openid-client 2.4.1 → 2.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +40 -0
- package/README.md +9 -2
- package/lib/client.js +2 -2
- package/lib/helpers/is_standard_body_error.js +1 -1
- package/lib/issuer.js +1 -1
- package/lib/passport_strategy.js +4 -4
- package/lib/util/random.js +5 -0
- package/package.json +22 -19
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,46 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
<a name="2.4.5"></a>
|
|
6
|
+
## [2.4.5](https://github.com/panva/node-openid-client/compare/v2.4.4...v2.4.5) (2018-11-05)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Bug Fixes
|
|
10
|
+
|
|
11
|
+
* upgrade min node-jose version to fix its performance in node ([e682dfc](https://github.com/panva/node-openid-client/commit/e682dfc))
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
<a name="2.4.4"></a>
|
|
16
|
+
## [2.4.4](https://github.com/panva/node-openid-client/compare/v2.4.3...v2.4.4) (2018-10-18)
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
### Bug Fixes
|
|
20
|
+
|
|
21
|
+
* strategy code_verifier length, removed uuid dependency ([60d0cb8...ea4a8fd](https://github.com/panva/node-openid-client/compare/60d0cb8...ea4a8fd)), closes [#131](https://github.com/panva/node-openid-client/issues/131)
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
<a name="2.4.3"></a>
|
|
26
|
+
## [2.4.3](https://github.com/panva/node-openid-client/compare/v2.4.2...v2.4.3) (2018-10-10)
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
### Bug Fixes
|
|
30
|
+
|
|
31
|
+
* assign Discovery 1.0 defaults when discovering with .well-known ([74b593e](https://github.com/panva/node-openid-client/commit/74b593e))
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
<a name="2.4.2"></a>
|
|
36
|
+
## [2.4.2](https://github.com/panva/node-openid-client/compare/v2.4.1...v2.4.2) (2018-09-27)
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
### Bug Fixes
|
|
40
|
+
|
|
41
|
+
* non-string error responses are not treated as OpenIdConnectError ([782d464](https://github.com/panva/node-openid-client/commit/782d464)), closes [#125](https://github.com/panva/node-openid-client/issues/125)
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
|
|
5
45
|
<a name="2.4.1"></a>
|
|
6
46
|
## [2.4.1](https://github.com/panva/node-openid-client/compare/v2.4.0...v2.4.1) (2018-09-16)
|
|
7
47
|
|
package/README.md
CHANGED
|
@@ -57,7 +57,7 @@ versions, if you utilize these consider using the tilde ~ operator in your packa
|
|
|
57
57
|
breaking changes may be introduced as part of these specification updates.
|
|
58
58
|
|
|
59
59
|
## Certification
|
|
60
|
-
[<img width="184" height="96" align="right" src="https://cdn.
|
|
60
|
+
[<img width="184" height="96" align="right" src="https://cdn.jsdelivr.net/gh/panva/node-openid-client@38cf016b0837e6d4116de3780b28d222d5780bc9/OpenID_Certified.png" alt="OpenID Certification">][openid-certified-link]
|
|
61
61
|
Filip Skokan has [certified][openid-certified-link] that [openid-client][npm-url]
|
|
62
62
|
conforms to the RP Basic, RP Implicit, RP Hybrid, RP Config, RP Dynamic and RP Form Post profiles
|
|
63
63
|
of the OpenID Connect™ protocol.
|
|
@@ -69,6 +69,12 @@ of the OpenID Connect™ protocol.
|
|
|
69
69
|
|
|
70
70
|
[<img width="65" height="65" align="left" src="https://avatars.githubusercontent.com/u/2824157?s=75&v=4" alt="auth0-logo">][sponsor-auth0] If you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at [auth0.com/overview][sponsor-auth0].<br><br>
|
|
71
71
|
|
|
72
|
+
<h2>Support</h2>
|
|
73
|
+
|
|
74
|
+
[<img src="https://c5.patreon.com/external/logo/become_a_patron_button@2x.png" width="160" align="right">][support-patreon]
|
|
75
|
+
If you or your business use openid-client, please consider becoming a [Patron][support-patreon] so I can continue maintaining it and adding new features carefree. You may also donate one-time via [PayPal][support-paypal].
