You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@okta/oidc-middleware

Package Overview
Dependencies
Maintainers
1
Versions
36
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@okta/oidc-middleware - npm Package Compare versions

Comparing version

4.5.1
to
5.0.0

11

CHANGELOG.md

@@ -0,1 +1,12 @@

# 5.0.0
### Breaking Changes
- [#]() Requires Node >= 12.19.0. Update production dependencies:
- `openid-client@5.1.9` (was 3.12.2)
# 4.6
-[#53](https://github.com/okta/okta-oidc-middleware/pull/53) Fix: prevents open redirects
# 4.5.1

@@ -2,0 +13,0 @@

48

package.json
{
"name": "@okta/oidc-middleware",
"version": "4.5.1",
"version": "5.0.0",
"description": "OpenId Connect middleware for authorization code flows",

@@ -19,3 +19,3 @@ "repository": "https://github.com/okta/okta-oidc-middleware",

"engines": {
"node": "^10.13.0 || >=12.0.0"
"node": "^12.19.0 || ^14.15.0 || ^16.13.0"
},

@@ -30,41 +30,43 @@ "license": "Apache-2.0",

"negotiator": "^0.6.1",
"node-fetch": "^2.3.0",
"openid-client": "3.12.2",
"passport": "^0.4.1",
"node-fetch": "^2.6.7",
"openid-client": "^5.1.9",
"passport": "^0.6.0",
"uuid": "^8.3.2"
},
"devDependencies": {
"axios": "^0.21.1",
"babel-eslint": "^10.1.0",
"@babel/eslint-parser": "^7.17.0",
"@wdio/cli": "^7.24.0",
"@wdio/jasmine-framework": "^7.24.0",
"@wdio/junit-reporter": "^7.24.0",
"@wdio/local-runner": "^7.24.0",
"@wdio/selenium-standalone-service": "^7.24.0",
"@wdio/spec-reporter": "^7.24.0",
"cookie-parser": "^1.4.5",
"cross-env": "^7.0.0",
"dotenv": "^8.1.0",
"ejs": "^3.0.1",
"eslint": "^6.6.0",
"ejs": "^3.0.8",
"eslint": "^8.16.0",
"eslint-plugin-jasmine": "^4.1.0",
"eslint-plugin-jest": "^23.0.3",
"eslint-plugin-promise": "^4.2.1",
"eslint-plugin-protractor": "^2.1.1",
"eslint-plugin-wdio": "^7.21.0",
"express-session": "^1.15.5",
"globby": "^6.1.0",
"jasmine-protractor-browser-log-reporter": "^1.0.0",
"jasmine-reporters": "^2.2.0",
"jasmine-spec-reporter": "^4.1.0",
"jest": "^25.1.0",
"jest-junit": "^11.1.0",
"nock": "^11.7.2",
"protractor": "^5.4.2",
"jest": "^28.1.1",
"jest-junit": "^13.2.0",
"nock": "^11.9.1",
"read-package-tree": "^5.1.6",
"server-destroy": "^1.0.1",
"shelljs": "0.8.3",
"supertest": "^6.0.1"
"shelljs": "0.8.5",
"supertest": "^6.0.1",
"wdio-wait-for": "^2.2.6"
},
"resolutions": {
"webdriver-manager": "^12.1.4"
"webdriver-manager": "^12.1.4",
"strip-ansi": "^6.0.1"
},
"okta": {
"commitSha": "8b0691cae67e723f3fa5162e26f892a6f2be6c93",
"fullVersion": "4.5.1-g8b0691c",
"testedSha": "c6d7dd6c2d7ce48fc77bf9a774e86dd724ae70c4"
"commitSha": "50c093bcbcfd8c67a9d9aa0b4d2f75fb585af184",
"fullVersion": "5.0.0-g50c093b"
}
}

5

src/connectUtil.js

@@ -99,3 +99,6 @@ /*!

// Use successRedirect field if afterCallback url is explicitly set in config
const redirectOptions = { failureRedirect: routes.loginCallback.failureRedirect };
const redirectOptions = {
failureRedirect: routes.loginCallback.failureRedirect,
keepSessionInfo: true, // preserve req.session.returnTo during session regeneration
};
if (routes.loginCallback.afterCallback) {

@@ -102,0 +105,0 @@ redirectOptions.successRedirect = routes.loginCallback.afterCallback;

2

src/logout.js

@@ -67,3 +67,3 @@ /*!

// clear local session
req.logout();
req.logout(function () {});

@@ -70,0 +70,0 @@ // attempt all revokes

26

src/oidcUtil.js

@@ -38,3 +38,3 @@ /*!

if (typeof clientUserAgent === 'string') {
clientUserAgent = ' ' + clientUserAgent.split(' ')[0]
clientUserAgent = ' ' + clientUserAgent.split(' (')[0]
} else {

@@ -45,6 +45,9 @@ clientUserAgent = '';

const userAgent = `${pkg.name}/${pkg.version}${clientUserAgent} node/${process.versions.node} ${os.platform()}/${os.release()}`;
headers['User-Agent'] = userAgent;
options.headers = headers;
return options;
return {
...options,
headers: {
...headers,
'User-Agent': userAgent
}
}
}

@@ -73,3 +76,3 @@

Issuer[custom.http_options] = function(options) {
Issuer[custom.http_options] = function(_, options) {
options = customizeUserAgent(options);

@@ -81,3 +84,3 @@ options.timeout = timeout || 10000;

return Issuer.discover(issuer + '/.well-known/openid-configuration')
.then(iss => {
.then((iss) => {
const client = new iss.Client({

@@ -90,3 +93,4 @@ client_id,

});
client[custom.http_options] = options => {
client[custom.http_options] = (options) => {
options = customizeUserAgent(options);

@@ -108,3 +112,4 @@ options.timeout = timeout || 10000;

sessionKey: context.options.sessionKey,
client: context.client
client: context.client,
usePKCE: false
}, (tokenSet, callbackArg1, callbackArg2) => {

@@ -151,3 +156,4 @@ let done;

if (req.session) {
req.session.returnTo = req.originalUrl || req.url;
// collapse any leading slashes to a single slash to prevent open redirects (OKTA-499372)
req.session.returnTo = (req.originalUrl || req.url).replace(/^\/+/, '/');
}

@@ -154,0 +160,0 @@ let url = options.redirectTo;