openid-client - npm Package Compare versions

openid-client

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.3.0 to 0.4.0

CHANGELOG.md

		Following semver, 1.0.0 will mark the first API stable release and commence of this file,
		until then please use the compare views of github for reference.

		- https://github.com/panva/node-openid-client/compare/v0.3.0...v0.4.0
		- built-in signed and/or encrypted userinfo handling
		- authorizationCallback handling of implicit and hybrid responses
		- https://github.com/panva/node-openid-client/compare/v0.2.0...v0.3.0
		@@ -5,0 +8,0 @@ - encrypted userinfo and idtoken response handling

lib/base_client.js

		@@ -81,9 +81,27 @@ 'use strict';

		return this.grant({
		grant_type: 'authorization_code',
		code: params.code,
		redirect_uri: redirectUri,
		})
		.then(tokenset => this.decryptIdToken(tokenset, 'id_token'))
		.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token'));
		let promise;

		if (params.id_token) {
		promise = Promise.resolve(new TokenSet(params))
		.then(tokenset => this.decryptIdToken(tokenset, 'id_token'))
		.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token'));
		}

		if (params.code) {
		const grantCall = () => this.grant({
		grant_type: 'authorization_code',
		code: params.code,
		redirect_uri: redirectUri,
		})
		.then(tokenset => this.decryptIdToken(tokenset, 'id_token'))
		.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token'));

		if (promise) {
		promise = promise.then(grantCall);
		} else {
		return grantCall();
		}
		}

		return promise;
		}
		@@ -94,3 +112,3 @@
		(use === 'userinfo' && !this.userinfo_encrypted_response_alg) \|\|
		!this.id_token_encrypted_response_alg
		(use === 'id_token' && !this.id_token_encrypted_response_alg)
		) {
		@@ -201,3 +219,3 @@ return token;

		if (payloadObject.at_hash && token.access_token) {
		if (payloadObject.at_hash) {
		assert.equal(payloadObject.at_hash, tokenHash(token.access_token, headerObject.alg),
		@@ -207,3 +225,3 @@ 'at_hash mismatch');

		if (payloadObject.c_hash && token.code) {
		if (payloadObject.c_hash) {
		assert.equal(payloadObject.c_hash, tokenHash(token.code, headerObject.alg),
		@@ -270,11 +288,16 @@ 'c_hash mismatch');

		return got[verb](this.issuer.userinfo_endpoint, this.issuer.httpOptions(
		httpOptions
		)).then(response => {
		if (JWT_CONTENT.exec(response.headers['content-type'])) {
		return response.body;
		}
		return got[verb](this.issuer.userinfo_endpoint, this.issuer.httpOptions(httpOptions))
		.then(response => {
		if (JWT_CONTENT.exec(response.headers['content-type'])) {
		return Promise.resolve(response.body)
		.then(jwt => this.decryptIdToken(jwt, 'userinfo'))
		.then(jwt => {
		if (!this.userinfo_signed_response_alg) return JSON.parse(jwt);
		return this.validateIdToken(jwt, null, 'userinfo')
		.then(valid => JSON.parse(base64url.decode(valid.split('.')[1])));
		});
		}

		return JSON.parse(response.body);
		}, gotErrorHandler);
		return JSON.parse(response.body);
		}, gotErrorHandler);
		}
		@@ -281,0 +304,0 @@

lib/token_hash.js

		@@ -23,4 +23,4 @@ 'use strict';

		const digest = crypto.createHash(hashingAlg).update(token).digest('hex');
		const digest = crypto.createHash(hashingAlg).update(String(token)).digest('hex');
		return base64url(new Buffer(digest.slice(0, digest.length / 2), 'hex'));
		};

package.json

		{
		"name": "openid-client",
		"version": "0.3.0",
		"version": "0.4.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js",
		@@ -38,6 +38,7 @@ "main": "lib/index.js",
		"koa": "^1.2.0",
		"koa-body": "^1.4.0",
		"koa-ejs": "^3.0.0",
		"koa-router": "^5.4.0",
		"koa-session": "^3.3.1",
		"mocha": "^2.5.3",
		"mocha": "^3.0.0",
		"nock": "^8.0.0",
		@@ -44,0 +45,0 @@ "sinon": "^1.17.4"

README.md

		# openid-client

		[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url] [![npm][npm-image]][npm-url] [![licence][licence-image]][licence-url]
		[![build][travis-image]][travis-url] [![dependencies][david-image]][david-url] [![codecov][codecov-image]][codecov-url] [![npm][npm-image]][npm-url] [![licence][licence-image]][licence-url]

		@@ -182,19 +182,7 @@ openid-client is a server side [OpenID][openid-connect] Relying Party (RP, Client) implementation for

		receiving [signed userinfo][signed-userinfo] responses? validate using the library, then safely
		decode yourself; make sure you have `userinfo_signed_response_alg` set on the client, defaults to
		`undefined` (expecting a json response).
		```js
		client.userinfo(accessToken)
		.then(jwt => client.validateIdToken(jwt, null, 'userinfo')); // => resolves with validated JWT
		```
		userinfo also handles (as long as you have the proper metadata configured) responses that are:
		- signed
		- signed and encrypted (nested JWT)
		- just encrypted

		receiving [signed and encrypted userinfo][signed-userinfo] responses? decrypt and validate using the
		library, then safely decode yourself; additional to `userinfo_signed_response_alg` you must also
		have `userinfo_encrypted_response_alg` and `userinfo_encrypted_response_enc` set on the client
		```js
		client.userinfo(accessToken)
		.then(jwt => client.decryptIdToken(jwt, 'userinfo'))
		.then(jwt => client.validateIdToken(jwt, null, 'userinfo')); // => resolves with decrypted and validated JWT
		```

		### Custom token endpoint grants
		@@ -249,2 +237,4 @@ Use when the token endpoint also supports client_credentials or password grants;
		[travis-url]: https://travis-ci.org/panva/node-openid-client
		[david-image]: https://img.shields.io/david/panva/node-openid-client.svg?style=flat-square&maxAge=7200
		[david-url]: https://david-dm.org/panva/node-openid-client
		[codecov-image]: https://img.shields.io/codecov/c/github/panva/node-openid-client/master.svg?style=flat-square&maxAge=7200
		@@ -251,0 +241,0 @@ [codecov-url]: https://codecov.io/gh/panva/node-openid-client

Improved metrics

Worsened metrics