@boxyhq/saml-jackson 0.3.7 → 0.3.8-beta.763

package/dist/controller/admin.d.ts

@@ -0,0 +1,8 @@
+import { IAdminController, Storable, OAuth } from '../typings';
+export declare class AdminController implements IAdminController {
+    configStore: Storable;
+    constructor({ configStore }: {
+        configStore: any;
+    });
+    getAllConfig(): Promise<Partial<OAuth>[]>;
+}

package/dist/controller/admin.js

@@ -0,0 +1,27 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminController = void 0;
+class AdminController {
+    constructor({ configStore }) {
+        this.configStore = configStore;
+    }
+    getAllConfig() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const configList = (yield this.configStore.getAll());
+            if (!configList || !configList.length) {
+                return [];
+            }
+            return configList;
+        });
+    }
+}
+exports.AdminController = AdminController;

package/dist/controller/api.d.ts

@@ -18,10 +18,23 @@ export declare class APIController implements IAPIController {
      *     consumes:
      *       - application/x-www-form-urlencoded
      *     parameters:
+     *       - name: name
+     *         description: Name/identifier for the config
+     *         type: string
+     *         in: formData
+     *         example: cal-saml-config
+     *       - name: description
+     *         description: A short description for the config not more than 100 characters
+     *         type: string
+     *         in: formData
+     *         example: SAML login for cal.com app
      *       - name: encodedRawMetadata
      *         description: Base64 encoding of the XML metadata
      *         in: formData
-     *         required: true
+     *         type: string
+     *       - name: rawMetadata
+     *         description: Raw XML metadata
+     *         in: formData
      *         type: string
      *       - name: defaultRedirectUrl
      *         description: The redirect URL to use in the IdP login flow
@@ -63,10 +76,85 @@ export declare class APIController implements IAPIController {
      *             client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
      *             client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
      *             type: accounts.google.com
+     *       400:
+     *         description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters
      *       401:
      *         description: Unauthorized
      */
     config(body: IdPConfig): Promise<OAuth>;
+    /**
+     * @swagger
+     *
+     * /api/v1/saml/config:
+     *   patch:
+     *     summary: Update SAML configuration
+     *     operationId: update-saml-config
+     *     tags: [SAML Config]
+     *     consumes:
+     *       - application/json
+     *       - application/x-www-form-urlencoded
+     *     parameters:
+     *       - name: clientID
+     *         description: Client ID for the config
+     *         type: string
+     *         in: formData
+     *         required: true
+     *       - name: clientSecret
+     *         description: Client Secret for the config
+     *         type: string
+     *         in: formData
+     *         required: true
+     *       - name: name
+     *         description: Name/identifier for the config
+     *         type: string
+     *         in: formData
+     *         example: cal-saml-config
+     *       - name: description
+     *         description: A short description for the config not more than 100 characters
+     *         type: string
+     *         in: formData
+     *         example: SAML login for cal.com app
+     *       - name: encodedRawMetadata
+     *         description: Base64 encoding of the XML metadata
+     *         in: formData
+     *         type: string
+     *       - name: rawMetadata
+     *         description: Raw XML metadata
+     *         in: formData
+     *         type: string
+     *       - name: defaultRedirectUrl
+     *         description: The redirect URL to use in the IdP login flow
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: http://localhost:3000/login/saml
+     *       - name: redirectUrl
+     *         description: JSON encoded array containing a list of allowed redirect URLs
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: '["http://localhost:3000/*"]'
+     *       - name: tenant
+     *         description: Tenant
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: boxyhq.com
+     *       - name: product
+     *         description: Product
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: demo
+     *     responses:
+     *       204:
+     *         description: Success
+     *       400:
+     *         description: Please provide clientID | Please provide clientSecret | clientSecret mismatch | Tenant/Product config mismatch with IdP metadata | Description should not exceed 100 characters
+     *       401:
+     *         description: Unauthorized
+     */
+    updateConfig(body: any): Promise<void>;
     /**
      * @swagger
      *
@@ -96,11 +184,35 @@ export declare class APIController implements IAPIController {
      *         description: Success
      *         schema:
      *           type: object
-     *           properties:
-     *             provider:
-     *               type: string
      *           example:
-     *             type: accounts.google.com
+     *             {
+     *               "config": {
+     *                 "idpMetadata": {
+     *                   "sso": {
+     *                     "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
+     *                     "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
+     *                   },
+     *                   "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
+     *                   "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
+     *                   "loginType": "idp",
+     *                   "provider": "okta.com"
+     *                 },
+     *                 "defaultRedirectUrl": "https://hoppscotch.io/",
+     *                 "redirectUrl": ["https://hoppscotch.io/"],
+     *                 "tenant": "hoppscotch.io",
+     *                 "product": "API Engine",
+     *                 "name": "Hoppscotch-SP",
+     *                 "description": "SP for hoppscotch.io",
+     *                 "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
+     *                 "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
+     *                 "certs": {
+     *                   "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
+     *                   "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
+     *                 }
+     *               }
+     *             }
+     *       '400':
+     *         description: Please provide `clientID` or `tenant` and `product`.
      *       '401':
      *         description: Unauthorized
      */
@@ -108,7 +220,7 @@ export declare class APIController implements IAPIController {
         clientID: string;
         tenant: string;
         product: string;
-    }): Promise<Partial<OAuth>>;
+    }): Promise<any>;
     /**
      * @swagger
      * /api/v1/saml/config:
@@ -143,6 +255,8 @@ export declare class APIController implements IAPIController {
      *     responses:
      *       '200':
      *         description: Success
+     *       '400':
+     *         description: clientSecret mismatch | Please provide `clientID` and `clientSecret` or `tenant` and `product`.'
      *       '401':
      *         description: Unauthorized
      */

