@boxyhq/saml-jackson 1.2.2 → 1.3.1

package/dist/controller/oidc-discovery.js

@@ -31,8 +31,9 @@ class OidcDiscoveryController {
         };
     }
     jwks() {
+        var _a;
         return __awaiter(this, void 0, void 0, function* () {
-            const { jwtSigningKeys, jwsAlg } = this.opts.openid;
+            const { jwtSigningKeys, jwsAlg } = (_a = this.opts.openid) !== null && _a !== void 0 ? _a : {};
             if (!jwtSigningKeys || !(0, utils_1.isJWSKeyPairLoaded)(jwtSigningKeys)) {
                 throw new error_1.JacksonError('JWT signing keys are not loaded', 501);
             }

package/dist/controller/utils.d.ts

@@ -1,8 +1,9 @@
-import type { OAuthErrorHandlerParams } from '../typings';
+import type { ConnectionType, OAuthErrorHandlerParams, OIDCSSOConnection, SAMLSSOConnectionWithEncodedMetadata, SAMLSSOConnectionWithRawMetadata } from '../typings';
 import * as jose from 'jose';
 export declare enum IndexNames {
     EntityID = "entityID",
-    TenantProduct = "tenantProduct"
+    TenantProduct = "tenantProduct",
+    OIDCProviderClientID = "OIDCProviderClientID"
 }
 export declare const storeNamespacePrefix: {
     dsync: {
@@ -29,3 +30,10 @@ export declare function isJWSKeyPairLoaded(jwsKeyPair: {
 export declare const importJWTPublicKey: (key: string, jwsAlg: string) => Promise<jose.KeyLike>;
 export declare const exportPublicKeyJWK: (key: jose.KeyLike) => Promise<jose.JWK>;
 export declare const generateJwkThumbprint: (jwk: jose.JWK) => Promise<string>;
+export declare const validateSSOConnection: (body: SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata | OIDCSSOConnection, strategy: ConnectionType) => void;
+export declare const validateRedirectUrl: ({ redirectUrlList, defaultRedirectUrl }: {
+    redirectUrlList: any;
+    defaultRedirectUrl: any;
+}) => void;
+export declare const extractRedirectUrls: (urls: string[] | string) => string[];
+export declare const extractHostName: (url: string) => string | null;

