openid-client
Advanced tools
Comparing version 1.3.0 to 1.3.1
@@ -11,4 +11,2 @@ # openid-client CHANGELOG | ||
- [Version 1.1.0](#version-110) | ||
- [Version 1.0.2](#version-102) | ||
- [Version 1.0.1](#version-101) | ||
- [Version 1.0.0](#version-100) | ||
@@ -21,2 +19,7 @@ - [Migrating from 0.x to 1.0](#migrating-from-0x-to-10) | ||
## Version 1.3.0 | ||
### Version 1.3.1 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.3.0...v1.3.1) | ||
- added error messages when expected response is missing | ||
### Version 1.3.0 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.2.0...v1.3.0) | ||
@@ -34,11 +37,12 @@ - added `#requestObject` method to Client to return signed and/or encrypted Request Object | ||
## Version 1.0.2 | ||
## Version 1.0.0 | ||
### Version 1.0.2 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.0.1...v1.0.2) | ||
- fixed signed userinfo response validation in case iss, aud and similar ID Token claims are missing | ||
## Version 1.0.1 | ||
### Version 1.0.1 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.0.0...v1.0.1) | ||
- Updated uuid dependency | ||
## Version 1.0.0 | ||
### Version 1.0.0 | ||
RP test tools are passing, no changes required from the library, API is declared stable, hence 1.0.0 | ||
@@ -45,0 +49,0 @@ release. |
@@ -17,2 +17,3 @@ 'use strict'; | ||
const gotErrorHandler = require('./got_error_handler'); | ||
const expectResponse = require('./expect_response'); | ||
const TokenSet = require('./token_set'); | ||
@@ -135,6 +136,9 @@ const OpenIdConnectError = require('./open_id_connect_error'); | ||
constructor(metadata, keystore) { | ||
_.forEach(_.defaults(_.pick(metadata, CLIENT_METADATA), CLIENT_DEFAULTS), (value, key) => { | ||
instance(this)[key] = value; | ||
}); | ||
const recognized = _.chain(metadata) | ||
.pick(CLIENT_METADATA) | ||
.defaults(CLIENT_DEFAULTS) | ||
.value(); | ||
_.forEach(recognized, (value, key) => { instance(this)[key] = value; }); | ||
if (keystore !== undefined) { | ||
@@ -467,2 +471,3 @@ assert(jose.JWK.isKeyStore(keystore), 'keystore must be an instance of jose.JWK.KeyStore'); | ||
return got[verb](this.issuer.userinfo_endpoint, this.issuer.httpOptions(httpOptions)) | ||
.then(expectResponse(200)) | ||
.then((response) => { | ||
@@ -586,4 +591,4 @@ if (JWT_CONTENT.exec(response.headers['content-type'])) { | ||
return Promise.resolve(this.grantAuth()) | ||
.then(auth => got.post(endpoint, this.issuer.httpOptions(_.merge(httpOptions, auth))) | ||
.then(success, gotErrorHandler)); | ||
.then(auth => got.post(endpoint, this.issuer.httpOptions(_.merge(httpOptions, auth))) | ||
.then(success, gotErrorHandler)); | ||
} | ||
@@ -608,3 +613,8 @@ | ||
if (!alg) { | ||
const algz = _.uniq(_.flatten(_.map(instance(this).keystore.all(), key => key.algorithms('sign')))); | ||
const algz = _.chain(instance(this).keystore.all()) | ||
.map(key => key.algorithms('sign')) | ||
.flatten() | ||
.uniq() | ||
.value(); | ||
alg = _.find(this.issuer.token_endpoint_auth_signing_alg_values_supported, | ||
@@ -685,7 +695,9 @@ signAlg => algz.indexOf(signAlg) !== -1); | ||
headers: { 'Content-Type': 'application/json' }, | ||
})).then(response => new this(JSON.parse(response.body), keystore), gotErrorHandler); | ||
})) | ||
.then(expectResponse(201)) | ||
.then(response => new this(JSON.parse(response.body), keystore), gotErrorHandler); | ||
} | ||
get metadata() { | ||
return _.omitBy(_.pick(this, CLIENT_METADATA), _.isUndefined); | ||
return _.chain(this).pick(CLIENT_METADATA).omitBy(_.isUndefined).value(); | ||
} | ||
@@ -696,3 +708,5 @@ | ||
headers: { Authorization: bearer(token) }, | ||
})).then(response => new this(JSON.parse(response.body)), gotErrorHandler); | ||
})) | ||
.then(expectResponse(200)) | ||
.then(response => new this(JSON.parse(response.body)), gotErrorHandler); | ||
} | ||
@@ -699,0 +713,0 @@ |
@@ -7,4 +7,4 @@ 'use strict'; | ||
module.exports = function gotErrorHandler(err) { | ||
