openid-client - npm Package Compare versions

Comparing version 1.14.0 to 1.15.0

CHANGELOG.md

@@ -28,2 +28,7 @@ # openid-client CHANGELOG
 
+## Version 1.15.0
+- [DIFF](https://github.com/panva/node-openid-client/compare/v1.14.0...v1.15.0)
+- added support for Request Objects encrypted with symmetrical keys
+- fixed PBES2 encryption to use client_secret derived symmetrical key instead of its full octet value
+
 ## Version 1.14.0
@@ -30,0 +35,0 @@ - [DIFF](https://github.com/panva/node-openid-client/compare/v1.13.0...v1.14.0)

lib/client.js

@@ -626,4 +626,4 @@ 'use strict';
   joseSecret(alg) {
-    if (String(alg).match(/^A(128|192|256)(GCM)?KW$/)) {
-      return this.derivedKey(RegExp.$1);
+    if (String(alg).match(/^(?:A|PBES2.+)(\d{3})(GCM)?KW$/)) {
+      return this.derivedKey(parseInt(RegExp.$1, 10));
     }
@@ -944,10 +944,22 @@
 
+    let keystoreOrSecret;
+    if (fields.alg.match(/^(RSA|ECDH)/)) {
+      keystoreOrSecret = this.issuer.key({
+        alg: fields.alg,
+        enc: fields.enc,
+        use: 'enc',
+      }, true);
+    } else {
+      keystoreOrSecret = this.joseSecret(fields.alg);
+    }
+
+    if (fields.alg.startsWith('PBES2')) {
+      fields.p2s = base64url(uuid());
+      fields.p2c = 4096;
+    }
+
     /* eslint-disable arrow-body-style */
-    return this.issuer.key({
-      alg: algs.encrypt.alg,
-      enc: algs.encrypt.enc,
-      use: 'enc',
-    }, true).then((key) => {
+    return keystoreOrSecret.then((key) => {
       return signed.then((cleartext) => {
-        return jose.JWE.createEncrypt({ format, fields }, { key })
+        return jose.JWE.createEncrypt({ format, fields }, { key, reference: key.kty !== 'oct' })
           .update(cleartext)
@@ -954,0 +966,0 @@ .final();

package.json

 {
   "name": "openid-client",
-  "version": "1.14.0",
+  "version": "1.15.0",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

README.md

@@ -173,10 +173,10 @@ # openid-client
 
-// koa v1.x w/ koa-body
+// example koa v2.x w/ koa-body
 app.use(bodyParser({ patchNode: true }));
-app.use(function* (next) {
-  const params = client.callbackParams(this.request.req); // => parsed url query, url fragment or body object
+app.use(async function (ctx, next) {
+  const params = client.callbackParams(ctx.request.req); // => parsed url query, url fragment or body object
   // ...
 });
 
-// express w/ bodyParser
+// example express w/ bodyParser
 app.use(bodyParser.urlencoded({ extended: false }));
@@ -183,0 +183,0 @@ app.use(function (req, res, next) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

77286

increased by0.83%

Lines of code

1390

increased by0.72%

No dependency changes