express-openid-connect - npm Package Compare versions

Comparing version 2.3.1 to 2.4.0

CHANGELOG.md

 # CHANGELOG
 
+## [2.4.0](https://github.com/auth0/express-openid-connect/tree/v2.4.0) (2021-05-11)
+[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.3.1...v2.4.0)
+
+**Added**
+- Swallor error on silent auth [#230](https://github.com/auth0/express-openid-connect/pull/230) ([adamjmcgrath](https://github.com/adamjmcgrath))
+- Token Endpoint Parameters [#228](https://github.com/auth0/express-openid-connect/pull/228) ([davidpatrick](https://github.com/davidpatrick))
+
 ## [2.3.1](https://github.com/auth0/express-openid-connect/tree/v2.3.1) (2021-04-09)
@@ -4,0 +11,0 @@ [Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.3.0...v2.3.1)

index.d.ts

@@ -36,2 +36,5 @@ // Type definitions for express-openid-connect
  * ```
+ *
+ * @deprecated use the native the `Request` interface of `express` instead; it has
+ * been extended and now includes a built in `oidc` param.
  */
@@ -55,2 +58,5 @@ interface OpenidRequest extends Request {
  * ```
+ *
+ * @deprecated use the native the `Response` interface of `express` instead; it has
+ * been extended and now includes a built in `oidc` param.
  */
@@ -113,3 +119,3 @@ interface OpenidResponse extends Response {
    */
-  user?: object;
+  user?: Record<string, any>;
 
@@ -176,2 +182,17 @@ /**
 /**
+ * Extend express interfaces (Response/Request) to support oidc param
+ */
+declare global {
+  namespace Express {
+    interface Request {
+      oidc: RequestContext;
+    }
+
+    interface Response {
+      oidc: ResponseContext;
+    }
+  }
+}
+
+/**
  * Custom options to pass to login.
@@ -189,2 +210,7 @@ */
   returnTo?: string;
+
+  /**
+   *  Used by {@link ConfigParams.attemptSilentLogin} to swallow callback errors on silent login.
+   */
+  silent?: boolean;
 }
@@ -438,2 +464,7 @@
   clientAuthMethod?: string;
+
+  /**
+   * Additional request body properties to be sent to the `token_endpoint` during authorization code exchange or token refresh.
+   */
+  tokenEndpointParams?: TokenParameters;
 }
@@ -611,5 +642,9 @@
    */
-  refresh(): Promise<AccessToken>;
+  refresh(params?: TokenParameters): Promise<AccessToken>;
 }
 
+interface TokenParameters {
+  [key: string]: unknown;
+}
+
 /**
@@ -616,0 +651,0 @@ * Express JS middleware implementing sign on for Express web apps using OpenID Connect.

lib/config.js

@@ -74,2 +74,3 @@ const Joi = require('joi');
   auth0Logout: Joi.boolean().optional().default(false),
+  tokenEndpointParams: Joi.object().optional(),
   authorizationParams: Joi.object({
@@ -76,0 +77,0 @@ response_type: Joi.string()

lib/context.js

@@ -18,8 +18,16 @@ const cb = require('cb');
 
-async function refresh() {
+async function refresh({ tokenEndpointParams } = {}) {
   let { config, req } = weakRef(this);
   const client = await getClient(config);
   const oldTokenSet = tokenSet.call(this);
-  const newTokenSet = await client.refresh(oldTokenSet);
 
+  let extras;
+  if (config.tokenEndpointParams || tokenEndpointParams) {
+    extras = {
+      exchangeBody: { ...config.tokenEndpointParams, ...tokenEndpointParams },
+    };
+  }
+
+  const newTokenSet = await client.refresh(oldTokenSet, extras);
+
   // Update the session
@@ -167,2 +175,3 @@ const session = req[config.session.name];
       ...options,
+      silent: true,
       authorizationParams: { ...options.authorizationParams, prompt: 'none' },
@@ -205,2 +214,5 @@ });
     stateValue.nonce = transient.generateNonce();
+    if (options.silent) {
+      stateValue.attemptingSilentLogin = true;
+    }
 
@@ -207,0 +219,0 @@ const usePKCE = options.authorizationParams.response_type.includes('code');

lib/hooks/getLoginState.js

@@ -42,3 +42,7 @@ const base64url = require('base64url');
 function decodeState(stateValue) {
-  return JSON.parse(base64url.decode(stateValue));
+  try {
+    return JSON.parse(base64url.decode(stateValue));
+  } catch (e) {
+    return false;
+  }
 }
@@ -45,0 +49,0 @@

middleware/auth.js

@@ -100,3 +100,4 @@ const express = require('express');
 
-            session = await client.callback(redirectUri, callbackParams, {
+            req.openidState = decodeState(state);
+            const checks = {
               max_age,
@@ -106,5 +107,15 @@ code_verifier,
               state,
-            });
+            };
 
-            req.openidState = decodeState(state);
+            let extras;
+            if (config.tokenEndpointParams) {
+              extras = { exchangeBody: config.tokenEndpointParams };
+            }
+
+            session = await client.callback(
+              redirectUri,
+              callbackParams,
+              checks,
+              extras
+            );
           } catch (err) {
@@ -128,3 +139,8 @@ throw createError.BadRequest(err.message);
         } catch (err) {
-          next(err);
+          // Swallow errors if this is a silentLogin
+          if (req.openidState && req.openidState.attemptingSilentLogin) {
+            next();
+          } else {
+            next(err);
+          }
         }
@@ -131,0 +147,0 @@ },

package.json

 {
   "name": "express-openid-connect",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "description": "Express middleware to protect web applications using OpenID Connect.",
@@ -36,3 +36,3 @@ "homepage": "https://github.com/auth0/express-openid-connect",
     "joi": "^17.4.0",
-    "jose": "^2.0.0",
+    "jose": "^2.0.5",
     "on-headers": "^1.0.2",
@@ -61,3 +61,3 @@ "openid-client": "^4.0.0",
     "pretty-quick": "^2.0.1",
-    "puppeteer": "^5.2.0",
+    "puppeteer": "^5.5.0",
     "redis-mock": "^0.56.3",
@@ -64,0 +64,0 @@ "request": "^2.88.2",

No alert changes

Improved metrics

Total package byte prevSize

91222

increased by2.56%

Lines of code

2206

increased by2.8%

Dependency changes

• Updatedjose@^2.0.5