angular-oauth2-oidc
Advanced tools
angular-oauth2-oidc - npm Package Compare versions
Comparing version 2.0.11 to 2.0.12
@@ -902,4 +902,6 @@ (function (global, factory) { | ||
| } | ||
| if (this.requestAccessToken && (!accessToken || !state)) | ||
| if (this.requestAccessToken && !accessToken) | ||
| return Promise.resolve(); | ||
| if (this.requestAccessToken && !options.disableOAuth2StateCheck && !state) | ||
| return Promise.resolve(); | ||
| if (this.oidc && !idToken) | ||
@@ -912,12 +914,3 @@ return Promise.resolve(); | ||
| var /** @type {?} */ nonceInState = stateParts[0]; | ||
| // Our state might be URL encoded | ||
| // Check for this and then decode it if it is | ||
| // TODO: Check this! | ||
| /* | ||
| let decodedState = decodeURIComponent(state); | ||
| if (decodedState != state) { | ||
| state = decodedState; | ||
| } | ||
| */ | ||
| if (this.requestAccessToken) { | ||
| if (this.requestAccessToken && !options.disableOAuth2StateCheck) { | ||
| var /** @type {?} */ success = this.validateNonceForAccessToken(accessToken, nonceInState); | ||
@@ -929,2 +922,4 @@ if (!success) { | ||
| } | ||
| } | ||
| if (this.requestAccessToken) { | ||
| this.storeAccessTokenResponse(accessToken, null, parts['expires_in']); | ||
@@ -931,0 +926,0 @@ } |
17
index.js
@@ -911,4 +911,6 @@ import { Injectable, NgModule } from '@angular/core'; | ||
| } | ||
| if (this.requestAccessToken && (!accessToken || !state)) | ||
| if (this.requestAccessToken && !accessToken) | ||
| return Promise.resolve(); | ||
| if (this.requestAccessToken && !options.disableOAuth2StateCheck && !state) | ||
| return Promise.resolve(); | ||
| if (this.oidc && !idToken) | ||
@@ -921,12 +923,3 @@ return Promise.resolve(); | ||
| var /** @type {?} */ nonceInState = stateParts[0]; | ||
| // Our state might be URL encoded | ||
| // Check for this and then decode it if it is | ||
| // TODO: Check this! | ||
| /* | ||
| let decodedState = decodeURIComponent(state); | ||
| if (decodedState != state) { | ||
| state = decodedState; | ||
| } | ||
| */ | ||
| if (this.requestAccessToken) { | ||
| if (this.requestAccessToken && !options.disableOAuth2StateCheck) { | ||
| var /** @type {?} */ success = this.validateNonceForAccessToken(accessToken, nonceInState); | ||
@@ -938,2 +931,4 @@ if (!success) { | ||
| } | ||
| } | ||
| if (this.requestAccessToken) { | ||
| this.storeAccessTokenResponse(accessToken, null, parts['expires_in']); | ||
@@ -940,0 +935,0 @@ } |
| { | ||
| "name": "angular-oauth2-oidc", | ||
| "version": "2.0.11", | ||
| "version": "2.0.12", | ||
| "repository": { | ||
@@ -5,0 +5,0 @@ "type": "git", |
@@ -30,2 +30,11 @@ /** | ||
| customHashFragment?: string; | ||
| /** | ||
| * Set this to true to disable the oauth2 state | ||
| * check which is a best practice to avoid | ||
| * security attacks. | ||
| * As OIDC defines a nonce check that includes | ||
| * this, this can be set to true when only doing | ||
| * OIDC. | ||
| */ | ||
| disableOAuth2StateCheck?: boolean; | ||
| } | ||
@@ -32,0 +41,0 @@ /** |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.08%
162547
Worsened metrics
- Lines of code
- decreased by-0.03%
3560