openid-client 5.1.5 → 5.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/lib/client.js +4 -26
  2. package/lib/device_flow_handle.js +6 -18
  3. package/lib/helpers/request.js +2 -1
  4. package/package.json +4 -3
  5. package/types/index.d.ts +1 -1
package/lib/client.js CHANGED
@@ -489,18 +489,6 @@ class BaseClient {
489
489
  tokenset.session_state = params.session_state;
490
490
  }
491
491
 
492
- if (tokenset.scope && checks.scope && this.fapi()) {
493
- const expected = new Set(checks.scope.split(' '));
494
- const actual = tokenset.scope.split(' ');
495
- if (!actual.every(Set.prototype.has, expected)) {
496
- throw new RPError({
497
- message: 'unexpected scope returned',
498
- checks,
499
- scope: tokenset.scope,
500
- });
501
- }
502
- }
503
-
504
492
  return tokenset;
505
493
  }
506
494
 
@@ -569,13 +557,14 @@ class BaseClient {
569
557
  throw new OPError(params);
570
558
  }
571
559
 
572
- if ('id_token' in params) {
560
+ if (typeof params.id_token === 'string' && params.id_token.length) {
573
561
  throw new RPError({
574
562
  message:
575
563
  'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()',
576
564
  params,
577
565
  });
578
566
  }
567
+ delete params.id_token;
579
568
 
580
569
  const RESPONSE_TYPE_REQUIRED_PARAMS = {
581
570
  code: ['code'],
@@ -620,25 +609,14 @@ class BaseClient {
620
609
  { clientAssertionPayload, DPoP },
621
610
  );
622
611
 
623
- if ('id_token' in tokenset) {
612
+ if (typeof tokenset.id_token === 'string' && tokenset.id_token.length) {
624
613
  throw new RPError({
625
614
  message:
626
615
  'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()',
627
616
  params,
628
617
  });
629
618
  }
630
-
631
- if (tokenset.scope && checks.scope && this.fapi()) {
632
- const expected = new Set(checks.scope.split(' '));
633
- const actual = tokenset.scope.split(' ');
634
- if (!actual.every(Set.prototype.has, expected)) {
635
- throw new RPError({
636
- message: 'unexpected scope returned',
637
- checks,
638
- scope: tokenset.scope,
639
- });
640
- }
641
- }
619
+ delete tokenset.id_token;
642
620
 
643
621
  return tokenset;
644
622
  }
package/lib/device_flow_handle.js CHANGED
@@ -2,9 +2,6 @@ const { inspect } = require('util');
2
2
 
3
3
  const { RPError, OPError } = require('./errors');
4
4
  const now = require('./helpers/unix_timestamp');
5
- const { authenticatedPost } = require('./helpers/client');
6
- const processResponse = require('./helpers/process_response');
7
- const TokenSet = require('./token_set');
8
5
 
9
6
  class DeviceFlowHandle {
10
7
  #aborted;
@@ -61,23 +58,16 @@ class DeviceFlowHandle {
61
58
 
62
59
  await new Promise((resolve) => setTimeout(resolve, this.#interval));
63
60
 
64
- const response = await authenticatedPost.call(
65
- this.#client,
66
- 'token',
67
- {
68
- form: {
61
+ let tokenset;
62
+ try {
63
+ tokenset = await this.#client.grant(
64
+ {
69
65
  ...this.#exchangeBody,
70
66
  grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
71
67
  device_code: this.device_code,
72
68
  },
73
- responseType: 'json',
74
- },
75
- { clientAssertionPayload: this.#clientAssertionPayload, DPoP: this.#DPoP },
76
- );
77
-
78
- let responseBody;
79
- try {
80
- responseBody = processResponse(response);
69
+ { clientAssertionPayload: this.#clientAssertionPayload, DPoP: this.#DPoP },
70
+ );
81
71
  } catch (err) {
82
72
  switch (err instanceof OPError && err.error) {
83
73
  case 'slow_down':
@@ -89,8 +79,6 @@ class DeviceFlowHandle {
89
79
  }
90
80
  }
91
81
 
92
- const tokenset = new TokenSet(responseBody);
93
-
94
82
  if ('id_token' in tokenset) {
95
83
  await this.#client.decryptIdToken(tokenset);
96
84
  await this.#client.validateIdToken(tokenset, undefined, 'token', this.#maxAge);
package/lib/helpers/request.js CHANGED
@@ -3,6 +3,7 @@ const querystring = require('querystring');
3
3
  const http = require('http');
4
4
  const https = require('https');
5
5
  const { once } = require('events');
6
+ const { URL } = require('url');
6
7
 
7
8
  const LRU = require('lru-cache');
8
9
 
@@ -116,7 +117,7 @@ module.exports = async function request(options, { accessToken, mTLS = false, DP
116
117
  }
117
118
 
118
119
  let response;
119
- const req = (url.protocol === 'https:' ? https.request : http.request)(url, opts);
120
+ const req = (url.protocol === 'https:' ? https.request : http.request)(url.href, opts);
120
121
  return (async () => {
121
122
  if (json) {
122
123
  send(req, JSON.stringify(json), 'application/json');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "openid-client",
3
- "version": "5.1.5",
3
+ "version": "5.1.8",
4
4
  "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
5
5
  "keywords": [
6
6
  "auth",
@@ -30,11 +30,12 @@
30
30
  "license": "MIT",
31
31
  "author": "Filip Skokan <panva.ip@gmail.com>",
32
32
  "exports": {
33
+ "types": "./types/index.d.ts",
33
34
  "import": "./lib/index.mjs",
34
35
  "require": "./lib/index.js"
35
36
  },
36
- "main": "lib/index.js",
37
- "types": "types/index.d.ts",
37
+ "main": "./lib/index.js",
38
+ "types": "./types/index.d.ts",
38
39
  "files": [
39
40
  "lib",
40
41
  "types/index.d.ts"
package/types/index.d.ts CHANGED
@@ -161,7 +161,7 @@ export interface OAuthCallbackChecks {
161
161
  state?: string;
162
162
  code_verifier?: string;
163
163
  jarm?: boolean;
164
- scope?: string;
164
+ scope?: string; // TODO: remove in v6.x
165
165
  }
166
166
 
167
167
  export interface OpenIDCallbackChecks extends OAuthCallbackChecks {