openid-client 5.2.0 → 5.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/lib/client.js +5 -26
- package/package.json +2 -2
- package/types/index.d.ts +2 -0
package/README.md
CHANGED
|
@@ -44,9 +44,9 @@ openid-client.
|
|
|
44
44
|
- [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][feature-par]
|
|
45
45
|
- [OpenID Connect RP-Initiated Logout 1.0][feature-rp-logout]
|
|
46
46
|
- [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi]
|
|
47
|
-
- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
|
|
47
|
+
- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][feature-jarm]
|
|
48
48
|
- [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop]
|
|
49
|
-
- [OAuth 2.0 Authorization Server Issuer Identification
|
|
49
|
+
- [OAuth 2.0 Authorization Server Issuer Identification][feature-iss]
|
|
50
50
|
|
|
51
51
|
Updates to draft specifications (DPoP, JARM, etc) are released as MINOR library versions,
|
|
52
52
|
if you utilize these specification implementations consider using the tilde `~` operator in your
|
|
@@ -87,7 +87,7 @@ specific middlewares. Those can however be built using the exposed API, one such
|
|
|
87
87
|
|
|
88
88
|
## Install
|
|
89
89
|
|
|
90
|
-
Node.js LTS releases Codename Erbium
|
|
90
|
+
Node.js LTS releases Codename Erbium and newer LTS releases are supported.
|
|
91
91
|
|
|
92
92
|
```console
|
|
93
93
|
npm install openid-client
|
|
@@ -273,12 +273,12 @@ See [Customizing (docs)][documentation-customizing].
|
|
|
273
273
|
[feature-mtls]: https://tools.ietf.org/html/rfc8705
|
|
274
274
|
[feature-device-flow]: https://tools.ietf.org/html/rfc8628
|
|
275
275
|
[feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
|
|
276
|
-
[feature-jarm]: https://openid.net/specs/
|
|
276
|
+
[feature-jarm]: https://openid.net/specs/oauth-v2-jarm.html
|
|
277
277
|
[feature-fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0.html
|
|
278
278
|
[feature-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-04
|
|
279
279
|
[feature-par]: https://www.rfc-editor.org/rfc/rfc9126.html
|
|
280
280
|
[feature-jar]: https://www.rfc-editor.org/rfc/rfc9101.html
|
|
281
|
-
[feature-iss]: https://
|
|
281
|
+
[feature-iss]: https://www.rfc-editor.org/rfc/rfc9207.html
|
|
282
282
|
[openid-certified-link]: https://openid.net/certification/
|
|
283
283
|
[passport-url]: http://passportjs.org
|
|
284
284
|
[npm-url]: https://www.npmjs.com/package/openid-client
|
package/lib/client.js
CHANGED
|
@@ -1606,35 +1606,14 @@ class BaseClient {
|
|
|
1606
1606
|
fapi() {
|
|
1607
1607
|
return this.constructor.name === 'FAPI1Client';
|
|
1608
1608
|
}
|
|
1609
|
-
}
|
|
1610
1609
|
|
|
1611
|
-
|
|
1612
|
-
|
|
1613
|
-
|
|
1614
|
-
|
|
1615
|
-
|
|
1616
|
-
const expectedAlg = this.authorization_signed_response_alg;
|
|
1617
|
-
const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']);
|
|
1618
|
-
return pickCb(payload);
|
|
1610
|
+
async validateJARM(response) {
|
|
1611
|
+
const expectedAlg = this.authorization_signed_response_alg;
|
|
1612
|
+
const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']);
|
|
1613
|
+
return pickCb(payload);
|
|
1614
|
+
}
|
|
1619
1615
|
}
|
|
1620
1616
|
|
|
1621
|
-
Object.defineProperty(BaseClient.prototype, 'validateJARM', {
|
|
1622
|
-
enumerable: true,
|
|
1623
|
-
configurable: true,
|
|
1624
|
-
value(...args) {
|
|
1625
|
-
process.emitWarning(
|
|
1626
|
-
"The JARM API implements an OIDF implementer's draft. Breaking draft implementations are included as minor versions of the openid-client library, therefore, the ~ semver operator should be used and close attention be payed to library changelog as well as the drafts themselves.",
|
|
1627
|
-
'DraftWarning',
|
|
1628
|
-
);
|
|
1629
|
-
Object.defineProperty(BaseClient.prototype, 'validateJARM', {
|
|
1630
|
-
enumerable: true,
|
|
1631
|
-
configurable: true,
|
|
1632
|
-
value: validateJARM,
|
|
1633
|
-
});
|
|
1634
|
-
return this.validateJARM(...args);
|
|
1635
|
-
},
|
|
1636
|
-
});
|
|
1637
|
-
|
|
1638
1617
|
const RSPS = /^(?:RS|PS)(?:256|384|512)$/;
|
|
1639
1618
|
function determineRsaAlgorithm(privateKey, privateKeyInput, valuesSupported) {
|
|
1640
1619
|
if (
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "openid-client",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.3.0",
|
|
4
4
|
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
"base64url": "^3.0.1",
|
|
57
57
|
"chai": "^4.2.0",
|
|
58
58
|
"jose2": "npm:jose@^2.0.5",
|
|
59
|
-
"mocha": "^
|
|
59
|
+
"mocha": "^10.1.0",
|
|
60
60
|
"nock": "^13.0.2",
|
|
61
61
|
"prettier": "^2.4.1",
|
|
62
62
|
"readable-mock-req": "^0.2.2",
|
package/types/index.d.ts
CHANGED