if (isStandardError(err)) throw new OpenIdConnectError(err.response.body); | ||
if (isStandardError(err)) throw new OpenIdConnectError(err.response.body, err.response); | ||
throw err; | ||
}; |
@@ -21,2 +21,3 @@ 'use strict'; | ||
const registry = require('./issuer_registry'); | ||
const expectResponse = require('./expect_response'); | ||
const webfingerNormalize = require('./webfinger_normalize'); | ||
@@ -42,6 +43,9 @@ | ||
constructor(metadata) { | ||
_.forEach(_.defaults(_.pick(metadata, ISSUER_METADATA), ISSUER_DEFAULTS), (value, key) => { | ||
instance(this)[key] = value; | ||
}); | ||
const recognized = _.chain(metadata) | ||
.pick(ISSUER_METADATA) | ||
.defaults(ISSUER_DEFAULTS) | ||
.value(); | ||
_.forEach(recognized, (value, key) => { instance(this)[key] = value; }); | ||
instance(this).cache = new LRU({ max: 100 }); | ||
@@ -77,9 +81,10 @@ | ||
return got(this.jwks_uri, this.httpOptions()) | ||
.then(response => JSON.parse(response.body), gotErrorHandler) | ||
.then(jwks => jose.JWK.asKeyStore(jwks)) | ||
.then((joseKeyStore) => { | ||
lookupCache.set('throttle', true, 60 * 1000); | ||
instance(this).keystore = joseKeyStore; | ||
return joseKeyStore; | ||
}); | ||
.then(expectResponse(200)) | ||
.then(response => JSON.parse(response.body), gotErrorHandler) | ||
.then(jwks => jose.JWK.asKeyStore(jwks)) | ||
.then((joseKeyStore) => { | ||
lookupCache.set('throttle', true, 60 * 1000); | ||
instance(this).keystore = joseKeyStore; | ||
return joseKeyStore; | ||
}); | ||
} | ||
@@ -117,4 +122,6 @@ | ||
const opts = { query, followRedirect: true }; | ||
const webfingerUrl = `https://${host}${WEBFINGER}`; | ||
return got(`https://${host}${WEBFINGER}`, this.httpOptions(opts)) | ||
return got(webfingerUrl, this.httpOptions(opts)) | ||
.then(expectResponse(200)) | ||
.then(response => JSON.parse(response.body)) | ||
@@ -145,2 +152,3 @@ .then((body) => { | ||
return got(wellKnownUri, this.httpOptions()) | ||
.then(expectResponse(200)) | ||
.then(response => new this(JSON.parse(response.body)), gotErrorHandler); | ||
@@ -147,0 +155,0 @@ } |
@@ -5,10 +5,15 @@ 'use strict'; | ||
module.exports = createErrorClass('OpenIdConnectError', function stdError(response) { | ||
module.exports = createErrorClass('OpenIdConnectError', function stdError(body, response) { | ||
if (response) { | ||
Object.defineProperty(this, 'response', { | ||
value: response, | ||
}); | ||
} | ||
Object.assign(this, { | ||
message: response.error, | ||
error: response.error, | ||
error_description: response.error_description, | ||
state: response.state, | ||
scope: response.scope, | ||
message: body.error, | ||
error: body.error, | ||
error_description: body.error_description, | ||
state: body.state, | ||
scope: body.scope, | ||
}); | ||
}); |
{ | ||
"name": "openid-client", | ||
"version": "1.3.0", | ||
"version": "1.3.1", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js", | ||
@@ -24,3 +24,7 @@ "main": "lib/index.js", | ||
"oidc", | ||
"auth", | ||
"authentication", | ||
"identity", | ||
"oauth", | ||
"certified", | ||
"oauth2" | ||
@@ -27,0 +31,0 @@ ], |
@@ -12,2 +12,3 @@ # openid-client | ||
- [Implemented specs & features](#implemented-specs--features) | ||
- [Certification](#certification) | ||
- [Example](#example) | ||
@@ -53,2 +54,10 @@ - [Get started](#get-started) | ||
## Certification | ||
[![OpenId Certification][openid-certified-logo]][openid-certified-link] | ||
[OpenID Certified™][openid-certified-link] by Filip Skokan to the RP Basic, RP Implicit, RP Hybrid, | ||
RP Config and RP Dynamic profiles of the OpenID Connect™ protocol. | ||
## Example | ||
@@ -384,1 +393,3 @@ Head over to the example folder to see the library in use. This example is deployed and configured | ||
[signed-userinfo]: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse | ||
[openid-certified-link]: http://openid.net/certification/ | ||
[openid-certified-logo]: https://cdn.rawgit.com/panva/node-openid-client/master/OpenID_Certified.png |
58088
16
1066
393
2