@flink-app/oidc-plugin 2.0.0-alpha.87 → 2.0.0-alpha.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/dist/providers/OidcProvider.d.ts.map +1 -1
  3. package/dist/providers/OidcProvider.js +8 -2
  4. package/package.json +6 -6
  5. package/src/providers/OidcProvider.ts +9 -2
package/CHANGELOG.md CHANGED
@@ -1,5 +1,21 @@
1
1
  # @flink-app/oidc-plugin
2
2
 
3
+ ## 2.0.0-alpha.89
4
+
5
+ ### Patch Changes
6
+
7
+ - Fix OIDC trace logs
8
+ - @flink-app/flink@2.0.0-alpha.89
9
+ - @flink-app/jwt-auth-plugin@2.0.0-alpha.89
10
+
11
+ ## 2.0.0-alpha.88
12
+
13
+ ### Patch Changes
14
+
15
+ - 5f3919e: fix(oidc-plugin): use discovered userinfo endpoint in buildProfile when no manual endpoint is configured
16
+ - @flink-app/flink@2.0.0-alpha.88
17
+ - @flink-app/jwt-auth-plugin@2.0.0-alpha.88
18
+
3
19
  ## 2.0.0-alpha.87
4
20
 
5
21
  ### Patch Changes
package/dist/providers/OidcProvider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OidcProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwD,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACvG,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,WAAW,MAAM,wBAAwB,CAAC;AACjD,OAAO,YAAY,MAAM,yBAAyB,CAAC;AAKnD;;;;;;;;;;GAUG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,EAAE,kBAAkB;IAItC;;;;;;;OAOG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkEjC;;;;;OAKG;IACG,mBAAmB,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB1G;;;;;;;OAOG;IACG,oBAAoB,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAqC/H;;;;;;;;OAQG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAajE;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,GAAE,OAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IA2BjG;;;;OAIG;YACW,iBAAiB;IAU/B;;;;OAIG;IACH,iBAAiB,IAAI,GAAG;CAM3B"}
1
+ {"version":3,"file":"OidcProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwD,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACvG,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,WAAW,MAAM,wBAAwB,CAAC;AACjD,OAAO,YAAY,MAAM,yBAAyB,CAAC;AAKnD;;;;;;;;;;GAUG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,EAAE,kBAAkB;IAItC;;;;;;;OAOG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkEjC;;;;;OAKG;IACG,mBAAmB,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB1G;;;;;;;OAOG;IACG,oBAAoB,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAsC/H;;;;;;;;OAQG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAajE;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,GAAE,OAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IAiCjG;;;;OAIG;YACW,iBAAiB;IAU/B;;;;OAIG;IACH,iBAAiB,IAAI,GAAG;CAM3B"}
package/dist/providers/OidcProvider.js CHANGED
@@ -122,6 +122,7 @@ class OidcProvider {
122
122
  });
123
123
  // Extract claims from ID token (already validated by openid-client)
124
124
  const claims = tokenSet.claims();
125
+ log_1.oidcLog.trace(`Provider "${this.config.issuer}": extracted claims from ID token`, claims);
125
126
  return {
126
127
  accessToken: tokenSet.access_token,
127
128
  idToken: tokenSet.id_token,
@@ -173,24 +174,29 @@ class OidcProvider {
173
174
  async buildProfile(tokenSet, includeUserInfo = true) {
174
175
  let claims = { ...tokenSet.claims };
175
176
  // Optionally fetch additional claims from UserInfo endpoint
176
- if (includeUserInfo && this.config.userinfoEndpoint) {
177
+ // Check both manual config and discovered endpoint (via OIDC discovery)
178
+ const userinfoUrl = this.config.userinfoEndpoint || this.issuer?.metadata?.userinfo_endpoint;
179
+ if (includeUserInfo && userinfoUrl) {
177
180
  try {
178
181
  const userinfo = await this.getUserInfo(tokenSet.accessToken);
179
182
  // Merge UserInfo claims with ID token claims
180
183
  claims = { ...claims, ...userinfo };
184
+ log_1.oidcLog.trace(`Provider "${this.config.issuer}": merged claims after UserInfo`, claims);
181
185
  }
182
186
  catch (error) {
183
187
  // UserInfo is optional - continue with ID token claims only
184
- log_1.oidcLog.warn(`Failed to fetch UserInfo from ${this.config.userinfoEndpoint}, using ID token claims only:`, error);
188
+ log_1.oidcLog.warn(`Failed to fetch UserInfo from ${userinfoUrl}, using ID token claims only:`, error);
185
189
  }
186
190
  }
187
191
  // Apply custom claim mapping if configured
188
192
  if (this.config.claimMapping) {
189
193
  const customClaims = (0, claims_mapper_1.extractCustomClaims)(claims, this.config.claimMapping);
190
194
  claims = { ...claims, ...customClaims };
195
+ log_1.oidcLog.trace(`Provider "${this.config.issuer}": applied custom claim mapping`, claims);
191
196
  }
192
197
  // Map to normalized profile
193
198
  const profile = (0, claims_mapper_1.mapClaimsToProfile)(claims);
199
+ log_1.oidcLog.trace(`Provider "${this.config.issuer}": built final profile`, profile);
194
200
  return profile;
195
201
  }
196
202
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@flink-app/oidc-plugin",
3
- "version": "2.0.0-alpha.87",
3
+ "version": "2.0.0-alpha.89",
4
4
  "description": "Flink plugin for OIDC authentication with generic IdP support",
5
5
  "author": "joel@frost.se",
6
6
  "license": "MIT",
@@ -11,10 +11,10 @@
11
11
  },
12
12
  "dependencies": {
13
13
  "openid-client": "^5.7.0",
14
- "@flink-app/jwt-auth-plugin": "2.0.0-alpha.87"
14
+ "@flink-app/jwt-auth-plugin": "2.0.0-alpha.89"
15
15
  },
16
16
  "peerDependencies": {
17
- "@flink-app/flink": ">=2.0.0-alpha.87",
17
+ "@flink-app/flink": ">=2.0.0-alpha.89",
18
18
  "mongodb": "^6.15.0"
19
19
  },
20
20
  "peerDependenciesMeta": {
@@ -27,9 +27,9 @@
27
27
  "@types/node": "22.13.10",
28
28
  "ts-node": "^10.9.2",
29
29
  "tsc-watch": "^4.2.9",
30
- "@flink-app/test-utils": "2.0.0-alpha.87",
31
- "@flink-app/jwt-auth-plugin": "2.0.0-alpha.87",
32
- "@flink-app/flink": "2.0.0-alpha.87"
30
+ "@flink-app/flink": "2.0.0-alpha.89",
31
+ "@flink-app/test-utils": "2.0.0-alpha.89",
32
+ "@flink-app/jwt-auth-plugin": "2.0.0-alpha.89"
33
33
  },
34
34
  "scripts": {
35
35
  "test": "jasmine-ts --config=./spec/support/jasmine.json",
package/src/providers/OidcProvider.ts CHANGED
@@ -151,6 +151,7 @@ export class OidcProvider {
151
151
 
