openid-client
Advanced tools
Comparing version 1.0.2 to 1.1.0
@@ -8,2 +8,3 @@ # openid-client CHANGELOG | ||
<!-- TOC START min:2 max:2 link:true update:true --> | ||
- [Version 1.1.0](#version-110) | ||
- [Version 1.0.2](#version-102) | ||
@@ -17,2 +18,7 @@ - [Version 1.0.1](#version-101) | ||
## Version 1.1.0 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.0.2...v1.1.0) | ||
- fixed unpacking aggregated claims with alg=none and no iss claim | ||
- fetching distributed claims now expects a JWT response, previously expected invalid OP responses | ||
## Version 1.0.2 | ||
@@ -19,0 +25,0 @@ - [DIFF](https://github.com/panva/node-openid-client/compare/v1.0.1...v1.0.2) |
@@ -56,3 +56,6 @@ 'use strict'; | ||
function getFromJWT(jwt, position, claim) { | ||
const parsed = JSON.parse(base64url.decode(jwt.split('.')[position])); | ||
assert.equal(typeof jwt, 'string', 'invalid JWT type, expected a string'); | ||
const parts = jwt.split('.'); | ||
assert.equal(parts.length, 3, 'invalid JWT format, expected three parts'); | ||
const parsed = JSON.parse(base64url.decode(parts[position])); | ||
return typeof claim === 'undefined' ? parsed : parsed[claim]; | ||
@@ -73,2 +76,6 @@ } | ||
function getPayload(jwt) { | ||
return getFromJWT(jwt, 1); | ||
} | ||
function assignErrSrc(sourceName) { | ||
@@ -100,2 +107,27 @@ return (err) => { | ||
function claimJWT(jwt) { | ||
try { | ||
const iss = getIss(jwt); | ||
const keyDef = getHeader(jwt); | ||
assert(keyDef.alg, 'claim source is missing JWT header alg property'); | ||
if (keyDef.alg === 'none') return Promise.resolve(getPayload(jwt)); | ||
const getKey = (() => { | ||
if (!iss || iss === this.issuer.issuer) { | ||
return this.issuer.key(keyDef); | ||
} else if (issuerRegistry.has(iss)) { | ||
return issuerRegistry.get(iss).key(keyDef); | ||
} | ||
return this.issuer.constructor.discover(iss).then(issuer => issuer.key(keyDef)); | ||
})(); | ||
return getKey | ||
.then(key => jose.JWS.createVerify(key).verify(jwt)) | ||
.then(result => JSON.parse(result.payload)); | ||
} catch (error) { | ||
return Promise.reject(error); | ||
} | ||
} | ||
class BaseClient { | ||
@@ -527,7 +559,8 @@ constructor(metadata, keystore) { | ||
return got(def.endpoint, this.issuer.httpOptions(opts)).then((response) => { | ||
const data = JSON.parse(response.body); | ||
delete claims._claim_sources[sourceName]; | ||
_.forEach(claims._claim_names, assignClaim(claims, data, sourceName)); | ||
}, gotErrorHandler).catch(assignErrSrc(sourceName)); | ||
return got(def.endpoint, this.issuer.httpOptions(opts)) | ||
.then(response => claimJWT.call(this, response.body), gotErrorHandler) | ||
.then((data) => { | ||
delete claims._claim_sources[sourceName]; | ||
_.forEach(claims._claim_names, assignClaim(claims, data, sourceName)); | ||
}).catch(assignErrSrc(sourceName)); | ||
})).then(() => cleanUpClaims(claims)); | ||
@@ -540,25 +573,10 @@ } | ||
return Promise.all(_.map(aggregatedSources, (def, sourceName) => { | ||
let getKey; | ||
try { | ||
const iss = getIss(def.JWT); | ||
const keyDef = getHeader(def.JWT); | ||
const decoded = claimJWT.call(this, def.JWT); | ||
if (issuerRegistry.has(iss)) { | ||
getKey = issuerRegistry.get(iss).key(keyDef); | ||
} else { | ||
getKey = this.issuer.constructor.discover(iss).then(issuer => issuer.key(keyDef)); | ||
} | ||
} catch (error) { | ||
getKey = Promise.reject(error); | ||
} | ||
return getKey.then(key => jose.JWS.createVerify(key).verify(def.JWT)) | ||
.then(result => JSON.parse(result.payload)) | ||
.then((data) => { | ||
delete claims._claim_sources[sourceName]; | ||
_.forEach(claims._claim_names, assignClaim(claims, data, sourceName)); | ||
}).catch(assignErrSrc(sourceName)); | ||
return decoded.then((data) => { | ||
delete claims._claim_sources[sourceName]; | ||
_.forEach(claims._claim_names, assignClaim(claims, data, sourceName)); | ||
}).catch(assignErrSrc(sourceName)); | ||
})).then(() => cleanUpClaims(claims)); | ||
} | ||
/* eslint-enable no-underscore-dangle */ | ||
@@ -565,0 +583,0 @@ |
{ | ||
"name": "openid-client", | ||
"version": "1.0.2", | ||
"version": "1.1.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
52163
960