package/dist/controller/api.js

@@ -27,6 +27,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -34,6 +45,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.APIController = void 0;
 const crypto_1 = __importDefault(require("crypto"));
 const dbutils = __importStar(require("../db/utils"));
+const metrics = __importStar(require("../opentelemetry/metrics"));
 const saml_1 = __importDefault(require("../saml/saml"));
 const x509_1 = __importDefault(require("../saml/x509"));
 const error_1 = require("./error");
@@ -43,7 +55,7 @@ class APIController {
         this.configStore = configStore;
     }
     _validateIdPConfig(body) {
-        const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } = body;
+        const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, description } = body;
         if (!rawMetadata && !encodedRawMetadata) {
             throw new error_1.JacksonError('Please provide rawMetadata or encodedRawMetadata', 400);
         }
@@ -59,6 +71,9 @@ class APIController {
         if (!product) {
             throw new error_1.JacksonError('Please provide product', 400);
         }
+        if (description && description.length > 100) {
+            throw new error_1.JacksonError('Description should not exceed 100 characters', 400);
+        }
     }
     /**
      * @swagger
@@ -73,10 +88,23 @@ class APIController {
      *     consumes:
      *       - application/x-www-form-urlencoded
      *     parameters:
+     *       - name: name
+     *         description: Name/identifier for the config
+     *         type: string
+     *         in: formData
+     *         example: cal-saml-config
+     *       - name: description
+     *         description: A short description for the config not more than 100 characters
+     *         type: string
+     *         in: formData
+     *         example: SAML login for cal.com app
      *       - name: encodedRawMetadata
      *         description: Base64 encoding of the XML metadata
      *         in: formData
-     *         required: true
+     *         type: string
+     *       - name: rawMetadata
+     *         description: Raw XML metadata
+     *         in: formData
      *         type: string
      *       - name: defaultRedirectUrl
      *         description: The redirect URL to use in the IdP login flow
@@ -118,12 +146,15 @@ class APIController {
      *             client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
      *             client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
      *             type: accounts.google.com
+     *       400:
+     *         description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters
      *       401:
      *         description: Unauthorized
      */
     config(body) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } = body;
+            const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, name, description, } = body;
+            metrics.increment('createConfig');
             this._validateIdPConfig(body);
             let metaData = rawMetadata;
             if (encodedRawMetadata) {
@@ -155,6 +186,8 @@ class APIController {
                 redirectUrl: JSON.parse(redirectUrl),
                 tenant,
                 product,
+                name,
+                description,
                 clientID,
                 clientSecret,
                 certs,
@@ -174,6 +207,129 @@ class APIController {
             };
         });
     }
+    /**
+     * @swagger
+     *
+     * /api/v1/saml/config:
+     *   patch:
+     *     summary: Update SAML configuration
+     *     operationId: update-saml-config
+     *     tags: [SAML Config]
+     *     consumes:
+     *       - application/json
+     *       - application/x-www-form-urlencoded
+     *     parameters:
+     *       - name: clientID
+     *         description: Client ID for the config
+     *         type: string
+     *         in: formData
+     *         required: true
+     *       - name: clientSecret
+     *         description: Client Secret for the config
+     *         type: string
+     *         in: formData
+     *         required: true
+     *       - name: name
+     *         description: Name/identifier for the config
+     *         type: string
+     *         in: formData
+     *         example: cal-saml-config
+     *       - name: description
+     *         description: A short description for the config not more than 100 characters
+     *         type: string
+     *         in: formData
+     *         example: SAML login for cal.com app
+     *       - name: encodedRawMetadata
+     *         description: Base64 encoding of the XML metadata
+     *         in: formData
+     *         type: string
+     *       - name: rawMetadata
+     *         description: Raw XML metadata
+     *         in: formData
+     *         type: string
+     *       - name: defaultRedirectUrl
+     *         description: The redirect URL to use in the IdP login flow
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: http://localhost:3000/login/saml
+     *       - name: redirectUrl
+     *         description: JSON encoded array containing a list of allowed redirect URLs
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: '["http://localhost:3000/*"]'
+     *       - name: tenant
+     *         description: Tenant
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: boxyhq.com
+     *       - name: product
+     *         description: Product
+     *         in: formData
+     *         required: true
+     *         type: string
+     *         example: demo
+     *     responses:
+     *       204:
+     *         description: Success
+     *       400:
+     *         description: Please provide clientID | Please provide clientSecret | clientSecret mismatch | Tenant/Product config mismatch with IdP metadata | Description should not exceed 100 characters
+     *       401:
+     *         description: Unauthorized
+     */
+    updateConfig(body) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { encodedRawMetadata, // could be empty
+            rawMetadata, // could be empty
+            defaultRedirectUrl, redirectUrl, name, description } = body, clientInfo = __rest(body, ["encodedRawMetadata", "rawMetadata", "defaultRedirectUrl", "redirectUrl", "name", "description"]);
+            if (!(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID)) {
+                throw new error_1.JacksonError('Please provide clientID', 400);
+            }
+            if (!(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientSecret)) {
+                throw new error_1.JacksonError('Please provide clientSecret', 400);
+            }
+            if (description && description.length > 100) {
+                throw new error_1.JacksonError('Description should not exceed 100 characters', 400);
+            }
+            const _currentConfig = (_a = (yield this.getConfig(clientInfo))) === null || _a === void 0 ? void 0 : _a.config;
+            if (_currentConfig.clientSecret !== (clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientSecret)) {
+                throw new error_1.JacksonError('clientSecret mismatch', 400);
+            }
+            let metaData = rawMetadata;
+            if (encodedRawMetadata) {
+                metaData = Buffer.from(encodedRawMetadata, 'base64').toString();
+            }
+            let newMetadata;
+            if (metaData) {
+                newMetadata = yield saml_1.default.parseMetadataAsync(metaData);
+                // extract provider
+                let providerName = extractHostName(newMetadata.entityID);
+                if (!providerName) {
+                    providerName = extractHostName(newMetadata.sso.redirectUrl || newMetadata.sso.postUrl);
+                }
+                newMetadata.provider = providerName ? providerName : 'Unknown';
+            }
+            if (newMetadata) {
+                // check if clientID matches with new metadata payload
+                const clientID = dbutils.keyDigest(dbutils.keyFromParts(clientInfo.tenant, clientInfo.product, newMetadata.entityID));
+                if (clientID !== (clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID)) {
+                    throw new error_1.JacksonError('Tenant/Product config mismatch with IdP metadata', 400);
+                }
+            }
+            yield this.configStore.put(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID, Object.assign(Object.assign({}, _currentConfig), { name: name ? name : _currentConfig.name, description: description ? description : _currentConfig.description, idpMetadata: newMetadata ? newMetadata : _currentConfig.idpMetadata, defaultRedirectUrl: defaultRedirectUrl ? defaultRedirectUrl : _currentConfig.defaultRedirectUrl, redirectUrl: redirectUrl ? JSON.parse(redirectUrl) : _currentConfig.redirectUrl }), {
+                // secondary index on entityID
+                name: utils_1.IndexNames.EntityID,
+                value: _currentConfig.idpMetadata.entityID,
+            }, {
+                // secondary index on tenant + product
+                name: utils_1.IndexNames.TenantProduct,
+                value: dbutils.keyFromParts(_currentConfig.tenant, _currentConfig.product),
+            });
+        });
+    }
     /**
      * @swagger
      *
@@ -203,20 +359,45 @@ class APIController {
      *         description: Success
      *         schema:
      *           type: object
-     *           properties:
-     *             provider:
-     *               type: string
      *           example:
-     *             type: accounts.google.com
+     *             {
+     *               "config": {
+     *                 "idpMetadata": {
+     *                   "sso": {
+     *                     "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
+     *                     "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
+     *                   },
+     *                   "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
+     *                   "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
+     *                   "loginType": "idp",
+     *                   "provider": "okta.com"
+     *                 },
+     *                 "defaultRedirectUrl": "https://hoppscotch.io/",
+     *                 "redirectUrl": ["https://hoppscotch.io/"],
+     *                 "tenant": "hoppscotch.io",
+     *                 "product": "API Engine",
+     *                 "name": "Hoppscotch-SP",
+     *                 "description": "SP for hoppscotch.io",
+     *                 "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
+     *                 "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
+     *                 "certs": {
+     *                   "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
+     *                   "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
+     *                 }
+     *               }
+     *             }
+     *       '400':
+     *         description: Please provide `clientID` or `tenant` and `product`.
      *       '401':
      *         description: Unauthorized
      */
     getConfig(body) {
         return __awaiter(this, void 0, void 0, function* () {
             const { clientID, tenant, product } = body;
+            metrics.increment('getConfig');
             if (clientID) {
                 const samlConfig = yield this.configStore.get(clientID);
-                return samlConfig ? { provider: samlConfig.idpMetadata.provider } : {};
+                return samlConfig ? { config: samlConfig } : {};
             }
             if (tenant && product) {
                 const samlConfigs = yield this.configStore.getByIndex({
@@ -226,7 +407,7 @@ class APIController {
                 if (!samlConfigs || !samlConfigs.length) {
                     return {};
                 }
-                return { provider: samlConfigs[0].idpMetadata.provider };
+                return { config: samlConfigs[0] };
             }
             throw new error_1.JacksonError('Please provide `clientID` or `tenant` and `product`.', 400);
         });
@@ -265,12 +446,15 @@ class APIController {
      *     responses:
      *       '200':
      *         description: Success
+     *       '400':
+     *         description: clientSecret mismatch | Please provide `clientID` and `clientSecret` or `tenant` and `product`.'
      *       '401':
      *         description: Unauthorized
      */
     deleteConfig(body) {
         return __awaiter(this, void 0, void 0, function* () {
             const { clientID, clientSecret, tenant, product } = body;
+            metrics.increment('deleteConfig');
             if (clientID && clientSecret) {
                 const samlConfig = yield this.configStore.get(clientID);
                 if (!samlConfig) {
@@ -280,7 +464,7 @@ class APIController {
                     yield this.configStore.delete(clientID);
                 }
                 else {
-                    throw new error_1.JacksonError('clientSecret mismatch.', 400);
+                    throw new error_1.JacksonError('clientSecret mismatch', 400);
                 }
                 return;
             }

