brightspace-auth-provisioning
Advanced tools
brightspace-auth-provisioning - npm Package Compare versions
Comparing version 2.1.3 to 2.2.0
| { | ||
| "name": "brightspace-auth-provisioning", | ||
| "version": "2.1.3", | ||
| "version": "2.2.0", | ||
| "description": "Make token assertions against an auth service", | ||
@@ -25,9 +25,9 @@ "main": "src/index.js", | ||
| "superagent": "^1.8.3", | ||
| "uuid": "^2.0.2", | ||
| "uuid": "^3.0.1", | ||
| "xtend": "^4.0.1" | ||
| }, | ||
| "devDependencies": { | ||
| "eslint": "^1.10.3", | ||
| "eslint-config-brightspace": "^0.1.0" | ||
| "eslint": "^3.16.0", | ||
| "eslint-config-brightspace": "^0.2.4" | ||
| } | ||
| } |
@@ -24,3 +24,4 @@ # brightspace-auth-provisioning | ||
| kid: '0a9e68f6-e6ad-11e4-8ab6-54ee750fffa4', | ||
| pem: '...' | ||
| pem: '...', | ||
| alg: 'ES256' | ||
| }); | ||
@@ -56,5 +57,8 @@ } | ||
| signing key. The object must have the properties `kid`, which is a unique | ||
| `String`, and `pem` which is the `String` representing the private key. | ||
| `String`, and `pem` which is the `String` representing the private key. The | ||
| object should also have a `String` property `alg` representing the signing | ||
| algorithm to use. `alg` must be one of `ES256`, `ES384`, `ES512` or `RS256`. | ||
| `RS256` will be assumed if `alg` is not provided. | ||
| **NOTE:** Only _RSA_ keys are supported at this time. | ||
| **NOTE:** `alg` will be required in the future. | ||
@@ -61,0 +65,0 @@ ##### Option: remoteIssuer `String` _(https://auth.brightspace.com/core)_ |
@@ -7,3 +7,3 @@ 'use strict'; | ||
| request = require('superagent'), | ||
| uuid = require('uuid'), | ||
| uuid = require('uuid/v4'), | ||
| xtend = require('xtend'); | ||
@@ -17,3 +17,4 @@ | ||
| DEFAULT_REMOTE_ISSUER = 'https://auth.brightspace.com/core', | ||
| TOKEN_PATH = '/connect/token'; | ||
| TOKEN_PATH = '/connect/token', | ||
| SUPPORTED_ALGS = ['ES256', 'ES384', 'ES512', 'RS256'/*, 'RS384', 'RS512'*/]; // D2L.Security.OAuth2 assumes RS256 | ||
@@ -124,2 +125,8 @@ function clock() { | ||
| if ('undefined' !== typeof signingKey.alg | ||
| && -1 === SUPPORTED_ALGS.indexOf(signingKey.alg) | ||
| ) { | ||
| throw new Error('received invalid signing key from "keyLookup"'); | ||
| } | ||
| payload = xtend(payload); | ||
@@ -134,3 +141,3 @@ | ||
| header: { | ||
| alg: 'RS256', | ||
| alg: signingKey.alg || 'RS256', | ||
| kid: signingKey.kid, | ||
@@ -137,0 +144,0 @@ typ: 'JWT', |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.41%
22703
- Lines of code
- increased by2.71%
227
- Number of lines in readme file
- increased by3.03%
136
Dependency changes
+ Addeduuid@3.4.0(transitive)
- Removeduuid@2.0.3(transitive)
Updateduuid@^3.0.1