openid-client - npm Package Compare versions

Comparing version 1.5.0 to 1.5.1

CHANGELOG.md

@@ -20,2 +20,7 @@ # openid-client CHANGELOG
 ## Version 1.5.0
+### Version 1.5.1
+- [DIFF](https://github.com/panva/node-openid-client/compare/v1.5.0...v1.5.1)
+- fixed client_assertion aud claim for `_jwt` auth methods when used in introspection and revocation
+
+### Version 1.5.0
 - [DIFF](https://github.com/panva/node-openid-client/compare/v1.4.0...v1.5.0)
@@ -22,0 +27,0 @@ - added a passport.js strategy

lib/client.js

@@ -546,3 +546,4 @@ 'use strict';
   grant(body) {
-    return this.authenticatedPost(this.issuer.token_endpoint, { body },
+    assert(this.issuer.token_endpoint, 'issuer must be configured with token endpoint');
+    return this.authenticatedPost('token', { body },
       response => new TokenSet(JSON.parse(response.body)));
@@ -552,23 +553,17 @@ }
   revoke(token, hint) {
-    assert(this.issuer.revocation_endpoint || this.issuer.token_revocation_endpoint,
-      'issuer must be configured with revocation endpoint');
+    assert(this.issuer.revocation_endpoint, 'issuer must be configured with revocation endpoint');
     assert(!hint || typeof hint === 'string', 'hint must be a string');
-    const endpoint = this.issuer.revocation_endpoint || this.issuer.token_revocation_endpoint;
 
     const body = { token };
     if (hint) body.token_type_hint = hint;
-    return this.authenticatedPost(endpoint, { body },
-      response => JSON.parse(response.body));
+    return this.authenticatedPost('revocation', { body }, response => JSON.parse(response.body));
   }
 
   introspect(token, hint) {
-    assert(this.issuer.introspection_endpoint || this.issuer.token_introspection_endpoint,
-      'issuer must be configured with introspection endpoint');
+    assert(this.issuer.introspection_endpoint, 'issuer must be configured with introspection endpoint');
     assert(!hint || typeof hint === 'string', 'hint must be a string');
-    const endpoint = this.issuer.introspection_endpoint || this.issuer.token_introspection_endpoint;
 
     const body = { token };
     if (hint) body.token_type_hint = hint;
-    return this.authenticatedPost(endpoint, { body },
-      response => JSON.parse(response.body));
+    return this.authenticatedPost('introspection', { body }, response => JSON.parse(response.body));
   }
@@ -610,4 +605,4 @@
   authenticatedPost(endpoint, httpOptions, success) {
-    return Promise.resolve(this.grantAuth())
-      .then(auth => got.post(endpoint, this.issuer.httpOptions(_.merge(httpOptions, auth)))
+    return Promise.resolve(this.authFor(endpoint))
+      .then(auth => got.post(this.issuer[`${endpoint}_endpoint`], this.issuer.httpOptions(_.merge(httpOptions, auth)))
       .then(success, gotErrorHandler));
@@ -657,3 +652,3 @@ }
 
-  grantAuth() {
+  authFor(endpoint) {
     switch (this.token_endpoint_auth_method) {
@@ -678,3 +673,3 @@ case 'none' :
           sub: this.client_id,
-          aud: this.issuer.token_endpoint,
+          aud: this.issuer[`${endpoint}_endpoint`],
         })).final().then((client_assertion) => { // eslint-disable-line camelcase, arrow-body-style
@@ -817,2 +812,8 @@ return { body: {
 
+Object.defineProperty(Client.prototype, 'grantAuth', {
+  get: util.deprecate(/* istanbul ignore next */ function grantAuth() {
+    return this.authFor('token');
+  }, 'client#grantAuth is deprecated'),
+});
+
 CLIENT_METADATA.forEach((prop) => {
@@ -819,0 +820,0 @@ Object.defineProperty(Client.prototype, prop, {

lib/consts.js

@@ -16,2 +16,3 @@ const pkg = require('../package.json');
   'claim_types_supported',
+  'code_challenge_methods_supported',
   'end_session_endpoint',
@@ -18,0 +19,0 @@ 'grant_types_supported',

lib/issuer.js

@@ -47,2 +47,10 @@ 'use strict';
 
+    if (!recognized.introspection_endpoint && recognized.token_introspection_endpoint) {
+      recognized.introspection_endpoint = recognized.token_introspection_endpoint;
+    }
+
+    if (!recognized.revocation_endpoint && recognized.token_revocation_endpoint) {
+      recognized.revocation_endpoint = recognized.token_revocation_endpoint;
+    }
+
     _.forEach(recognized, (value, key) => { instance(this)[key] = value; });
@@ -49,0 +57,0 @@

package.json

 {
   "name": "openid-client",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

README.md

@@ -56,8 +56,8 @@ # openid-client
 ## Certification
-[![OpenId Certification][openid-certified-logo]][openid-certified-link]
+[<img width="184" height="96" align="right" src="https://cdn.rawgit.com/panva/node-openid-client/38cf016b/OpenID_Certified.png" alt="OpenID Certification">][openid-certified-link]  
+Filip Skokan has [certified][openid-certified-link] that [openid-client][npm-url]
+conforms to the RP Basic, RP Implicit, RP Hybrid, RP Config and RP Dynamic profiles
+of the OpenID Connect™ protocol.
 
-[OpenID Certified™][openid-certified-link] by Filip Skokan to the RP Basic, RP Implicit, RP Hybrid,
-RP Config and RP Dynamic profiles of the OpenID Connect™ protocol.
 
-
 ## Example
@@ -64,0 +64,0 @@ Head over to the example folder to see the library in use. This example is deployed and configured

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

67744

increased by1.16%

Lines of code

1214

increased by0.58%

No dependency changes