openid-client - npm Package Compare versions

Comparing version 2.4.5 to 2.5.0

CHANGELOG.md

		@@ -5,2 +5,16 @@ # Change Log

		# [2.5.0](https://github.com/panva/node-openid-client/compare/v2.4.5...v2.5.0) (2019-04-29)


		### Bug Fixes

		* key lookup cache is now working as intended ([90d2f2a](https://github.com/panva/node-openid-client/commit/90d2f2a)), closes [#162](https://github.com/panva/node-openid-client/issues/162)


		### Features

		* add support for azure ad v2 multitenant apps ([24486dd](https://github.com/panva/node-openid-client/commit/24486dd)), closes [/github.com/panva/node-openid-client/pull/148#issuecomment-483348258](https://github.com//github.com/panva/node-openid-client/pull/148/issues/issuecomment-483348258) [#148](https://github.com/panva/node-openid-client/issues/148)



		<a name="2.4.5"></a>
		@@ -7,0 +21,0 @@ ## [2.4.5](https://github.com/panva/node-openid-client/compare/v2.4.4...v2.4.5) (2018-11-05)

lib/client.js

		@@ -203,3 +203,5 @@ const util = require('util');

		class Client {
		class BaseClient {}

		module.exports = (issuer, aadIssValidation = false) => class Client extends BaseClient {
		/**
		@@ -210,2 +212,3 @@ * @name constructor
		constructor(metadata = {}, keystore) {
		super();
		const properties = Object.assign({}, CLIENT_DEFAULTS, metadata);
		@@ -575,3 +578,8 @@
		if (payload.iss !== undefined) {
		assert.equal(payload.iss, this.issuer.issuer, 'unexpected iss value');
		if (aadIssValidation) {
		const azureADv2Issuer = this.issuer.issuer.replace('{tenantid}', payload.tid);
		assert.equal(payload.iss, azureADv2Issuer, 'unexpected iss value');
		} else {
		assert.equal(payload.iss, this.issuer.issuer, 'unexpected iss value');
		}
		}
		@@ -721,4 +729,5 @@

		const { issuer } = this;
		return this.httpClient[verb](issuer.userinfo_endpoint, issuer.httpOptions(httpOptions))
		return this.httpClient[verb](
		this.issuer.userinfo_endpoint, this.issuer.httpOptions(httpOptions)
		)
		.then(expectResponseWithBody(200))
		@@ -1116,4 +1125,21 @@ .then((response) => {
		}
		}

		module.exports = Client;
		/**
		* @name issuer
		* @api public
		*/
		static get issuer() {
		return issuer;
		}


		/**
		* @name issuer
		* @api public
		*/
		get issuer() { // eslint-disable-line class-methods-use-this
		return issuer;
		}
		};

		module.exports.BaseClient = BaseClient;

lib/helpers/consts.js

		@@ -9,2 +9,3 @@ const pkg = require('../../package.json');
		const REL = 'http://openid.net/specs/connect/1.0/issuer';
		const AAD_MULTITENANT_DISCOVERY = `https://login.microsoftonline.com/common/v2.0${OIDC_DISCOVERY}`;

		@@ -53,2 +54,3 @@ const CLIENT_DEFAULTS = {
		module.exports = {
		AAD_MULTITENANT_DISCOVERY,
		CALLBACK_PROPERTIES,
		@@ -55,0 +57,0 @@ CLIENT_DEFAULTS,

lib/issuer.js

		@@ -9,2 +9,3 @@ const assert = require('assert');
		const LRU = require('lru-cache');
		const objectHash = require('object-hash');

		@@ -14,3 +15,3 @@ const http = require('./helpers/http');
		const errorHandler = require('./helpers/error_handler')();
		const BaseClient = require('./client');
		const getClient = require('./client');
		const registry = require('./issuer_registry');
		@@ -21,3 +22,4 @@ const expectResponseWithBody = require('./helpers/expect_response');
		const {
		DEFAULT_HTTP_OPTIONS, ISSUER_DEFAULTS, OIDC_DISCOVERY, OAUTH2_DISCOVERY, WEBFINGER, REL,
		DEFAULT_HTTP_OPTIONS, ISSUER_DEFAULTS, OIDC_DISCOVERY,
		OAUTH2_DISCOVERY, WEBFINGER, REL, AAD_MULTITENANT_DISCOVERY,
		} = require('./helpers/consts');
		@@ -35,2 +37,4 @@

		const AAD_MULTITENANT = Symbol('AAD_MULTITENANT');

		class Issuer {
		@@ -42,2 +46,5 @@ /**
		constructor(meta = {}) {
		const aadIssValidation = meta[AAD_MULTITENANT];
		delete meta[AAD_MULTITENANT];

		['introspection', 'revocation'].forEach((endpoint) => {
		@@ -82,14 +89,4 @@ // e.g. defaults introspection_endpoint to token_introspection_endpoint value

		const self = this;

		Object.defineProperty(this, 'Client', {
		value: class Client extends BaseClient {
		static get issuer() {
		return self;
		}

		get issuer() {
		return this.constructor.issuer;
		}
		},
		value: getClient(this, aadIssValidation),
		});
		@@ -136,7 +133,20 @@ }
		*/
		key(def, allowMulti) {
		key({
		kid, kty, alg, use, key_ops: ops,
		}, allowMulti = false) {
		const { cache } = instance(this);

		const def = {
		kid, kty, alg, use, key_ops: ops,
		};

		const defHash = objectHash(def, {
		algorithm: 'sha256',
		ignoreUnknown: true,
		unorderedArrays: true,
		unorderedSets: true,
		});

		// refresh keystore on every unknown key but also only upto once every minute
		const freshJwksUri = cache.get(def) \|\| cache.get('throttle');
		const freshJwksUri = cache.get(defHash) \|\| cache.get('throttle');

		@@ -149,3 +159,3 @@ return this.keystore(!freshJwksUri)
		assert.equal(keys.length, 1, 'multiple matching keys, kid must be provided');
		cache.set(def, true);
		cache.set(defHash, true);
		}
		@@ -207,3 +217,8 @@ return keys[0];
		.then(expectResponseWithBody(200))
		.then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body))))
		.then(({ body }) => new Issuer(Object.assign(
		{},
		ISSUER_DEFAULTS,
		JSON.parse(body),
		{ [AAD_MULTITENANT]: uri === AAD_MULTITENANT_DISCOVERY }
		)))
		.catch(errorHandler.bind(this));
		@@ -228,3 +243,8 @@ }
		.then(expectResponseWithBody(200))
		.then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body))));
		.then(({ body }) => new Issuer(Object.assign(
		{},
		ISSUER_DEFAULTS,
		JSON.parse(body),
		{ [AAD_MULTITENANT]: wellKnownUri === AAD_MULTITENANT_DISCOVERY }
		)));
		}))
		@@ -231,0 +251,0 @@ .catch((err) => {

lib/passport_strategy.js

		@@ -12,3 +12,3 @@ /* eslint-disable no-underscore-dangle */
		const OpenIdConnectError = require('./open_id_connect_error');
		const Client = require('./client');
		const { BaseClient } = require('./client');
		const random = require('./util/random');
		@@ -37,3 +37,3 @@
		} = {}, verify) {
		assert(client instanceof Client, 'client must be an instance of openid-client Client');
		assert(client instanceof BaseClient, 'client must be an instance of openid-client Client');
		assert.equal(typeof verify, 'function', 'verify must be a function');
		@@ -40,0 +40,0 @@

package.json

		{
		"name": "openid-client",
		"version": "2.4.5",
		"version": "2.5.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
		@@ -45,4 +45,5 @@ "keywords": [
		"lodash": "^4.17.11",
		"lru-cache": "^4.1.3",
		"lru-cache": "^5.1.1",
		"node-jose": "^1.1.0",
		"object-hash": "^1.3.1",
		"oidc-token-hash": "^3.0.1",
		@@ -58,11 +59,6 @@ "p-any": "^1.1.0"
		"eslint-plugin-import": "^2.14.0",
		"husky": "^1.0.0",
		"koa": "^2.5.3",
		"koa-body": "^4.0.4",
		"koa-ejs": "^4.1.2",
		"koa-router": "^7.4.0",
		"koa-session": "^5.9.0",
		"mocha": "^5.2.0",
		"husky": "^2.1.0",
		"mocha": "^6.1.4",
		"nock": "^10.0.0",
		"nyc": "^13.0.1",
		"nyc": "^14.0.0",
		"readable-mock-req": "^0.2.2",
		@@ -69,0 +65,0 @@ "request": "^2.88.0",

README.md

		@@ -162,4 +162,4 @@ # openid-client

		Aside from `state` and `response_type`, checks for `nonce` (implicit and hybrid responses) and
		`max_age` are implemented. `id_token` signature and claims validation does not need to be requested,
		Aside from `state` and `response_type`, checks for `nonce` (implicit and hybrid responses),
		`max_age`, and `code_verifier` (for use with PKCE) are implemented. `id_token` signature and claims validation does not need to be requested,
		it is done automatically.
		@@ -166,0 +166,0 @@

openid-client - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes