openid-client
Advanced tools
Comparing version 2.4.5 to 2.5.0
@@ -5,2 +5,16 @@ # Change Log | ||
# [2.5.0](https://github.com/panva/node-openid-client/compare/v2.4.5...v2.5.0) (2019-04-29) | ||
### Bug Fixes | ||
* key lookup cache is now working as intended ([90d2f2a](https://github.com/panva/node-openid-client/commit/90d2f2a)), closes [#162](https://github.com/panva/node-openid-client/issues/162) | ||
### Features | ||
* add support for azure ad v2 multitenant apps ([24486dd](https://github.com/panva/node-openid-client/commit/24486dd)), closes [/github.com/panva/node-openid-client/pull/148#issuecomment-483348258](https://github.com//github.com/panva/node-openid-client/pull/148/issues/issuecomment-483348258) [#148](https://github.com/panva/node-openid-client/issues/148) | ||
<a name="2.4.5"></a> | ||
@@ -7,0 +21,0 @@ ## [2.4.5](https://github.com/panva/node-openid-client/compare/v2.4.4...v2.4.5) (2018-11-05) |
@@ -203,3 +203,5 @@ const util = require('util'); | ||
class Client { | ||
class BaseClient {} | ||
module.exports = (issuer, aadIssValidation = false) => class Client extends BaseClient { | ||
/** | ||
@@ -210,2 +212,3 @@ * @name constructor | ||
constructor(metadata = {}, keystore) { | ||
super(); | ||
const properties = Object.assign({}, CLIENT_DEFAULTS, metadata); | ||
@@ -575,3 +578,8 @@ | ||
if (payload.iss !== undefined) { | ||
assert.equal(payload.iss, this.issuer.issuer, 'unexpected iss value'); | ||
if (aadIssValidation) { | ||
const azureADv2Issuer = this.issuer.issuer.replace('{tenantid}', payload.tid); | ||
assert.equal(payload.iss, azureADv2Issuer, 'unexpected iss value'); | ||
} else { | ||
assert.equal(payload.iss, this.issuer.issuer, 'unexpected iss value'); | ||
} | ||
} | ||
@@ -721,4 +729,5 @@ | ||
const { issuer } = this; | ||
return this.httpClient[verb](issuer.userinfo_endpoint, issuer.httpOptions(httpOptions)) | ||
return this.httpClient[verb]( | ||
this.issuer.userinfo_endpoint, this.issuer.httpOptions(httpOptions) | ||
) | ||
.then(expectResponseWithBody(200)) | ||
@@ -1116,4 +1125,21 @@ .then((response) => { | ||
} | ||
} | ||
module.exports = Client; | ||
/** | ||
* @name issuer | ||
* @api public | ||
*/ | ||
static get issuer() { | ||
return issuer; | ||
} | ||
/** | ||
* @name issuer | ||
* @api public | ||
*/ | ||
get issuer() { // eslint-disable-line class-methods-use-this | ||
return issuer; | ||
} | ||
}; | ||
module.exports.BaseClient = BaseClient; |
@@ -9,2 +9,3 @@ const pkg = require('../../package.json'); | ||
const REL = 'http://openid.net/specs/connect/1.0/issuer'; | ||
const AAD_MULTITENANT_DISCOVERY = `https://login.microsoftonline.com/common/v2.0${OIDC_DISCOVERY}`; | ||
@@ -53,2 +54,3 @@ const CLIENT_DEFAULTS = { | ||
module.exports = { | ||
AAD_MULTITENANT_DISCOVERY, | ||
CALLBACK_PROPERTIES, | ||
@@ -55,0 +57,0 @@ CLIENT_DEFAULTS, |
@@ -9,2 +9,3 @@ const assert = require('assert'); | ||
const LRU = require('lru-cache'); | ||
const objectHash = require('object-hash'); | ||
@@ -14,3 +15,3 @@ const http = require('./helpers/http'); | ||
const errorHandler = require('./helpers/error_handler')(); | ||
const BaseClient = require('./client'); | ||
const getClient = require('./client'); | ||
const registry = require('./issuer_registry'); | ||
@@ -21,3 +22,4 @@ const expectResponseWithBody = require('./helpers/expect_response'); | ||
const { | ||
DEFAULT_HTTP_OPTIONS, ISSUER_DEFAULTS, OIDC_DISCOVERY, OAUTH2_DISCOVERY, WEBFINGER, REL, | ||
DEFAULT_HTTP_OPTIONS, ISSUER_DEFAULTS, OIDC_DISCOVERY, | ||
OAUTH2_DISCOVERY, WEBFINGER, REL, AAD_MULTITENANT_DISCOVERY, | ||
} = require('./helpers/consts'); | ||
@@ -35,2 +37,4 @@ | ||
const AAD_MULTITENANT = Symbol('AAD_MULTITENANT'); | ||
class Issuer { | ||
@@ -42,2 +46,5 @@ /** | ||
constructor(meta = {}) { | ||
const aadIssValidation = meta[AAD_MULTITENANT]; | ||
delete meta[AAD_MULTITENANT]; | ||
['introspection', 'revocation'].forEach((endpoint) => { | ||
@@ -82,14 +89,4 @@ // e.g. defaults introspection_endpoint to token_introspection_endpoint value | ||
const self = this; | ||
Object.defineProperty(this, 'Client', { | ||
value: class Client extends BaseClient { | ||
static get issuer() { | ||
return self; | ||
} | ||
get issuer() { | ||
return this.constructor.issuer; | ||
} | ||
}, | ||
value: getClient(this, aadIssValidation), | ||
}); | ||
@@ -136,7 +133,20 @@ } | ||
*/ | ||
key(def, allowMulti) { | ||
key({ | ||
kid, kty, alg, use, key_ops: ops, | ||
}, allowMulti = false) { | ||
const { cache } = instance(this); | ||
const def = { | ||
kid, kty, alg, use, key_ops: ops, | ||
}; | ||
const defHash = objectHash(def, { | ||
algorithm: 'sha256', | ||
ignoreUnknown: true, | ||
unorderedArrays: true, | ||
unorderedSets: true, | ||
}); | ||
// refresh keystore on every unknown key but also only upto once every minute | ||
const freshJwksUri = cache.get(def) || cache.get('throttle'); | ||
const freshJwksUri = cache.get(defHash) || cache.get('throttle'); | ||
@@ -149,3 +159,3 @@ return this.keystore(!freshJwksUri) | ||
assert.equal(keys.length, 1, 'multiple matching keys, kid must be provided'); | ||
cache.set(def, true); | ||
cache.set(defHash, true); | ||
} | ||
@@ -207,3 +217,8 @@ return keys[0]; | ||
.then(expectResponseWithBody(200)) | ||
.then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body)))) | ||
.then(({ body }) => new Issuer(Object.assign( | ||
{}, | ||
ISSUER_DEFAULTS, | ||
JSON.parse(body), | ||
{ [AAD_MULTITENANT]: uri === AAD_MULTITENANT_DISCOVERY } | ||
))) | ||
.catch(errorHandler.bind(this)); | ||
@@ -228,3 +243,8 @@ } | ||
.then(expectResponseWithBody(200)) | ||
.then(response => new this(Object.assign({}, ISSUER_DEFAULTS, JSON.parse(response.body)))); | ||
.then(({ body }) => new Issuer(Object.assign( | ||
{}, | ||
ISSUER_DEFAULTS, | ||
JSON.parse(body), | ||
{ [AAD_MULTITENANT]: wellKnownUri === AAD_MULTITENANT_DISCOVERY } | ||
))); | ||
})) | ||
@@ -231,0 +251,0 @@ .catch((err) => { |
@@ -12,3 +12,3 @@ /* eslint-disable no-underscore-dangle */ | ||
const OpenIdConnectError = require('./open_id_connect_error'); | ||
const Client = require('./client'); | ||
const { BaseClient } = require('./client'); | ||
const random = require('./util/random'); | ||
@@ -37,3 +37,3 @@ | ||
} = {}, verify) { | ||
assert(client instanceof Client, 'client must be an instance of openid-client Client'); | ||
assert(client instanceof BaseClient, 'client must be an instance of openid-client Client'); | ||
assert.equal(typeof verify, 'function', 'verify must be a function'); | ||
@@ -40,0 +40,0 @@ |
{ | ||
"name": "openid-client", | ||
"version": "2.4.5", | ||
"version": "2.5.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs", | ||
@@ -45,4 +45,5 @@ "keywords": [ | ||
"lodash": "^4.17.11", | ||
"lru-cache": "^4.1.3", | ||
"lru-cache": "^5.1.1", | ||
"node-jose": "^1.1.0", | ||
"object-hash": "^1.3.1", | ||
"oidc-token-hash": "^3.0.1", | ||
@@ -58,11 +59,6 @@ "p-any": "^1.1.0" | ||
"eslint-plugin-import": "^2.14.0", | ||
"husky": "^1.0.0", | ||
"koa": "^2.5.3", | ||
"koa-body": "^4.0.4", | ||
"koa-ejs": "^4.1.2", | ||
"koa-router": "^7.4.0", | ||
"koa-session": "^5.9.0", | ||
"mocha": "^5.2.0", | ||
"husky": "^2.1.0", | ||
"mocha": "^6.1.4", | ||
"nock": "^10.0.0", | ||
"nyc": "^13.0.1", | ||
"nyc": "^14.0.0", | ||
"readable-mock-req": "^0.2.2", | ||
@@ -69,0 +65,0 @@ "request": "^2.88.0", |
@@ -162,4 +162,4 @@ # openid-client | ||
Aside from `state` and `response_type`, checks for `nonce` (implicit and hybrid responses) and | ||
`max_age` are implemented. `id_token` signature and claims validation does not need to be requested, | ||
Aside from `state` and `response_type`, checks for `nonce` (implicit and hybrid responses), | ||
`max_age`, and `code_verifier` (for use with PKCE) are implemented. `id_token` signature and claims validation does not need to be requested, | ||
it is done automatically. | ||
@@ -166,0 +166,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
103893
14
1745
8
+ Addedobject-hash@^1.3.1
+ Addedlru-cache@5.1.1(transitive)
+ Addedobject-hash@1.3.1(transitive)
+ Addedyallist@3.1.1(transitive)
- Removedlru-cache@4.1.5(transitive)
- Removedpseudomap@1.0.2(transitive)
- Removedyallist@2.1.2(transitive)
Updatedlru-cache@^5.1.1