode = "s:" + signature.sign(code, secret);
+      res.setHeader("Set-Cookie", [
+        cookie.serialize("authCode", signedAuthCode, {
+          httpOnly: true,
+          secure: true,
+          path: "/",
+          sameSite: "Lax",
+        }),
+        cookie.serialize("refresh", signedRefresh, {
+          httpOnly: true,
+          secure: true,
+          path: "/",
+          sameSite: "Lax",
+        }),
+      ]);
+      res.writeHead(302, { Location: "/" });
+      res.end();
     } else {
-        res.status(405).send("Method not allowed")
+      res.status(400).send("Missing Code");
     }
-}
+  } else {
+    res.status(405).send("Method not allowed");
+  }
+}
diff --git a/api/code_to_token.js b/api/code_to_token.js
@@ -1,31 +1,48 @@
-const request = require("request");
-const jwt = require("jsonwebtoken");
+import jwt from "jsonwebtoken";
 
-export default function handler(req,res) {
-    if(req.method === "POST") {
-         const result = {};
-          const reqData = {
-            code: req.body.code,
-            client_id: req.body.clientID,
-            client_secret: req.body.clientSecret,
-            grant_type: "authorization_code",
-            redirect_uri: process.env.REDIRECT_URI,
-          };
-
-          request.post(
-            req.body.tokenEndpoint,
-            {
-              form: reqData,
-            },
-            (err, response, body) => {
-              result.body = body;
-              result.response = response;
-              // and add the decoded token
-              result.decodedToken = JSON.stringify(
-                jwt.decode(result.id_token, { complete: true }),
-              );
-              res.json(result);
-            },
-          );
+export default async function handler(req, res) {
+  if (req.method === "POST") {
+    try {
+      const reqData = {
+        code: req.body.code,
+        client_id: req.body.clientID,
+        client_secret: req.body.clientSecret,
+        grant_type: "authorization_code",
+        redirect_uri: process.env.REDIRECT_URI,
+      };
+
+      const response = await fetch(req.body.tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: new URLSearchParams(reqData),
+      });
+
+      if (!response.ok) {
+        throw new Error(`HTTP error! Status: ${response.status}`);
+      }
+
+      const tokenData = await response.json();
+
+      const result = {
+        body: tokenData,
+        response: {
+          statusCode: response.status,
+          headers: response.headers,
+        },
+        decodedToken: JSON.stringify(
+          jwt.decode(tokenData.id_token, { complete: true })
+        ),
+      };
+
+      res.status(200).json(result);
+    } catch (error) {
+      console.error("Error fetching token:", error);
+      res.status(500).json({ error: "Failed to retrieve token" });
     }
+  } else {
+    res.setHeader("Allow", ["POST"]);
+    res.status(405).end(`Method ${req.method} Not Allowed`);
+  }
 }
diff --git a/api/discover.js b/api/discover.js
@@ -1,5 +1,5 @@
-const Validator = require("jsonschema").Validator;
-const request = require("request")
+import { Validator } from "jsonschema";
+
 const valid = new Validator();
 
 const discoverySchema = {
@@ -27,39 +27,50 @@ const isJson = (str) => {
   return true;
 };
 
+export default async function handler(req, res) {
+  if (req.method !== "GET") {
+    res.setHeader("Allow", ["GET"]);
+    return res.status(405).end(`Method ${req.method} Not Allowed`);
+  }
 
