@flink-app/oidc-plugin 2.0.0-alpha.80 → 2.0.0-alpha.81

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/handlers/CallbackOidc.d.ts.map +1 -1
  3. package/dist/handlers/CallbackOidc.js +2 -0
  4. package/dist/handlers/InitiateOidc.js +1 -1
  5. package/dist/providers/OidcProvider.d.ts.map +1 -1
  6. package/dist/providers/OidcProvider.js +4 -1
  7. package/package.json +6 -6
  8. package/src/handlers/CallbackOidc.ts +2 -0
  9. package/src/handlers/InitiateOidc.ts +1 -1
  10. package/src/providers/OidcProvider.ts +10 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # @flink-app/oidc-plugin
2
2
 
3
+ ## 2.0.0-alpha.81
4
+
5
+ ### Patch Changes
6
+
7
+ - @flink-app/flink@2.0.0-alpha.81
8
+ - @flink-app/jwt-auth-plugin@2.0.0-alpha.81
9
+
3
10
  ## 2.0.0-alpha.80
4
11
 
5
12
  ### Patch Changes
package/dist/handlers/CallbackOidc.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CallbackOidc.d.ts","sourceRoot":"","sources":["../../src/handlers/CallbackOidc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAc,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAC5G,OAAO,eAAe,MAAM,4BAA4B,CAAC;AAOzD;;GAEG;AACH,UAAU,UAAU;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED;;;GAGG;AACH,eAAO,MAAM,KAAK,EAAE,UAGnB,CAAC;AAEF;;;;;;GAMG;AACH,QAAA,MAAM,YAAY,EAAE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,eAAe,CA4PnE,CAAC;AAEF,eAAe,YAAY,CAAC"}
1
+ {"version":3,"file":"CallbackOidc.d.ts","sourceRoot":"","sources":["../../src/handlers/CallbackOidc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAc,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAC5G,OAAO,eAAe,MAAM,4BAA4B,CAAC;AAOzD;;GAEG;AACH,UAAU,UAAU;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED;;;GAGG;AACH,eAAO,MAAM,KAAK,EAAE,UAGnB,CAAC;AAEF;;;;;;GAMG;AACH,QAAA,MAAM,YAAY,EAAE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,eAAe,CA8PnE,CAAC;AAEF,eAAe,YAAY,CAAC"}
package/dist/handlers/CallbackOidc.js CHANGED
@@ -182,6 +182,7 @@ const CallbackOidc = async ({ ctx, req }) => {
182
182
  // Create or update OIDC connection
183
183
  const existingConnection = await ctx.repos.oidcConnectionRepo.findByUserAndProvider(user._id, provider);
184
184
  if (existingConnection) {
185
+ log_1.oidcLog.debug(`Callback: updating existing connection for userId=${user._id} provider="${provider}"`);
185
186
  await ctx.repos.oidcConnectionRepo.updateById(existingConnection._id, {
186
187
  accessToken: encryptedAccessToken,
187
188
  idToken: encryptedIdToken,
@@ -192,6 +193,7 @@ const CallbackOidc = async ({ ctx, req }) => {
192
193
  });
193
194
  }
194
195
  else {
196
+ log_1.oidcLog.debug(`Callback: creating new connection for userId=${user._id} provider="${provider}" subject="${tokenSet.claims.sub}"`);
195
197
  await ctx.repos.oidcConnectionRepo.create({
196
198
  userId: user._id,
197
199
  provider,
package/dist/handlers/InitiateOidc.js CHANGED
@@ -74,7 +74,7 @@ const InitiateOidc = async ({ ctx, req }) => {
74
74
  codeVerifier,
75
75
  nonce,
76
76
  });
77
- log_1.oidcLog.debug(`Initiate: redirecting to IdP authorization URL`);
77
+ log_1.oidcLog.debug(`Initiate: redirecting to IdP authorization URL: ${authorizationUrl}`);
78
78
  // Redirect user to provider's authorization page
79
79
  return {
80
80
  status: 302,
package/dist/providers/OidcProvider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OidcProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwD,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACvG,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,WAAW,MAAM,wBAAwB,CAAC;AACjD,OAAO,YAAY,MAAM,yBAAyB,CAAC;AAInD;;;;;;;;;;GAUG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,EAAE,kBAAkB;IAItC;;;;;;;OAOG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA0DjC;;;;;OAKG;IACG,mBAAmB,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB1G;;;;;;;OAOG;IACG,oBAAoB,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAqC/H;;;;;;;;OAQG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAajE;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,GAAE,OAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IA2BjG;;;;OAIG;YACW,iBAAiB;IAU/B;;;;OAIG;IACH,iBAAiB,IAAI,GAAG;CAM3B"}
