@boxyhq/saml-jackson 1.3.2 → 1.3.4
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/controller/oauth.d.ts +4 -0
- package/dist/controller/oauth.js +9 -3
- package/dist/saml/claims.d.ts +2 -2
- package/dist/saml/claims.js +23 -0
- package/dist/typings.d.ts +3 -0
- package/package.json +1 -1
package/dist/controller/oauth.js
CHANGED
@@ -382,7 +382,7 @@ class OAuthController {
|
|
382
382
|
oidcCodeVerifier = openid_client_1.generators.codeVerifier();
|
383
383
|
const code_challenge = openid_client_1.generators.codeChallenge(oidcCodeVerifier);
|
384
384
|
ssoUrl = oidcClient.authorizationUrl({
|
385
|
-
scope: [...requestedScopes, 'openid', 'email', 'profile']
|
385
|
+
scope: [...requestedScopes, 'openid', 'email', 'profile', 'groups']
|
386
386
|
.filter((value, index, self) => self.indexOf(value) === index) // filter out duplicates
|
387
387
|
.join(' '),
|
388
388
|
code_challenge,
|
@@ -616,7 +616,7 @@ class OAuthController {
|
|
616
616
|
});
|
617
617
|
}
|
618
618
|
extractOIDCUserProfile(tokenSet, oidcClient) {
|
619
|
-
var _a, _b, _c;
|
619
|
+
var _a, _b, _c, _d, _e;
|
620
620
|
return __awaiter(this, void 0, void 0, function* () {
|
621
621
|
const profile = { claims: {} };
|
622
622
|
const idTokenClaims = tokenSet.claims();
|
@@ -625,6 +625,8 @@ class OAuthController {
|
|
625
625
|
profile.claims.email = (_a = idTokenClaims.email) !== null && _a !== void 0 ? _a : userinfo.email;
|
626
626
|
profile.claims.firstName = (_b = idTokenClaims.given_name) !== null && _b !== void 0 ? _b : userinfo.given_name;
|
627
627
|
profile.claims.lastName = (_c = idTokenClaims.family_name) !== null && _c !== void 0 ? _c : userinfo.family_name;
|
628
|
+
profile.claims.roles = (_d = idTokenClaims.roles) !== null && _d !== void 0 ? _d : userinfo.roles;
|
629
|
+
profile.claims.groups = (_e = idTokenClaims.groups) !== null && _e !== void 0 ? _e : userinfo.groups;
|
628
630
|
profile.claims.raw = userinfo;
|
629
631
|
return profile;
|
630
632
|
});
|
@@ -868,7 +870,7 @@ class OAuthController {
|
|
868
870
|
throw new error_1.JacksonError('JWT signing keys are not loaded', 500);
|
869
871
|
}
|
870
872
|
let claims = requestHasNonce ? { nonce: codeVal.requested.nonce } : {};
|
871
|
-
claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName });
|
873
|
+
claims = Object.assign(Object.assign({}, claims), { id: codeVal.profile.claims.id, email: codeVal.profile.claims.email, firstName: codeVal.profile.claims.firstName, lastName: codeVal.profile.claims.lastName, roles: codeVal.profile.claims.roles, groups: codeVal.profile.claims.groups });
|
872
874
|
const signingKey = yield (0, utils_1.loadJWSPrivateKey)(jwtSigningKeys.private, jwsAlg);
|
873
875
|
const id_token = yield new jose.SignJWT(claims)
|
874
876
|
.setProtectedHeader({ alg: jwsAlg })
|
@@ -923,6 +925,10 @@ class OAuthController {
|
|
923
925
|
* type: string
|
924
926
|
* lastName:
|
925
927
|
* type: string
|
928
|
+
* roles:
|
929
|
+
* type: array
|
930
|
+
* groups:
|
931
|
+
* type: array
|
926
932
|
* raw:
|
927
933
|
* type: object
|
928
934
|
* requested:
|
package/dist/saml/claims.d.ts
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
declare const _default: {
|
2
|
-
map: (claims: Record<
|
3
|
-
raw: Record<
|
2
|
+
map: (claims: Record<string, unknown>) => {
|
3
|
+
raw: Record<string, unknown>;
|
4
4
|
};
|
5
5
|
};
|
6
6
|
export default _default;
|
package/dist/saml/claims.js
CHANGED
@@ -1,5 +1,19 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
const rolesAttribute = 'roles';
|
4
|
+
const rolesSchema = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role';
|
5
|
+
const groupsAttribute = 'groups';
|
6
|
+
const groupsSchema = 'http://schemas.xmlsoap.org/claims/Group';
|
7
|
+
const arrayMapping = [
|
8
|
+
{
|
9
|
+
attribute: rolesAttribute,
|
10
|
+
schema: rolesSchema,
|
11
|
+
},
|
12
|
+
{
|
13
|
+
attribute: groupsAttribute,
|
14
|
+
schema: groupsSchema,
|
15
|
+
},
|
16
|
+
];
|
3
17
|
const mapping = [
|
4
18
|
{
|
5
19
|
attribute: 'id',
|
@@ -17,8 +31,17 @@ const mapping = [
|
|
17
31
|
attribute: 'lastName',
|
18
32
|
schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
|
19
33
|
},
|
34
|
+
...arrayMapping,
|
20
35
|
];
|
21
36
|
const map = (claims) => {
|
37
|
+
arrayMapping.forEach((m) => {
|
38
|
+
if (claims[m.attribute]) {
|
39
|
+
claims[m.attribute] = [].concat(claims[m.attribute]);
|
40
|
+
}
|
41
|
+
else if (claims[m.schema]) {
|
42
|
+
claims[m.schema] = [].concat(claims[m.schema]);
|
43
|
+
}
|
44
|
+
});
|
22
45
|
const profile = {
|
23
46
|
raw: claims,
|
24
47
|
};
|
package/dist/typings.d.ts
CHANGED