openid-client
Advanced tools
Comparing version 0.3.0 to 0.4.0
Following semver, 1.0.0 will mark the first API stable release and commence of this file, | ||
until then please use the compare views of github for reference. | ||
- https://github.com/panva/node-openid-client/compare/v0.3.0...v0.4.0 | ||
- built-in signed and/or encrypted userinfo handling | ||
- authorizationCallback handling of implicit and hybrid responses | ||
- https://github.com/panva/node-openid-client/compare/v0.2.0...v0.3.0 | ||
@@ -5,0 +8,0 @@ - encrypted userinfo and idtoken response handling |
@@ -81,9 +81,27 @@ 'use strict'; | ||
return this.grant({ | ||
grant_type: 'authorization_code', | ||
code: params.code, | ||
redirect_uri: redirectUri, | ||
}) | ||
.then(tokenset => this.decryptIdToken(tokenset, 'id_token')) | ||
.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token')); | ||
let promise; | ||
if (params.id_token) { | ||
promise = Promise.resolve(new TokenSet(params)) | ||
.then(tokenset => this.decryptIdToken(tokenset, 'id_token')) | ||
.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token')); | ||
} | ||
if (params.code) { | ||
const grantCall = () => this.grant({ | ||
grant_type: 'authorization_code', | ||
code: params.code, | ||
redirect_uri: redirectUri, | ||
}) | ||
.then(tokenset => this.decryptIdToken(tokenset, 'id_token')) | ||
.then(tokenset => this.validateIdToken(tokenset, toCheck.nonce, 'id_token')); | ||
if (promise) { | ||
promise = promise.then(grantCall); | ||
} else { | ||
return grantCall(); | ||
} | ||
} | ||
return promise; | ||
} | ||
@@ -94,3 +112,3 @@ | ||
(use === 'userinfo' && !this.userinfo_encrypted_response_alg) || | ||
!this.id_token_encrypted_response_alg | ||
(use === 'id_token' && !this.id_token_encrypted_response_alg) | ||
) { | ||
@@ -201,3 +219,3 @@ return token; | ||
if (payloadObject.at_hash && token.access_token) { | ||
if (payloadObject.at_hash) { | ||
assert.equal(payloadObject.at_hash, tokenHash(token.access_token, headerObject.alg), | ||
@@ -207,3 +225,3 @@ 'at_hash mismatch'); | ||
if (payloadObject.c_hash && token.code) { | ||
if (payloadObject.c_hash) { | ||
assert.equal(payloadObject.c_hash, tokenHash(token.code, headerObject.alg), | ||
@@ -270,11 +288,16 @@ 'c_hash mismatch'); | ||
return got[verb](this.issuer.userinfo_endpoint, this.issuer.httpOptions( | ||
httpOptions | ||
)).then(response => { | ||
if (JWT_CONTENT.exec(response.headers['content-type'])) { | ||
return response.body; | ||
} | ||
return got[verb](this.issuer.userinfo_endpoint, this.issuer.httpOptions(httpOptions)) | ||
.then(response => { | ||
if (JWT_CONTENT.exec(response.headers['content-type'])) { | ||
return Promise.resolve(response.body) | ||
.then(jwt => this.decryptIdToken(jwt, 'userinfo')) | ||
.then(jwt => { | ||
if (!this.userinfo_signed_response_alg) return JSON.parse(jwt); | ||
return this.validateIdToken(jwt, null, 'userinfo') | ||
.then(valid => JSON.parse(base64url.decode(valid.split('.')[1]))); | ||
}); | ||
} | ||
return JSON.parse(response.body); | ||
}, gotErrorHandler); | ||
return JSON.parse(response.body); | ||
}, gotErrorHandler); | ||
} | ||
@@ -281,0 +304,0 @@ |
@@ -23,4 +23,4 @@ 'use strict'; | ||
const digest = crypto.createHash(hashingAlg).update(token).digest('hex'); | ||
const digest = crypto.createHash(hashingAlg).update(String(token)).digest('hex'); | ||
return base64url(new Buffer(digest.slice(0, digest.length / 2), 'hex')); | ||
}; |
{ | ||
"name": "openid-client", | ||
"version": "0.3.0", | ||
"version": "0.4.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js", | ||
@@ -38,6 +38,7 @@ "main": "lib/index.js", | ||
"koa": "^1.2.0", | ||
"koa-body": "^1.4.0", | ||
"koa-ejs": "^3.0.0", | ||
"koa-router": "^5.4.0", | ||
"koa-session": "^3.3.1", | ||
"mocha": "^2.5.3", | ||
"mocha": "^3.0.0", | ||
"nock": "^8.0.0", | ||
@@ -44,0 +45,0 @@ "sinon": "^1.17.4" |
# openid-client | ||
[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url] [![npm][npm-image]][npm-url] [![licence][licence-image]][licence-url] | ||
[![build][travis-image]][travis-url] [![dependencies][david-image]][david-url] [![codecov][codecov-image]][codecov-url] [![npm][npm-image]][npm-url] [![licence][licence-image]][licence-url] | ||
@@ -182,19 +182,7 @@ openid-client is a server side [OpenID][openid-connect] Relying Party (RP, Client) implementation for | ||
receiving [signed userinfo][signed-userinfo] responses? validate using the library, then safely | ||
decode yourself; make sure you have `userinfo_signed_response_alg` set on the client, defaults to | ||
`undefined` (expecting a json response). | ||
```js | ||
client.userinfo(accessToken) | ||
.then(jwt => client.validateIdToken(jwt, null, 'userinfo')); // => resolves with validated JWT | ||
``` | ||
userinfo also handles (as long as you have the proper metadata configured) responses that are: | ||
- signed | ||
- signed and encrypted (nested JWT) | ||
- just encrypted | ||
receiving [signed and encrypted userinfo][signed-userinfo] responses? decrypt and validate using the | ||
library, then safely decode yourself; additional to `userinfo_signed_response_alg` you must also | ||
have `userinfo_encrypted_response_alg` and `userinfo_encrypted_response_enc` set on the client | ||
```js | ||
client.userinfo(accessToken) | ||
.then(jwt => client.decryptIdToken(jwt, 'userinfo')) | ||
.then(jwt => client.validateIdToken(jwt, null, 'userinfo')); // => resolves with decrypted and validated JWT | ||
``` | ||
### Custom token endpoint grants | ||
@@ -249,2 +237,4 @@ Use when the token endpoint also supports client_credentials or password grants; | ||
[travis-url]: https://travis-ci.org/panva/node-openid-client | ||
[david-image]: https://img.shields.io/david/panva/node-openid-client.svg?style=flat-square&maxAge=7200 | ||
[david-url]: https://david-dm.org/panva/node-openid-client | ||
[codecov-image]: https://img.shields.io/codecov/c/github/panva/node-openid-client/master.svg?style=flat-square&maxAge=7200 | ||
@@ -251,0 +241,0 @@ [codecov-url]: https://codecov.io/gh/panva/node-openid-client |
34608
668
13
254