npm - @boxyhq/saml-jackson - Versions diffs - 0.3.2-beta.295 → 0.3.2-beta.299 - Mend

@boxyhq/saml-jackson 0.3.2-beta.295 → 0.3.2-beta.299

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/controller/oauth.js +11 -11
package/package.json +1 -1

package/dist/controller/oauth.js CHANGED Viewed

@@ -212,7 +212,17 @@ class OAuthController {
             if (!codeVal || !codeVal.profile) {
                 throw new error_1.JacksonError('Invalid code', 403);
             }
-            if (client_id && client_secret) {
+            if (code_verifier) {
+                // PKCE flow
+                let cv = code_verifier;
+                if (codeVal.session.code_challenge_method.toLowerCase() === 's256') {
+                    cv = codeVerifier.encode(code_verifier);
+                }
+                if (codeVal.session.code_challenge !== cv) {
+                    throw new error_1.JacksonError('Invalid code_verifier', 401);
+                }
+            }
+            else if (client_id && client_secret) {
                 // check if we have an encoded client_id
                 if (client_id !== 'dummy' && client_secret !== 'dummy') {
                     const sp = getEncodedClientId(client_id);
@@ -224,16 +234,6 @@ class OAuthController {
                     }
                 }
             }
-            else if (code_verifier) {
-                // PKCE flow
-                let cv = code_verifier;
-                if (codeVal.session.code_challenge_method.toLowerCase() === 's256') {
-                    cv = codeVerifier.encode(code_verifier);
-                }
-                if (codeVal.session.code_challenge !== cv) {
-                    throw new error_1.JacksonError('Invalid code_verifier', 401);
-                }
-            }
             else if (codeVal && codeVal.session) {
                 throw new error_1.JacksonError('Please specify client_secret or code_verifier', 401);
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.3.2-beta.295",
+  "version": "0.3.2-beta.299",
   "description": "SAML 2.0 service",
   "keywords": [
     "SAML 2.0"