openid-client
Advanced tools
Comparing version 1.12.1 to 1.13.0
@@ -8,2 +8,3 @@ # openid-client CHANGELOG | ||
<!-- TOC START min:2 max:2 link:true update:true --> | ||
- [Version 1.13.0](#version-1130) | ||
- [Version 1.12.0](#version-1120) | ||
@@ -27,2 +28,9 @@ - [Version 1.11.0](#version-1110) | ||
## Version 1.13.0 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.12.1...v1.13.0) | ||
- added an optional keystore argument to `Client#fromUri(uri, token, [keystore])` to pass a keystore | ||
with private asymmetrical keys | ||
- fixed keystore check during constructor `Client#new` calls to check that only private asymmetrical | ||
keys are added | ||
## Version 1.12.0 | ||
@@ -29,0 +37,0 @@ ### Version 1.12.1 |
@@ -134,2 +134,13 @@ 'use strict'; | ||
function checkStore(keystore) { | ||
assert(jose.JWK.isKeyStore(keystore), 'keystore must be an instance of jose.JWK.KeyStore'); | ||
assert(keystore.all().every((key) => { | ||
if (key.kty === 'RSA' || key.kty === 'EC') { | ||
try { key.toPEM(true); } catch (err) { return false; } | ||
return true; | ||
} | ||
return false; | ||
}), 'keystore must only contain private EC or RSA keys'); | ||
} | ||
const deprecatedKeystore = util.deprecate(keystore => keystore, | ||
@@ -173,3 +184,3 @@ 'passing keystore directly is deprecated, pass an object with keystore property instead'); | ||
if (keystore !== undefined) { | ||
assert(jose.JWK.isKeyStore(keystore), 'keystore must be an instance of jose.JWK.KeyStore'); | ||
checkStore.call(this, keystore); | ||
instance(this).keystore = keystore; | ||
@@ -842,10 +853,3 @@ } | ||
if (keystore !== undefined && !(properties.jwks || properties.jwks_uri)) { | ||
assert(jose.JWK.isKeyStore(keystore), 'keystore must be an instance of jose.JWK.KeyStore'); | ||
assert(keystore.all().every((key) => { | ||
if (key.kty === 'RSA' || key.kty === 'EC') { | ||
try { key.toPEM(true); } catch (err) { return false; } | ||
return true; | ||
} | ||
return false; | ||
}), 'keystore must only contain private EC or RSA keys'); | ||
checkStore.call(this, keystore); | ||
properties.jwks = keystore.toJSON(); | ||
@@ -875,3 +879,3 @@ } | ||
*/ | ||
static fromUri(uri, token) { | ||
static fromUri(uri, token, keystore) { | ||
return this.httpClient.get(uri, this.issuer.httpOptions({ | ||
@@ -881,3 +885,3 @@ headers: { Authorization: bearer(token) }, | ||
.then(expectResponse(200)) | ||
.then(response => new this(JSON.parse(response.body)), errorHandler.bind(this)); | ||
.then(response => new this(JSON.parse(response.body), keystore), errorHandler.bind(this)); | ||
} | ||
@@ -884,0 +888,0 @@ |
{ | ||
"name": "openid-client", | ||
"version": "1.12.1", | ||
"version": "1.13.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -97,5 +97,5 @@ # openid-client | ||
### manually (recommended) | ||
You should provide the following metadata; `client_id, client_secret`. You can also provide | ||
You should provide at least the following metadata; `client_id, client_secret`. You can also provide | ||
`id_token_signed_response_alg` (defaults to `RS256`) and `token_endpoint_auth_method` (defaults to | ||
`client_secret_basic`); | ||
`client_secret_basic`). | ||
@@ -106,5 +106,8 @@ ```js | ||
client_secret: 'TQV5U29k1gHibH5bx1layBo0OSAvAbRT3UYW3EWrSYBB5swxjVfWUa1BS8lqzxG/0v9wruMcrGadany3' | ||
}); // => Client | ||
}, [keystore]); // => Client | ||
``` | ||
`keystore` is an optional argument for instantiating a client with configured asymmetrical | ||
ID Token or UserInfo response encryption. | ||
### via registration client uri | ||
@@ -114,3 +117,3 @@ Should your oidc provider have provided you with a registration client uri and registration access | ||
```js | ||
googleIssuer.Client.fromUri(registration_client_uri, registration_access_token) // => Promise | ||
googleIssuer.Client.fromUri(registration_client_uri, registration_access_token, [keystore]) // => Promise | ||
.then(function (client) { | ||
@@ -121,2 +124,5 @@ console.log('Discovered client %s', client); | ||
`keystore` is an optional argument for instantiating a client through registration client uri | ||
with configured asymmetrical ID Token or UserInfo response encryption. | ||
## Usage | ||
@@ -123,0 +129,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
76118
1379
452