express-oauth2-jwt-bearer
Advanced tools
Comparing version 0.2.0 to 1.0.0
import { Handler } from 'express'; | ||
import { JwtVerifierOptions, ClaimCheck, ClaimEquals, ClaimIncludes, RequiredScopes, VerifyJwtResult as AuthResult, JWTPayload } from 'access-token-jwt'; | ||
import { JwtVerifierOptions, ClaimCheck, ClaimEquals, ClaimIncludes, RequiredScopes, VerifyJwtResult as AuthResult } from 'access-token-jwt'; | ||
import type { JWTPayload } from 'access-token-jwt'; | ||
declare global { | ||
@@ -4,0 +5,0 @@ namespace Express { |
@@ -9,13 +9,8 @@ 'use strict'; | ||
var url = require('url'); | ||
var createRemoteJWKSet = require('jose-node-cjs-runtime/jwks/remote'); | ||
var jwtVerify = require('jose-node-cjs-runtime/jwt/verify'); | ||
var jose = require('jose'); | ||
var http = require('http'); | ||
var https = require('https'); | ||
var events = require('events'); | ||
var util = require('util'); | ||
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } | ||
var createRemoteJWKSet__default = /*#__PURE__*/_interopDefaultLegacy(createRemoteJWKSet); | ||
var jwtVerify__default = /*#__PURE__*/_interopDefaultLegacy(jwtVerify); | ||
class UnauthorizedError extends Error { | ||
@@ -97,3 +92,3 @@ constructor(message = 'Unauthorized') { | ||
const decoder = new TextDecoder(); | ||
const decoder = new util.TextDecoder(); | ||
const concat = (...buffers) => { | ||
@@ -247,4 +242,6 @@ const size = buffers.reduce((acc, { length }) => acc + length, 0); | ||
const JWKS = async (...args) => { | ||
if (secretKey) | ||
return secretKey; | ||
if (!origJWKS) { | ||
origJWKS = createRemoteJWKSet__default['default'](new url.URL(jwksUri), { | ||
origJWKS = jose.createRemoteJWKSet(new url.URL(jwksUri), { | ||
agent, | ||
@@ -272,3 +269,3 @@ cooldownDuration, | ||
}); | ||
const { payload, protectedHeader: header } = await jwtVerify__default['default'](jwt, secretKey || JWKS); | ||
const { payload, protectedHeader: header } = await jose.jwtVerify(jwt, JWKS); | ||
await validate(payload, header, validators); | ||
@@ -314,2 +311,5 @@ return { payload, header, token: jwt }; | ||
return claimCheck$1((payload) => { | ||
if (!('scope' in payload)) { | ||
throw new InsufficientScopeError(scopes, "Missing 'scope' claim"); | ||
} | ||
if (!fn(payload)) { | ||
@@ -316,0 +316,0 @@ throw new InsufficientScopeError(scopes); |
{ | ||
"name": "express-oauth2-jwt-bearer", | ||
"description": "Authentication middleware for Express.js that validates JWT bearer access tokens.", | ||
"version": "0.2.0", | ||
"version": "1.0.0", | ||
"main": "dist/index.js", | ||
@@ -10,3 +10,2 @@ "types": "dist/index.d.ts", | ||
"lint": "eslint --fix --ext .ts ./src", | ||
"prepublishOnly": "npm run build", | ||
"prebuild": "rimraf dist", | ||
@@ -44,3 +43,3 @@ "build": "rollup -c" | ||
"dependencies": { | ||
"jose-node-cjs-runtime": "^3.12.1" | ||
"jose": "^4.0.1" | ||
}, | ||
@@ -47,0 +46,0 @@ "engines": { |
@@ -1,7 +0,5 @@ | ||
# express-oauth2-jwt-bearer (Beta) | ||
# express-oauth2-jwt-bearer | ||
Authentication middleware for Express.js that validates JWT Bearer Access Tokens. | ||
> **Note:** This library is currently in Beta status and has not had a complete security review. We do not recommend using this library in production yet. As we move towards general availability, please be aware that releases may contain breaking changes. We will be monitoring the Issues queue here for feedback and questions. PRs and comments on existing PRs are welcome! | ||
[![CircleCI](https://img.shields.io/circleci/build/github/auth0/node-oauth2-jwt-bearer.svg?branch=master&style=flat)](https://circleci.com/gh/auth0/node-oauth2-jwt-bearer) | ||
@@ -18,3 +16,2 @@ [![License](https://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT) | ||
- [Error Handling](#error-handling) | ||
- [Troubleshooting](#troubleshooting) | ||
- [Contributing](#contributing) | ||
@@ -149,12 +146,2 @@ - [Support + Feedback](#support---feedback) | ||
## Troubleshooting | ||
### Getting `Error: Cannot find module 'jose-node-cjs-runtime/jwks/remote'` when I run the SDK | ||
This package takes a dependency on [jose](https://github.com/panva/jose) which uses [package exports](https://nodejs.org/api/packages.html#packages_exports) which requires Node `^12.19.0 || ^14.15.0`. | ||
Even if you are using the correct version of Node, you may still run into this in some tooling that does not yet support package exports, like [jest](https://github.com/facebook/jest/issues/9771) or Webpack 4. | ||
To workaround this issue in jest, see how we use a [custom resolver](../../packages/access-token-jwt/resolver.js) for this project. | ||
## Contributing | ||
@@ -161,0 +148,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
388
0
4
24056
173
+ Addedjose@^4.0.1
+ Addedjose@4.15.9(transitive)
- Removedjose-node-cjs-runtime@^3.12.1
- Removedjose-node-cjs-runtime@3.20.4(transitive)