@boxyhq/saml-jackson 1.3.2 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controller/oauth.d.ts +4 -0
- package/dist/controller/oauth.js +9 -3
- package/dist/saml/claims.d.ts +2 -2
- package/dist/saml/claims.js +23 -0
- package/dist/typings.d.ts +3 -0
- package/package.json +1 -1
package/dist/controller/oauth.js
CHANGED
|
@@ -382,7 +382,7 @@ class OAuthController {
|
|
|
382
382
|
oidcCodeVerifier = openid_client_1.generators.codeVerifier();
|
|
383
383
|
const code_challenge = openid_client_1.generators.codeChallenge(oidcCodeVerifier);
|
|
384
384
|
ssoUrl = oidcClient.authorizationUrl({
|
|
385
|
-
scope: [...requestedScopes, 'openid', 'email', 'profile']
|
|
385
|
+
scope: [...requestedScopes, 'openid', 'email', 'profile', 'groups']
|
|
386
386
|
.filter((value, index, self) => self.indexOf(value) === index) // filter out duplicates
|
|
387
387
|
.join(' '),
|
|
388
388
|
code_challenge,
|
|
@@ -616,7 +616,7 @@ class OAuthController {
|
|
|
616
616
|
});
|
|
617
617
|
}
|
|
618
618
|
extractOIDCUserProfile(tokenSet, oidcClient) {
|
|
619
|
-
var _a, _b, _c;
|
|
619
|
+
var _a, _b, _c, _d, _e;
|
|
620
620
|
return __awaiter(this, void 0, void 0, function* () {
|
|
621
621
|
const profile = { claims: {} };
|
|
622
622
|
const idTokenClaims = tokenSet.claims();
|
|
@@ -625,6 +625,8 @@ class OAuthController {
|
|
|
625
625
|
profile.claims.email = (_a = idTokenClaims.email) !== null && _a !== void 0 ? _a : userinfo.email;
|
|
626
626
|
profile.claims.firstName = (_b = idTokenClaims.given_name) !== null && _b !== void 0 ? _b : userinfo.given_name;
|
|
627
627
|
profile.claims.lastName = (_c = idTokenClaims.family_name) !== null && _c !== void 0 ? _c : userinfo.family_name;
|
|
628
|
+
profile.claims.roles = (_d = idTokenClaims.roles) !== null && _d !== void 0 ? _d : userinfo.roles;
|
|
629
|
+
profile.claims.groups = (_e = idTokenClaims.groups) !== null && _e !== void 0 ? _e : userinfo.groups;
|
|
628
630
|
profile.claims.raw = userinfo;
|
|
629
631
|
return profile;
|
|
630
632
|
});
|
|
@@ -868,7 +870,7 @@ class OAuthController {
|
|
|
868
870
|
throw new error_1.JacksonError('JWT signing keys are not loaded', 500);
|
|
869
871
|
}
|
|
870
872
|
let claims = requestHasNonce ? { nonce: codeVal.requested.nonce } : {};
|
|
871
|
-
claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName });
|
|
873
|
+
claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName, roles: codeVal.profile.claims.roles, groups: codeVal.profile.claims.groups });
|
|
872
874
|
const signingKey = yield (0, utils_1.loadJWSPrivateKey)(jwtSigningKeys.private, jwsAlg);
|
|
873
875
|
const id_token = yield new jose.SignJWT(claims)
|
|
874
876
|
.setProtectedHeader({ alg: jwsAlg })
|
|
@@ -923,6 +925,10 @@ class OAuthController {
|
|
|
923
925
|
* type: string
|
|
924
926
|
* lastName:
|
|
925
927
|
* type: string
|
|
928
|
+
* roles:
|
|
929
|
+
* type: array
|
|
930
|
+
* groups:
|
|
931
|
+
* type: array
|
|
926
932
|
* raw:
|
|
927
933
|
* type: object
|
|
928
934
|
* requested:
|
package/dist/saml/claims.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
declare const _default: {
|
|
2
|
-
map: (claims: Record<
|
|
3
|
-
raw: Record<
|
|
2
|
+
map: (claims: Record<string, unknown>) => {
|
|
3
|
+
raw: Record<string, unknown>;
|
|
4
4
|
};
|
|
5
5
|
};
|
|
6
6
|
export default _default;
|
package/dist/saml/claims.js
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const rolesAttribute = 'roles';
|
|
4
|
+
const rolesSchema = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role';
|
|
5
|
+
const groupsAttribute = 'groups';
|
|
6
|
+
const groupsSchema = 'http://schemas.xmlsoap.org/claims/Group';
|
|
7
|
+
const arrayMapping = [
|
|
8
|
+
{
|
|
9
|
+
attribute: rolesAttribute,
|
|
10
|
+
schema: rolesSchema,
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
attribute: groupsAttribute,
|
|
14
|
+
schema: groupsSchema,
|
|
15
|
+
},
|
|
16
|
+
];
|
|
3
17
|
const mapping = [
|
|
4
18
|
{
|
|
5
19
|
attribute: 'id',
|
|
@@ -17,8 +31,17 @@ const mapping = [
|
|
|
17
31
|
attribute: 'lastName',
|
|
18
32
|
schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
|
|
19
33
|
},
|
|
34
|
+
...arrayMapping,
|
|
20
35
|
];
|
|
21
36
|
const map = (claims) => {
|
|
37
|
+
arrayMapping.forEach((m) => {
|
|
38
|
+
if (claims[m.attribute]) {
|
|
39
|
+
claims[m.attribute] = [].concat(claims[m.attribute]);
|
|
40
|
+
}
|
|
41
|
+
else if (claims[m.schema]) {
|
|
42
|
+
claims[m.schema] = [].concat(claims[m.schema]);
|
|
43
|
+
}
|
|
44
|
+
});
|
|
22
45
|
const profile = {
|
|
23
46
|
raw: claims,
|
|
24
47
|
};
|
package/dist/typings.d.ts
CHANGED