|
|
76
|
+
[<img src="https://cdn.jsdelivr.net/gh/gregoiresgt/payment-icons@183140a5ff8f39b5a19d59ebeb2c77f03c3a24d3/Assets/Payment/PayPal/Paypal@2x.png" width="100" align="right">][support-paypal]
|
|
77
|
+
|
|
72
78
|
|
|
73
79
|
## Get started
|
|
74
80
|
On the off-chance you want to manage multiple clients for multiple issuers you need to first get
|
|
@@ -558,7 +564,8 @@ Issuer.useRequest();
|
|
|
558
564
|
[request-library]: https://github.com/request/request
|
|
559
565
|
[signed-userinfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
|
560
566
|
[openid-certified-link]: https://openid.net/certification/
|
|
561
|
-
[openid-certified-logo]: https://cdn.rawgit.com/panva/node-openid-client/master/OpenID_Certified.png
|
|
562
567
|
[passport-url]: http://passportjs.org
|
|
563
568
|
[npm-url]: https://www.npmjs.com/package/openid-client
|
|
564
569
|
[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=openid-client&utm_content=auth
|
|
570
|
+
[support-patreon]: https://www.patreon.com/panva
|
|
571
|
+
[support-paypal]: https://www.paypal.me/panva
|
package/lib/client.js
CHANGED
|
@@ -6,7 +6,6 @@ const querystring = require('querystring');
|
|
|
6
6
|
const url = require('url');
|
|
7
7
|
|
|
8
8
|
const jose = require('node-jose');
|
|
9
|
-
const uuid = require('uuid/v4');
|
|
10
9
|
const base64url = require('base64url');
|
|
11
10
|
const _ = require('lodash');
|
|
12
11
|
const tokenHash = require('oidc-token-hash');
|
|
@@ -19,6 +18,7 @@ const now = require('./util/unix_timestamp');
|
|
|
19
18
|
const { CALLBACK_PROPERTIES, CLIENT_DEFAULTS, JWT_CONTENT } = require('./helpers/consts');
|
|
20
19
|
const issuerRegistry = require('./issuer_registry');
|
|
21
20
|
const forEach = require('./util/for_each');
|
|
21
|
+
const random = require('./util/random');
|
|
22
22
|
|
|
23
23
|
const errorHandler = errorHandlerFactory();
|
|
24
24
|
const bearerErrorHandler = errorHandlerFactory({ bearerEndpoint: true });
|
|
@@ -951,7 +951,7 @@ class Client {
|
|
|
951
951
|
return this.createSign(endpoint).then(sign => sign.update(JSON.stringify({
|
|
952
952
|
iat: timestamp,
|
|
953
953
|
exp: timestamp + 60,
|
|
954
|
-
jti:
|
|
954
|
+
jti: random(),
|
|
955
955
|
iss: this.client_id,
|
|
956
956
|
sub: this.client_id,
|
|
957
957
|
aud: this.issuer[`${endpoint}_endpoint`],
|
|
@@ -2,7 +2,7 @@ module.exports = function isStandardBodyError(error) {
|
|
|
2
2
|
if (error instanceof this.httpClient.HTTPError) {
|
|
3
3
|
try {
|
|
4
4
|
error.response.body = JSON.parse(error.response.body);
|
|
5
|
-
return
|
|
5
|
+
return typeof error.response.body.error === 'string' && error.response.body.error.length;
|
|
6
6
|
} catch (err) {}
|
|
7
7
|
}
|
|
8
8
|
|
package/lib/issuer.js
CHANGED
|
@@ -196,7 +196,7 @@ class Issuer {
|
|
|
196
196
|
if (parsed.pathname.includes('/.well-known/')) {
|
|
197
197
|
return this.httpClient.get(uri, this.httpOptions())
|
|
198
198
|
.then(expectResponseWithBody(200))
|
|
199
|
-
.then(response => new this(JSON.parse(response.body)))
|
|
199
|
+
.then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body))))
|
|
200
200
|
.catch(errorHandler.bind(this));
|
|
201
201
|
}
|
|
202
202
|
|
package/lib/passport_strategy.js
CHANGED
|
@@ -6,11 +6,11 @@ const url = require('url');
|
|
|
6
6
|
const assert = require('assert');
|
|
7
7
|
|
|
8
8
|
const base64url = require('base64url');
|
|
9
|
-
const uuid = require('uuid/v4');
|
|
10
9
|
const _ = require('lodash');
|
|
11
10
|
|
|
12
11
|
const OpenIdConnectError = require('./open_id_connect_error');
|
|
13
12
|
const Client = require('./client');
|
|
13
|
+
const random = require('./util/random');
|
|
14
14
|
|
|
15
15
|
function verified(err, user, info = {}) {
|
|
16
16
|
if (err) {
|
|
@@ -81,17 +81,17 @@ OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, option
|
|
|
81
81
|
if (_.isEmpty(reqParams)) {
|
|
82
82
|
// provide options object with extra authentication parameters
|
|
83
83
|
const params = _.defaults({}, options, this._params, {
|
|
84
|
-
state:
|
|
84
|
+
state: random(),
|
|
85
85
|
});
|
|
86
86
|
|
|
87
87
|
if (!params.nonce && params.response_type.includes('id_token')) {
|
|
88
|
-
params.nonce =
|
|
88
|
+
params.nonce = random();
|
|
89
89
|
}
|
|
90
90
|
|
|
91
91
|
req.session[sessionKey] = _.pick(params, 'nonce', 'state', 'max_age', 'response_type');
|
|
92
92
|
|
|
93
93
|
if (this._usePKCE) {
|
|
94
|
-
const verifier =
|
|
94
|
+
const verifier = random();
|
|
95
95
|
req.session[sessionKey].code_verifier = verifier;
|
|
96
96
|
|
|
97
97
|
switch (this._usePKCE) { // eslint-disable-line default-case
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "openid-client",
|
|
3
|
-
"version": "2.4.