package/dist/controller/oauth.d.ts

@@ -14,6 +14,7 @@ export declare class OAuthController implements IOAuthController {
     });
     authorize(body: OAuthReqBody): Promise<{
         redirect_url: string;
+        authorize_form: string;
     }>;
     samlResponse(body: SAMLResponsePayload): Promise<{
         redirect_url: string;

package/dist/controller/oauth.js

@@ -33,15 +33,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OAuthController = void 0;
 const crypto_1 = __importDefault(require("crypto"));
+const util_1 = require("util");
+const zlib_1 = require("zlib");
 const dbutils = __importStar(require("../db/utils"));
+const metrics = __importStar(require("../opentelemetry/metrics"));
 const saml_1 = __importDefault(require("../saml/saml"));
 const error_1 = require("./error");
 const allowed = __importStar(require("./oauth/allowed"));
 const codeVerifier = __importStar(require("./oauth/code-verifier"));
 const redirect = __importStar(require("./oauth/redirect"));
 const utils_1 = require("./utils");
-const util_1 = require("util");
-const zlib_1 = require("zlib");
 const deflateRawAsync = (0, util_1.promisify)(zlib_1.deflateRaw);
 const relayStatePrefix = 'boxyhq_jackson_';
 function getEncodedClientId(client_id) {
@@ -74,6 +75,7 @@ class OAuthController {
             const { response_type = 'code', client_id, redirect_uri, state, tenant, product, code_challenge, code_challenge_method = '', 
             // eslint-disable-next-line @typescript-eslint/no-unused-vars
             provider = 'saml', } = body;
+            metrics.increment('oauthAuthorize');
             if (!redirect_uri) {
                 throw new error_1.JacksonError('Please specify a redirect URL.', 400);
             }
@@ -119,7 +121,20 @@ class OAuthController {
             if (!allowed.redirect(redirect_uri, samlConfig.redirectUrl)) {
                 throw new error_1.JacksonError('Redirect URL is not allowed.', 403);
             }
+            let ssoUrl;
+            let post = false;
+            const { sso } = samlConfig.idpMetadata;
+            if ('redirectUrl' in sso) {
+                // HTTP Redirect binding
+                ssoUrl = sso.redirectUrl;
+            }
+            else if ('postUrl' in sso) {
+                // HTTP-POST binding
+                ssoUrl = sso.postUrl;
+                post = true;
+            }
             const samlReq = saml_1.default.request({
+                ssoUrl,
                 entityID: this.opts.samlAudience,
                 callbackUrl: this.opts.externalUrl + this.opts.samlPath,
                 signingKey: samlConfig.certs.privateKey,
@@ -133,13 +148,24 @@ class OAuthController {
                 code_challenge,
                 code_challenge_method,
             });
-            // deepak: When supporting HTTP-POST skip deflate
-            const samlReqEnc = yield deflateRawAsync(samlReq.request);
-            const redirectUrl = redirect.success(samlConfig.idpMetadata.sso.redirectUrl, {
-                RelayState: relayStatePrefix + sessionId,
-                SAMLRequest: Buffer.from(samlReqEnc).toString('base64'),
-            });
-            return { redirect_url: redirectUrl };
+            const relayState = relayStatePrefix + sessionId;
+            let redirectUrl;
+            let authorizeForm;
+            if (!post) {
+                // HTTP Redirect binding
+                redirectUrl = redirect.success(ssoUrl, {
+                    RelayState: relayState,
+                    SAMLRequest: Buffer.from(yield deflateRawAsync(samlReq.request)).toString('base64'),
+                });
+            }
+            else {
+                // HTTP POST binding
+                authorizeForm = (0, utils_1.createAuthorizeForm)(relayState, encodeURI(Buffer.from(samlReq.request).toString('base64')), ssoUrl);
+            }
+            return {
+                redirect_url: redirectUrl,
+                authorize_form: authorizeForm,
+            };
         });
     }
     samlResponse(body) {
@@ -262,6 +288,7 @@ class OAuthController {
     token(body) {
         return __awaiter(this, void 0, void 0, function* () {
             const { client_id, client_secret, code_verifier, code, grant_type = 'authorization_code' } = body;
+            metrics.increment('oauthToken');
             if (grant_type !== 'authorization_code') {
                 throw new error_1.JacksonError('Unsupported grant_type', 400);
             }
@@ -292,6 +319,12 @@ class OAuthController {
                             throw new error_1.JacksonError('Invalid client_id or client_secret', 401);
                         }
                     }
+                    else {
+                        // encoded client_id, verify client_secret
+                        if (client_secret !== this.opts.clientSecretVerifier) {
+                            throw new error_1.JacksonError('Invalid client_secret', 401);
+                        }
+                    }
                 }
             }
             else if (codeVal && codeVal.session) {
@@ -339,6 +372,7 @@ class OAuthController {
     userInfo(token) {
         return __awaiter(this, void 0, void 0, function* () {
             const rsp = yield this.tokenStore.get(token);
+            metrics.increment('oauthUserInfo');
             if (!rsp || !rsp.claims) {
                 throw new error_1.JacksonError('Invalid token', 403);
             }

