Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

oidc-provider

Package Overview
Dependencies
Maintainers
1
Versions
339
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

oidc-provider - npm Package Compare versions

Comparing version 0.10.1 to 0.10.2

3

CHANGELOG.md
Following semver, 1.0.0 will mark the first API stable release and commence of this file,
until then please use the compare views of github for reference.
- https://github.com/panva/node-oidc-provider/compare/v0.10.0...0.10.1
- https://github.com/panva/node-oidc-provider/compare/v0.10.0...0.10.2
- fix: push nonce from code to refresh token and then id_token upon refresh
- fix: RFC6749 4.1.2.1 - missing, unrecognized, invalid clientid and redirect_uri handling (consistent no redirect)
- https://github.com/panva/node-oidc-provider/compare/v0.9.0...v0.10.0

@@ -7,0 +8,0 @@ - added: custom discovery property config

@@ -144,6 +144,8 @@ 'use strict';

// Validate: client_id param
this.assert(clientId, new errors.InvalidRequestError('missing required parameter client_id'));
const Client = provider.get('Client');
const client = yield Client.find(clientId);
const client = yield Client.find(String(clientId));
this.assert(client, new errors.InvalidRequestError('unrecognized client_id'));
this.assert(client, new errors.InvalidClientError());

@@ -159,2 +161,9 @@ return client;

function * checkClient(next) {
// Validate: client_id param
this.oidc.client = yield loadClient.call(this, this.oidc.params.client_id);
yield next;
},
rejectDupes,

@@ -234,9 +243,2 @@

function * checkClient(next) {
// Validate: client_id param
this.oidc.client = yield loadClient.call(this, this.oidc.params.client_id);
yield next;
},
function * noRedirectUriClients(next) {

@@ -432,5 +434,7 @@ const oidc = this.oidc;

this.oidc.redirectUriCheckPerformed = true;
this.assert(this.oidc.client.redirectUriAllowed(this.oidc.params.redirect_uri),
new errors.RedirectUriMismatchError());
yield next;

@@ -437,0 +441,0 @@ },

@@ -21,2 +21,3 @@ 'use strict';

Object.defineProperty(this, 'authorization', { writable: true });
Object.defineProperty(this, 'redirectUriCheckPerformed', { writable: true });
this.uuid = uuid();

@@ -23,0 +24,0 @@ }

'use strict';
const errors = require('../helpers/errors');
const formPost = require('../helpers/form_post');

@@ -10,4 +11,17 @@ const redirectUri = require('../helpers/redirect_uri');

yield next;
} catch (err) {
} catch (caught) {
let err = caught;
const out = {};
let params;
params = this.oidc.params;
params = params || (this.method === 'POST' ? this.request.body : this.query) ||
/* istanbul ignore next */ {};
if (this.oidc.client && params.redirect_uri && !this.oidc.redirectUriCheckPerformed) {
if (!this.oidc.client.redirectUriAllowed(params.redirect_uri)) {
err = new errors.RedirectUriMismatchError();
}
}
this.status = err.statusCode || 500;

@@ -27,10 +41,2 @@

provider.emit(out.error === 'server_error' ?
'server_error' : 'authorization.error', err, this);
let params;
params = this.oidc.params;
params = params || (this.method === 'POST' ? this.request.body : this.query) ||
/* istanbul ignore next */ {};
if (params.state !== undefined) {

@@ -40,4 +46,8 @@ out.state = params.state;

provider.emit(out.error === 'server_error' ?
'server_error' : 'authorization.error', err, this);
// redirect uri error should render instead of redirect to uri
if (err.message === 'redirect_uri_mismatch' || !params.redirect_uri) {
if (!params.client_id || !params.redirect_uri ||
err.message === 'redirect_uri_mismatch' || err.message === 'invalid_client') {
const renderError = provider.configuration('renderError');

@@ -44,0 +54,0 @@ return renderError(this, out);

@@ -60,3 +60,3 @@ {

},
"version": "0.10.1",
"version": "0.10.2",
"files": [

@@ -63,0 +63,0 @@ "lib"

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc