openid-client - npm Package Compare versions

Comparing version 3.6.2 to 3.7.0

types/index.d.ts

CHANGELOG.md

		@@ -5,2 +5,17 @@ # Change Log

		# [3.7.0](https://github.com/panva/node-openid-client/compare/v3.6.2...v3.7.0) (2019-09-09)


		### Bug Fixes

		* assert client_secret is present when required, require client_id, etc ([82855a5](https://github.com/panva/node-openid-client/commit/82855a5))


		### Features

		* Add Typescript definitions ([#184](https://github.com/panva/node-openid-client/issues/184)) ([c37130b](https://github.com/panva/node-openid-client/commit/c37130b))
		* allow clientAssertionPayload to overwrite default payload ([28c8964](https://github.com/panva/node-openid-client/commit/28c8964))



		## [3.6.2](https://github.com/panva/node-openid-client/compare/v3.6.1...v3.6.2) (2019-09-03)
		@@ -7,0 +22,0 @@

lib/client.js

		@@ -234,2 +234,7 @@ /* eslint-disable max-classes-per-file */
		super();

		if (typeof metadata.client_id !== 'string' \|\| !metadata.client_id) {
		throw new TypeError('client_id is required');
		}

		const properties = { ...CLIENT_DEFAULTS, ...metadata };
		@@ -1019,2 +1024,5 @@
		async joseSecret(alg) {
		if (!this.client_secret) {
		throw new TypeError('client_secret is required');
		}
		if (/^A(\d{3})(?:GCM)?KW$/.test(alg)) {
		@@ -1021,0 +1029,0 @@ return this.derivedKey(parseInt(RegExp.$1, 10));

lib/helpers/client.js

		@@ -41,2 +41,8 @@ const merge = require('lodash/merge');

		const keystore = instance(this).get('keystore');

		if (!keystore) {
		throw new TypeError('no client jwks provided for signing a client assertion with');
		}

		const key = instance(this).get('keystore').get({ alg, use: 'sig' });
		@@ -57,2 +63,5 @@ if (!key) {
		case 'client_secret_post':
		if (!this.client_secret) {
		throw new TypeError('client_secret_post client authentication method requires a client_secret');
		}
		return { body: { client_id: this.client_id, client_secret: this.client_secret } };
		@@ -63,3 +72,2 @@ case 'private_key_jwt':
		const assertion = await clientAssertion.call(this, endpoint, {
		...clientAssertionPayload,
		iat: timestamp,
		@@ -70,3 +78,4 @@ exp: timestamp + 60,
		sub: this.client_id,
		aud: this.issuer[`${endpoint}_endpoint`],
		aud: this.issuer[`${endpoint}_endpoint`], // TODO: in v4.x pass the issuer instead (for now clientAssertionPayload can be used for that)
		...clientAssertionPayload,
		});
		@@ -90,2 +99,5 @@
		// > password.
		if (!this.client_secret) {
		throw new TypeError('client_secret_basic client authentication method requires a client_secret');
		}
		const encoded = `${formUrlEncode(this.client_id)}:${formUrlEncode(this.client_secret)}`;
		@@ -92,0 +104,0 @@ const value = Buffer.from(encoded).toString('base64');

package.json

		{
		"name": "openid-client",
		"version": "3.6.2",
		"version": "3.7.0",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
		@@ -30,5 +30,7 @@ "keywords": [
		"files": [
		"lib"
		"lib",
		"types/index.d.ts"
		],
		"main": "lib/index.js",
		"types": "types/index.d.ts",
		"scripts": {
		@@ -54,2 +56,3 @@ "coverage": "nyc mocha",
		"@commitlint/config-conventional": "^8.1.0",
		"@types/got": "^9.6.7",
		"chai": "^4.2.0",
		@@ -56,0 +59,0 @@ "eslint": "^6.2.2",

README.md

		@@ -79,2 +79,10 @@ # openid-client

		## Install

		Node.js version >=12.0.0 is recommended, but ^10.13.0 lts/dubnium is also supported.

		```console
		npm install openid-client
		```

		## Quick start
		@@ -246,3 +254,4 @@

		Yes. Everything that's [documented][documentation] is subject to
		Yes. Everything that's either exported in the TypeScript definitions file or
		[documented][documentation] is subject to
		[Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html). The rest is to be considered
		@@ -265,2 +274,3 @@ private API and is subject to change between any versions.
		- Typed [errors][documentation-errors]
		- TypeScript definitions

		@@ -267,0 +277,0 @@ #### How to make the client send client_id and client_secret in the body?

New alerts