1
+ {"version":3,"file":"OidcProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwD,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACvG,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,WAAW,MAAM,wBAAwB,CAAC;AACjD,OAAO,YAAY,MAAM,yBAAyB,CAAC;AAKnD;;;;;;;;;;GAUG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,EAAE,kBAAkB;IAItC;;;;;;;OAOG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkEjC;;;;;OAKG;IACG,mBAAmB,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB1G;;;;;;;OAOG;IACG,oBAAoB,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAqC/H;;;;;;;;OAQG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAajE;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,GAAE,OAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IA2BjG;;;;OAIG;YACW,iBAAiB;IAU/B;;;;OAIG;IACH,iBAAiB,IAAI,GAAG;CAM3B"}
package/dist/providers/OidcProvider.js CHANGED
@@ -4,6 +4,7 @@ exports.OidcProvider = void 0;
4
4
  const openid_client_1 = require("openid-client");
5
5
  const claims_mapper_1 = require("../utils/claims-mapper");
6
6
  const error_utils_1 = require("../utils/error-utils");
7
+ const log_1 = require("../log");
7
8
  /**
8
9
  * Generic OIDC Provider implementation using openid-client
9
10
  *
@@ -37,7 +38,9 @@ class OidcProvider {
37
38
  try {
38
39
  // Option 1: OIDC Discovery
39
40
  if (this.config.discoveryUrl) {
41
+ log_1.oidcLog.debug(`Provider "${this.config.issuer}": discovering from ${this.config.discoveryUrl}`);
40
42
  this.issuer = await openid_client_1.Issuer.discover(this.config.discoveryUrl);
43
+ log_1.oidcLog.debug(`Provider "${this.config.issuer}": discovery complete`, `authorization_endpoint=${this.issuer.metadata.authorization_endpoint}`, `token_endpoint=${this.issuer.metadata.token_endpoint}`, `userinfo_endpoint=${this.issuer.metadata.userinfo_endpoint ?? "(none)"}`, `jwks_uri=${this.issuer.metadata.jwks_uri}`);
41
44
  }
42
45
  // Option 2: Manual configuration
43
46
  else {
@@ -178,7 +181,7 @@ class OidcProvider {
178
181
  }
179
182
  catch (error) {
180
183
  // UserInfo is optional - continue with ID token claims only
181
- console.warn("Failed to fetch UserInfo, using ID token claims only:", error);
184
+ log_1.oidcLog.warn(`Failed to fetch UserInfo from ${this.config.userinfoEndpoint}, using ID token claims only:`, error);
182
185
  }
183
186
  }
184
187
  // Apply custom claim mapping if configured
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@flink-app/oidc-plugin",
3
- "version": "2.0.0-alpha.80",
3
+ "version": "2.0.0-alpha.81",
4
4
  "description": "Flink plugin for OIDC authentication with generic IdP support",
5
5
  "author": "joel@frost.se",
6
6
  "license": "MIT",
@@ -11,10 +11,10 @@
11
11
  },
12
12
  "dependencies": {
13
13
  "openid-client": "^5.7.0",
14
- "@flink-app/jwt-auth-plugin": "2.0.0-alpha.80"
14
+ "@flink-app/jwt-auth-plugin": "2.0.0-alpha.81"
15
15
  },
16
16
  "peerDependencies": {
17
- "@flink-app/flink": ">=2.0.0-alpha.80",
17
+ "@flink-app/flink": ">=2.0.0-alpha.81",
18
18
  "mongodb": "^6.15.0"
19
19
  },
20
20
  "peerDependenciesMeta": {
@@ -27,9 +27,9 @@
27
27
  "@types/node": "22.13.10",
28
28
  "ts-node": "^10.9.2",
29
29
  "tsc-watch": "^4.2.9",
30
- "@flink-app/jwt-auth-plugin": "2.0.0-alpha.80",
31
- "@flink-app/test-utils": "2.0.0-alpha.80",
32
- "@flink-app/flink": "2.0.0-alpha.80"
30
+ "@flink-app/flink": "2.0.0-alpha.81",
31
+ "@flink-app/jwt-auth-plugin": "2.0.0-alpha.81",
32
+ "@flink-app/test-utils": "2.0.0-alpha.81"
33
33
  },
34
34
  "scripts": {
35
35
  "test": "jasmine-ts --config=./spec/support/jasmine.json",
package/src/handlers/CallbackOidc.ts CHANGED
@@ -231,6 +231,7 @@ const CallbackOidc: GetHandler<any, any, PathParams, CallbackRequest> = async ({
231
231
  const existingConnection = await ctx.repos.oidcConnectionRepo.findByUserAndProvider(user._id, provider);
232
232
 
