express-authenticators - npm Package Compare versions

Comparing version 0.2.0-experiiment-3 to 0.2.0-experiiment-4

lib/oauth2/OAuth2.js

@@ -111,6 +111,5 @@ "use strict";
             const verifier = `${(0, crypto_1.randomUUID)()}-${(0, crypto_1.randomUUID)()}`;
-            yield store((0, lib_1.encodeSessionData)({
-                state,
-                verifier
-            }));
+            const nonce = (0, crypto_1.randomUUID)();
+            yield store((0, lib_1.encodeSessionData)(Object.assign({ state,
+                verifier }, this.options.addNonceToAuthorizeURL && { nonce })));
             return `${this.config.consentURL}?\
@@ -127,5 +126,3 @@ ${new url_1.URLSearchParams(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ [__classPrivateFieldGet(this, _OAuth2_instances, "a", _OAuth2_clientIDQueryName_get)]: this.config.clientID, redirect_uri: this.config.redirectUri, state }, this.config.scope && { scope: this.config.scope }), { response_type: (_a = this.options.responseType) !== null && _a !== void 0 ? _a : 'code' }), this.options.enablePKCE && {
                 code_challenge_method: 'S256'
-            }), this.options.addNonceToAuthorizeURL && {
-                nonce: (0, crypto_1.randomUUID)(),
-            }), this.options.consentAdditionalParams)).toString()}`;
+            }), this.options.addNonceToAuthorizeURL && { nonce }), this.options.consentAdditionalParams)).toString()}`;
         });
@@ -132,0 +129,0 @@ }

lib/vendors/AppleAuthenticator.d.ts

@@ -33,4 +33,5 @@ import OAuth2 from '../oauth2/OAuth2';
         user: string;
+        nonce: any;
     }>;
 }
 export {};

lib/vendors/AppleAuthenticator.js

@@ -41,3 +41,3 @@ "use strict";
         return __awaiter(this, void 0, void 0, function* () {
-            const { state: sessionState } = (0, lib_1.decodeSessionData)(pop());
+            const { state: sessionState, nonce } = (0, lib_1.decodeSessionData)(pop());
             if (!(0, lib_1.safeCompare)(state, sessionState))
@@ -47,3 +47,3 @@ throw new OAuth2Error_1.default('Invalid returning state');
                 throw new OAuth2Error_1.default(error);
-            return { code, id_token, state, user };
+            return { code, id_token, state, user, nonce };
         });
@@ -50,0 +50,0 @@ }

package.json

 {
 	"name": "express-authenticators",
-	"version": "0.2.0-experiiment-3",
+	"version": "0.2.0-experiiment-4",
 	"description": "Third party authenticators in nodejs. Support various providers. Almost zero dependencies.",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

122720

increased by0.12%

Worsened metrics

Lines of code

1725

decreased by-0.12%

No dependency changes