package/dist/controller/utils.d.ts

@@ -2,3 +2,4 @@ export declare enum IndexNames {
     EntityID = "entityID",
     TenantProduct = "tenantProduct"
 }
+export declare const createAuthorizeForm: (relayState: string, samlReqEnc: string, postUrl: string) => string;

package/dist/controller/utils.js

@@ -1,8 +1,32 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IndexNames = void 0;
+exports.createAuthorizeForm = exports.IndexNames = void 0;
 var IndexNames;
 (function (IndexNames) {
     IndexNames["EntityID"] = "entityID";
     IndexNames["TenantProduct"] = "tenantProduct";
 })(IndexNames = exports.IndexNames || (exports.IndexNames = {}));
+const createAuthorizeForm = (relayState, samlReqEnc, postUrl) => {
+    const formElements = [
+        '<!DOCTYPE html>',
+        '<html>',
+        '<head>',
+        '<meta charset="utf-8">',
+        '<meta http-equiv="x-ua-compatible" content="ie=edge">',
+        '</head>',
+        '<body onload="document.forms[0].submit()">',
+        '<noscript>',
+        '<p>Note: Since your browser does not support JavaScript, you must press the Continue button once to proceed.</p>',
+        '</noscript>',
+        '<form method="post" action="' + encodeURI(postUrl) + '">',
+        '<input type="hidden" name="RelayState" value="' + relayState + '"/>',
+        '<input type="hidden" name="SAMLRequest" value="' + samlReqEnc + '"/>',
+        '<input type="submit" value="Continue" />',
+        '</form>',
+        '<script>document.forms[0].style.display="none";</script>',
+        '</body>',
+        '</html>',
+    ];
+    return formElements.join('');
+};
+exports.createAuthorizeForm = createAuthorizeForm;

package/dist/db/db.d.ts

@@ -4,6 +4,7 @@ declare class DB implements DatabaseDriver {
     private encryptionKey;
     constructor(db: DatabaseDriver, encryptionKey: EncryptionKey);
     get(namespace: string, key: string): Promise<unknown>;
+    getAll(namespace: any): Promise<unknown[]>;
     getByIndex(namespace: string, idx: Index): Promise<unknown[]>;
     put(namespace: string, key: string, val: unknown, ttl?: number, ...indexes: Index[]): Promise<unknown>;
     delete(namespace: string, key: string): Promise<unknown>;

package/dist/db/db.js

@@ -57,6 +57,15 @@ class DB {
             return decrypt(res, this.encryptionKey);
         });
     }
+    getAll(namespace) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = (yield this.db.getAll(namespace));
+            const encryptionKey = this.encryptionKey;
+            return res.map((r) => {
+                return decrypt(r, encryptionKey);
+            });
+        });
+    }
     getByIndex(namespace, idx) {
         return __awaiter(this, void 0, void 0, function* () {
             const res = yield this.db.getByIndex(namespace, idx);

package/dist/db/mem.d.ts

@@ -10,6 +10,7 @@ declare class Mem implements DatabaseDriver {
     constructor(options: DatabaseOption);
     init(): Promise<Mem>;
     get(namespace: string, key: string): Promise<any>;
+    getAll(namespace: string): Promise<unknown[]>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
     put(namespace: string, key: string, val: Encrypted, ttl?: number, ...indexes: any[]): Promise<any>;
     delete(namespace: string, key: string): Promise<any>;

package/dist/db/mem.js

@@ -66,6 +66,21 @@ class Mem {
             return null;
         });
     }
+    getAll(namespace) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const returnValue = [];
+            if (namespace) {
+                for (const key in this.store) {
+                    if (key.startsWith(namespace)) {
+                        returnValue.push(this.store[key]);
+                    }
+                }
+            }
+            if (returnValue)
+                return returnValue;
+            return [];
+        });
+    }
     getByIndex(namespace, idx) {
         return __awaiter(this, void 0, void 0, function* () {
             const dbKeys = yield this.indexes[dbutils.keyForIndex(namespace, idx)];
@@ -80,6 +95,10 @@ class Mem {
         return __awaiter(this, void 0, void 0, function* () {
             const k = dbutils.key(namespace, key);
             this.store[k] = val;
+            if (!Date.parse(this.store['createdAt']))
+                this.store['createdAt'] = new Date().toISOString();
+            this.store['modifiedAt'] = new Date().toISOString();
+            // console.log(this.store)
             if (ttl) {
                 this.ttlStore[k] = {
                     namespace,

