byu-jwt - npm Package Compare versions

Comparing version 3.1.1 to 3.1.2-1

105

index.d.ts

		@@ -5,30 +5,31 @@ import {NextFunction, Request, Response} from 'express'
		export interface Cache {
		clearCache: () => void;
		getCache: () => any;
		setCache: (value: any) => void;
		getTTL: () => number;
		setTTL: (ttl: number) => void;
		clearCache: () => void
		getCache: () => any
		setCache: (value: any) => void
		getTTL: () => number
		setTTL: (ttl: number) => void
		}

		export interface Options {
		basePath?: string,
		basePath?: string
		cacheTTL?: number
		development?: boolean
		issuer?: string
		}

		export interface baseClaims {
		byuId: string,
		netId: string,
		personId: string,
		preferredFirstName: string,
		prefix: string,
		restOfName: string,
		sortName: string,
		suffix: string,
		surname: string,
		surnamePosition: string,
		byuId: string
		netId: string
		personId: string
		preferredFirstName: string
		prefix: string
		restOfName: string
		sortName: string
		suffix: string
		surname: string
		surnamePosition: string
		}

		export type ClientClaims = baseClaims & {
		claimSource: string,
		claimSource: string
		subscriberNetId: string
		@@ -40,3 +41,3 @@ }
		export interface RawJwtClaims {
		iss: string,
		iss: string
		exp: number
		@@ -46,13 +47,13 @@ }
		export interface RawWso2Claims {
		'http://wso2.org/claims/subscriber': string,
		'http://wso2.org/claims/applicationid': string,
		'http://wso2.org/claims/applicationname': string,
		'http://wso2.org/claims/applicationtier': string,
		'http://wso2.org/claims/apicontext': string,
		'http://wso2.org/claims/version': string,
		'http://wso2.org/claims/tier': string,
		'http://wso2.org/claims/keytype': 'PRODUCTION' \| 'SANDBOX',
		'http://wso2.org/claims/usertype': 'APPLICATION_USER' \| 'APPLICATION',
		'http://wso2.org/claims/enduser': string,
		'http://wso2.org/claims/enduserTennantId': string,
		'http://wso2.org/claims/subscriber': string
		'http://wso2.org/claims/applicationid': string
		'http://wso2.org/claims/applicationname': string
		'http://wso2.org/claims/applicationtier': string
		'http://wso2.org/claims/apicontext': string
		'http://wso2.org/claims/version': string
		'http://wso2.org/claims/tier': string
		'http://wso2.org/claims/keytype': 'PRODUCTION' \| 'SANDBOX'
		'http://wso2.org/claims/usertype': 'APPLICATION_USER' \| 'APPLICATION'
		'http://wso2.org/claims/enduser': string
		'http://wso2.org/claims/enduserTennantId': string
		'http://wso2.org/claims/client_id': string
		@@ -62,13 +63,13 @@ }
		export interface RawByuClientClaims {
		'http://byu.edu/claims/client_subscriber_net_id': string,
		'http://byu.edu/claims/client_claim_source': 'CLIENT_SUBSCRIBER' \| 'CLIENT_ID',
		'http://byu.edu/claims/client_person_id': string,
		'http://byu.edu/claims/client_byu_id': string,
		'http://byu.edu/claims/client_net_id': string,
		'http://byu.edu/claims/client_surname': string,
		'http://byu.edu/claims/client_surname_position': string,
		'http://byu.edu/claims/client_rest_of_name': string,
		'http://byu.edu/claims/client_preferred_first_name': string,
		'http://byu.edu/claims/client_sort_name': string,
		'http://byu.edu/claims/client_name_suffix': string,
		'http://byu.edu/claims/client_subscriber_net_id': string
		'http://byu.edu/claims/client_claim_source': 'CLIENT_SUBSCRIBER' \| 'CLIENT_ID'
		'http://byu.edu/claims/client_person_id': string
		'http://byu.edu/claims/client_byu_id': string
		'http://byu.edu/claims/client_net_id': string
		'http://byu.edu/claims/client_surname': string
		'http://byu.edu/claims/client_surname_position': string
		'http://byu.edu/claims/client_rest_of_name': string
		'http://byu.edu/claims/client_preferred_first_name': string
		'http://byu.edu/claims/client_sort_name': string
		'http://byu.edu/claims/client_name_suffix': string
		'http://byu.edu/claims/client_name_prefix': string
		@@ -78,11 +79,11 @@ }
		export interface RawByuResourceOwnerClaims {
		'http://byu.edu/claims/resourceowner_person_id': string,
		'http://byu.edu/claims/resourceowner_byu_id': string,
		'http://byu.edu/claims/resourceowner_net_id': string,
		'http://byu.edu/claims/resourceowner_surname': string,
		'http://byu.edu/claims/resourceowner_surname_position': string,
		'http://byu.edu/claims/resourceowner_rest_of_name': string,
		'http://byu.edu/claims/resourceowner_preferred_first_name': string,
		'http://byu.edu/claims/resourceowner_sort_name': string,
		'http://byu.edu/claims/resourceowner_suffix': string,
		'http://byu.edu/claims/resourceowner_person_id': string
		'http://byu.edu/claims/resourceowner_byu_id': string
		'http://byu.edu/claims/resourceowner_net_id': string
		'http://byu.edu/claims/resourceowner_surname': string
		'http://byu.edu/claims/resourceowner_surname_position': string
		'http://byu.edu/claims/resourceowner_rest_of_name': string
		'http://byu.edu/claims/resourceowner_preferred_first_name': string
		'http://byu.edu/claims/resourceowner_sort_name': string
		'http://byu.edu/claims/resourceowner_suffix': string
		'http://byu.edu/claims/resourceowner_prefix': string
		@@ -119,5 +120,5 @@ }
		export interface VerifiedJwts {
		current: DecodedByuJwt,
		original?: DecodedByuJwt,
		originalJWT: string,
		current: DecodedByuJwt
		original?: DecodedByuJwt
		originalJWT: string
		claims: ClientClaims \| ResourceOwnerClaims
		@@ -124,0 +125,0 @@ }

