openid-client - npm Package Compare versions

Comparing version 2.2.1 to 2.3.0

CHANGELOG.md

		@@ -1,38 +0,17 @@
		# openid-client CHANGELOG
		# Change Log

		Yay for [SemVer](http://semver.org/).
		All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

		Table of Contents
		<a name="2.3.0"></a>
		# [2.3.0](https://github.com/panva/node-openid-client/compare/v2.2.1...v2.3.0) (2018-08-11)

		<!-- TOC depthFrom:2 depthTo:2 withLinks:1 updateOnSave:1 orderedList:0 -->

		- [Version 2.2.x](#version-22x)
		- [Version 2.1.x](#version-21x)
		- [Version 2.0.x](#version-20x)
		- [Version 1.20.0](#version-1200)
		- [Version 1.19.x](#version-119x)
		- [Version 1.18.x](#version-118x)
		- [Version 1.17.0](#version-1170)
		- [Version 1.16.0](#version-1160)
		- [Version 1.15.0](#version-1150)
		- [Version 1.14.0](#version-1140)
		- [Version 1.13.0](#version-1130)
		- [Version 1.12.0](#version-1120)
		- [Version 1.11.0](#version-1110)
		- [Version 1.10.0](#version-1100)
		- [Version 1.9.0](#version-190)
		- [Version 1.8.0](#version-180)
		- [Version 1.7.0](#version-170)
		- [Version 1.6.0](#version-160)
		- [Version 1.5.0](#version-150)
		- [Version 1.4.0](#version-140)
		- [Version 1.3.0](#version-130)
		- [Version 1.2.0](#version-120)
		- [Version 1.1.0](#version-110)
		- [Version 1.0.0](#version-100)
		- [Migrating from 0.x to 1.0](#migrating-from-0x-to-10)
		- [pre 1.x changelog](#pre-1x-changelog)
		### Features

		<!-- /TOC -->
		* authorization response parameter checking based on response_type ([6e0ac57](https://github.com/panva/node-openid-client/commit/6e0ac57))
		* passport strategy automatically checks response REQUIRED params ([902eeed](https://github.com/panva/node-openid-client/commit/902eeed))



		# Pre standard-version Change Log
		## Version 2.2.x
		@@ -39,0 +18,0 @@ ### Version 2.2.1

lib/client.js

		@@ -323,3 +323,11 @@ const util = require('util');

		if (checks.state !== parameters.state) {
		if (!params.state && checks.state) {
		return Promise.reject(new Error('state missing from response'));
		}

		if (params.state && !checks.state) {
		return Promise.reject(new Error('checks.state missing'));
		}

		if (checks.state !== params.state) {
		return Promise.reject(new Error('state mismatch'));
		@@ -332,2 +340,24 @@ }

		const RESPONSE_TYPE_REQUIRED_PARAMS = {
		code: ['code'],
		id_token: ['id_token'],
		token: ['access_token', 'token_type'],
		};

		if (checks.response_type) {
		for (const type of checks.response_type.split(' ')) { // eslint-disable-line no-restricted-syntax
		if (type === 'none') {
		if (params.code \|\| params.id_token \|\| params.access_token) {
		return Promise.reject(new Error('unexpected params encountered for "none" response'));
		}
		} else {
		for (const param of RESPONSE_TYPE_REQUIRED_PARAMS[type]) { // eslint-disable-line no-restricted-syntax, max-len
		if (!params[param]) {
		return Promise.reject(new Error(`${param} missing from response`));
		}
		}
		}
		}
		}

		let promise;
		@@ -373,3 +403,11 @@

		if (checks.state !== parameters.state) {
		if (!params.state && checks.state) {
		return Promise.reject(new Error('state missing from response'));
		}

		if (params.state && !checks.state) {
		return Promise.reject(new Error('checks.state missing'));
		}

		if (checks.state !== params.state) {
		return Promise.reject(new Error('state mismatch'));
		@@ -382,2 +420,25 @@ }

		const RESPONSE_TYPE_REQUIRED_PARAMS = {
		code: ['code'],
		token: ['access_token', 'token_type'],
		};

		if (checks.response_type) {
		for (const type of checks.response_type.split(' ')) { // eslint-disable-line no-restricted-syntax
		if (type === 'none') {
		if (params.code \|\| params.id_token \|\| params.access_token) {
		return Promise.reject(new Error('unexpected params encountered for "none" response'));
		}
		}

		if (RESPONSE_TYPE_REQUIRED_PARAMS[type]) {
		for (const param of RESPONSE_TYPE_REQUIRED_PARAMS[type]) { // eslint-disable-line no-restricted-syntax, max-len
		if (!params[param]) {
		return Promise.reject(new Error(`${param} missing from response`));
		}
		}
		}
		}
		}

		if (params.code) {
		@@ -384,0 +445,0 @@ return this.grant({

lib/helpers/consts.js

		@@ -33,2 +33,3 @@ const pkg = require('../../package.json');
		'error_description',
		'error_uri',
		'expires_in',
		@@ -35,0 +36,0 @@ 'id_token',

lib/passport_strategy.js

		@@ -91,3 +91,3 @@ /* eslint-disable no-underscore-dangle */

		req.session[sessionKey] = _.pick(params, 'nonce', 'state', 'max_age');
		req.session[sessionKey] = _.pick(params, 'nonce', 'state', 'max_age', 'response_type');

