openid-client - npm Package Compare versions

Comparing version 3.10.1 to 3.11.0

CHANGELOG.md

		@@ -5,2 +5,16 @@ # Change Log

		# [3.11.0](https://github.com/panva/node-openid-client/compare/v3.10.1...v3.11.0) (2020-01-10)


		### Bug Fixes

		* typescript: allow 'id_token token' as a response type ([61c486c](https://github.com/panva/node-openid-client/commit/61c486c2b800c9299f4eaf3649711c39a6e5ce57))


		### Features

		* detect self-issued OP and validate ID Token accordingly ([c5d3158](https://github.com/panva/node-openid-client/commit/c5d315826a767d1479509931eddb5ae6e3b99532)), closes [#220](https://github.com/panva/node-openid-client/issues/220) [#221](https://github.com/panva/node-openid-client/issues/221)



		## [3.10.1](https://github.com/panva/node-openid-client/compare/v3.10.0...v3.10.1) (2020-01-07)
		@@ -7,0 +21,0 @@

lib/client.js

		@@ -803,2 +803,3 @@ /* eslint-disable max-classes-per-file */
		async validateJWT(jwt, expectedAlg, required = ['iss', 'sub', 'aud', 'exp', 'iat']) {
		const isSelfIssued = this.issuer.issuer === 'https://self-issued.me';
		const timestamp = now();
		@@ -823,2 +824,6 @@ let header;

		if (isSelfIssued) {
		required = [...required, 'sub_jwk']; // eslint-disable-line no-param-reassign
		}

		required.forEach(verifyPresence.bind(undefined, payload, jwt));
		@@ -912,3 +917,20 @@

		if (header.alg.startsWith('HS')) {
		if (isSelfIssued) {
		try {
		assert(isPlainObject(payload.sub_jwk));
		key = jose.JWK.asKey(payload.sub_jwk);
		assert.equal(key.type, 'public');
		} catch (err) {
		throw new RPError({
		message: 'failed to use sub_jwk claim as an asymmetric JSON Web Key',
		jwt,
		});
		}
		if (key.thumbprint !== payload.sub) {
		throw new RPError({
		message: 'failed to match the subject with sub_jwk',
		jwt,
		});
		}
		} else if (header.alg.startsWith('HS')) {
		key = await this.joseSecret();
		@@ -919,3 +941,3 @@ } else if (header.alg !== 'none') {

		if (header.alg === 'none') {
		if (!key && header.alg === 'none') {
		return { protected: header, payload };
		@@ -922,0 +944,0 @@ }

lib/issuer.js

		@@ -317,4 +317,4 @@ /* eslint-disable max-classes-per-file */
		return keys[0];
		}, 'issuer.key is not a private API, it is also deprecated');
		}, 'issuer.key is not only a private API, it is also deprecated');

		module.exports = Issuer;

package.json

		{
		"name": "openid-client",
		"version": "3.10.1",
		"version": "3.11.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
		@@ -37,6 +37,6 @@ "keywords": [
		"scripts": {
		"coverage": "nyc mocha",
		"coverage": "nyc mocha test/*/.test.js",
		"lint": "eslint lib test && dtslint types",
		"lint-fix": "eslint lib test --fix",
		"test": "mocha"
		"test": "mocha test/*/.test.js"
		},
		@@ -43,0 +43,0 @@ "dependencies": {

README.md

		@@ -27,2 +27,3 @@ # openid-client
		- private_key_jwt
		- Consuming Self-Issued OpenID Provider ID Token response
		- [RFC8414 - OAuth 2.0 Authorization Server Metadata][feature-oauth-discovery] and [OpenID Connect Discovery 1.0][feature-discovery]
		@@ -29,0 +30,0 @@ - Discovery of OpenID Provider (Issuer) Metadata

types/index.d.ts

		@@ -34,4 +34,3 @@ /// <reference types="node" />
		*/
		export type ResponseType = 'code' \| 'id_token' \| 'code id_token' \| 'code token' \| 'code id_token token' \| 'none';

		export type ResponseType = 'code' \| 'id_token' \| 'code id_token' \| 'id_token token' \| 'code token' \| 'code id_token token' \| 'none';
		/**
		@@ -38,0 +37,0 @@ * @see https://github.com/panva/node-openid-client/blob/master/docs/README.md#client-authentication-methods

New alerts