Enhance security authentication configuration with authprovider api

Author: rupeshjSFDC

src/plugins/auth-providers/authentication-service/index.ts

@@ -4,8 +4,7 @@
     "authProviders": {
       "TestAuthProvider": {
         "consumerSecret": "test-secret-12345",
-        "consumerKey": "test-key-67890",
-        "enableAuthenticationService": false
+        "consumerKey": "test-key-67890"
       }
     }
   }

src/plugins/auth-providers/authentication-service/schema.json

@@ -4,8 +4,7 @@
     "authProviders": {
       "TestAuthProvider": {
         "consumerSecret": "test-secret-12345",
-        "consumerKey": "test-key-67890",
-        "enableAuthenticationService": true
+        "consumerKey": "test-key-67890"
       }
     }
   }

src/plugins/auth-providers/disable.json

@@ -37,26 +37,6 @@ describe(AuthProviders.name, function () {
     TestAuthProvider: {},
   };
 
-  const configWithAuthenticationService: Config = {
-    TestAuthProvider: {
-      enableAuthenticationService: true,
-    },
-  };
-
-  const configWithDisabledAuthenticationService: Config = {
-    TestAuthProvider: {
-      enableAuthenticationService: false,
-    },
-  };
-
-  const configWithAllProperties: Config = {
-    TestAuthProvider: {
-      consumerSecret: 'test-secret-12345',
-      consumerKey: 'test-key-67890',
-      enableAuthenticationService: true,
-    },
-  };
-
   it('should deploy an AuthProvider for testing', () => {
     const sourceDeployCmd = child.spawnSync('sf', [
       'project',
@@ -86,16 +66,6 @@ describe(AuthProviders.name, function () {
     await plugin.apply(configEmpty);
   });
 
-  it('should enable authentication service', async () => {
-    await plugin.apply(configWithAuthenticationService);
-    // Note: retrieve() returns empty config, so we can only verify apply completes without errors
-  });
-
-  it('should update consumerSecret, consumerKey, and enable authentication service together', async () => {
-    await plugin.apply(configWithAllProperties);
-    // Note: retrieve() returns empty config, so we can only verify apply completes without errors
-  });
-
   it('should throw an error when AuthProvider does not exist', async () => {
     const configInvalid: Config = {
       NonExistentAuthProvider: {
@@ -114,11 +84,6 @@ describe(AuthProviders.name, function () {
     }, /No AuthProviders found with DeveloperNames/);
   });
 
-  it('should disable authentication service', async () => {
-    await plugin.apply(configWithDisabledAuthenticationService);
-    // Note: retrieve() returns empty config, so we can only verify apply completes without errors
-  });
-
   it('should remove the testing AuthProvider', async () => {
     await global.browserforce.connection.metadata.delete('AuthProvider', ['TestAuthProvider']);
   });

src/plugins/auth-providers/enable.json

@@ -1,6 +1,5 @@
 import { type SalesforceUrlPath, waitForPageErrors } from '../../browserforce.js';
 import { BrowserforcePlugin } from '../../plugin.js';
-import { AuthenticationService } from './authentication-service/index.js';
 
 const CONSUMER_SECRET_SELECTOR = '#ConsumerSecret';
 const CONSUMER_KEY_SELECTOR = '#ConsumerKey';
@@ -11,7 +10,6 @@ const getUrl = (orgId: string): SalesforceUrlPath => `/${orgId}/e` as Salesforce
 type AuthProviderConfig = {
   consumerSecret?: string;
   consumerKey?: string;
-  enableAuthenticationService?: boolean;
 };
 
 export type Config = {
@@ -76,8 +74,7 @@ export class AuthProviders extends BrowserforcePlugin {
           // Navigate to the edit page
           const editPageUrl = getUrl(authProviderId);
 
-          this.browserforce.logger?.log('editPageUrl', editPageUrl);
-          console.log(`[AuthProviders] Navigating to edit page for ${developerName}: ${editPageUrl}`);
+          this.browserforce.logger?.log(`Navigating to edit page for ${developerName}: ${editPageUrl}`);
 
           await using page = await this.browserforce.openPage(editPageUrl);
 
@@ -132,16 +129,6 @@ export class AuthProviders extends BrowserforcePlugin {
             await waitForPageErrors(page);
           }
         }
-
-        // Handle enableAuthenticationService if requested
-        if (authProviderConfig.enableAuthenticationService !== undefined) {
-          const pluginAuthenticationService = new AuthenticationService(this.browserforce);
-          await pluginAuthenticationService.apply({
-            authProviderId,
-            developerName,
-            enabled: authProviderConfig.enableAuthenticationService,
-          });
-        }
       } catch (error) {
         throw new Error(`Failed to update AuthProvider '${developerName}': ${error.message}`);
       }      

src/plugins/auth-providers/index.e2e-spec.ts

@@ -18,9 +18,6 @@
           "title": "Consumer Key",
           "description": "The Consumer Key value for the Auth Provider",
           "type": "string"
-        },
-        "enableAuthenticationService": {
-          "$ref": "./authentication-service/schema.json"
         }
       }
     }

src/plugins/auth-providers/index.ts

@@ -6,7 +6,7 @@
         "services": [
           {
             "label": "Login Form",
-            "enabled": false
+            "enabled": true
           }
         ]
       }

src/plugins/auth-providers/schema.json

@@ -35,6 +35,18 @@ describe(AuthenticationConfiguration.name, function () {
         { label: 'TestAuthMethod', enabled: false },
       ],
     };
+    const configRetrieveByApiName: Config = {
+      services: [{ authProviderApiName: 'TestAuthMethod', enabled: true }],
+    };
+    const configApplyByApiName: Config = {
+      services: [
+        { label: 'Login Form', enabled: true },
+        { authProviderApiName: 'TestAuthMethod', enabled: false },
+      ],
+    };
+    const configApplyMissingApiName: Config = {
+      services: [{ authProviderApiName: 'NonExistentAuthProvider', enabled: true }],
+    };
 
     it('should retrieve the single enabled Login Form auth', async () => {
       const res = await plugin.retrieve(configRetrieveSingle);
@@ -76,6 +88,34 @@ describe(AuthenticationConfiguration.name, function () {
       assert.deepStrictEqual(res, configApplyMultiple);
     });
 
+    it('should retrieve using authProviderApiName', async () => {
+      const res = await plugin.retrieve(configRetrieveByApiName);
+      assert.deepStrictEqual(res, configRetrieveByApiName);
+    });
+
+    it('should update auth service using authProviderApiName', async () => {
+      await plugin.apply(configApplyByApiName);
+      const res = await plugin.retrieve(configApplyByApiName);
+      assert.deepStrictEqual(res, configApplyByApiName);
+    });
+
+    it('should not do anything when run with authProviderApiName and config already set', async () => {
+      const res = await plugin.run(configApplyByApiName);
+      assert.deepStrictEqual(res, { message: 'no action necessary' });
+    });
+
+    it('should throw an error when authProviderApiName does not exist', async () => {
+      let err;
+      try {
+        await plugin.apply(configApplyMissingApiName);
+      } catch (e) {
+        err = e;
+      }
+      assert.throws(() => {
+        throw err;
+      }, /not found/);
+    });
+
     it('should throw an error when trying to apply a missing service', async () => {
       let err;
       try {