233
233
  if (existingConnection) {
234
+ oidcLog.debug(`Callback: updating existing connection for userId=${user._id} provider="${provider}"`);
234
235
  await ctx.repos.oidcConnectionRepo.updateById(existingConnection._id!, {
235
236
  accessToken: encryptedAccessToken,
236
237
  idToken: encryptedIdToken,
@@ -240,6 +241,7 @@ const CallbackOidc: GetHandler<any, any, PathParams, CallbackRequest> = async ({
240
241
  updatedAt: new Date(),
241
242
  });
242
243
  } else {
244
+ oidcLog.debug(`Callback: creating new connection for userId=${user._id} provider="${provider}" subject="${tokenSet.claims.sub}"`);
243
245
  await ctx.repos.oidcConnectionRepo.create({
244
246
  userId: user._id,
245
247
  provider,
package/src/handlers/InitiateOidc.ts CHANGED
@@ -95,7 +95,7 @@ const InitiateOidc: GetHandler<any, any, PathParams, InitiateRequest> = async ({
95
95
  nonce,
96
96
  });
97
97
 
98
- oidcLog.debug(`Initiate: redirecting to IdP authorization URL`);
98
+ oidcLog.debug(`Initiate: redirecting to IdP authorization URL: ${authorizationUrl}`);
99
99
 
100
100
  // Redirect user to provider's authorization page
101
101
  return {
package/src/providers/OidcProvider.ts CHANGED
@@ -4,6 +4,7 @@ import OidcProfile from "../schemas/OidcProfile";
4
4
  import OidcTokenSet from "../schemas/OidcTokenSet";
5
5
  import { mapClaimsToProfile, extractCustomClaims } from "../utils/claims-mapper";
6
6
  import { createOidcError, OidcErrorCodes } from "../utils/error-utils";
7
+ import { oidcLog } from "../log";
7
8
 
8
9
  /**
9
10
  * Generic OIDC Provider implementation using openid-client
@@ -42,7 +43,15 @@ export class OidcProvider {
42
43
  try {
43
44
  // Option 1: OIDC Discovery
44
45
  if (this.config.discoveryUrl) {
46
+ oidcLog.debug(`Provider "${this.config.issuer}": discovering from ${this.config.discoveryUrl}`);
45
47
  this.issuer = await Issuer.discover(this.config.discoveryUrl);
48
+ oidcLog.debug(
49
+ `Provider "${this.config.issuer}": discovery complete`,
50
+ `authorization_endpoint=${this.issuer.metadata.authorization_endpoint}`,
51
+ `token_endpoint=${this.issuer.metadata.token_endpoint}`,
52
+ `userinfo_endpoint=${this.issuer.metadata.userinfo_endpoint ?? "(none)"}`,
53
+ `jwks_uri=${this.issuer.metadata.jwks_uri}`
54
+ );
46
55
  }
47
56
  // Option 2: Manual configuration
48
57
  else {
@@ -203,7 +212,7 @@ export class OidcProvider {
203
212
  claims = { ...claims, ...userinfo };
204
213
  } catch (error) {
205
214
  // UserInfo is optional - continue with ID token claims only
206
- console.warn("Failed to fetch UserInfo, using ID token claims only:", error);
215
+ oidcLog.warn(`Failed to fetch UserInfo from ${this.config.userinfoEndpoint}, using ID token claims only:`, error);
207
216
  }
208
217
  }
209
218