package/dist/db/mongo.d.ts

@@ -7,6 +7,7 @@ declare class Mongo implements DatabaseDriver {
     constructor(options: DatabaseOption);
     init(): Promise<Mongo>;
     get(namespace: string, key: string): Promise<any>;
+    getAll(namespace: string): Promise<unknown[]>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
     put(namespace: string, key: string, val: Encrypted, ttl?: number, ...indexes: any[]): Promise<void>;
     delete(namespace: string, key: string): Promise<any>;

package/dist/db/mongo.js

@@ -36,8 +36,16 @@ class Mongo {
     }
     init() {
         return __awaiter(this, void 0, void 0, function* () {
-            this.client = new mongodb_1.MongoClient(this.options.url);
-            yield this.client.connect();
+            try {
+                if (!this.options.url) {
+                    throw Error('Please specify a db url');
+                }
+                this.client = new mongodb_1.MongoClient(this.options.url);
+                yield this.client.connect();
+            }
+            catch (err) {
+                console.error(`error connecting to ${this.options.type} db: ${err}`);
+            }
             this.db = this.client.db();
             this.collection = this.db.collection('jacksonStore');
             yield this.collection.createIndex({ indexes: 1 });
@@ -56,6 +64,15 @@ class Mongo {
             return null;
         });
     }
+    getAll(namespace) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const _namespaceMatch = new RegExp(`^${namespace}:.*`);
+            const docs = yield this.collection.find({ _id: _namespaceMatch }).toArray();
+            if (docs)
+                return docs.map(({ value }) => value);
+            return [];
+        });
+    }
     getByIndex(namespace, idx) {
         return __awaiter(this, void 0, void 0, function* () {
             const docs = yield this.collection
@@ -86,8 +103,12 @@ class Mongo {
                 }
                 doc.indexes.push(idxKey);
             }
+            doc.modifiedAt = new Date().toISOString();
             yield this.collection.updateOne({ _id: dbutils.key(namespace, key) }, {
                 $set: doc,
+                $setOnInsert: {
+                    createdAt: new Date().toISOString(),
+                },
             }, { upsert: true });
         });
     }

package/dist/db/redis.d.ts

@@ -5,6 +5,7 @@ declare class Redis implements DatabaseDriver {
     constructor(options: DatabaseOption);
     init(): Promise<Redis>;
     get(namespace: string, key: string): Promise<any>;
+    getAll(namespace: string): Promise<unknown[]>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
     put(namespace: string, key: string, val: Encrypted, ttl?: number, ...indexes: any[]): Promise<void>;
     delete(namespace: string, key: string): Promise<any>;

package/dist/db/redis.js

@@ -57,6 +57,26 @@ class Redis {
             return null;
         });
     }
+    getAll(namespace) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const keys = yield this.client.sendCommand(['keys', namespace + ':*']);
+            const returnValue = [];
+            for (let i = 0; i < keys.length; i++) {
+                try {
+                    if (this.client.get(keys[i])) {
+                        const value = yield this.client.get(keys[i]);
+                        returnValue.push(JSON.parse(value));
+                    }
+                }
+                catch (error) {
+                    console.error(error);
+                }
+            }
+            if (returnValue)
+                return returnValue;
+            return [];
+        });
+    }
     getByIndex(namespace, idx) {
         return __awaiter(this, void 0, void 0, function* () {
             const dbKeys = yield this.client.sMembers(dbutils.keyForIndex(namespace, idx));

package/dist/db/sql/entity/JacksonStore.d.ts

@@ -3,4 +3,6 @@ export declare class JacksonStore {
     value: string;
     iv?: string;
     tag?: string;
+    createdAt?: Date;
+    modifiedAt?: string;
 }

package/dist/db/sql/entity/JacksonStore.js

@@ -36,6 +36,19 @@ __decorate([
         nullable: true,
     })
 ], JacksonStore.prototype, "tag", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'timestamp',
+        default: () => 'CURRENT_TIMESTAMP',
+        nullable: false,
+    })
+], JacksonStore.prototype, "createdAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'timestamp',
+        nullable: true,
+    })
+], JacksonStore.prototype, "modifiedAt", void 0);
 JacksonStore = __decorate([
     (0, typeorm_1.Entity)()
 ], JacksonStore);

package/dist/db/sql/sql.d.ts

@@ -10,6 +10,7 @@ declare class Sql implements DatabaseDriver {
     constructor(options: DatabaseOption);
     init(): Promise<Sql>;
     get(namespace: string, key: string): Promise<any>;
+    getAll(namespace: string): Promise<unknown[]>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
     put(namespace: string, key: string, val: Encrypted, ttl?: number, ...indexes: any[]): Promise<void>;
     delete(namespace: string, key: string): Promise<any>;

package/dist/db/sql/sql.js

@@ -95,7 +95,7 @@ class Sql {
     }
     get(namespace, key) {
         return __awaiter(this, void 0, void 0, function* () {
-            let res = yield this.storeRepository.findOne({
+            const res = yield this.storeRepository.findOne({
                 key: dbutils.key(namespace, key),
             });
             if (res && res.value) {
@@ -108,6 +108,22 @@ class Sql {
             return null;
         });
     }
+    getAll(namespace) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.storeRepository.find({
+                where: { key: (0, typeorm_1.Like)(`%${namespace}%`) },
+                select: ['value', 'iv', 'tag'],
+                order: {
+                    ['createdAt']: 'DESC',
+                    // ['createdAt']: 'ASC',
+                },
+            });
+            const returnValue = JSON.parse(JSON.stringify(response));
+            if (returnValue)
+                return returnValue;
+            return [];
+        });
+    }
     getByIndex(namespace, idx) {
         return __awaiter(this, void 0, void 0, function* () {
             const res = yield this.indexRepository.find({
@@ -135,6 +151,7 @@ class Sql {
                 store.value = val.value;
                 store.iv = val.iv;
                 store.tag = val.tag;
+                store.modifiedAt = new Date().toISOString();
                 yield transactionalEntityManager.save(store);
                 if (ttl) {
                     const ttlRec = new JacksonTTL_1.JacksonTTL();

package/dist/db/store.js

@@ -40,6 +40,11 @@ class Store {
             return yield this.db.get(this.namespace, dbutils.keyDigest(key));
         });
     }
+    getAll() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield this.db.getAll(this.namespace);
+        });
+    }
     getByIndex(idx) {
         return __awaiter(this, void 0, void 0, function* () {
             idx.value = dbutils.keyDigest(idx.value);

package/dist/index.d.ts

@@ -1,9 +1,11 @@
-import { JacksonOption } from './typings';
 import { APIController } from './controller/api';
 import { OAuthController } from './controller/oauth';
+import { AdminController } from './controller/admin';
+import { JacksonOption } from './typings';
 export declare const controllers: (opts: JacksonOption) => Promise<{
     apiController: APIController;
     oauthController: OAuthController;
+    adminController: AdminController;
 }>;
 export default controllers;
 export * from './typings';

package/dist/index.js

@@ -25,6 +25,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.controllers = void 0;
 const api_1 = require("./controller/api");
 const oauth_1 = require("./controller/oauth");
+const admin_1 = require("./controller/admin");
 const db_1 = __importDefault(require("./db/db"));
 const read_config_1 = __importDefault(require("./read-config"));
 const defaultOpts = (opts) => {
@@ -44,6 +45,7 @@ const defaultOpts = (opts) => {
     newOpts.db.type = newOpts.db.type || 'postgres'; // Only needed if DB_ENGINE is sql.
     newOpts.db.ttl = (newOpts.db.ttl || 300) * 1; // TTL for the code, session and token stores (in seconds)
     newOpts.db.cleanupLimit = (newOpts.db.cleanupLimit || 1000) * 1; // Limit cleanup of TTL entries to this many items at a time
+    newOpts.clientSecretVerifier = newOpts.clientSecretVerifier || 'dummy';
     return newOpts;
 };
 const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
@@ -54,6 +56,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     const codeStore = db.store('oauth:code', opts.db.ttl);
     const tokenStore = db.store('oauth:token', opts.db.ttl);
     const apiController = new api_1.APIController({ configStore });
+    const adminController = new admin_1.AdminController({ configStore });
     const oauthController = new oauth_1.OAuthController({
         configStore,
         sessionStore,
@@ -74,6 +77,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     return {
         apiController,
         oauthController,
+        adminController,
     };
 });
 exports.controllers = controllers;

package/dist/opentelemetry/metrics.d.ts

@@ -0,0 +1,2 @@
+declare const increment: (action: string) => void;
+export { increment };

package/dist/opentelemetry/metrics.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.increment = void 0;
+const api_metrics_1 = require("@opentelemetry/api-metrics");
+const counters = {
+    createConfig: {
+        name: 'jackson.config.create',
+        description: 'Number of SAML config create requests',
+    },
+    getConfig: {
+        name: 'jackson.config.get',
+        description: 'Number of SAML config get requests',
+    },
+    deleteConfig: {
+        name: 'jackson.config.delete',
+        description: 'Number of SAML config delete requests',
+    },
+    oauthAuthorize: {
+        name: 'jackson.oauth.authorize',
+        description: 'Number of SAML oauth authorize requests',
+    },
+    oauthToken: {
+        name: 'jackson.oauth.token',
+        description: 'Number of SAML oauth token requests',
+    },
+    oauthUserInfo: {
+        name: 'jackson.oauth.userinfo',
+        description: 'Number of SAML oauth user info requests',
+    },
+};
+const createCounter = (action) => {
+    const meter = api_metrics_1.metrics.getMeterProvider().getMeter('jackson');
+    const counter = counters[action];
+    return meter.createCounter(counter.name, {
+        description: counter.description,
+    });
+};
+const increment = (action) => {
+    const counter = createCounter(action);
+    counter.add(1, { provider: 'saml' });
+};
+exports.increment = increment;

package/dist/saml/saml.js

@@ -68,7 +68,7 @@ const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn
             '@ID': id,
             '@Version': '2.0',
             '@IssueInstant': date,
-            '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
             '@Destination': ssoUrl,
             'saml:Issuer': {
                 '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',

