New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-openid-connect

Package Overview
Dependencies
Maintainers
1
Versions
45
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-openid-connect - npm Package Compare versions

Comparing version

0.0.3
to
0.1.0

test/logout.tests.js

2

API.md

@@ -33,2 +33,4 @@ ## The auth middleware can be configured with environment varabiles

| routes | `true` | Installs the `GET /login` and `GET /logout` route. |
| idpLogout | `false` | Logout the user from the identity provider on logout |
| auth0Logout | `false` | Enable Auth0's non-compliant logout feature, only if Auth0 can be detected and the Auth0 instance does not support OpenID Connect session management. |
| authorizationParams | See bellow | The parameters for the authorization call. |

@@ -35,0 +37,0 @@

17

lib/client.js
const { Issuer } = require('openid-client');
const memoize = require('p-memoize');
const url = require('url');
const urlJoin = require('url-join');
const pkg = require('../package.json');

@@ -40,2 +42,17 @@

if (config.idpLogout && !issuer.end_session_endpoint) {
if (config.auth0Logout || url.parse(issuer.issuer).hostname.match('auth0.com$')) {
client.endSessionUrl = function(params) {
const parsedUrl = url.parse(urlJoin(issuer.issuer, '/v2/logout'));
parsedUrl.query = {
returnTo: params.post_logout_redirect_uri,
client_id: client.client_id
};
return url.format(parsedUrl);
};
} else {
throw new Error("The issuer doesn't support session management.");
}
}
client.CLOCK_TOLERANCE = config.clockTolerance;

@@ -42,0 +59,0 @@

3

lib/config.js

@@ -30,2 +30,5 @@ const Joi = require('joi');

errorOnRequiredAuth: Joi.boolean().optional().default(false),
auth0Logout: Joi.boolean().optional().default(false),
idpLogout: Joi.boolean().optional().default(false)
.when('auth0Logout', { is: true, then: Joi.boolean().optional().default(true) })
});

@@ -32,0 +35,0 @@

33

middleware/auth.js

@@ -32,3 +32,5 @@ const express = require('express');

* a function receiving a request and return a boolean to determine which routes needs authentication.
* @param {boolean} [errorOnRequiredAuth=false] automatically handle unauthorized errors by triggering the authentication process
* @param {boolean} [params.errorOnRequiredAuth=false] automatically handle unauthorized errors by triggering the authentication process
* @param {boolean} [params.idpLogout=false] logout the user from the identity provider on logout
* @param {boolean} [params.auth0Logout=false] use the auth0's logout mechanism if OpenID Connect session management is not supported
* @param {boolean|Function} [params.routes=true] a boolean indicating if the routes /login and /logout should be added to the application

@@ -112,15 +114,16 @@ * @param {Object} [params.authorizationParams] The parameters for the authorization call. Defaults to

res.redirect(returnURL);
if (!config.idpLogout) {
return res.redirect(returnURL);
}
//This could be used in the future to logout from the OP.
// try {
// const client = await getClient(config);
// const url = client.endSessionUrl({
// post_logout_redirect_uri: returnURL,
// id_token_hint: req.openid.tokens,
// });
// res.redirect(url);
// } catch(err) {
// next(err);
// }
try {
const client = await getClient(config);
const url = client.endSessionUrl({
post_logout_redirect_uri: returnURL,
id_token_hint: req.openid.tokens,
});
res.redirect(url);
} catch(err) {
next(err);
}
};

@@ -246,3 +249,7 @@ }

//We do this to either speed up the first request
// or fail fast, the first request
getClient(config);
return router;
};

2

package.json
{
"name": "express-openid-connect",
"version": "0.0.3",
"version": "0.1.0",
"description": "An Express.js middleware to protect OpenID Connect web applications.",

@@ -5,0 +5,0 @@ "homepage": "https://github.com/auth0/express-openid-connect",

8

README.md

@@ -9,5 +9,7 @@ [![Build Status](https://travis-ci.org/auth0/express-openid-connect.svg?branch=master)](https://travis-ci.org/auth0/express-openid-connect)

1. Secure by default.
2. A single line of code should be enough for most of the cases.
3. The best defaults we know after many years in the space.
1. **Secure by default**:
- The middleware implements the best practices to work with OpenID Connect providers.
- All routes after the middleware require authentication by default.
2. **Simple setup**: Pain-free configuration by using OpenID Connect metadata and the best defaults.
3. **Standard**: The library is standard enough to work with many OpenID Connect providers.

@@ -14,0 +16,0 @@ ## Install

79

test/auth.tests.js

@@ -19,12 +19,12 @@ const assert = require('chai').assert;

describe('default', () => {
const router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
required: false
});
let baseUrl;
let baseUrl, router;
before(async function() {
router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
required: false
});
baseUrl = await server.create(router);

@@ -71,16 +71,15 @@ });

describe('response_type=none', () => {
const router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'none',
},
required: false
});
let baseUrl, router;
let baseUrl;
before(async function() {
router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'none',
},
required: false
});
baseUrl = await server.create(router);

@@ -113,16 +112,16 @@ });

describe('response_type=code', () => {
const router = expressOpenid.auth({
clientID: '123',
clientSecret: '456',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'code',
}
});
let baseUrl;
let router;
before(async function() {
router = router = expressOpenid.auth({
clientID: '123',
clientSecret: '456',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'code',
}
});
baseUrl = await server.create(router);

@@ -156,15 +155,15 @@ });

describe('response_type=id_token', () => {
const router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'id_token',
}
});
let router;
let baseUrl;
before(async function() {
router = router = expressOpenid.auth({
clientID: '123',
baseURL: 'https://myapp.com',
issuerBaseURL: 'https://flosser.auth0.com',
authorizationParams: {
response_mode: undefined,
response_type: 'id_token',
}
});
baseUrl = await server.create(router);

@@ -171,0 +170,0 @@ });

39

test/config.tests.js

@@ -53,4 +53,43 @@ const { assert } = require('chai');

describe('with auth0Logout', function() {
const config = getConfig({
clientID: '123',
issuerBaseURL: 'https://flosser.auth0.com',
baseURL: 'https://jjj.com',
auth0Logout: true
});
it('should set idpLogout to true', function() {
assert.equal(config.auth0Logout, true);
assert.equal(config.idpLogout, true);
});
});
describe('without auth0Logout nor idpLogout', function() {
const config = getConfig({
clientID: '123',
issuerBaseURL: 'https://flosser.auth0.com',
baseURL: 'https://jjj.com',
});
it('should set both to false', function() {
assert.equal(config.auth0Logout, false);
assert.equal(config.idpLogout, false);
});
});
describe('with idpLogout', function() {
const config = getConfig({
clientID: '123',
issuerBaseURL: 'https://flosser.auth0.com',
baseURL: 'https://jjj.com',
idpLogout: true
});
it('should set both to false', function() {
assert.equal(config.auth0Logout, false);
assert.equal(config.idpLogout, true);
});
});
});