		@@ -115,8 +115,16 @@ if (this._usePKCE) {
		/* start authentication response */

		const session = req.session[sessionKey];
		const state = _.get(session, 'state');
		const maxAge = _.get(session, 'max_age');
		const nonce = _.get(session, 'nonce');
		const codeVerifier = _.get(session, 'code_verifier');
		if (_.isEmpty(session)) {
		this.error(new Error(util.format(
		`did not find expected authorization request details in session, req.session["${sessionKey}"] is %j`,
		session
		)));
		return;
		}

		const {
		state, nonce, max_age: maxAge, code_verifier: codeVerifier, response_type: responseType,
		} = session;

		try {
		@@ -135,2 +143,3 @@ delete req.session[sessionKey];
		code_verifier: codeVerifier,
		response_type: responseType,
		};
		@@ -173,7 +182,2 @@
		this.fail(error);
		} else if (error.message === 'state mismatch' && !state) {
		this.error(new Error(util.format(
		'state mismatch, could not find a state in the session, this is likely an environment setup issue, loaded session: %j',
		session
		)));
		} else {
		@@ -180,0 +184,0 @@ this.error(error);

package.json

		{
		"name": "openid-client",
		"version": "2.2.1",
		"version": "2.3.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
		@@ -36,2 +36,3 @@ "keywords": [
		"scripts": {
		"commitmsg": "commitlint -E GIT_PARAMS",
		"coverage": "nyc mocha",
		@@ -42,6 +43,2 @@ "lint": "eslint lib example test",
		},
		"pre-commit": [
		"coverage",
		"lint"
		],
		"dependencies": {
		@@ -58,2 +55,4 @@ "base64url": "^3.0.0",
		"devDependencies": {
		"@commitlint/cli": "^7.0.0",
		"@commitlint/config-conventional": "^7.0.1",
		"chai": "^4.1.2",
		@@ -63,2 +62,3 @@ "eslint": "^4.19.1",
		"eslint-plugin-import": "^2.12.0",
		"husky": "^0.14.3",
		"koa": "^2.5.1",
		@@ -72,3 +72,2 @@ "koa-body": "^4.0.0",
		"nyc": "^12.0.2",
		"pre-commit": "^1.2.2",
		"readable-mock-req": "^0.2.2",
		@@ -82,2 +81,7 @@ "request": "^2.87.0",
		},
		"commitlint": {
		"extends": [
		"@commitlint/config-conventional"
		]
		},
		"nyc": {
		@@ -84,0 +88,0 @@ "reporter": [

README.md

		@@ -59,3 +59,3 @@ # openid-client
		Filip Skokan has [certified][openid-certified-link] that [openid-client][npm-url]
		conforms to the RP Basic, RP Implicit, RP Hybrid, RP Config and RP Dynamic profiles
		conforms to the RP Basic, RP Implicit, RP Hybrid, RP Config, RP Dynamic and RP Form Post profiles
		of the OpenID Connect™ protocol.
		@@ -66,17 +66,7 @@

		## Sponsor
		<table>
		<tbody>
		<tr>
		<td>
		<img alt="auth0-logo" src="https://avatars.githubusercontent.com/u/2824157?s=75&v=4" style="max-width:100%;">
		</td>
		<td colspan="2">
		If you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at <a href="https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=openid-client&utm_content=auth">auth0.com/overview</a>.
		</td>
		</tr>
		</tbody>
		</table>
		<h2>Sponsor</h2>

		[<img width="65" height="65" align="left" src="https://avatars.githubusercontent.com/u/2824157?s=75&v=4" alt="auth0-logo">][sponsor-auth0] If you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at [auth0.com/overview][sponsor-auth0].<br><br>


		## Example
		@@ -171,8 +161,7 @@ Head over to the example folder to see the library in use. This example is deployed and configured

		### Processing callback with state, nonce or max_age check
		### Processing callback with required params, state, nonce or max_age checks (recommended)
		```js
		const state = session.state;
		const nonce = session.nonce;
		const { state, nonce, max_age, response_type } = session[authorizationRequestState];

		client.authorizationCallback('https://client.example.com/callback', request.query, { state, nonce, max_age }) // => Promise
		client.authorizationCallback('https://client.example.com/callback', request.query, { state, nonce, max_age, response_type }) // => Promise
		.then(function (tokenSet) {
		@@ -184,3 +173,3 @@ console.log('received and validated tokens %j', tokenSet);

		### IdP Errors - OpenIdConnectError
		### OP Errors - OpenIdConnectError
		When the OpenID Provider returns an OIDC formatted error from either authorization callbacks or
		@@ -536,1 +525,2 @@ any of the JSON responses the library will reject a given Promise with `OpenIdConnectError` instance.
		[npm-url]: https://www.npmjs.com/package/openid-client
		[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=openid-client&utm_content=auth

openid-client - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics