npm - openid-client - Versions diffs - 4.7.0 → 4.7.4 - Mend

openid-client 4.7.0 → 4.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,34 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [4.7.4](https://github.com/panva/node-openid-client/compare/v4.7.3...v4.7.4) (2021-05-25)
+### Bug Fixes
+* **typescript:** add a missing PATCH method to requestResource ([6b2c3ce](https://github.com/panva/node-openid-client/commit/6b2c3ce09b45a301911fb9f8e1e52831063f7063)), closes [#368](https://github.com/panva/node-openid-client/issues/368)
+## [4.7.3](https://github.com/panva/node-openid-client/compare/v4.7.2...v4.7.3) (2021-04-30)
+### Bug Fixes
+* **fapi:** validate ID Token's iat regardless of which channel it came from ([b68b9ab](https://github.com/panva/node-openid-client/commit/b68b9ab5af6a85a2f42adf6b782cef7e08378658))
+## [4.7.2](https://github.com/panva/node-openid-client/compare/v4.7.1...v4.7.2) (2021-04-23)
+### Bug Fixes
+* **typescript:** add types for 4.6.0 additions ([9064136](https://github.com/panva/node-openid-client/commit/9064136d959b5825f69b32344bbe165f12a10949))
+## [4.7.1](https://github.com/panva/node-openid-client/compare/v4.7.0...v4.7.1) (2021-04-22)
+### Bug Fixes
+* **typescript:** add types for 4.7.0 additions ([2c1d2ab](https://github.com/panva/node-openid-client/commit/2c1d2ab71fe2daba2dad23af1f92f66c92305df5))
 ## [4.7.0](https://github.com/panva/node-openid-client/compare/v4.6.0...v4.7.0) (2021-04-22)

package/lib/client.js CHANGED Viewed

@@ -724,6 +724,8 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
       });
     }
+    const fapi = this.constructor.name === 'FAPIClient';
     if (returnedBy === 'authorization') {
       if (!payload.at_hash && tokenSet.access_token) {
         throw new RPError({
@@ -739,19 +741,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
         });
       }
-      const fapi = this.constructor.name === 'FAPIClient';
       if (fapi) {
-        if (payload.iat < timestamp - 3600) {
-          throw new RPError({
-            printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat],
-            now: timestamp,
-            tolerance: this[CLOCK_TOLERANCE],
-            iat: payload.iat,
-            jwt: idToken,
-          });
-        }
         if (!payload.s_hash && (tokenSet.state || state)) {
           throw new RPError({
             message: 'missing required property s_hash',
@@ -773,6 +763,16 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
       }
     }
+    if (fapi && payload.iat < timestamp - 3600) {
+      throw new RPError({
+        printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat],
+        now: timestamp,
+        tolerance: this[CLOCK_TOLERANCE],
+        iat: payload.iat,
+        jwt: idToken,
+      });
+    }
     if (tokenSet.access_token && payload.at_hash !== undefined) {
       try {
         tokenHash.validate({ claim: 'at_hash', source: 'access_token' }, payload.at_hash, tokenSet.access_token, header.alg, key && key.crv);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openid-client",
-  "version": "4.7.0",
+  "version": "4.7.4",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
   "keywords": [
     "auth",

package/types/index.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+/// <reference lib="dom"/>
 // TypeScript Version: 3.6
 /**
@@ -324,6 +325,10 @@ export interface DeviceAuthorizationExtras {
   DPoP?: DPoPInput;
 }
+export interface PushedAuthorizationRequestExtras {
+  clientAssertionPayload?: object;
+}
 export type Address<ExtendedAddress extends {} = UnknownObject> = Override<
   {
     formatted?: string;
@@ -508,7 +513,7 @@ export class Client {
     options?: {
       headers?: object;
       body?: string | Buffer;
-      method?: "GET" | "POST" | "PUT" | "HEAD" | "DELETE" | "OPTIONS" | "TRACE";
+      method?: "GET" | "POST" | "PUT" | "HEAD" | "DELETE" | "OPTIONS" | "TRACE" | "PATCH";
       tokenType?: string;
       DPoP?: DPoPInput;
     }
@@ -552,6 +557,14 @@ export class Client {
     parameters?: DeviceAuthorizationParameters,
     extras?: DeviceAuthorizationExtras
   ): Promise<DeviceFlowHandle<Client>>;
+  pushedAuthorizationRequest(
+    parameters?: AuthorizationParameters,
+    extras?: PushedAuthorizationRequestExtras,
+  ): Promise<{
+    request_uri: string;
+    expires_in: number;
+    [key: string]: unknown;
+  }>;
   static register(
     metadata: object,
     other?: RegisterOther & ClientOptions
@@ -567,9 +580,14 @@ export class Client {
   [key: string]: unknown;
 }
+interface DeviceFlowPollOptions {
+  signal?: AbortSignal,
+}
 export class DeviceFlowHandle<TClient extends Client> {
   // tslint:disable-line:no-unnecessary-generics
-  poll(): Promise<TokenSet>;
+  poll(options?: DeviceFlowPollOptions): Promise<TokenSet>;
+  abort(): void;
   expired(): boolean;
   expires_at: number;
   client: TClient;