package/dist/controller/utils.js

@@ -35,7 +35,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateJwkThumbprint = exports.exportPublicKeyJWK = exports.importJWTPublicKey = exports.isJWSKeyPairLoaded = exports.loadJWSPrivateKey = exports.createRandomSecret = exports.getErrorMessage = exports.OAuthErrorResponse = exports.validateAbsoluteUrl = exports.relayStatePrefix = exports.storeNamespacePrefix = exports.IndexNames = void 0;
+exports.extractHostName = exports.extractRedirectUrls = exports.validateRedirectUrl = exports.validateSSOConnection = exports.generateJwkThumbprint = exports.exportPublicKeyJWK = exports.importJWTPublicKey = exports.isJWSKeyPairLoaded = exports.loadJWSPrivateKey = exports.createRandomSecret = exports.getErrorMessage = exports.OAuthErrorResponse = exports.validateAbsoluteUrl = exports.relayStatePrefix = exports.storeNamespacePrefix = exports.IndexNames = void 0;
 const error_1 = require("./error");
 const redirect = __importStar(require("./oauth/redirect"));
 const crypto_1 = __importDefault(require("crypto"));
@@ -44,6 +44,7 @@ var IndexNames;
 (function (IndexNames) {
     IndexNames["EntityID"] = "entityID";
     IndexNames["TenantProduct"] = "tenantProduct";
+    IndexNames["OIDCProviderClientID"] = "OIDCProviderClientID";
 })(IndexNames = exports.IndexNames || (exports.IndexNames = {}));
 // The namespace prefix for the database store
 exports.storeNamespacePrefix = {
@@ -120,3 +121,89 @@ const generateJwkThumbprint = (jwk) => __awaiter(void 0, void 0, void 0, functio
     return thumbprint;
 });
 exports.generateJwkThumbprint = generateJwkThumbprint;
+const validateSSOConnection = (body, strategy) => {
+    const { defaultRedirectUrl, redirectUrl, tenant, product, description } = body;
+    const encodedRawMetadata = 'encodedRawMetadata' in body ? body.encodedRawMetadata : undefined;
+    const rawMetadata = 'rawMetadata' in body ? body.rawMetadata : undefined;
+    const oidcDiscoveryUrl = 'oidcDiscoveryUrl' in body ? body.oidcDiscoveryUrl : undefined;
+    const oidcClientId = 'oidcClientId' in body ? body.oidcClientId : undefined;
+    const oidcClientSecret = 'oidcClientSecret' in body ? body.oidcClientSecret : undefined;
+    if (strategy !== 'saml' && strategy !== 'oidc') {
+        throw new error_1.JacksonError(`Strategy: ${strategy} not supported`, 400);
+    }
+    if (strategy === 'saml') {
+        if (!rawMetadata && !encodedRawMetadata) {
+            throw new error_1.JacksonError('Please provide rawMetadata or encodedRawMetadata', 400);
+        }
+    }
+    if (strategy === 'oidc') {
+        if (!oidcClientId) {
+            throw new error_1.JacksonError('Please provide the clientId from OpenID Provider', 400);
+        }
+        if (!oidcClientSecret) {
+            throw new error_1.JacksonError('Please provide the clientSecret from OpenID Provider', 400);
+        }
+        if (!oidcDiscoveryUrl) {
+            throw new error_1.JacksonError('Please provide the discoveryUrl for the OpenID Provider', 400);
+        }
+    }
+    if (!defaultRedirectUrl) {
+        throw new error_1.JacksonError('Please provide a defaultRedirectUrl', 400);
+    }
+    if (!redirectUrl) {
+        throw new error_1.JacksonError('Please provide redirectUrl', 400);
+    }
+    if (!tenant) {
+        throw new error_1.JacksonError('Please provide tenant', 400);
+    }
+    if (!product) {
+        throw new error_1.JacksonError('Please provide product', 400);
+    }
+    if (description && description.length > 100) {
+        throw new error_1.JacksonError('Description should not exceed 100 characters', 400);
+    }
+};
+exports.validateSSOConnection = validateSSOConnection;
+const validateRedirectUrl = ({ redirectUrlList, defaultRedirectUrl }) => {
+    if (redirectUrlList) {
+        if (redirectUrlList.length > 100) {
+            throw new error_1.JacksonError('Exceeded maximum number of allowed redirect urls', 400);
+        }
+        for (const url of redirectUrlList) {
+            (0, exports.validateAbsoluteUrl)(url, 'redirectUrl is invalid');
+        }
+    }
+    if (defaultRedirectUrl) {
+        (0, exports.validateAbsoluteUrl)(defaultRedirectUrl, 'defaultRedirectUrl is invalid');
+    }
+};
+exports.validateRedirectUrl = validateRedirectUrl;
+const extractRedirectUrls = (urls) => {
+    if (!urls) {
+        return [];
+    }
+    if (typeof urls === 'string') {
+        if (urls.startsWith('[')) {
+            // redirectUrl is a stringified array
+            return JSON.parse(urls);
+        }
+        // redirectUrl is a single URL
+        return [urls];
+    }
+    // redirectUrl is an array of URLs
+    return urls;
+};
+exports.extractRedirectUrls = extractRedirectUrls;
+const extractHostName = (url) => {
+    try {
+        const pUrl = new URL(url);
+        if (pUrl.hostname.startsWith('www.')) {
+            return pUrl.hostname.substring(4);
+        }
+        return pUrl.hostname;
+    }
+    catch (err) {
+        return null;
+    }
+};
+exports.extractHostName = extractHostName;

package/dist/index.d.ts

@@ -1,13 +1,14 @@
 import type { DirectorySync, JacksonOption } from './typings';
 import { AdminController } from './controller/admin';
-import { APIController } from './controller/api';
+import { ConnectionAPIController } from './controller/api';
 import { OAuthController } from './controller/oauth';
 import { HealthCheckController } from './controller/health-check';
 import { LogoutController } from './controller/logout';
 import { OidcDiscoveryController } from './controller/oidc-discovery';
 import { SPSAMLConfig } from './controller/sp-config';
 export declare const controllers: (opts: JacksonOption) => Promise<{
-    apiController: APIController;
+    apiController: ConnectionAPIController;
+    connectionAPIController: ConnectionAPIController;
     oauthController: OAuthController;
     adminController: AdminController;
     logoutController: LogoutController;

package/dist/index.js

@@ -29,7 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.controllers = void 0;
 const db_1 = __importDefault(require("./db/db"));
 const defaultDb_1 = __importDefault(require("./db/defaultDb"));
-const read_config_1 = __importDefault(require("./read-config"));
+const loadConnection_1 = __importDefault(require("./loadConnection"));
 const admin_1 = require("./controller/admin");
 const api_1 = require("./controller/api");
 const oauth_1 = require("./controller/oauth");
@@ -48,7 +48,9 @@ const defaultOpts = (opts) => {
     }
     newOpts.scimPath = newOpts.scimPath || '/api/scim/v2.0';
     newOpts.samlAudience = newOpts.samlAudience || 'https://saml.boxyhq.com';
-    newOpts.preLoadedConfig = newOpts.preLoadedConfig || ''; // path to folder containing static SAML config that will be preloaded. This is useful for self-hosted deployments that only have to support a single tenant (or small number of known tenants).
+    // path to folder containing static IdP connections that will be preloaded. This is useful for self-hosted deployments that only have to support a single tenant (or small number of known tenants).
+    newOpts.preLoadedConnection = newOpts.preLoadedConnection || '';
+    newOpts.preLoadedConfig = newOpts.preLoadedConfig || ''; // for backwards compatibility
     newOpts.idpEnabled = newOpts.idpEnabled === true;
     (0, defaultDb_1.default)(newOpts);
     newOpts.clientSecretVerifier = newOpts.clientSecretVerifier || 'dummy';
@@ -60,43 +62,50 @@ const defaultOpts = (opts) => {
 const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     opts = defaultOpts(opts);
     const db = yield db_1.default.new(opts.db);
-    const configStore = db.store('saml:config');
+    const connectionStore = db.store('saml:config');
     const sessionStore = db.store('oauth:session', opts.db.ttl);
     const codeStore = db.store('oauth:code', opts.db.ttl);
     const tokenStore = db.store('oauth:token', opts.db.ttl);
     const healthCheckStore = db.store('_health:check');
-    const apiController = new api_1.APIController({ configStore });
-    const adminController = new admin_1.AdminController({ configStore });
+    const connectionAPIController = new api_1.ConnectionAPIController({ connectionStore, opts });
+    const adminController = new admin_1.AdminController({ connectionStore });
     const healthCheckController = new health_check_1.HealthCheckController({ healthCheckStore });
     yield healthCheckController.init();
     const oauthController = new oauth_1.OAuthController({
-        configStore,
+        connectionStore,
         sessionStore,
         codeStore,
         tokenStore,
         opts,
     });
     const logoutController = new logout_1.LogoutController({
-        configStore,
+        connectionStore,
         sessionStore,
         opts,
     });
     const directorySync = yield (0, directory_sync_1.default)({ db, opts });
     const oidcDiscoveryController = new oidc_discovery_1.OidcDiscoveryController({ opts });
     const spConfig = new sp_config_1.SPSAMLConfig(opts);
-    // write pre-loaded config if present
-    if (opts.preLoadedConfig && opts.preLoadedConfig.length > 0) {
-        const configs = yield (0, read_config_1.default)(opts.preLoadedConfig);
-        for (const config of configs) {
-            yield apiController.config(config);
-            console.log(`loaded config for tenant "${config.tenant}" and product "${config.product}"`);
+    // write pre-loaded connections if present
+    const preLoadedConnection = opts.preLoadedConnection || opts.preLoadedConfig;
+    if (preLoadedConnection && preLoadedConnection.length > 0) {
+        const connections = yield (0, loadConnection_1.default)(preLoadedConnection);
+        for (const connection of connections) {
+            if ('oidcDiscoveryUrl' in connection) {
+                yield connectionAPIController.createOIDCConnection(connection);
+            }
+            else {
+                yield connectionAPIController.createSAMLConnection(connection);
+            }
+            console.log(`loaded connection for tenant "${connection.tenant}" and product "${connection.product}"`);
         }
     }
     const type = opts.db.engine === 'sql' && opts.db.type ? ' Type: ' + opts.db.type : '';
     console.log(`Using engine: ${opts.db.engine}.${type}`);
     return {
         spConfig,
-        apiController,
+        apiController: connectionAPIController,
+        connectionAPIController,
         oauthController,
         adminController,
         logoutController,