-export default function handler(req, res) {
-    if (req.method === "GET") {
-      request.get(req.query.url, (err, resp, body) => {
-        if (err) {
-            return res.status(400).json({
-                message: err.message || "Couldn't get a discovery document",
-            });
-        } else {
-            if (isJson(body)) {
-                const jsonBody = JSON.parse(body);
-                const isValid = valid.validate(jsonBody, discoverySchema);
-                if (isValid.errors.length < 1) {
-                    return res.json({
-                        authorization_endpoint: jsonBody.authorization_endpoint,
-                        token_endpoint: jsonBody.token_endpoint,
-                        userinfo_endpoint: jsonBody.userinfo_endpoint,
-                        jwks_uri: jsonBody.jwks_uri,
-                    });
-                } else {
-                    return res.status(400).json({
-                        message: "Discovery document is not valid",
-                        errors: isValid.errors.map(
-                            (e) => `The ${e.property.replace("instance.", "")} ${e.message}`,
-                        ),
-                    });
-                }
-            } else {
-                return res
-                    .status(400)
-                    .json({ message: "Discovery document is not a JSON file." });
-            }
-        }
-      }) 
+  try {
+    const response = await fetch(req.query.url);
+
+    if (!response.ok) {
+      throw new Error(
+        `Failed to fetch discovery document: ${response.status} ${response.statusText}`
+      );
     }
-}
+
+    const body = await response.text();
+
+    if (isJson(body)) {
+      const jsonBody = JSON.parse(body);
+      const validationResult = valid.validate(jsonBody, discoverySchema);
+
+      if (validationResult.valid) {
+        return res.status(200).json({
+          authorization_endpoint: jsonBody.authorization_endpoint,
+          token_endpoint: jsonBody.token_endpoint,
+          userinfo_endpoint: jsonBody.userinfo_endpoint,
+          jwks_uri: jsonBody.jwks_uri,
+        });
+      } else {
+        return res.status(400).json({
+          message: "Discovery document is not valid.",
+          errors: validationResult.errors.map(
+            (e) => `The ${e.property.replace("instance.", "")} ${e.message}`
+          ),
+        });
+      }
+    } else {
+      return res
+        .status(400)
+        .json({ message: "Discovery document is not a JSON file." });
+    }
+  } catch (error) {
+    return res.status(500).json({
+      message: error.message || "An unexpected error occurred.",
+    });
+  }
+}
diff --git a/api/fallback.js b/api/fallback.js
@@ -1,14 +1,14 @@
-const cookie = require("cookie")
+const cookie = require("cookie");
 
 module.exports = (req, res) => {
-    const cookies = cookie.parse(req.headers.cookie || "")
-    let code = null;
-    const { authCode, refresh } = cookies 
-    if(!refresh && authCode) {
-        code = authCode
-        res.setHeader("Set-Cookie", "refresh=true; Path=/; HttpOnly")
-    }
+  const cookies = cookie.parse(req.headers.cookie || "");
+  let code = null;
+  const { authCode, refresh } = cookies;
+  if (!refresh && authCode) {
+    code = authCode;
+    res.setHeader("Set-Cookie", "refresh=true; Path=/; HttpOnly");
+  }
 
-    res.writeHead(302, { Location: "/"})
-    res.end();
-}
+  res.writeHead(302, { Location: "/" });
+  res.end();
+};
diff --git a/api/index.js b/api/index.js
@@ -1,38 +1,30 @@
 const express = require("express");
 
-
-const path = require("path")
-const serverless = require("serverless-http")
-
+const path = require("path");
+const serverless = require("serverless-http");
 
 require("dotenv").config({ silent: true });
 
-
 const app = express();
 
-
 app.use(require("body-parser").json());
 
-
-
 app.use((req, res, next) => {
- const proto = req.headers["x-forwarded-proto"];
- if (proto && proto !== "https") {
-   return res.redirect(302, `https://${req.hostname}${req.originalUrl}`);
- }
-
+  const proto = req.headers["x-forwarded-proto"];
+  if (proto && proto !== "https") {
+    return res.redirect(302, `https://${req.hostname}${req.originalUrl}`);
+  }
 
- return next();
+  return next();
 });
 
-
 app.use((req, res, next) => {
- res.setHeader("X-Frame-Options", "DENY");
- next();
+  res.setHeader("X-Frame-Options", "DENY");
+  next();
 });
 
-
-app.listen(process.env.PORT || 3000, () => console.log("server started on port 3000"))
-
+app.listen(process.env.PORT || 3000, () =>
+  console.log("server started on port 3000")
+);
 
 module.exports = serverless(app);