openid-client
Advanced tools
Comparing version 3.5.0 to 3.6.0
@@ -5,2 +5,12 @@ # Change Log | ||
# [3.6.0](https://github.com/panva/node-openid-client/compare/v3.5.0...v3.6.0) (2019-08-24) | ||
### Features | ||
* add RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow) support ([adb4b76](https://github.com/panva/node-openid-client/commit/adb4b76)) | ||
* allow multiple resource parameters in authorization requests ([dfdd8cb](https://github.com/panva/node-openid-client/commit/dfdd8cb)) | ||
# [3.5.0](https://github.com/panva/node-openid-client/compare/v3.4.0...v3.5.0) (2019-08-22) | ||
@@ -7,0 +17,0 @@ |
@@ -12,5 +12,6 @@ /* eslint-disable max-classes-per-file */ | ||
const base64url = require('base64url'); | ||
const { | ||
defaultsDeep, isPlainObject, merge, defaults, omitBy, | ||
} = require('lodash'); | ||
const defaultsDeep = require('lodash/defaultsDeep'); | ||
const defaults = require('lodash/defaults'); | ||
const merge = require('lodash/merge'); | ||
const isPlainObject = require('lodash/isPlainObject'); | ||
const tokenHash = require('oidc-token-hash'); | ||
@@ -32,2 +33,3 @@ | ||
const { authenticatedPost, resolveResponseType, resolveRedirectUri } = require('./helpers/client'); | ||
const DeviceFlowHandle = require('./device_flow_handle'); | ||
@@ -120,2 +122,4 @@ function pickCb(input) { | ||
authParams[key] = JSON.stringify(value); | ||
} else if (key === 'resource' && Array.isArray(value)) { | ||
authParams[key] = value; | ||
} else if (typeof value !== 'string') { | ||
@@ -1046,3 +1050,3 @@ authParams[key] = String(value); | ||
form: true, | ||
body: omitBy(body, (arg) => arg === undefined), | ||
body, | ||
json: true, | ||
@@ -1058,2 +1062,35 @@ }, | ||
/** | ||
* @name deviceAuthorization | ||
* @api public | ||
*/ | ||
async deviceAuthorization(params = {}, { exchangeBody, clientAssertionPayload } = {}) { | ||
assertIssuerConfiguration(this.issuer, 'device_authorization_endpoint'); | ||
assertIssuerConfiguration(this.issuer, 'token_endpoint'); | ||
const body = authorizationParams.call(this, { | ||
redirect_uri: null, response_type: null, ...params, | ||
}); | ||
const response = await authenticatedPost.call( | ||
this, | ||
'device_authorization', | ||
{ | ||
form: true, | ||
body, | ||
json: true, | ||
}, | ||
{ clientAssertionPayload, endpointAuthMethod: 'token' }, | ||
); | ||
const responseBody = processResponse(response); | ||
return new DeviceFlowHandle({ | ||
client: this, | ||
exchangeBody, | ||
clientAssertionPayload, | ||
response: responseBody, | ||
maxAge: params.max_age, | ||
}); | ||
} | ||
/** | ||
* @name revoke | ||
@@ -1060,0 +1097,0 @@ * @api public |
@@ -1,2 +0,3 @@ | ||
const { merge } = require('lodash'); | ||
const merge = require('lodash/merge'); | ||
const omitBy = require('lodash/omitBy'); | ||
const jose = require('@panva/jose'); | ||
@@ -112,7 +113,9 @@ | ||
async function authenticatedPost(endpoint, opts, { clientAssertionPayload } = {}) { | ||
const auth = await authFor.call(this, endpoint, { clientAssertionPayload }); | ||
async function authenticatedPost(endpoint, opts, { | ||
clientAssertionPayload, endpointAuthMethod = endpoint, | ||
} = {}) { | ||
const auth = await authFor.call(this, endpointAuthMethod, { clientAssertionPayload }); | ||
const requestOpts = merge(opts, auth, { form: true }); | ||
const mTLS = this[`${endpoint}_endpoint_auth_method`].includes('tls_client_auth'); | ||
const mTLS = this[`${endpointAuthMethod}_endpoint_auth_method`].includes('tls_client_auth'); | ||
@@ -128,2 +131,6 @@ let targetUrl; | ||
if ('body' in requestOpts) { | ||
requestOpts.body = omitBy(requestOpts.body, (arg) => arg === undefined); | ||
} | ||
return request.call(this, { | ||
@@ -130,0 +137,0 @@ ...requestOpts, |
const Got = require('got'); | ||
const { defaultsDeep } = require('lodash'); | ||
const defaultsDeep = require('lodash/defaultsDeep'); | ||
@@ -4,0 +4,0 @@ const pkg = require('../../package.json'); |
@@ -6,3 +6,3 @@ /* eslint-disable no-underscore-dangle */ | ||
const { cloneDeep } = require('lodash'); | ||
const cloneDeep = require('lodash/cloneDeep'); | ||
@@ -9,0 +9,0 @@ const { RPError, OPError } = require('./errors'); |
{ | ||
"name": "openid-client", | ||
"version": "3.5.0", | ||
"version": "3.6.0", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -39,2 +39,3 @@ # openid-client | ||
- Client Authenticated request to token introspection | ||
- [RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)][feature-device-flow] | ||
- [draft-ietf-oauth-mtls - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens][feature-mtls] | ||
@@ -210,2 +211,28 @@ - Mutual TLS Client Certificate-Bound Access Tokens | ||
### Device Authorization Grant (Device Flow) | ||
[RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)](https://tools.ietf.org/html/rfc8628) | ||
is started by starting a Device Authorization Request. | ||
```js | ||
const handle = await client.deviceAuthorization(); | ||
console.log('User Code: ', handle.user_code); | ||
console.log('Verification URI: ', handle.verification_uri); | ||
console.log('Verification URI (complete): ', handle.verification_uri_complete); | ||
``` | ||
The handle represents a Device Authorization Response with the `verification_uri`, `user_code` and | ||
other defined response properties. | ||
You will display the instructions to the end-user and have him directed at `verification_uri` or | ||
`verification_uri_complete`, afterwards you can start polling for the Device Access Token Response. | ||
```js | ||
const tokenSet = await handle.poll(); | ||
console.log('received tokens %j', tokenSet); | ||
``` | ||
This will poll in the defined interval and only resolve with a TokenSet once one is received. This | ||
will handle the defined `authorization_pending` and `slow_down` "soft" errors and continue polling | ||
but upon any other error it will reject. With tokenSet received you can throw away the handle. | ||
## Electron Support | ||
@@ -254,3 +281,4 @@ | ||
[feature-introspection]: https://tools.ietf.org/html/rfc7662 | ||
[feature-mtls]: https://tools.ietf.org/html/draft-ietf-oauth-mtls-14 | ||
[feature-mtls]: https://tools.ietf.org/html/draft-ietf-oauth-mtls-17 | ||
[feature-device-flow]: https://tools.ietf.org/html/rfc8628 | ||
[openid-certified-link]: https://openid.net/certification/ | ||
@@ -257,0 +285,0 @@ [passport-url]: http://passportjs.org |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
113669
23
2157
295