package/dist/loadConnection.d.ts

@@ -0,0 +1,3 @@
+import { OIDCSSOConnection, SAMLSSOConnectionWithEncodedMetadata, SAMLSSOConnectionWithRawMetadata } from './typings';
+declare const loadConnection: (preLoadedConnection: string) => Promise<(SAMLSSOConnectionWithEncodedMetadata | SAMLSSOConnectionWithRawMetadata | OIDCSSOConnection)[]>;
+export default loadConnection;

package/dist/{read-config.js → loadConnection.js}

@@ -34,22 +34,23 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const readConfig = (preLoadedConfig) => __awaiter(void 0, void 0, void 0, function* () {
-    if (preLoadedConfig.startsWith('./')) {
-        preLoadedConfig = path.resolve(process.cwd(), preLoadedConfig);
+const loadConnection = (preLoadedConnection) => __awaiter(void 0, void 0, void 0, function* () {
+    if (preLoadedConnection.startsWith('./')) {
+        preLoadedConnection = path.resolve(process.cwd(), preLoadedConnection);
     }
-    const files = yield fs.promises.readdir(preLoadedConfig);
-    const configs = [];
+    const files = yield fs.promises.readdir(preLoadedConnection);
+    const connections = [];
     for (const idx in files) {
         const file = files[idx];
         if (file.endsWith('.js')) {
-            const { default: config } = yield Promise.resolve().then(() => __importStar(require(
-            /* webpackIgnore: true */ path.join(preLoadedConfig, file))));
-            const rawMetadata = yield fs.promises.readFile(path.join(preLoadedConfig, path.parse(file).name + '.xml'), 'utf8');
-            config.encodedRawMetadata = Buffer.from(rawMetadata, 'utf8').toString('base64');
-            configs.push(config);
+            const { default: connection, } = yield Promise.resolve().then(() => __importStar(require(/* webpackIgnore: true */ path.join(preLoadedConnection, file))));
+            if (!('oidcDiscoveryUrl' in connection)) {
+                const rawMetadata = yield fs.promises.readFile(path.join(preLoadedConnection, path.parse(file).name + '.xml'), 'utf8');
+                connection.encodedRawMetadata = Buffer.from(rawMetadata, 'utf8').toString('base64');
+            }
+            connections.push(connection);
         }
     }
-    return configs;
+    return connections;
 });
-exports.default = readConfig;
+exports.default = loadConnection;

package/dist/opentelemetry/metrics.js

@@ -3,29 +3,29 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.increment = void 0;
 const api_metrics_1 = require("@opentelemetry/api-metrics");
 const counters = {
-    createConfig: {
-        name: 'jackson.config.create',
-        description: 'Number of SAML config create requests',
+    createConnection: {
+        name: 'jackson.connection.create',
+        description: 'Number of IdP connection create requests',
     },
-    getConfig: {
-        name: 'jackson.config.get',
-        description: 'Number of SAML config get requests',
+    getConnections: {
+        name: 'jackson.connections.get',
+        description: 'Number of IdP connections get requests',
     },
-    deleteConfig: {
-        name: 'jackson.config.delete',
-        description: 'Number of SAML config delete requests',
+    deleteConnections: {
+        name: 'jackson.connections.delete',
+        description: 'Number of IdP connections delete requests',
     },
     oauthAuthorize: {
         name: 'jackson.oauth.authorize',
-        description: 'Number of SAML oauth authorize requests',
+        description: 'Number of oauth authorize requests',
     },
     oauthToken: {
         name: 'jackson.oauth.token',
-        description: 'Number of SAML oauth token requests',
+        description: 'Number of oauth token requests',
     },
     oauthUserInfo: {
         name: 'jackson.oauth.userinfo',
-        description: 'Number of SAML oauth user info requests',
+        description: 'Number of oauth user info requests',
     },
 };
 const createCounter = (action) => {

package/dist/typings.d.ts

@@ -1,32 +1,113 @@
 import { type JWK } from 'jose';
-export declare type IdPConfig = {
+interface SSOConnection {
     defaultRedirectUrl: string;
     redirectUrl: string[] | string;
     tenant: string;
     product: string;
     name?: string;
     description?: string;
-    rawMetadata?: string;
-    encodedRawMetadata?: string;
-    forceAuthn: boolean | string;
-};
-export interface IAPIController {
-    config(body: IdPConfig): Promise<any>;
-    updateConfig(body: any): Promise<any>;
-    getConfig(body: {
-        clientID?: string;
-        tenant?: string;
-        product?: string;
-    }): Promise<any>;
-    deleteConfig(body: {
-        clientID?: string;
+}
+export interface SAMLSSOConnection extends SSOConnection {
+    forceAuthn?: boolean | string;
+}
+export interface SAMLSSOConnectionWithRawMetadata extends SAMLSSOConnection {
+    rawMetadata: string;
+    encodedRawMetadata?: never;
+}
+export interface SAMLSSOConnectionWithEncodedMetadata extends SAMLSSOConnection {
+    rawMetadata?: never;
+    encodedRawMetadata: string;
+}
+export interface OIDCSSOConnection extends SSOConnection {
+    oidcDiscoveryUrl: string;
+    oidcClientId: string;
+    oidcClientSecret: string;
+}
+export interface SAMLSSORecord extends SAMLSSOConnection {
+    clientID: string;
+    clientSecret: string;
+    idpMetadata: {
+        entityID: string;
+        loginType?: string;
+        provider: string | 'Unknown';
+        slo: {
+            postUrl?: string;
+            redirectUrl?: string;
+        };
+        sso: {
+            postUrl?: string;
+            redirectUrl?: string;
+        };
+        thumbprint?: string;
+        validTo?: string;
+    };
+    certs: {
+        privateKey: string;
+        publicKey: string;
+    };
+}
+export interface OIDCSSORecord extends SSOConnection {
+    clientID: string;
+    clientSecret: string;
+    oidcProvider: {
+        provider?: string;
+        discoveryUrl?: string;
+        clientId?: string;
         clientSecret?: string;
-        tenant?: string;
-        product?: string;
+    };
+}
+export declare type ConnectionType = 'saml' | 'oidc';
+declare type ClientIDQuery = {
+    clientID: string;
+};
+declare type TenantQuery = {
+    tenant: string;
+    product: string;
+    strategy?: ConnectionType;
+};
+export declare type GetConnectionsQuery = ClientIDQuery | TenantQuery;
+export declare type DelConnectionsQuery = (ClientIDQuery & {
+    clientSecret: string;
+}) | TenantQuery;
+export declare type GetConfigQuery = ClientIDQuery | Omit<TenantQuery, 'strategy'>;
+export declare type DelConfigQuery = (ClientIDQuery & {
+    clientSecret: string;
+}) | Omit<TenantQuery, 'strategy'>;
+export interface IConnectionAPIController {
+    /**
+     * @deprecated Use `createSAMLConnection` instead.
+     */
+    config(body: SAMLSSOConnection): Promise<SAMLSSORecord>;
+    createSAMLConnection(body: SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata): Promise<SAMLSSORecord>;
+    createOIDCConnection(body: OIDCSSOConnection): Promise<OIDCSSORecord>;
+    /**
+     * @deprecated Use `updateSAMLConnection` instead.
+     */
+    updateConfig(body: SAMLSSOConnection & {
+        clientID: string;
+        clientSecret: string;
+    }): Promise<void>;
+    updateSAMLConnection(body: (SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata) & {
+        clientID: string;
+        clientSecret: string;
+    }): Promise<void>;
+    updateOIDCConnection(body: OIDCSSOConnection & {
+        clientID: string;
+        clientSecret: string;
     }): Promise<void>;
+    getConnections(body: GetConnectionsQuery): Promise<Array<SAMLSSORecord | OIDCSSORecord>>;
+    /**
+     * @deprecated Use `getConnections` instead.
+     */
+    getConfig(body: GetConfigQuery): Promise<SAMLSSORecord | Record<string, never>>;
+    deleteConnections(body: DelConnectionsQuery): Promise<void>;
+    /**
+     * @deprecated Use `deleteConnections` instead.
+     */
+    deleteConfig(body: DelConfigQuery): Promise<void>;
 }
 export interface IOAuthController {
-    authorize(body: OAuthReqBody): Promise<{
+    authorize(body: OAuthReq): Promise<{
         redirect_url?: string;
         authorize_form?: string;
     }>;
@@ -34,11 +115,14 @@ export interface IOAuthController {
         redirect_url?: string;
         app_select_form?: string;
     }>;
+    oidcAuthzResponse(body: OIDCAuthzResponsePayload): Promise<{
+        redirect_url?: string;
+    }>;
     token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
     userInfo(token: string): Promise<Profile>;
 }
 export interface IAdminController {
-    getAllConfig(pageOffset?: number, pageLimit?: number): any;
+    getAllConnection(pageOffset?: number, pageLimit?: number): any;
 }
 export interface IHealthCheckController {
     status(): Promise<{
@@ -71,35 +155,67 @@ export interface IOidcDiscoveryController {
     }>;
 }
 export interface OAuthReqBody {
+    state: string;
     response_type: 'code';
-    client_id: string;
     redirect_uri: string;
-    state: string;
-    tenant?: string;
-    product?: string;
-    access_type?: string;
-    resource?: string;
-    scope?: string;
-    nonce?: string;
     code_challenge: string;
     code_challenge_method: 'plain' | 'S256' | '';
-    provider: 'saml';
+    scope?: string;
+    nonce?: string;
     idp_hint?: string;
     prompt?: string;
 }
+export interface OAuthReqBodyWithClientId extends OAuthReqBody {
+    client_id: string;
+}
+export interface OAuthReqBodyWithTenantProduct extends OAuthReqBody {
+    client_id: 'dummy';
+    tenant: string;
+    product: string;
+}
+export interface OAuthReqBodyWithAccessType extends OAuthReqBody {
+    client_id: 'dummy';
+    access_type: string;
+}
+export interface OAuthReqBodyWithResource extends OAuthReqBody {
+    client_id: 'dummy';
+    resource: string;
+}
+export declare type OAuthReq = OAuthReqBodyWithClientId | OAuthReqBodyWithTenantProduct | OAuthReqBodyWithAccessType | OAuthReqBodyWithResource;
 export interface SAMLResponsePayload {
     SAMLResponse: string;
     RelayState: string;
     idp_hint?: string;
 }
-export interface OAuthTokenReq {
-    client_id: string;
-    client_secret: string;
-    code_verifier: string;
+interface OIDCAuthzResponseSuccess {
+    code: string;
+    state: string;
+    error?: never;
+    error_description?: never;
+}
+interface OIDCAuthzResponseError {
+    code?: never;
+    state: string;
+    error: OAuthErrorHandlerParams['error'] | OIDCErrorCodes;
+    error_description?: string;
+}
+export declare type OIDCAuthzResponsePayload = OIDCAuthzResponseSuccess | OIDCAuthzResponseError;
+interface OAuthTokenReqBody {
     code: string;
     grant_type: 'authorization_code';
-    redirect_uri?: string;
+    redirect_uri: string;
+}
+export interface OAuthTokenReqWithCodeVerifier extends OAuthTokenReqBody {
+    code_verifier: string;
+    client_id?: never;
+    client_secret?: never;
+}
+export interface OAuthTokenReqWithCredentials extends OAuthTokenReqBody {
+    code_verifier?: never;
+    client_id: string;
+    client_secret: string;
 }
