arctic - npm Package Compare versions

Comparing version 2.0.0-next.6 to 2.0.0-next.7

dist/oauth2.js

@@ -1,2 +0,2 @@
-import { base64url } from "@oslojs/encoding";
+import { encodeBase64urlNoPadding } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
@@ -44,3 +44,3 @@ import { TokenRequestResult } from "@oslojs/oauth2";
     const codeChallengeBytes = sha256(new TextEncoder().encode(codeVerifier));
-    return base64url.encodeNoPadding(codeChallengeBytes);
+    return encodeBase64urlNoPadding(codeChallengeBytes);
 }
@@ -50,3 +50,3 @@ export function generateCodeVerifier() {
     crypto.getRandomValues(randomValues);
-    return base64url.encodeNoPadding(randomValues);
+    return encodeBase64urlNoPadding(randomValues);
 }
@@ -56,3 +56,3 @@ export function generateState() {
     crypto.getRandomValues(randomValues);
-    return base64url.encodeNoPadding(randomValues);
+    return encodeBase64urlNoPadding(randomValues);
 }

dist/oidc.js

@@ -1,37 +0,12 @@
-import { base64url } from "@oslojs/encoding";
+import { parseJWT } from "@oslojs/jwt";
 export function decodeIdToken(idToken) {
-    const parts = idToken.split(".");
-    if (parts.length !== 3) {
-        throw new Error("Invalid ID token");
-    }
-    let header;
     try {
-        header = JSON.parse(new TextDecoder().decode(base64url.decodeIgnorePadding(parts[0])));
+        const [_header, payload, _signature] = parseJWT(idToken);
+        return payload;
     }
-    catch {
-        throw new Error("Invalid ID token");
+    catch (e) {
+        throw new Error("Invalid ID token", {
+            cause: e
+        });
     }
-    if (typeof header !== "object" || header === null) {
-        throw new Error("Invalid ID token");
-    }
-    if (typeof header !== "object" || header === null) {
-        throw new Error("Invalid ID token");
-    }
-    if (!("typ" in header) || typeof header.typ !== "string") {
-        throw new Error("Invalid ID token");
-    }
-    if (header.typ !== "JWT") {
-        throw new Error("Invalid ID token");
-    }
-    let payload;
-    try {
-        payload = JSON.parse(new TextDecoder().decode(base64url.decodeIgnorePadding(parts[1])));
-    }
-    catch {
-        throw new Error("Invalid ID token");
-    }
-    if (typeof payload !== "object" || payload === null) {
-        throw new Error("Invalid ID token");
-    }
-    return payload;
 }

dist/providers/apple.js

 import { createOAuth2Request, sendTokenRequest } from "../request.js";
-import { base64url } from "@oslojs/encoding";
+import { createJWTSignatureMessage, encodeJWT } from "@oslojs/jwt";
 const authorizationEndpoint = "https://appleid.apple.com/auth/authorize";
@@ -57,12 +57,9 @@ const tokenEndpoint = "https://appleid.apple.com/auth/token";
         };
-        const encodedHeader = base64url.encodeNoPadding(new TextEncoder().encode(JSON.stringify(header)));
-        const encodedPayload = base64url.encodeNoPadding(new TextEncoder().encode(JSON.stringify(payload)));
-        const signature = await crypto.subtle.sign({
+        const signature = new Uint8Array(await crypto.subtle.sign({
             name: "ECDSA",
             hash: "SHA-256"
-        }, privateKey, new TextEncoder().encode(encodedHeader + "." + encodedPayload));
-        const encodedSignature = base64url.encodeNoPadding(new Uint8Array(signature));
-        const jwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
+        }, privateKey, createJWTSignatureMessage(header, payload)));
+        const jwt = encodeJWT(header, payload, signature);
         return jwt;
     }
 }

dist/request.js

@@ -1,2 +0,2 @@
-import { base64 } from "@oslojs/encoding";
+import { encodeBase64 } from "@oslojs/encoding";
 import { OAuth2Tokens } from "./oauth2.js";
@@ -16,3 +16,3 @@ import { OAuth2RequestResult } from "@oslojs/oauth2";
     const bytes = new TextEncoder().encode(`${username}:${password}`);
-    return base64.encode(bytes);
+    return encodeBase64(bytes);
 }
@@ -19,0 +19,0 @@ export async function sendTokenRequest(request) {

package.json

 {
   "name": "arctic",
   "type": "module",
-  "version": "2.0.0-next.6",
+  "version": "2.0.0-next.7",
   "description": "OAuth 2.0 clients for popular providers",
@@ -30,3 +30,4 @@ "main": "dist/index.js",
     "@oslojs/crypto": "0.6.0",
-    "@oslojs/encoding": "0.3.0",
+    "@oslojs/encoding": "0.4.1",
+    "@oslojs/jwt": "^0.1.0",
     "@oslojs/oauth2": "0.5.0"
@@ -33,0 +34,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

133277

decreased by-0.83%

Dependency count

4

increased by33.33%

Lines of code

2986

decreased by-0.93%

Dependency changes

• + Added@oslojs/jwt@^0.1.0

• + Added@oslojs/encoding@0.4.1(transitive)

• + Added@oslojs/jwt@0.1.0(transitive)

• - Removed@oslojs/encoding@0.3.0(transitive)

• Updated@oslojs/encoding@0.4.1