@opengovsg/mockpass 4.6.0 → 4.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/lib/auth-code.js +2 -2
- package/lib/express/fapi/fapi.service.js +8 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -34,7 +34,7 @@ Limitations:
|
|
|
34
34
|
- `client_id` and `redirect_uri` can be set to anything.
|
|
35
35
|
- Mockpass will not check if ephemeral keys, state, and nonce are reused.
|
|
36
36
|
- Only Login is supported for now. Userinfo endpoint is not supported.
|
|
37
|
-
- Only `openid` is supported for the `scope` parameter.
|
|
37
|
+
- Only `openid` `user.identity` `uinfin` is supported for the `scope` parameter.
|
|
38
38
|
- Only `urn:singpass:authentication:loa:1` is supported for the `acr_values` parameter.
|
|
39
39
|
|
|
40
40
|
### Helper functions
|
package/lib/auth-code.js
CHANGED
|
@@ -18,10 +18,10 @@ const generateAuthCode = (
|
|
|
18
18
|
return authCode
|
|
19
19
|
}
|
|
20
20
|
|
|
21
|
-
const generateAuthCodeForFapi = ({ profile, clientId = '' }) => {
|
|
21
|
+
const generateAuthCodeForFapi = ({ profile, clientId = '', authRequest }) => {
|
|
22
22
|
const authCode = crypto.randomBytes(45).toString('base64url')
|
|
23
23
|
|
|
24
|
-
profileAndNonceStore.set(authCode, { profile, clientId })
|
|
24
|
+
profileAndNonceStore.set(authCode, { profile, clientId, authRequest })
|
|
25
25
|
return authCode
|
|
26
26
|
}
|
|
27
27
|
|
|
@@ -42,27 +42,28 @@ class FapiService {
|
|
|
42
42
|
dpopJkt,
|
|
43
43
|
}
|
|
44
44
|
|
|
45
|
-
this.map.set(
|
|
45
|
+
this.map.set(request_uri, object)
|
|
46
46
|
|
|
47
47
|
return request_uri
|
|
48
48
|
}
|
|
49
49
|
|
|
50
50
|
async handleAuthorizationRequest(req) {
|
|
51
|
-
const authRequest = this.map.get(req.query.
|
|
51
|
+
const authRequest = this.map.get(req.query.request_uri)
|
|
52
52
|
if (!authRequest) throw new Error('No PAR request found in session')
|
|
53
53
|
verifyAuthRequestBody(req, authRequest)
|
|
54
54
|
return authRequest
|
|
55
55
|
}
|
|
56
56
|
|
|
57
57
|
async handleTokenRequest(req) {
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
if (!
|
|
62
|
-
|
|
58
|
+
const authCodeSession = lookUpByAuthCode(req.body.code, {
|
|
59
|
+
isStateless: false,
|
|
60
|
+
})
|
|
61
|
+
if (!authCodeSession) throw new Error('No auth request found in session')
|
|
62
|
+
const { authRequest } = authCodeSession
|
|
63
63
|
verifyTokenRequestBody(req, authRequest)
|
|
64
64
|
const tokenEndpoint =
|
|
65
65
|
FapiUtils.getFapiOpenIdConfiguration(req).token_endpoint
|
|
66
|
+
await verifyClientAssertion(req)
|
|
66
67
|
await verifyDpop(req.headers['dpop'], authRequest.dpopJkt, tokenEndpoint)
|
|
67
68
|
return await this.generateIdToken(req, authRequest)
|
|
68
69
|
}
|