fix(api-security-okta): make getGroupSlug optional

packages/api-security-okta/src/createGroupAuthorizer.ts

@@ -1,21 +1,25 @@
-import { SecurityContext, SecurityIdentity } from "@webiny/api-security/types";
+import { SecurityContext } from "@webiny/api-security/types";
 import { ContextPlugin } from "@webiny/api";
 import { TenancyContext } from "@webiny/api-tenancy/types";
 import { I18NContext } from "@webiny/api-i18n/types";
 import { getPermissionsFromSecurityGroupsForLocale } from "@webiny/api-security";
 
 type Context = TenancyContext & SecurityContext & I18NContext;
 
-export interface GroupAuthorizerConfig {
+export type GroupSlug = string | undefined;
+
+export interface GroupAuthorizerConfig<TContext extends Context = Context> {
     // Specify an `identityType` if you want to only run this authorizer for specific identities.
     identityType?: string;
 
     // Get a group slug to load permissions from.
-    getGroupSlug(context: Context): SecurityIdentity["group"];
+    getGroupSlug?: (context: TContext) => Promise<GroupSlug> | GroupSlug;
 }
 
-export const createGroupAuthorizer = (config: GroupAuthorizerConfig) => {
-    return new ContextPlugin<Context>(context => {
+export const createGroupAuthorizer = <TContext extends Context = Context>(
+    config: GroupAuthorizerConfig<TContext>
+) => {
+    return new ContextPlugin<TContext>(context => {
         const { security } = context;
         security.addAuthorizer(async () => {
             const identity = security.getIdentity();
@@ -35,7 +39,10 @@ export const createGroupAuthorizer = (config: GroupAuthorizerConfig) => {
                 return null;
             }
 
-            const groupSlug = config.getGroupSlug(context);
+            const groupSlug = config.getGroupSlug
+                ? await config.getGroupSlug(context)
+                : identity.group;
+
             if (!groupSlug) {
                 return null;
             }

packages/api-security-okta/src/createOkta.ts

@@ -3,12 +3,17 @@ import { createGroupAuthorizer, GroupAuthorizerConfig } from "~/createGroupAutho
 import { createIdentityType } from "~/createIdentityType";
 import { extendTenancy } from "./extendTenancy";
 import { createAdminUsersHooks } from "./createAdminUsersHooks";
+import { Context } from "~/types";
 
-export interface CreateOktaConfig extends AuthenticatorConfig, GroupAuthorizerConfig {
+export interface CreateOktaConfig<TContext extends Context = Context>
+    extends AuthenticatorConfig,
+        GroupAuthorizerConfig<TContext> {
     graphQLIdentityType?: string;
 }
 
-export const createOkta = (config: CreateOktaConfig) => {
+export const createOkta = <TContext extends Context = Context>(
+    config: CreateOktaConfig<TContext>
+) => {
     const identityType = config.identityType || "admin";
     const graphQLIdentityType = config.graphQLIdentityType || "OktaIdentity";
 
@@ -17,7 +22,7 @@ export const createOkta = (config: CreateOktaConfig) => {
             issuer: config.issuer,
             getIdentity: config.getIdentity
         }),
-        createGroupAuthorizer({
+        createGroupAuthorizer<TContext>({
             identityType,
             getGroupSlug: config.getGroupSlug
         }),

packages/api-security-okta/src/types.ts

@@ -1,7 +1,15 @@
 import "@webiny/api-tenancy/types";
+import { SecurityContext } from "@webiny/api-security/types";
+import { TenancyContext } from "@webiny/api-tenancy/types";
+import { I18NContext } from "@webiny/api-i18n/types";
 
 declare module "@webiny/api-tenancy/types" {
     interface TenantSettings {
         appClientId: string;
     }
 }
+
+/**
+ * @internal
+ */
+export type Context = TenancyContext & SecurityContext & I18NContext;