openid-client 5.6.0 → 5.6.2

package/README.md

@@ -246,6 +246,24 @@ This will poll in the defined interval and only resolve with a TokenSet once one
 will handle the defined `authorization_pending` and `slow_down` "soft" errors and continue polling
 but upon any other error it will reject. With tokenSet received you can throw away the handle.
 
+### Client Credentials Grant Flow
+
+Client Credentials flow is for obtaining Access Tokens to use with third party APIs on behalf of your application, rather than an end-user which was the case in previous examples.
+
+**See the [documentation](./docs/README.md#clientgrantbody-extras) for full API details.**
+
+```js
+const client = new issuer.Client({
+  client_id: 'zELcpfANLqY7Oqas',
+  client_secret: 'TQV5U29k1gHibH5bx1layBo0OSAvAbRT3UYW3EWrSYBB5swxjVfWUa1BS8lqzxG/0v9wruMcrGadany3',
+});
+
+const tokenSet = await client.grant({
+  resource: 'urn:example:third-party-api',
+  grant_type: 'client_credentials'
+});
+```
+
 ## FAQ
 
 #### Semver?

package/lib/client.js

@@ -272,7 +272,7 @@ class BaseClient {
     }
 
     // TODO: is the replace needed?
-    return target.href.replace('+', '%20');
+    return target.href.replace(/\+/g, '%20');
   }
 
   authorizationPost(params = {}) {

package/lib/helpers/request.js

@@ -39,7 +39,10 @@ const setDefaults = (props, options) => {
 };
 
 setDefaults([], {
-  headers: { 'User-Agent': `${pkg.name}/${pkg.version} (${pkg.homepage})` },
+  headers: {
+    'User-Agent': `${pkg.name}/${pkg.version} (${pkg.homepage})`,
+    'Accept-Encoding': 'identity',
+  },
   timeout: 3500,
 });
 

package/lib/issuer.js

@@ -138,35 +138,7 @@ class Issuer {
   }
 
   static async discover(uri) {
-    const parsed = url.parse(uri);
-
-    if (parsed.pathname.includes('/.well-known/')) {
-      const response = await request.call(this, {
-        method: 'GET',
-        responseType: 'json',
-        url: uri,
-        headers: {
-          Accept: 'application/json',
-        },
-      });
-      const body = processResponse(response);
-      return new Issuer({
-        ...ISSUER_DEFAULTS,
-        ...body,
-        [AAD_MULTITENANT]: !!AAD_MULTITENANT_DISCOVERY.find((discoveryURL) =>
-          uri.startsWith(discoveryURL),
-        ),
-      });
-    }
-
-    let pathname;
-    if (parsed.pathname.endsWith('/')) {
-      pathname = `${parsed.pathname}.well-known/openid-configuration`;
-    } else {
-      pathname = `${parsed.pathname}/.well-known/openid-configuration`;
-    }
-
-    const wellKnownUri = url.format({ ...parsed, pathname });
+    const wellKnownUri = resolveWellKnownUri(uri);
 
     const response = await request.call(this, {
       method: 'GET',
@@ -201,4 +173,19 @@ class Issuer {
   }
 }
 
+function resolveWellKnownUri(uri) {
+  const parsed = url.parse(uri);
+  if (parsed.pathname.includes('/.well-known/')) {
+    return uri;
+  } else {
+    let pathname;
+    if (parsed.pathname.endsWith('/')) {
+      pathname = `${parsed.pathname}.well-known/openid-configuration`;
+    } else {
+      pathname = `${parsed.pathname}/.well-known/openid-configuration`;
+    }
+    return url.format({ ...parsed, pathname });
+  }
+}
+
 module.exports = Issuer;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openid-client",
-  "version": "5.6.0",
+  "version": "5.6.2",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
   "keywords": [
     "auth",
@@ -45,18 +45,18 @@
     "test": "mocha test/**/*.test.js"
   },
   "dependencies": {
-    "jose": "^4.15.1",
+    "jose": "^4.15.4",
     "lru-cache": "^6.0.0",
     "object-hash": "^2.2.0",
     "oidc-token-hash": "^5.0.3"
   },
   "devDependencies": {
-    "@types/node": "^16.18.55",
-    "@types/passport": "^1.0.13",
+    "@types/node": "^16.18.59",
+    "@types/passport": "^1.0.14",
     "base64url": "^3.0.1",
     "chai": "^4.3.10",
     "mocha": "^10.2.0",
-    "nock": "^13.3.3",
+    "nock": "^13.3.6",
     "prettier": "^2.8.8",
     "readable-mock-req": "^0.2.2",
     "sinon": "^9.2.4",