|
|
3
|
+
"version": "2.4.5",
|
|
4
4
|
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -25,15 +25,14 @@
|
|
|
25
25
|
"strategy"
|
|
26
26
|
],
|
|
27
27
|
"homepage": "https://github.com/panva/node-openid-client",
|
|
28
|
+
"repository": "panva/node-openid-client",
|
|
28
29
|
"license": "MIT",
|
|
29
30
|
"author": "Filip Skokan <panva.ip@gmail.com>",
|
|
30
31
|
"files": [
|
|
31
32
|
"lib"
|
|
32
33
|
],
|
|
33
34
|
"main": "lib/index.js",
|
|
34
|
-
"repository": "panva/node-openid-client",
|
|
35
35
|
"scripts": {
|
|
36
|
-
"commitmsg": "commitlint -E GIT_PARAMS",
|
|
37
36
|
"coverage": "nyc mocha",
|
|
38
37
|
"lint": "eslint lib test",
|
|
39
38
|
"lint-fix": "eslint lib test --fix",
|
|
@@ -41,33 +40,32 @@
|
|
|
41
40
|
},
|
|
42
41
|
"dependencies": {
|
|
43
42
|
"base64url": "^3.0.0",
|
|
44
|
-
"got": "^8.3.
|
|
45
|
-
"lodash": "^4.17.
|
|
43
|
+
"got": "^8.3.2",
|
|
44
|
+
"lodash": "^4.17.11",
|
|
46
45
|
"lru-cache": "^4.1.3",
|
|
47
|
-
"node-jose": "^1.
|
|
46
|
+
"node-jose": "^1.1.0",
|
|
48
47
|
"oidc-token-hash": "^3.0.1",
|
|
49
|
-
"p-any": "^1.1.0"
|
|
50
|
-
"uuid": "^3.2.1"
|
|
48
|
+
"p-any": "^1.1.0"
|
|
51
49
|
},
|
|
52
50
|
"devDependencies": {
|
|
53
|
-
"@commitlint/cli": "^7.
|
|
54
|
-
"@commitlint/config-conventional": "^7.
|
|
55
|
-
"chai": "^4.
|
|
56
|
-
"eslint": "^5.
|
|
51
|
+
"@commitlint/cli": "^7.1.2",
|
|
52
|
+
"@commitlint/config-conventional": "^7.1.2",
|
|
53
|
+
"chai": "^4.2.0",
|
|
54
|
+
"eslint": "^5.6.0",
|
|
57
55
|
"eslint-config-airbnb-base": "^13.1.0",
|
|
58
56
|
"eslint-plugin-import": "^2.14.0",
|
|
59
|
-
"husky": "^0.
|
|
60
|
-
"koa": "^2.5.
|
|
61
|
-
"koa-body": "^4.0.
|
|
62
|
-
"koa-ejs": "^4.1.
|
|
57
|
+
"husky": "^1.0.0",
|
|
58
|
+
"koa": "^2.5.3",
|
|
59
|
+
"koa-body": "^4.0.4",
|
|
60
|
+
"koa-ejs": "^4.1.2",
|
|
63
61
|
"koa-router": "^7.4.0",
|
|
64
|
-
"koa-session": "^5.
|
|
62
|
+
"koa-session": "^5.9.0",
|
|
65
63
|
"mocha": "^5.2.0",
|
|
66
64
|
"nock": "^10.0.0",
|
|
67
65
|
"nyc": "^13.0.1",
|
|
68
66
|
"readable-mock-req": "^0.2.2",
|
|
69
|
-
"request": "^2.
|
|
70
|
-
"sinon": "^
|
|
67
|
+
"request": "^2.88.0",
|
|
68
|
+
"sinon": "^7.0.0",
|
|
71
69
|
"timekeeper": "^2.1.2"
|
|
72
70
|
},
|
|
73
71
|
"engines": {
|
|
@@ -78,6 +76,11 @@
|
|
|
78
76
|
"@commitlint/config-conventional"
|
|
79
77
|
]
|
|
80
78
|
},
|
|
79
|
+
"husky": {
|
|
80
|
+
"hooks": {
|
|
81
|
+
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
|
|
82
|
+
}
|
|
83
|
+
},
|
|
81
84
|
"nyc": {
|
|
82
85
|
"reporter": [
|
|
83
86
|
"lcov",
|