index.js

@@ -0,0 +0,0 @@ /*

lib/AuthenticationError.js

@@ -0,0 +0,0 @@ /**

lib/cache.js

@@ -0,0 +0,0 @@ /**

lib/index.js

		@@ -29,2 +29,3 @@ /**
		const BYU_JWT_ORIGINAL = { name: 'Original', key: 'original', header: 'x-jwt-assertion-original' }
		// Deprecated: use ByuJWT.prototype.openIdConfigUrl instead
		const WELL_KNOWN_URL = 'https://api.byu.edu/.well-known/openid-configuration'
		@@ -42,2 +43,4 @@
		if (!Object.hasOwnProperty.call(options, 'development')) options.development = false
		if (!Object.hasOwnProperty.call(options, 'host')) options.host = 'api.byu.edu'
		if (!Object.hasOwnProperty.call(options, 'openIdConfigUrl')) options.openIdConfigUrl = `https://${options.host}/.well-known/openid-configuration`

		@@ -50,2 +53,5 @@ // validate options

		// expose openid configuration url
		byuJwt.openIdConfigUrl = options.openIdConfigUrl

		// store options
		@@ -87,7 +93,7 @@ byuJwt.options = Object.assign({}, options)
		byuJwt.getOpenIdConfiguration = function () {
		return getOpenIdConfiguration(byuJwt.cache)
		return getOpenIdConfiguration(byuJwt.openIdConfigUrl, byuJwt.cache)
		}

		byuJwt.getPem = async function () {
		const keys = await initPem(byuJwt.cache)
		const keys = await initPem(byuJwt.openIdConfigUrl, byuJwt.cache)
		return keys[0] && keys[0].x5c
		@@ -161,4 +167,6 @@ }
		WELL_KNOWN_URL: {
		value: WELL_KNOWN_URL,
		writable: false
		get () {
		console.trace('DEPRECATION WARNING: WELL_KNOWN_URL is not guaranteed to work after the transition to the Tyk API Manager. It will be removed in the next major version. Use ByuJWT.prototype.openIdConfigUrl instead.')
		return WELL_KNOWN_URL
		}
		}
		@@ -280,8 +288,9 @@ })
		* Get the latest OpenID configuration and refresh cache
		* @param cache
		* @param {string} openidConfigUrl
		* @param {object} cache
		*/
		async function getOpenIdConfiguration (cache) {
		async function getOpenIdConfiguration (openidConfigUrl, cache) {
		debug('get OpenID configuration')
		try {
		const config = await request(WELL_KNOWN_URL)
		const config = await request(openidConfigUrl)
		debug('OpenID configuration acquired')
		@@ -301,8 +310,9 @@ const maxAge = getMaxAge(config.headers)
		* Get the .pem certificate for the OpenID configuration
		* @param {string} issuer
		* @param {object} cache
		* @returns {string}
		*/
		async function getPem (cache) {
		async function getPem (issuer, cache) {
		debug('getting pem')
		const openIdConfig = await initOpenId(cache)
		const openIdConfig = await initOpenId(issuer, cache)
		try {
		@@ -356,3 +366,3 @@ const result = await request(openIdConfig.jwks_uri)
		/**
		* Convert seconds to mintues
		* Convert seconds to minutes
		* @params {number} seconds
		@@ -367,11 +377,18 @@ * @returns {number}
		* Get cached OpenID configuration or new OpenID configuration if the cached is expired.
		* @param {string} issuer
		* @param {object} cache
		* @returns {object}
		*/
		function initOpenId (cache) {
		return cache.openId.getCache() \|\| getOpenIdConfiguration(cache)
		function initOpenId (issuer, cache) {
		return cache.openId.getCache() \|\| getOpenIdConfiguration(issuer, cache)
		}

		async function initPem (cache) {
		return cache.byuCert.getCache() \|\| getPem(cache)
		/**
		* Get cached Pem or new Pem if the cached is expired.
		* @param {string} issuer
		* @param {object} cache
		* @returns {object}
		*/
		async function initPem (issuer, cache) {
		return cache.byuCert.getCache() \|\| getPem(issuer, cache)
		}
		@@ -403,6 +420,6 @@

		const openIdConfig = await initOpenId(cache)
		const openIdConfig = await initOpenId(options.openIdConfigUrl, cache)
		const algorithms = openIdConfig.id_token_signing_alg_values_supported

		const validKeys = await initPem(cache)
		const validKeys = await initPem(options.openIdConfigUrl, cache)
		const matchingKey = validKeys.find(key => key.x5t === jwtHeaders.x5t)
		@@ -409,0 +426,0 @@ if (!matchingKey) {

lib/request.js

@@ -0,0 +0,0 @@ /**

package.json

		{
		"name": "byu-jwt",
		"version": "3.1.1",
		"version": "3.1.2-1",
		"description": "The byu-jwt module provides helpful functions to retrieve a specified BYU .well-known URL and verify BYU signed JWTs.",
		@@ -22,2 +22,7 @@ "main": "index.js",
		},
		"files": [
		"lib",
		"index.js",
		"index.d.ts"
		],
		"homepage": "https://github.com/byu-oit/byu-jwt-nodejs#readme",
		@@ -24,0 +29,0 @@ "dependencies": {

README.md

		@@ -26,9 +26,15 @@ # byu-jwt
		## Migrate from v1 to v2

		* Update to Node 8 or above

		## Migrate from v2 to v3
		* `getPublicKey` has been [removed](https://github.com/byu-oit/byu-jwt-nodejs/commit/fe16edddd1f59a4f6c37acc29d9a20b5878626bd) - If you were using it, look into the new `getPem` function
		* Ensure that the [`openssl`](https://nodejs.org/en/docs/meta/topics/dependencies/#openssl) shipped with your version of Node supports the algorithms you need - We're now using that instead of expecting an `openssl` executable to be found on the system.
		* This is probably a non-issue because our JWTs have been using RSA-256, which `openssl` has supported for _years_.

		* `getPublicKey` has
		been [removed](https://github.com/byu-oit/byu-jwt-nodejs/commit/fe16edddd1f59a4f6c37acc29d9a20b5878626bd) - If you
		were using it, look into the new `getPem` function
		* Ensure that the [`openssl`](https://nodejs.org/en/docs/meta/topics/dependencies/#openssl) shipped with your version of
		Node supports the algorithms you need - We're now using that instead of expecting an `openssl` executable to be found
		on the system.
		* This is probably a non-issue because our JWTs have been using RSA-256, which `openssl` has supported for _years_.

		## API
		@@ -44,7 +50,9 @@

		\| Option \| Description \| Default \|
		\| ------ \| ----------- \| ------- \|
		\| basePath \| A `string` that the JWT's API context must begin with. This validates that the JWT came from a server that starts with this path. \| `""` \|
		\| cacheTTL \| The `number` of minutes to cache the OpenID configuration for. \| `10` \|
		\| development \| A `boolean` then when set to `true` will bypass JWT validation. This cannot be set to `true` when the `NODE_ENV` environment variable is set to `"production"`. Also, when set to `true` expect to see a lot of warning message on your console. \| `false` \|
		\| Option \| Description \| Default \|
		\|-----------------\|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|---------------\|
		\| basePath \| A `string` that the JWT's API context must begin with. This validates that the JWT came from a server that starts with this path. \| `""` \|
		\| cacheTTL \| The `number` of minutes to cache the OpenID configuration for. \| `10` \|
		\| development \| A `boolean` then when set to `true` will bypass JWT validation. This cannot be set to `true` when the `NODE_ENV` environment variable is set to `"production"`. Also, when set to `true` expect to see a lot of warning message on your console. \| `false` \|
		\| host \| The host of the issuing oauth provider. If this option is specified, the OpenID Configuration URL will be constructed for you, according to the OpenID Configuration Specification. \| `api.byu.edu` \|
		\| openIdConfigUrl \| The OpenID Configuration URL (AKA Well-known URL). If this is specified, it will override the host option. \| \|

		@@ -65,3 +73,4 @@ Returns an instance of the [ByuJWT](#constructor)

		2. `x-jwt-assertion-original` is a header that contains the JWT for the original requester. This value should be set if a client is making an authenticated request on behalf of a different client.
		2. `x-jwt-assertion-original` is a header that contains the JWT for the original requester. This value should be set
		if a client is making an authenticated request on behalf of a different client.

		@@ -74,5 +83,6 @@ Returns a promise that, if authenticated, resolves to an object with some of these properties:

		- originalJWT - The JWT string provided by the original requester, or if that doesn't exist then of the current client.
		- originalJWT - The JWT string provided by the original requester, or if that doesn't exist then of the current
		client.

		- claims - A [decoded JWT's](#decode-jwt) primary claim, prioritied in this order:
		- claims - A [decoded JWT's](#decode-jwt) primary claim, prioritized in this order:

		@@ -86,3 +96,4 @@ 1. Original resource owner

		A middleware that will check if the request has authentication and will either add the property `verifiedJWTs` to the request or will respond to the request with a `401` or `500` response code.
		A middleware that will check if the request has authentication and will either add the property `verifiedJWTs` to the
		request or will respond to the request with a `401` or `500` response code.

		@@ -110,7 +121,7 @@ `ByuJWT.prototype.authenticateUAPIMiddleware`
		const listener = app.listen(3000, err => {
		if (err) {
		console.error(err.stack)
		} else {
		console.log('Server listening on port ' + listener.address().port)
		}
		if (err) {
		console.error(err.stack)
		} else {
		console.log('Server listening on port ' + listener.address().port)
		}
		})
		@@ -131,3 +142,5 @@ ```

		- client - An object that contains the client claims. It has the following properties: `byuId`, `claimSource`, `netId`, `personId`, `preferredFirstName`, `prefix`, `restofName`, `sortName`, `subscriberNetId`, `suffix`, `surname`, `surnamePosition`
		- client - An object that contains the client claims. It has the following properties: `byuId`, `claimSource`, `netId`
		, `personId`, `preferredFirstName`, `prefix`, `restofName`, `sortName`, `subscriberNetId`, `suffix`, `surname`
		, `surnamePosition`

		@@ -138,5 +151,8 @@ - claims - The primary claims object, prefering resource owner first and client second.

		- resourceOwner - The resource owner claims (if a resource owner is defined). It has the following properties: `byuId`, `netId`, `personId`, `preferredFirstName`, `prefix`, `restofName`, `sortName`, `suffix`, `surname`, `surnamePosition`
		- resourceOwner - The resource owner claims (if a resource owner is defined). It has the following properties: `byuId`
		, `netId`, `personId`, `preferredFirstName`, `prefix`, `restofName`, `sortName`, `suffix`, `surname`
		, `surnamePosition`

		- wso2- Claims specific to WSO2.It has the following properties: `apiContext`, `application.id`, `application.name`, `application.tier`, `clientId`, `endUser`, `endUserTenantId`, `keyType`, `subscriber`, `tier`, `userType`, `version`
		- wso2- Claims specific to WSO2.It has the following properties: `apiContext`, `application.id`, `application.name`
		, `application.tier`, `clientId`, `endUser`, `endUserTenantId`, `keyType`, `subscriber`, `tier`, `userType`, `version`

		@@ -153,2 +169,9 @@ ### Get OpenId Configuration

		### OpenId Configuration URL

		Exposes the OpenID Configuration URL, according to the OpenID specification. It is created based on the `host` parameter
		given in the constructor or will be overridden by the `openIdConfigUrl` parameter.

		`ByuJWT.prototype.openIdConfigUrl`

		### Get Pem
		@@ -187,3 +210,3 @@
		byuJWT.cacheTTL = 15 // set cache to 15 minutes
		```
		````

		@@ -206,2 +229,7 @@ ### Static Constants

		DEPRECATED

		- WELL_KNOWN_URL - A reference to the BYU OpenID Configuration URL. It will be removed in the next major version. Use
		ByuJWT.prototype.openIdConfigUrl instead.

		```js
		@@ -220,2 +248,2 @@ const ByuJWT = require('byu-jwt')

		3. Run `npm test`
		3. Run `npm test`

.github/dependabot.yml

.github/workflows/ci.yml

.repo-meta.yml

test/index.test.js

LICENSE

Sorry, the diff of this file is not supported yet

byu-jwt - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics