Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

oidc-provider

Package Overview
Dependencies
Maintainers
1
Versions
339
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

oidc-provider - npm Package Compare versions

Comparing version 0.11.1 to 0.11.2

lib/actions/authorization/check_pixy.js

1

lib/actions/authorization.js

@@ -34,2 +34,3 @@ 'use strict';

stack.checkRedirectUri,
stack.checkPixy,
stack.assignDefaults,

@@ -36,0 +37,0 @@ stack.checkClaims(provider),

1

lib/actions/authorization/index.js

@@ -21,2 +21,3 @@ 'use strict';

module.exports.respond = require('./respond');
module.exports.checkPixy = require('./check_pixy');
module.exports.processResponseTypes = require('./process_response_types');

2

lib/actions/authorization/process_response_types.js

@@ -34,2 +34,4 @@ 'use strict';

clientId: this.oidc.client.clientId,
codeChallenge: this.oidc.params.code_challenge,
codeChallengeMethod: this.oidc.params.code_challenge_method,
grantId: this.oidc.uuid,

@@ -36,0 +38,0 @@ nonce: this.oidc.params.nonce,

26

lib/actions/token/authorization_code.js
'use strict';
const _ = require('lodash');
const assert = require('assert');
const base64url = require('base64url');
const crypto = require('crypto');
const errors = require('../../helpers/errors');

@@ -18,5 +21,21 @@ const presence = require('../../helpers/validate_presence');

// PKCE check
if (code.codeChallenge) {
try {
assert(this.oidc.params.code_verifier);
let expected = this.oidc.params.code_verifier;
if (code.codeChallengeMethod === 'S256') {
expected = base64url(crypto.createHash('sha256').update(expected).digest());
}
assert.equal(code.codeChallenge, expected);
} catch (err) {
this.throw(new errors.InvalidGrantError('PKCE verification failed'));
}
}
try {
this.assert(!code.consumed,
new errors.InvalidGrantError('authorization code already consumed'));
new errors.InvalidGrantError('authorization code already consumed'));

@@ -77,4 +96,3 @@ yield code.consume();

const token = new IdToken(Object.assign({}, account.claims(), {
acr: code.acr,
auth_time: code.authTime,
acr: code.acr, auth_time: code.authTime,
}), this.oidc.client.sectorIdentifier);

@@ -104,2 +122,2 @@

module.exports.parameters = ['code', 'redirect_uri'];
module.exports.parameters = ['code', 'redirect_uri', 'code_verifier'];

2

lib/consts/param_list.js

@@ -8,2 +8,4 @@ 'use strict';

'client_id',
'code_challenge',
'code_challenge_method',
'display',

@@ -10,0 +12,0 @@ 'id_token_hint',

14

lib/models/oauth_token.js
'use strict';
const IN_PAYLOAD = [
'kind',
'jti',
'nonce',
'accountId',
'clientId',
'acr',
'authTime',
'redirectUri',
'claims',
'clientId',
'codeChallenge',
'codeChallengeMethod',
'grantId',
'acr',
'jti',
'kind',
'nonce',
'redirectUri',
'scope',

@@ -15,0 +17,0 @@ 'sid',

2

package.json

@@ -64,3 +64,3 @@ {

},
"version": "0.11.1",
"version": "0.11.2",
"files": [

@@ -67,0 +67,0 @@ "lib"

2

README.md

@@ -74,2 +74,3 @@ # oidc-provider

- [OAuth 2.0 Form Post Response mode][feature-form-post]
- [RFC7636 - Proof Key for Code Exchange by OAuth Public Clients][feature-pixy]
- [RFC7009 - OAuth 2.0 Token revocation][feature-revocation]

@@ -648,2 +649,3 @@ - [RFC7662 - OAuth 2.0 Token introspection][feature-introspection]

[feature-thumbprint]: https://tools.ietf.org/html/rfc7638
[feature-pixy]: https://tools.ietf.org/html/rfc7636
[client-metadata]: http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata

@@ -650,0 +652,0 @@ [core-claims-url]: http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc