feat(auth): Make token auth default (#6305)

**What**
- make token auth the default being returned from authentication endpoints in api-v2
- Add `auth/session` to convert token to session based auth
- add regex-scopes to authenticate middleware 

Co-authored-by: Sebastian Rindom <[email protected]>

integration-tests/plugins/__tests__/customer/store/create-customer-addresses.ts

@@ -1,11 +1,12 @@
-import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { initDb, useDb } from "../../../../environment-helpers/use-db"
+
 import { ICustomerModuleService } from "@medusajs/types"
+import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
+import { getContainer } from "../../../../environment-helpers/use-container"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
-import { getContainer } from "../../../../environment-helpers/use-container"
-import { initDb, useDb } from "../../../../environment-helpers/use-db"
-import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
 
 jest.setTimeout(50000)
 
@@ -39,9 +40,11 @@ describe("POST /store/customers/me/addresses", () => {
   })
 
   it("should create a customer address", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const { customer, jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const api = useApi() as any

integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts

@@ -4,6 +4,7 @@ import { initDb, useDb } from "../../../../environment-helpers/use-db"
 import { ModuleRegistrationName } from "@medusajs/modules-sdk"
 import adminSeeder from "../../../../helpers/admin-seeder"
 import { getContainer } from "../../../../environment-helpers/use-container"
+import jwt from "jsonwebtoken"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
@@ -47,12 +48,14 @@ describe("POST /store/customers", () => {
     const authService: IAuthModuleService = appContainer.resolve(
       ModuleRegistrationName.AUTH
     )
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const authUser = await authService.createAuthUser({
       entity_id: "store_user",
-      provider_id: "test",
+      provider: "emailpass",
       scope: "store",
     })
-    const jwt = await authService.generateJwtToken(authUser.id, "store")
+
+    const token = jwt.sign(authUser, jwt_secret)
 
     const api = useApi() as any
     const response = await api.post(
@@ -62,7 +65,7 @@ describe("POST /store/customers", () => {
         last_name: "Doe",
         email: "[email protected]",
       },
-      { headers: { authorization: `Bearer ${jwt}` } }
+      { headers: { authorization: `Bearer ${token}` } }
     )
 
     expect(response.status).toEqual(200)

integration-tests/plugins/__tests__/customer/store/delete-customer-address.spec.ts

@@ -1,11 +1,12 @@
-import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { initDb, useDb } from "../../../../environment-helpers/use-db"
+
 import { ICustomerModuleService } from "@medusajs/types"
+import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
+import { getContainer } from "../../../../environment-helpers/use-container"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
-import { getContainer } from "../../../../environment-helpers/use-container"
-import { initDb, useDb } from "../../../../environment-helpers/use-db"
-import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
 
 const env = { MEDUSA_FF_MEDUSA_V2: true }
 
@@ -25,6 +26,14 @@ describe("DELETE /store/customers/me/addresses/:address_id", () => {
     )
   })
 
+  // TODO: delete with removal of authProvider
+  beforeEach(async () => {
+    const onStart =
+      appContainer.resolve(ModuleRegistrationName.AUTH).__hooks
+        .onApplicationStart ?? (() => Promise.resolve())
+    await onStart()
+  })
+
   afterAll(async () => {
     const db = useDb()
     await db.shutdown()
@@ -37,9 +46,11 @@ describe("DELETE /store/customers/me/addresses/:address_id", () => {
   })
 
   it("should delete a customer address", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const { customer, jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const address = await customerModuleService.addAddresses({
@@ -65,9 +76,11 @@ describe("DELETE /store/customers/me/addresses/:address_id", () => {
   })
 
   it("should fail to delete another customer's address", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const { jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const otherCustomer = await customerModuleService.create({

integration-tests/plugins/__tests__/customer/store/get-me.spec.ts

@@ -1,12 +1,13 @@
-import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { initDb, useDb } from "../../../../environment-helpers/use-db"
+
 import { ICustomerModuleService } from "@medusajs/types"
+import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
+import customer from "../../../../development/database/customer"
+import { getContainer } from "../../../../environment-helpers/use-container"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
-import { getContainer } from "../../../../environment-helpers/use-container"
-import { initDb, useDb } from "../../../../environment-helpers/use-db"
-import adminSeeder from "../../../../helpers/admin-seeder"
-import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
 
 jest.setTimeout(50000)
 
@@ -34,19 +35,17 @@ describe("GET /store/customers", () => {
     await shutdownServer()
   })
 
-  beforeEach(async () => {
-    await adminSeeder(dbConnection)
-  })
-
   afterEach(async () => {
     const db = useDb()
     await db.teardown()
   })
 
   it("should retrieve auth user's customer", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const { customer, jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const api = useApi() as any

integration-tests/plugins/__tests__/customer/store/list-customer-addresses.ts

@@ -1,11 +1,12 @@
-import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { initDb, useDb } from "../../../../environment-helpers/use-db"
+
 import { ICustomerModuleService } from "@medusajs/types"
+import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
+import { getContainer } from "../../../../environment-helpers/use-container"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
-import { getContainer } from "../../../../environment-helpers/use-container"
-import { initDb, useDb } from "../../../../environment-helpers/use-db"
-import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
 
 const env = { MEDUSA_FF_MEDUSA_V2: true }
 
@@ -43,9 +44,11 @@ describe("GET /store/customers/me/addresses", () => {
   })
 
   it("should get all customer addresses and its count", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
     const { customer, jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     await customerModuleService.addAddresses([

integration-tests/plugins/__tests__/customer/store/update-customer-address.spec.ts

@@ -1,11 +1,12 @@
-import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { initDb, useDb } from "../../../../environment-helpers/use-db"
+
 import { ICustomerModuleService } from "@medusajs/types"
+import { ModuleRegistrationName } from "@medusajs/modules-sdk"
+import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
+import { getContainer } from "../../../../environment-helpers/use-container"
 import path from "path"
 import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app"
 import { useApi } from "../../../../environment-helpers/use-api"
-import { getContainer } from "../../../../environment-helpers/use-container"
-import { initDb, useDb } from "../../../../environment-helpers/use-db"
-import { createAuthenticatedCustomer } from "../../../helpers/create-authenticated-customer"
 
 const env = { MEDUSA_FF_MEDUSA_V2: true }
 
@@ -25,6 +26,14 @@ describe("POST /store/customers/:id/addresses/:address_id", () => {
     )
   })
 
+  // TODO: delete with removal of authProvider
+  beforeEach(async () => {
+    const onStart =
+      appContainer.resolve(ModuleRegistrationName.AUTH).__hooks
+        .onApplicationStart ?? (() => Promise.resolve())
+    await onStart()
+  })
+
   afterAll(async () => {
     const db = useDb()
     await db.shutdown()
@@ -37,9 +46,12 @@ describe("POST /store/customers/:id/addresses/:address_id", () => {
   })
 
   it("should update a customer address", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
+
     const { customer, jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const address = await customerModuleService.addAddresses({
@@ -69,15 +81,19 @@ describe("POST /store/customers/:id/addresses/:address_id", () => {
   })
 
   it("should fail to update another customer's address", async () => {
+    const { jwt_secret } = appContainer.resolve("configModule").projectConfig
+
     const { jwt } = await createAuthenticatedCustomer(
       customerModuleService,
-      appContainer.resolve(ModuleRegistrationName.AUTH)
+      appContainer.resolve(ModuleRegistrationName.AUTH),
+      jwt_secret
     )
 
     const otherCustomer = await customerModuleService.create({
       first_name: "Jane",
       last_name: "Doe",
     })
+
     const address = await customerModuleService.addAddresses({
       customer_id: otherCustomer.id,
       first_name: "John",

integration-tests/plugins/helpers/create-authenticated-customer.ts

@@ -1,8 +1,11 @@
-import { ICustomerModuleService, IAuthModuleService } from "@medusajs/types"
+import { IAuthModuleService, ICustomerModuleService } from "@medusajs/types"
+
+import jwt from "jsonwebtoken"
 
 export const createAuthenticatedCustomer = async (
   customerModuleService: ICustomerModuleService,
-  authService: IAuthModuleService
+  authService: IAuthModuleService,
+  jwtSecret: string
 ) => {
   const customer = await customerModuleService.create({
     first_name: "John",
@@ -12,12 +15,12 @@ export const createAuthenticatedCustomer = async (
 
   const authUser = await authService.createAuthUser({
     entity_id: "store_user",
-    provider_id: "test",
+    provider: "emailpass",
     scope: "store",
     app_metadata: { customer_id: customer.id },
   })
 
-  const jwt = await authService.generateJwtToken(authUser.id, "store")
+  const token = jwt.sign(authUser, jwtSecret)
 
-  return { customer, authUser, jwt }
+  return { customer, authUser, jwt: token }
 }

integration-tests/plugins/medusa-config.js

@@ -46,9 +46,6 @@ module.exports = {
       scope: "internal",
       resources: "shared",
       resolve: "@medusajs/auth",
-      options: {
-        jwt_secret: "test",
-      },
     },
     [Modules.STOCK_LOCATION]: {
       scope: "internal",

packages/auth/src/providers/google.ts

@@ -1,8 +1,8 @@
 import { AbstractAuthModuleProvider, MedusaError } from "@medusajs/utils"
 import {
+  AuthProviderScope,
   AuthenticationInput,
   AuthenticationResponse,
-  AuthProviderScope,
   ModulesSdkTypes,
 } from "@medusajs/types"
 import { AuthUserService } from "@services"
@@ -82,9 +82,9 @@ class GoogleProvider extends AbstractAuthModuleProvider {
 
   // abstractable
   async verify_(refreshToken: string, scope: string) {
-    const jwtData = (await jwt.decode(refreshToken, {
+    const jwtData = jwt.decode(refreshToken, {
       complete: true,
-    })) as JwtPayload
+    }) as JwtPayload
     const entity_id = jwtData.payload.email
 
     let authUser