openid-client
Advanced tools
openid-client - npm Package Compare versions
Comparing version 3.5.0 to 3.6.0
@@ -5,2 +5,12 @@ # Change Log | ||
| # [3.6.0](https://github.com/panva/node-openid-client/compare/v3.5.0...v3.6.0) (2019-08-24) | ||
| ### Features | ||
| * add RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow) support ([adb4b76](https://github.com/panva/node-openid-client/commit/adb4b76)) | ||
| * allow multiple resource parameters in authorization requests ([dfdd8cb](https://github.com/panva/node-openid-client/commit/dfdd8cb)) | ||
| # [3.5.0](https://github.com/panva/node-openid-client/compare/v3.4.0...v3.5.0) (2019-08-22) | ||
@@ -7,0 +17,0 @@ |
@@ -12,5 +12,6 @@ /* eslint-disable max-classes-per-file */ | ||
| const base64url = require('base64url'); | ||
| const { | ||
| defaultsDeep, isPlainObject, merge, defaults, omitBy, | ||
| } = require('lodash'); | ||
| const defaultsDeep = require('lodash/defaultsDeep'); | ||
| const defaults = require('lodash/defaults'); | ||
| const merge = require('lodash/merge'); | ||
| const isPlainObject = require('lodash/isPlainObject'); | ||
| const tokenHash = require('oidc-token-hash'); | ||
@@ -32,2 +33,3 @@ | ||
| const { authenticatedPost, resolveResponseType, resolveRedirectUri } = require('./helpers/client'); | ||
| const DeviceFlowHandle = require('./device_flow_handle'); | ||
@@ -120,2 +122,4 @@ function pickCb(input) { | ||
| authParams[key] = JSON.stringify(value); | ||
| } else if (key === 'resource' && Array.isArray(value)) { | ||
| authParams[key] = value; | ||
| } else if (typeof value !== 'string') { | ||
@@ -1046,3 +1050,3 @@ authParams[key] = String(value); | ||
| form: true, | ||
| body: omitBy(body, (arg) => arg === undefined), | ||
| body, | ||
| json: true, | ||
@@ -1058,2 +1062,35 @@ }, | ||
| /** | ||
| * @name deviceAuthorization | ||
| * @api public | ||
| */ | ||
| async deviceAuthorization(params = {}, { exchangeBody, clientAssertionPayload } = {}) { | ||
| assertIssuerConfiguration(this.issuer, 'device_authorization_endpoint'); | ||
| assertIssuerConfiguration(this.issuer, 'token_endpoint'); | ||
| const body = authorizationParams.call(this, { | ||
| redirect_uri: null, response_type: null, ...params, | ||
| }); | ||
| const response = await authenticatedPost.call( | ||
| this, | ||
| 'device_authorization', | ||
| { | ||
| form: true, | ||
| body, | ||
| json: true, | ||
| }, | ||
| { clientAssertionPayload, endpointAuthMethod: 'token' }, | ||
| ); | ||
| const responseBody = processResponse(response); | ||
| return new DeviceFlowHandle({ | ||
| client: this, | ||
| exchangeBody, | ||
| clientAssertionPayload, | ||
| response: responseBody, | ||
| maxAge: params.max_age, | ||
| }); | ||
| } | ||
| /** | ||
| * @name revoke | ||
@@ -1060,0 +1097,0 @@ * @api public |
@@ -1,2 +0,3 @@ | ||
| const { merge } = require('lodash'); | ||
| const merge = require('lodash/merge'); | ||
| const omitBy = require('lodash/omitBy'); | ||
| const jose = require('@panva/jose'); | ||
@@ -112,7 +113,9 @@ | ||
| async function authenticatedPost(endpoint, opts, { clientAssertionPayload } = {}) { | ||
| const auth = await authFor.call(this, endpoint, { clientAssertionPayload }); | ||
| async function authenticatedPost(endpoint, opts, { | ||
| clientAssertionPayload, endpointAuthMethod = endpoint, | ||
| } = {}) { | ||
| const auth = await authFor.call(this, endpointAuthMethod, { clientAssertionPayload }); | ||
| const requestOpts = merge(opts, auth, { form: true }); | ||
| const mTLS = this[`${endpoint}_endpoint_auth_method`].includes('tls_client_auth'); | ||
| const mTLS = this[`${endpointAuthMethod}_endpoint_auth_method`].includes('tls_client_auth'); | ||
@@ -128,2 +131,6 @@ let targetUrl; | ||
| if ('body' in requestOpts) { | ||
| requestOpts.body = omitBy(requestOpts.body, (arg) => arg === undefined); | ||
| } | ||
| return request.call(this, { | ||
@@ -130,0 +137,0 @@ ...requestOpts, |
| const Got = require('got'); | ||
| const { defaultsDeep } = require('lodash'); | ||
| const defaultsDeep = require('lodash/defaultsDeep'); | ||
@@ -4,0 +4,0 @@ const pkg = require('../../package.json'); |
@@ -6,3 +6,3 @@ /* eslint-disable no-underscore-dangle */ | ||
| const { cloneDeep } = require('lodash'); | ||
| const cloneDeep = require('lodash/cloneDeep'); | ||
@@ -9,0 +9,0 @@ const { RPError, OPError } = require('./errors'); |
| { | ||
| "name": "openid-client", | ||
| "version": "3.5.0", | ||
| "version": "3.6.0", | ||
| "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -39,2 +39,3 @@ # openid-client | ||
| - Client Authenticated request to token introspection | ||
| - [RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)][feature-device-flow] | ||
| - [draft-ietf-oauth-mtls - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens][feature-mtls] | ||
@@ -210,2 +211,28 @@ - Mutual TLS Client Certificate-Bound Access Tokens | ||
| ### Device Authorization Grant (Device Flow) | ||
| [RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)](https://tools.ietf.org/html/rfc8628) | ||
| is started by starting a Device Authorization Request. | ||
| ```js | ||
| const handle = await client.deviceAuthorization(); | ||
| console.log('User Code: ', handle.user_code); | ||
| console.log('Verification URI: ', handle.verification_uri); | ||
| console.log('Verification URI (complete): ', handle.verification_uri_complete); | ||
| ``` | ||
| The handle represents a Device Authorization Response with the `verification_uri`, `user_code` and | ||
| other defined response properties. | ||
| You will display the instructions to the end-user and have him directed at `verification_uri` or | ||
| `verification_uri_complete`, afterwards you can start polling for the Device Access Token Response. | ||
| ```js | ||
| const tokenSet = await handle.poll(); | ||
| console.log('received tokens %j', tokenSet); | ||
| ``` | ||
| This will poll in the defined interval and only resolve with a TokenSet once one is received. This | ||
| will handle the defined `authorization_pending` and `slow_down` "soft" errors and continue polling | ||
| but upon any other error it will reject. With tokenSet received you can throw away the handle. | ||
| ## Electron Support | ||
@@ -254,3 +281,4 @@ | ||
| [feature-introspection]: https://tools.ietf.org/html/rfc7662 | ||
| [feature-mtls]: https://tools.ietf.org/html/draft-ietf-oauth-mtls-14 | ||
| [feature-mtls]: https://tools.ietf.org/html/draft-ietf-oauth-mtls-17 | ||
| [feature-device-flow]: https://tools.ietf.org/html/rfc8628 | ||
| [openid-certified-link]: https://openid.net/certification/ | ||
@@ -257,0 +285,0 @@ [passport-url]: http://passportjs.org |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.02%
113669
- Number of package files
- increased by4.55%
23
- Lines of code
- increased by6.68%
2157
- Number of lines in readme file
- increased by10.49%
295
No dependency changes