package/dist/typings.d.ts

@@ -3,6 +3,8 @@ export declare type IdPConfig = {
     redirectUrl: string;
     tenant: string;
     product: string;
+    name: string;
+    description: string;
     rawMetadata?: string;
     encodedRawMetadata?: string;
 };
@@ -13,11 +15,12 @@ export interface OAuth {
 }
 export interface IAPIController {
     config(body: IdPConfig): Promise<OAuth>;
+    updateConfig(body: any): Promise<void>;
     getConfig(body: {
         clientID?: string;
         tenant?: string;
         product?: string;
-    }): Promise<Partial<OAuth>>;
+    }): Promise<any>;
     deleteConfig(body: {
         clientID?: string;
         clientSecret?: string;
@@ -27,7 +30,8 @@ export interface IAPIController {
 }
 export interface IOAuthController {
     authorize(body: OAuthReqBody): Promise<{
-        redirect_url: string;
+        redirect_url?: string;
+        authorize_form?: string;
     }>;
     samlResponse(body: SAMLResponsePayload): Promise<{
         redirect_url: string;
@@ -35,6 +39,9 @@ export interface IOAuthController {
     token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
     userInfo(token: string): Promise<Profile>;
 }
+export interface IAdminController {
+    getAllConfig(): any;
+}
 export interface OAuthReqBody {
     response_type: 'code';
     client_id: string;
@@ -73,12 +80,14 @@ export interface Index {
     value: string;
 }
 export interface DatabaseDriver {
+    getAll(namespace: string): Promise<unknown[]>;
     get(namespace: string, key: string): Promise<any>;
     put(namespace: string, key: string, val: any, ttl: number, ...indexes: Index[]): Promise<any>;
     delete(namespace: string, key: string): Promise<any>;
     getByIndex(namespace: string, idx: Index): Promise<any>;
 }
 export interface Storable {
+    getAll(): Promise<unknown[]>;
     get(key: string): Promise<any>;
     put(key: string, val: any, ...indexes: Index[]): Promise<any>;
     delete(key: string): Promise<any>;
@@ -123,4 +132,5 @@ export interface JacksonOption {
     preLoadedConfig?: string;
     idpEnabled?: boolean;
     db: DatabaseOption;
+    clientSecretVerifier?: string;
 }

package/migration/mariadb/1644332636666-createdAt.ts

@@ -0,0 +1,16 @@
+import {MigrationInterface, QueryRunner} from "typeorm";
+
+export class createdAt1644332636666 implements MigrationInterface {
+    name = 'createdAt1644332636666'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` ADD \`createdAt\` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP()`);
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` ADD \`modifiedAt\` timestamp NULL`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` DROP COLUMN \`modifiedAt\``);
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` DROP COLUMN \`createdAt\``);
+    }
+
+}

package/migration/mysql/1644332641078-createdAt.ts

@@ -0,0 +1,16 @@
+import {MigrationInterface, QueryRunner} from "typeorm";
+
+export class createdAt1644332641078 implements MigrationInterface {
+    name = 'createdAt1644332641078'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` ADD \`createdAt\` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP`);
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` ADD \`modifiedAt\` timestamp NULL`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` DROP COLUMN \`modifiedAt\``);
+        await queryRunner.query(`ALTER TABLE \`jackson_store\` DROP COLUMN \`createdAt\``);
+    }
+
+}

package/migration/postgres/1644332647279-createdAt.ts

@@ -0,0 +1,16 @@
+import {MigrationInterface, QueryRunner} from "typeorm";
+
+export class createdAt1644332647279 implements MigrationInterface {
+    name = 'createdAt1644332647279'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "jackson_store" ADD "createdAt" TIMESTAMP NOT NULL DEFAULT now()`);
+        await queryRunner.query(`ALTER TABLE "jackson_store" ADD "modifiedAt" TIMESTAMP`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "jackson_store" DROP COLUMN "modifiedAt"`);
+        await queryRunner.query(`ALTER TABLE "jackson_store" DROP COLUMN "createdAt"`);
+    }
+
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.3.7",
+  "version": "0.3.8-beta.763",
   "description": "SAML 2.0 service",
   "keywords": [
     "SAML 2.0"
@@ -18,9 +18,9 @@
   ],
   "scripts": {
     "build": "tsc -p tsconfig.build.json",
-    "db:migration:generate:postgres": "ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n Initial",
-    "db:migration:generate:mysql": "cross-env DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n Initial",
-    "db:migration:generate:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n Initial",
+    "db:migration:generate:postgres": "ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n createdAt",
+    "db:migration:generate:mysql": "cross-env DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n createdAt",
+    "db:migration:generate:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n createdAt",
     "db:migration:run:postgres": "ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run",
     "db:migration:run:mysql": "cross-env DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run",
     "db:migration:run:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run",
@@ -37,10 +37,9 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
+    "@opentelemetry/api-metrics": "0.27.0",
     "@peculiar/webcrypto": "1.2.3",
     "@peculiar/x509": "1.6.1",
-    "cors": "2.8.5",
-    "express": "4.17.2",
     "mongodb": "4.3.1",
     "mysql2": "2.3.3",
     "pg": "8.7.3",
@@ -55,7 +54,6 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
-    "@types/express": "4.17.13",
     "@types/node": "17.0.17",
     "@types/sinon": "10.0.11",
     "@types/tap": "15.0.5",