openid-client
Advanced tools
Comparing version 1.16.0 to 1.17.0
@@ -8,2 +8,3 @@ # openid-client CHANGELOG | ||
<!-- TOC START min:2 max:2 link:true update:true --> | ||
- [Version 1.17.0](#version-1170) | ||
- [Version 1.16.0](#version-1160) | ||
@@ -31,4 +32,9 @@ - [Version 1.15.0](#version-1150) | ||
## Version 1.17.0 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.16.0...v1.17.0) | ||
- now uses `client_secret_post` as default for Issuer instances that do not support | ||
`client_secret_basic` but do signal support for `client_secret_post` in their discovery document | ||
## Version 1.16.0 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.15.0...v1.15.1) | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.15.0...v1.16.0) | ||
- added `s_hash` value validation support for ID Tokens returned by authorization endpoint | ||
@@ -35,0 +41,0 @@ - fixed edge cases where valid `_hash` but from invalid sha-length was accepted |
@@ -152,2 +152,17 @@ 'use strict'; | ||
// if an OP doesnt support client_secret_basic but supports client_secret_post, use it instead | ||
// this is in place to take care of most common pitfalls when first using discovered Issuers without | ||
// the support for default values defined by Discovery 1.0 | ||
function checkBasicSupport(client, metadata, properties) { | ||
try { | ||
const supported = client.issuer.token_endpoint_auth_methods_supported; | ||
if (supported.indexOf(properties.token_endpoint_auth_method) === -1) { | ||
if (supported.indexOf('client_secret_post') !== -1) { | ||
properties.token_endpoint_auth_method = 'client_secret_post'; | ||
} | ||
} | ||
} catch (err) {} | ||
} | ||
class Client { | ||
@@ -159,4 +174,9 @@ /** | ||
constructor(metadata, keystore) { | ||
metadata = metadata || {}; // eslint-disable-line no-param-reassign | ||
const properties = Object.assign({}, CLIENT_DEFAULTS, metadata); | ||
if (!metadata.token_endpoint_auth_method) { // if no explicit value was provided | ||
checkBasicSupport(this, metadata, properties); | ||
} | ||
if (String(properties.token_endpoint_auth_method).endsWith('_jwt')) { | ||
@@ -163,0 +183,0 @@ assert( |
{ | ||
"name": "openid-client", | ||
"version": "1.16.0", | ||
"version": "1.17.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
79235
1429