152
152
  // Extract claims from ID token (already validated by openid-client)
153
153
  const claims = tokenSet.claims();
154
+ oidcLog.trace(`Provider "${this.config.issuer}": extracted claims from ID token`, claims);
154
155
 
155
156
  return {
156
157
  accessToken: tokenSet.access_token!,
@@ -205,14 +206,18 @@ export class OidcProvider {
205
206
  let claims = { ...tokenSet.claims };
206
207
 
207
208
  // Optionally fetch additional claims from UserInfo endpoint
208
- if (includeUserInfo && this.config.userinfoEndpoint) {
209
+ // Check both manual config and discovered endpoint (via OIDC discovery)
210
+ const userinfoUrl = this.config.userinfoEndpoint || this.issuer?.metadata?.userinfo_endpoint;
211
+
212
+ if (includeUserInfo && userinfoUrl) {
209
213
  try {
210
214
  const userinfo = await this.getUserInfo(tokenSet.accessToken);
211
215
  // Merge UserInfo claims with ID token claims
212
216
  claims = { ...claims, ...userinfo };
217
+ oidcLog.trace(`Provider "${this.config.issuer}": merged claims after UserInfo`, claims);
213
218
  } catch (error) {
214
219
  // UserInfo is optional - continue with ID token claims only
215
- oidcLog.warn(`Failed to fetch UserInfo from ${this.config.userinfoEndpoint}, using ID token claims only:`, error);
220
+ oidcLog.warn(`Failed to fetch UserInfo from ${userinfoUrl}, using ID token claims only:`, error);
216
221
  }
217
222
  }
218
223
 
@@ -220,10 +225,12 @@ export class OidcProvider {
220
225
  if (this.config.claimMapping) {
221
226
  const customClaims = extractCustomClaims(claims, this.config.claimMapping);
222
227
  claims = { ...claims, ...customClaims };
228
+ oidcLog.trace(`Provider "${this.config.issuer}": applied custom claim mapping`, claims);
223
229
  }
224
230
 
225
231
  // Map to normalized profile
226
232
  const profile = mapClaimsToProfile(claims);
233
+ oidcLog.trace(`Provider "${this.config.issuer}": built final profile`, profile);
227
234
 
228
235
  return profile;
229
236
  }