@okta/oidc-middleware - npm Package Compare versions

Comparing version 0.0.15 to 0.1.0

package.json

		{
		"name": "@okta/oidc-middleware",
		"version": "0.0.15",
		"version": "0.1.0",
		"description": "OpenId Connect middleware for authorization code flows",
		@@ -14,2 +14,5 @@ "repository": "https://github.com/okta/okta-oidc-js",
		],
		"files" : [
		"src"
		],
		"main": "index.js",
		@@ -24,3 +27,3 @@ "config": {
		"scripts": {
		"test": "webdriver-manager update && protractor test/e2e/conf.js",
		"test": "mocha test/unit/*.js && webdriver-manager update && protractor test/e2e/conf.js",
		"tck-test": "(ls ./okta-oidc-tck-0.2.1-SNAPSHOT-shaded.jar \|\| curl $npm_package_config_tck_jar -L -o okta-oidc-tck-0.2.1-SNAPSHOT-shaded.jar) && $npm_package_config_tck_setup_env && mkdir -p target && $npm_package_config_tck_command \|\| echo done"
		@@ -47,3 +50,6 @@ },
		"express-session": "^1.15.5",
		"mocha": "^5.0.0",
		"nock": "^9.1.6",
		"protractor": "^5.1.2",
		"read-package-tree": "^5.1.6",
		"server-destroy": "^1.0.1",
		@@ -50,0 +56,0 @@ "webdriver-manager": "^12.0.6"

README.md

		@@ -101,2 +101,3 @@ # oidc-middleware
		* maxClockSkew - Defaults to 120. This is the maximum difference allowed between your server's clock and Okta's in seconds. Setting this to 0 is not recommended, because it increases the likelihood that valid jwts will fail verification due to `nbf` and `exp` issues.
		* timeout - Defaults to 10000 milliseconds. The HTTP max timeout for any requests to the issuer. If a timeout exception occurs you can catch it with the `oidc.on('error', fn)` handler.

		@@ -216,2 +217,3 @@ ### oidc.router
		* `callback.defaultRedirect` - Where the user is redirected to after a successful authentication callback, if no `returnTo` value was specified by `oidc.ensureAuthenticated()`. Defaults to `/`.
		* `callback.failureRedirect` - Where the user is redirected to after authentication failure, defaults to a page which just shows error message.
		* `callback.handler` - A function that is called after a successful authentication callback, but before the final redirect within your application. Useful for requirements such as conditional post-authentication redirects, or sending data to logging systems.
		@@ -218,0 +220,0 @@ * `callback.path` - The URI that this library will host the callback handler on. Defaults to `/authorization-code/callback`

src/connectUtil.js

		@@ -87,3 +87,4 @@ /*!
		return passport.authenticate('oidc', {
		successReturnToOrRedirect: context.options.routes.callback.defaultRedirect
		successReturnToOrRedirect: context.options.routes.callback.defaultRedirect,
		failureRedirect: context.options.routes.callback.failureRedirect
		});
		@@ -90,0 +91,0 @@ }

src/oidcUtil.js

		@@ -18,3 +18,24 @@ /*!
		const Negotiator = require('negotiator');
		const os = require('os');

		const pkg = require('../package.json');

		/**
		* Parse out the default user agent for the openid-client library, which currently looks like:
		*
		* openid-client/1.15.0 (https://github.com/panva/node-openid-client)
		*
		* We strip off the github link because it's not necessary.
		*/
		let clientUserAgent = Issuer.defaultHttpOptions.headers['User-Agent'];
		if (typeof clientUserAgent === 'string' && clientUserAgent) {
		clientUserAgent = ' ' + clientUserAgent.split(' ')[0]
		} else {
		clientUserAgent = '';
		}

		const userAgent = `${pkg.name}/${pkg.version}${clientUserAgent} node/${process.versions.node} ${os.platform()}/${os.release()}`;

		Issuer.defaultHttpOptions.headers['User-Agent'] = userAgent;

		const oidcUtil = module.exports;
		@@ -28,5 +49,8 @@
		redirect_uri,
		maxClockSkew
		maxClockSkew,
		timeout
		} = context.options;

		Issuer.defaultHttpOptions.timeout = timeout \|\| 10000;

		return Issuer.discover(issuer)
		@@ -33,0 +57,0 @@ .then(iss => {

test/e2e/conf.js

test/e2e/harness/server.js

test/e2e/harness/views/login.ejs

test/e2e/page-objects/CustomLoginPage.js

test/e2e/page-objects/HomePage.js

test/e2e/page-objects/OktaSignInPage.js

test/e2e/page-objects/ProtectedPage.js

test/e2e/README.md

test/e2e/specs/basic.js

test/e2e/specs/custom-login-page.js

test/e2e/util/constants.js

test/e2e/util/util.js

test/integration-test/README.md

test/integration-test/resources/testng.xml

test/integration-test/resources/testRunner.yml

test/integration-test/start-server.js

		@@ -101,2 +101,3 @@ # oidc-middleware
		* maxClockSkew - Defaults to 120. This is the maximum difference allowed between your server's clock and Okta's in seconds. Setting this to 0 is not recommended, because it increases the likelihood that valid jwts will fail verification due to `nbf` and `exp` issues.
		* timeout - Defaults to 10000 milliseconds. The HTTP max timeout for any requests to the issuer. If a timeout exception occurs you can catch it with the `oidc.on('error', fn)` handler.

		@@ -216,2 +217,3 @@ ### oidc.router
		* `callback.defaultRedirect` - Where the user is redirected to after a successful authentication callback, if no `returnTo` value was specified by `oidc.ensureAuthenticated()`. Defaults to `/`.
		* `callback.failureRedirect` - Where the user is redirected to after authentication failure, defaults to a page which just shows error message.
		* `callback.handler` - A function that is called after a successful authentication callback, but before the final redirect within your application. Useful for requirements such as conditional post-authentication redirects, or sending data to logging systems.
		@@ -218,0 +220,0 @@ * `callback.path` - The URI that this library will host the callback handler on. Defaults to `/authorization-code/callback`

Fixed alerts