		@@ -5,2 +5,11 @@ # Change Log

		# [3.1.0](https://github.com/panva/node-openid-client/compare/v3.0.0...v3.1.0) (2019-05-13)


		### Features

		* add helpers for generating secure random values & PKCE challenges ([44f1865](https://github.com/panva/node-openid-client/commit/44f1865))



		# [3.0.0](https://github.com/panva/node-openid-client/compare/v2.5.0...v3.0.0) (2019-05-11)
		@@ -7,0 +16,0 @@

lib/client.js

		@@ -15,3 +15,3 @@ const { inspect } = require('util');

		const { assertSigningAlgValuesSupport, assertIssuerConfiguration } = require('./util/assert');
		const { assertSigningAlgValuesSupport, assertIssuerConfiguration } = require('./helpers/assert');
		const pick = require('./helpers/pick');
		@@ -21,5 +21,5 @@ const processResponse = require('./helpers/process_response');
		const { OPError, RPError } = require('./errors');
		const now = require('./util/unix_timestamp');
		const random = require('./util/random');
		const request = require('./util/request');
		const now = require('./helpers/unix_timestamp');
		const { random } = require('./helpers/generators');
		const request = require('./helpers/request');
		const {
		@@ -26,0 +26,0 @@ CALLBACK_PROPERTIES, CLIENT_DEFAULTS, JWT_CONTENT, CLOCK_TOLERANCE,

lib/helpers/client.js

		const { merge } = require('lodash');
		const jose = require('@panva/jose');

		const { assertIssuerConfiguration } = require('../util/assert');
		const random = require('../util/random');
		const now = require('../util/unix_timestamp');
		const request = require('../util/request');

		const { assertIssuerConfiguration } = require('./assert');
		const { random } = require('./generators');
		const now = require('./unix_timestamp');
		const request = require('./request');
		const instance = require('./weak_cache');
		@@ -10,0 +9,0 @@

lib/index.js

		@@ -7,2 +7,3 @@ const Issuer = require('./issuer');
		const { CLOCK_TOLERANCE, HTTP_OPTIONS } = require('./helpers/consts');
		const generators = require('./helpers/generators');

		@@ -22,2 +23,3 @@ module.exports = {
		},
		generators,
		};

lib/issuer.js

		@@ -13,6 +13,6 @@ const { inspect } = require('util');
		const processResponse = require('./helpers/process_response');
		const webfingerNormalize = require('./util/webfinger_normalize');
		const webfingerNormalize = require('./helpers/webfinger_normalize');
		const instance = require('./helpers/weak_cache');
		const request = require('./util/request');
		const { assertIssuerConfiguration } = require('./util/assert');
		const request = require('./helpers/request');
		const { assertIssuerConfiguration } = require('./helpers/assert');
		const {
		@@ -19,0 +19,0 @@ ISSUER_DEFAULTS, OIDC_DISCOVERY, OAUTH2_DISCOVERY, WEBFINGER, REL, AAD_MULTITENANT_DISCOVERY,

lib/passport_strategy.js

		@@ -11,3 +11,3 @@ /* eslint-disable no-underscore-dangle */
		const { BaseClient } = require('./client');
		const random = require('./util/random');
		const { random, codeChallenge } = require('./helpers/generators');
		const pick = require('./helpers/pick');
		@@ -110,3 +110,3 @@ const { resolveResponseType, resolveRedirectUri } = require('./helpers/client');
		case 'S256':
		params.code_challenge = base64url.encode(crypto.createHash('sha256').update(verifier).digest());
		params.code_challenge = codeChallenge(verifier);
		params.code_challenge_method = 'S256';
		@@ -113,0 +113,0 @@ break;

lib/token_set.js

		const base64url = require('base64url');

		const now = require('./util/unix_timestamp');
		const now = require('./helpers/unix_timestamp');

		@@ -5,0 +5,0 @@ class TokenSet {

package.json

		{
		"name": "openid-client",
		"version": "3.0.0",
		"version": "3.1.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
		@@ -5,0 +5,0 @@ "keywords": [

README.md

		@@ -82,2 +82,3 @@ # openid-client
		- [Strategy][documentation-strategy]
		- [generators][documentation-generators]
		- [errors][documentation-errors]
		@@ -124,11 +125,8 @@
		```js
		const code_verifier = crypto.randomBytes(32).toString('hex');
		const { generators } = require('openid-client');
		const code_verifier = generators.codeVerifier();
		// store the code_verifier in your framework's session mechanism, if it is a cookie based solution
		// it should be httpOnly (not readable by javascript) and encrypted.

		// sha256 digest of the code_verifier in base64url with no padding
		const challenge = crypto.createHash('sha256')
		.update(code_verifier)
		.digest('base64')
		.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
		const code_challenge = generators.codeChallenge(verifier);

		@@ -138,3 +136,3 @@ client.authorizationUrl({
		resource: 'https://my.api.example.com/resource/32178',
		code_challenge: challenge,
		code_challenge,
		code_challenge_method: 'S256',
		@@ -196,5 +194,7 @@ });
		```js
		const nonce = crypto.randomBytes(32).toString('hex');
		const { generators } = require('openid-client');
		const nonce = generators.nonce();
		// store the nonce in your framework's session mechanism, if it is a cookie based solution
		// it should be httpOnly (not readable by javascript) and encrypted.

		client.authorizationUrl({
		@@ -278,2 +278,3 @@ scope: 'openid email profile',
		[documentation-errors]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#errors
		[documentation-generators]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#generators
		[documentation-methods]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#client-authentication-methods

lib/util/assert.js

lib/util/random.js

lib/util/request.js

lib/util/unix_timestamp.js

lib/util/webfinger_normalize.js

openid-client - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics