express-openid-connect - npm Package Compare versions

Comparing version 2.7.2 to 2.7.3

index.d.ts

		@@ -439,3 +439,3 @@ // Type definitions for express-openid-connect
		/**
		* Boolean value to automatically install the login and logout routes.
		* Configuration for the login, logout, callback and postLogoutRedirect routes.
		*/
		@@ -442,0 +442,0 @@ routes?: {

lib/config.js

		@@ -43,3 +43,3 @@ const Joi = require('joi');
		name: Joi.string()
		.pattern(/^[0-9a-zA-Z_-]+$/, { name: 'cookie name' })
		.pattern(/^[0-9a-zA-Z_.-]+$/, { name: 'cookie name' })
		.optional()
		@@ -46,0 +46,0 @@ .default('appSession'),

110

lib/context.js

 @@ -182,46 +182,48 @@ const cb = require('cb');
     next = cb(next).once();
     const client = await getClient(config);
     try {
       const client = await getClient(config);
     // Set default returnTo value, allow passed-in options to override or use originalUrl on GET
     let returnTo = config.baseURL;
     if (options.returnTo) {
       returnTo = options.returnTo;
       debug('req.oidc.login() called with returnTo: %s', returnTo);
     } else if (req.method === 'GET' && req.originalUrl) {
       // Collapse any leading slashes to a single slash to prevent Open Redirects
       returnTo = req.originalUrl.replace(/^\/+/, '/');
       debug('req.oidc.login() without returnTo, using: %s', returnTo);
       // Set default returnTo value, allow passed-in options to override or use originalUrl on GET
       let returnTo = config.baseURL;
       if (options.returnTo) {
         returnTo = options.returnTo;
         debug('req.oidc.login() called with returnTo: %s', returnTo);
       } else if (req.method === 'GET' && req.originalUrl) {
         // Collapse any leading slashes to a single slash to prevent Open Redirects
         returnTo = req.originalUrl.replace(/^\/+/, '/');
         debug('req.oidc.login() without returnTo, using: %s', returnTo);
     options = {
       authorizationParams: {},
       returnTo,
       ...options,
     };
       options = {
         authorizationParams: {},
         returnTo,
         ...options,
       };
     // Ensure a redirect_uri, merge in configuration options, then passed-in options.
     options.authorizationParams = {
       redirect_uri: this.getRedirectUri(),
       ...config.authorizationParams,
       ...options.authorizationParams,
     };
       // Ensure a redirect_uri, merge in configuration options, then passed-in options.
       options.authorizationParams = {
         redirect_uri: this.getRedirectUri(),
         ...config.authorizationParams,
         ...options.authorizationParams,
       };
     const stateValue = await config.getLoginState(req, options);
     if (typeof stateValue !== 'object') {
       next(new Error('Custom state value must be an object.'));
     stateValue.nonce = transient.generateNonce();
     if (options.silent) {
       stateValue.attemptingSilentLogin = true;
       const stateValue = await config.getLoginState(req, options);
       if (typeof stateValue !== 'object') {
         next(new Error('Custom state value must be an object.'));
       stateValue.nonce = transient.generateNonce();
       if (options.silent) {
         stateValue.attemptingSilentLogin = true;
     const usePKCE = options.authorizationParams.response_type.includes('code');
     if (usePKCE) {
       debug(
         'response_type includes code, the authorization request will use PKCE'
       const usePKCE = options.authorizationParams.response_type.includes(
         'code'
       );
       stateValue.code_verifier = transient.generateCodeVerifier();
       if (usePKCE) {
         debug(
           'response_type includes code, the authorization request will use PKCE'
         );
         stateValue.code_verifier = transient.generateCodeVerifier();
     try {
       const validResponseTypes = ['id_token', 'code id_token', 'code'];
 @@ -279,27 +281,27 @@ assert(
     next = cb(next).once();
     const client = await getClient(config);
     let returnURL = params.returnTo || config.routes.postLogoutRedirect;
     debug('req.oidc.logout() with return url: %s', returnURL);
     if (url.parse(returnURL).host === null) {
       returnURL = urlJoin(config.baseURL, returnURL);
     try {
       const client = await getClient(config);
     cancelSilentLogin(req, res);
       if (url.parse(returnURL).host === null) {
         returnURL = urlJoin(config.baseURL, returnURL);
     if (!req.oidc.isAuthenticated()) {
       debug('end-user already logged out, redirecting to %s', returnURL);
       return res.redirect(returnURL);
       cancelSilentLogin(req, res);
     const { idToken: id_token_hint } = req.oidc;
     req[config.session.name] = undefined;
       if (!req.oidc.isAuthenticated()) {
         debug('end-user already logged out, redirecting to %s', returnURL);
         return res.redirect(returnURL);
     if (!config.idpLogout) {
       debug('performing a local only logout, redirecting to %s', returnURL);
       return res.redirect(returnURL);
       const { idToken: id_token_hint } = req.oidc;
       req[config.session.name] = undefined;
     try {
       if (!config.idpLogout) {
         debug('performing a local only logout, redirecting to %s', returnURL);
         return res.redirect(returnURL);
       returnURL = client.endSessionUrl({
 @@ -306,0 +308,0 @@ ...config.logoutParams,

package.json

		{
		"name": "express-openid-connect",
		"version": "2.7.2",
		"version": "2.7.3",
		"description": "Express middleware to protect web applications using OpenID Connect.",
		@@ -31,5 +31,5 @@ "homepage": "https://github.com/auth0/express-openid-connect",
		"clone": "^2.1.2",
		"cookie": "^0.4.1",
		"debug": "^4.3.3",
		"futoin-hkdf": "^1.5.0",
		"cookie": "^0.5.0",
		"debug": "^4.3.4",
		"futoin-hkdf": "^1.5.1",
		"http-errors": "^1.8.1",
		@@ -36,0 +36,0 @@ "joi": "^17.6.0",

express-openid-connect - npm Package Compare versions

Improved metrics

Dependency changes