@boxyhq/saml-jackson 1.3.2 → 1.3.4

package/dist/controller/oauth.d.ts

@@ -108,6 +108,10 @@ export declare class OAuthController implements IOAuthController {
      *               type: string
      *             lastName:
      *               type: string
+     *             roles:
+     *               type: array
+     *             groups:
+     *               type: array
      *             raw:
      *               type: object
      *             requested:

package/dist/controller/oauth.js

@@ -382,7 +382,7 @@ class OAuthController {
                     oidcCodeVerifier = openid_client_1.generators.codeVerifier();
                     const code_challenge = openid_client_1.generators.codeChallenge(oidcCodeVerifier);
                     ssoUrl = oidcClient.authorizationUrl({
-                        scope: [...requestedScopes, 'openid', 'email', 'profile']
+                        scope: [...requestedScopes, 'openid', 'email', 'profile', 'groups']
                             .filter((value, index, self) => self.indexOf(value) === index) // filter out duplicates
                             .join(' '),
                         code_challenge,
@@ -616,7 +616,7 @@ class OAuthController {
         });
     }
     extractOIDCUserProfile(tokenSet, oidcClient) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d, _e;
         return __awaiter(this, void 0, void 0, function* () {
             const profile = { claims: {} };
             const idTokenClaims = tokenSet.claims();
@@ -625,6 +625,8 @@ class OAuthController {
             profile.claims.email = (_a = idTokenClaims.email) !== null && _a !== void 0 ? _a : userinfo.email;
             profile.claims.firstName = (_b = idTokenClaims.given_name) !== null && _b !== void 0 ? _b : userinfo.given_name;
             profile.claims.lastName = (_c = idTokenClaims.family_name) !== null && _c !== void 0 ? _c : userinfo.family_name;
+            profile.claims.roles = (_d = idTokenClaims.roles) !== null && _d !== void 0 ? _d : userinfo.roles;
+            profile.claims.groups = (_e = idTokenClaims.groups) !== null && _e !== void 0 ? _e : userinfo.groups;
             profile.claims.raw = userinfo;
             return profile;
         });
@@ -868,7 +870,7 @@ class OAuthController {
                     throw new error_1.JacksonError('JWT signing keys are not loaded', 500);
                 }
                 let claims = requestHasNonce ? { nonce: codeVal.requested.nonce } : {};
-                claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName });
+                claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName, roles: codeVal.profile.claims.roles, groups: codeVal.profile.claims.groups });
                 const signingKey = yield (0, utils_1.loadJWSPrivateKey)(jwtSigningKeys.private, jwsAlg);
                 const id_token = yield new jose.SignJWT(claims)
                     .setProtectedHeader({ alg: jwsAlg })
@@ -923,6 +925,10 @@ class OAuthController {
      *               type: string
      *             lastName:
      *               type: string
+     *             roles:
+     *               type: array
+     *             groups:
+     *               type: array
      *             raw:
      *               type: object
      *             requested:

package/dist/saml/claims.d.ts

@@ -1,6 +1,6 @@
 declare const _default: {
-    map: (claims: Record<"id" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" | "email" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" | "firstName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" | "lastName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", unknown>) => {
-        raw: Record<"id" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" | "email" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" | "firstName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" | "lastName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", unknown>;
+    map: (claims: Record<string, unknown>) => {
+        raw: Record<string, unknown>;
     };
 };
 export default _default;

package/dist/saml/claims.js

@@ -1,5 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const rolesAttribute = 'roles';
+const rolesSchema = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role';
+const groupsAttribute = 'groups';
+const groupsSchema = 'http://schemas.xmlsoap.org/claims/Group';
+const arrayMapping = [
+    {
+        attribute: rolesAttribute,
+        schema: rolesSchema,
+    },
+    {
+        attribute: groupsAttribute,
+        schema: groupsSchema,
+    },
+];
 const mapping = [
     {
         attribute: 'id',
@@ -17,8 +31,17 @@ const mapping = [
         attribute: 'lastName',
         schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
     },
+    ...arrayMapping,
 ];
 const map = (claims) => {
+    arrayMapping.forEach((m) => {
+        if (claims[m.attribute]) {
+            claims[m.attribute] = [].concat(claims[m.attribute]);
+        }
+        else if (claims[m.schema]) {
+            claims[m.schema] = [].concat(claims[m.schema]);
+        }
+    });
     const profile = {
         raw: claims,
     };

package/dist/typings.d.ts

@@ -228,7 +228,10 @@ export interface Profile {
     email: string;
     firstName: string;
     lastName: string;
+    roles?: string[];
+    groups?: string[];
     requested: Record<string, string>;
+    raw: any;
 }
 export interface Index {
     name: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.3.2",
+  "version": "1.3.4",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"