@digitalbazaar/oid4-client 2.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/OID4Client.js +7 -4
- package/lib/util.js +40 -14
- package/package.json +1 -1
package/lib/OID4Client.js
CHANGED
|
@@ -10,9 +10,10 @@ const GRANT_TYPES = new Map([
|
|
|
10
10
|
const HEADERS = {accept: 'application/json'};
|
|
11
11
|
|
|
12
12
|
export class OID4Client {
|
|
13
|
-
constructor({accessToken = null, agent, issuerConfig, offer} = {}) {
|
|
13
|
+
constructor({accessToken = null, agent, issuerConfig, metadata, offer} = {}) {
|
|
14
14
|
this.accessToken = accessToken;
|
|
15
15
|
this.agent = agent;
|
|
16
|
+
this.metadata = metadata;
|
|
16
17
|
this.issuerConfig = issuerConfig;
|
|
17
18
|
this.offer = offer;
|
|
18
19
|
}
|
|
@@ -232,9 +233,10 @@ export class OID4Client {
|
|
|
232
233
|
try {
|
|
233
234
|
// discover issuer info
|
|
234
235
|
const issuerConfigUrl =
|
|
235
|
-
`${parsedIssuer.origin}/.well-known/
|
|
236
|
+
`${parsedIssuer.origin}/.well-known/openid-credential-issuer` +
|
|
236
237
|
parsedIssuer.pathname;
|
|
237
|
-
const issuerConfig = await discoverIssuer(
|
|
238
|
+
const {issuerConfig, metadata} = await discoverIssuer(
|
|
239
|
+
{issuerConfigUrl, agent});
|
|
238
240
|
|
|
239
241
|
/* First get access token from AS (Authorization Server), e.g.:
|
|
240
242
|
|
|
@@ -298,7 +300,8 @@ export class OID4Client {
|
|
|
298
300
|
}
|
|
299
301
|
|
|
300
302
|
// create client w/access token
|
|
301
|
-
return new OID4Client(
|
|
303
|
+
return new OID4Client(
|
|
304
|
+
{accessToken, agent, issuerConfig, metadata, offer});
|
|
302
305
|
} catch(cause) {
|
|
303
306
|
const error = new Error('Could not create OID4 client.');
|
|
304
307
|
error.name = 'OperationError';
|
package/lib/util.js
CHANGED
|
@@ -14,24 +14,20 @@ export async function discoverIssuer({issuerConfigUrl, agent} = {}) {
|
|
|
14
14
|
throw new TypeError('"issuerConfigUrl" must be a string.');
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
const fetchOptions = {
|
|
19
|
-
// max size for issuer config related responses (in bytes, ~4 KiB)
|
|
20
|
-
size: 4096,
|
|
21
|
-
// timeout in ms for fetching an issuer config
|
|
22
|
-
timeout: 5000,
|
|
23
|
-
agent
|
|
24
|
-
};
|
|
25
|
-
|
|
26
|
-
const response = await httpClient.get(issuerConfigUrl, fetchOptions);
|
|
17
|
+
const response = await _fetchJSON({url: issuerConfigUrl, agent});
|
|
27
18
|
if(!response.data) {
|
|
28
19
|
const error = new Error('Issuer configuration format is not JSON.');
|
|
29
20
|
error.name = 'DataError';
|
|
30
21
|
throw error;
|
|
31
22
|
}
|
|
32
23
|
|
|
33
|
-
const {data:
|
|
34
|
-
const {issuer,
|
|
24
|
+
const {data: issuerMetaData} = response;
|
|
25
|
+
const {issuer, authorization_server} = issuerMetaData;
|
|
26
|
+
|
|
27
|
+
if(authorization_server && authorization_server !== issuer) {
|
|
28
|
+
// not yet implemented
|
|
29
|
+
throw new Error('Separate authorization server not yet implemented.');
|
|
30
|
+
}
|
|
35
31
|
|
|
36
32
|
// validate `issuer`
|
|
37
33
|
if(!(typeof issuer === 'string' && issuer.startsWith('https://'))) {
|
|
@@ -63,16 +59,33 @@ export async function discoverIssuer({issuerConfigUrl, agent} = {}) {
|
|
|
63
59
|
throw error;
|
|
64
60
|
}
|
|
65
61
|
|
|
62
|
+
// fetch AS meta data
|
|
63
|
+
const asMetaDataUrl =
|
|
64
|
+
`${origin}/.well-known/oauth-authorization-server${pathname}`;
|
|
65
|
+
const asMetaDataResponse = await _fetchJSON({url: asMetaDataUrl, agent});
|
|
66
|
+
if(!asMetaDataResponse.data) {
|
|
67
|
+
const error = new Error('Authorization server meta data is not JSON.');
|
|
68
|
+
error.name = 'DataError';
|
|
69
|
+
throw error;
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
const {data: asMetaData} = response;
|
|
73
|
+
// merge AS meta data into total issuer config
|
|
74
|
+
const issuerConfig = {...issuerMetaData, ...asMetaData};
|
|
75
|
+
|
|
66
76
|
// ensure `token_endpoint` is valid
|
|
77
|
+
const {token_endpoint} = asMetaData;
|
|
67
78
|
if(!(token_endpoint && typeof token_endpoint === 'string')) {
|
|
68
79
|
const error = new TypeError('"token_endpoint" must be a string.');
|
|
69
80
|
error.name = 'DataError';
|
|
70
81
|
throw error;
|
|
71
82
|
}
|
|
72
83
|
|
|
73
|
-
return config
|
|
84
|
+
// return merged config and separate issuer and AS configs
|
|
85
|
+
const metadata = {issuer: issuerMetaData, authorizationServer: asMetaData};
|
|
86
|
+
return {issuerConfig, metadata};
|
|
74
87
|
} catch(cause) {
|
|
75
|
-
const error = new Error('Could not get
|
|
88
|
+
const error = new Error('Could not get OpenID issuer configuration.');
|
|
76
89
|
error.name = 'OperationError';
|
|
77
90
|
error.cause = cause;
|
|
78
91
|
throw error;
|
|
@@ -181,3 +194,16 @@ function _curveToAlg(crv) {
|
|
|
181
194
|
}
|
|
182
195
|
return crv;
|
|
183
196
|
}
|
|
197
|
+
|
|
198
|
+
function _fetchJSON({url, agent}) {
|
|
199
|
+
// allow these params to be passed / configured
|
|
200
|
+
const fetchOptions = {
|
|
201
|
+
// max size for issuer config related responses (in bytes, ~4 KiB)
|
|
202
|
+
size: 4096,
|
|
203
|
+
// timeout in ms for fetching an issuer config
|
|
204
|
+
timeout: 5000,
|
|
205
|
+
agent
|
|
206
|
+
};
|
|
207
|
+
|
|
208
|
+
return httpClient.get(url, fetchOptions);
|
|
209
|
+
}
|