+export declare type OAuthTokenReq = OAuthTokenReqWithCodeVerifier | OAuthTokenReqWithCredentials;
 export interface OAuthTokenRes {
     access_token: string;
     id_token?: string;
@@ -156,14 +272,16 @@ export interface DatabaseOption {
 export interface JacksonOption {
     externalUrl: string;
     samlPath: string;
+    oidcPath?: string;
     samlAudience?: string;
     preLoadedConfig?: string;
+    preLoadedConnection?: string;
     idpEnabled?: boolean;
     db: DatabaseOption;
     clientSecretVerifier?: string;
     idpDiscoveryPath?: string;
     scimPath?: string;
-    openid: {
+    openid?: {
         jwsAlg?: string;
         jwtSigningKeys?: {
             private: string;
@@ -191,7 +309,7 @@ interface Metadata {
     loginType: 'idp' | 'sp';
     provider: string;
 }
-export interface SAMLConfig {
+export interface SAMLConnection {
     idpMetadata: Metadata;
     certs: {
         privateKey: string;
@@ -200,11 +318,12 @@ export interface SAMLConfig {
     defaultRedirectUrl: string;
 }
 export interface OAuthErrorHandlerParams {
-    error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable';
+    error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable' | OIDCErrorCodes;
     error_description: string;
     redirect_uri: string;
     state?: string;
 }
+export declare type OIDCErrorCodes = 'interaction_required' | 'login_required' | 'account_selection_required' | 'consent_required' | 'invalid_request_uri' | 'invalid_request_object' | 'request_not_supported' | 'request_uri_not_supported' | 'registration_not_supported';
 export interface ISPSAMLConfig {
     get(): {
         acsUrl: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.2.2",
+  "version": "1.3.1",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"
@@ -27,7 +27,7 @@
     "db:migration:run:planetscale": "cross-env DB_SSL=true DB_ENGINE=planetscale DB_URL=${PLANETSCALE_URL} ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "db:migration:run:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "prepublishOnly": "npm run build",
-    "test": "tap --ts --timeout=100 --coverage test/**/*.test.ts",
+    "test": "tap --ts --timeout=100 --coverage-map=map.js test/**/*.test.ts",
     "sort": "npx sort-package-json"
   },
   "tap": {
@@ -41,11 +41,12 @@
     "@boxyhq/saml20": "1.0.7",
     "@opentelemetry/api": "1.0.4",
     "@opentelemetry/api-metrics": "0.27.0",
-    "axios": "^0.27.2",
-    "jose": "4.9.3",
-    "marked": "4.1.0",
+    "axios": "1.1.2",
+    "jose": "4.10.0",
+    "marked": "4.1.1",
     "mongodb": "4.10.0",
     "mysql2": "2.3.3",
+    "openid-client": "5.1.10",
     "node-forge": "1.3.1",
     "pg": "8.8.0",
     "redis": "4.3.1",
@@ -57,20 +58,20 @@
   },
   "devDependencies": {
     "@faker-js/faker": "7.5.0",
-    "@types/node": "18.7.23",
+    "@types/node": "18.8.3",
     "@types/sinon": "10.0.13",
     "@types/tap": "15.0.7",
-    "@typescript-eslint/eslint-plugin": "5.38.1",
+    "@typescript-eslint/eslint-plugin": "5.40.0",
     "@typescript-eslint/parser": "5.38.1",
     "cross-env": "7.0.3",
-    "eslint": "8.24.0",
+    "eslint": "8.25.0",
     "eslint-config-prettier": "8.5.0",
     "prettier": "2.7.1",
-    "sinon": "14.0.0",
+    "sinon": "14.0.1",
     "tap": "16.3.0",
     "ts-node": "10.9.1",
     "tsconfig-paths": "4.1.0",
-    "typescript": "4.8.3"
+    "typescript": "4.8.4"
   },
   "engines": {
     "node": ">=14.18.1 <=16.x"

package/dist/read-config.d.ts

@@ -1,3 +0,0 @@
-import { IdPConfig } from './typings';
-declare const readConfig: (preLoadedConfig: string) => Promise<IdPConfig[]>;
-export default readConfig;