openid-client
Advanced tools
Comparing version 3.8.0 to 3.8.1
@@ -5,2 +5,11 @@ # Change Log | ||
## [3.8.1](https://github.com/panva/node-openid-client/compare/v3.8.0...v3.8.1) (2019-11-07) | ||
### Bug Fixes | ||
* use sha512 for Ed25519 and shake256 for Ed448 ID Token _hash claims ([31f7a04](https://github.com/panva/node-openid-client/commit/31f7a040c289e7fd389a0083803f2998bf62b660)) | ||
# [3.8.0](https://github.com/panva/node-openid-client/compare/v3.7.4...v3.8.0) (2019-11-07) | ||
@@ -7,0 +16,0 @@ |
@@ -794,2 +794,14 @@ /* eslint-disable max-classes-per-file */ | ||
let key; | ||
if (header.alg.startsWith('HS')) { | ||
key = await this.joseSecret(); | ||
} else if (header.alg !== 'none') { | ||
key = await this.issuer.key(header); | ||
} | ||
if (header.alg !== 'none' && !key) { | ||
throw new RPError('could not find a key to validate the signature with'); | ||
} | ||
if (returnedBy === 'authorization') { | ||
@@ -813,7 +825,7 @@ if (!payload.at_hash && tokenSet.access_token) { | ||
} | ||
if (!tokenHash(payload.s_hash, state, header.alg)) { | ||
throw new RPError({ | ||
printf: ['s_hash mismatch, expected %s, got: %s', tokenHash.generate(state, header.alg), payload.s_hash], | ||
jwt: idToken, | ||
}); | ||
try { | ||
tokenHash.validate({ claim: 's_hash', source: 'state' }, payload.s_hash, state, header.alg, key && key.crv); | ||
} catch (err) { | ||
throw new RPError({ message: err.message, jwt: idToken }); | ||
} | ||
@@ -824,7 +836,6 @@ } | ||
if (tokenSet.access_token && payload.at_hash !== undefined) { | ||
if (!tokenHash(payload.at_hash, tokenSet.access_token, header.alg)) { | ||
throw new RPError({ | ||
printf: ['at_hash mismatch, expected %s, got: %s', tokenHash.generate(tokenSet.access_token, header.alg), payload.at_hash], | ||
jwt: idToken, | ||
}); | ||
try { | ||
tokenHash.validate({ claim: 'at_hash', source: 'access_token' }, payload.at_hash, tokenSet.access_token, header.alg, key && key.crv); | ||
} catch (err) { | ||
throw new RPError({ message: err.message, jwt: idToken }); | ||
} | ||
@@ -834,7 +845,6 @@ } | ||
if (tokenSet.code && payload.c_hash !== undefined) { | ||
if (!tokenHash(payload.c_hash, tokenSet.code, header.alg)) { | ||
throw new RPError({ | ||
printf: ['c_hash mismatch, expected %s, got: %s', tokenHash.generate(tokenSet.code, header.alg), payload.c_hash], | ||
jwt: idToken, | ||
}); | ||
try { | ||
tokenHash.validate({ claim: 'c_hash', source: 'code' }, payload.c_hash, tokenSet.code, header.alg, key && key.crv); | ||
} catch (err) { | ||
throw new RPError({ message: err.message, jwt: idToken }); | ||
} | ||
@@ -847,10 +857,2 @@ } | ||
let key; | ||
if (header.alg.startsWith('HS')) { | ||
key = await this.joseSecret(); | ||
} else { | ||
key = await this.issuer.key(header); | ||
} | ||
try { | ||
@@ -857,0 +859,0 @@ jose.JWS.verify(idToken, key); |
{ | ||
"name": "openid-client", | ||
"version": "3.8.0", | ||
"version": "3.8.1", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", | ||
@@ -49,3 +49,3 @@ "keywords": [ | ||
"object-hash": "^2.0.0", | ||
"oidc-token-hash": "^3.0.2", | ||
"oidc-token-hash": "^4.0.0", | ||
"p-any": "^2.1.0" | ||
@@ -52,0 +52,0 @@ }, |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
143689
+ Addedoidc-token-hash@4.0.0(transitive)
- Removedoidc-token-hash@3.0.2(transitive)
Updatedoidc-token-hash@^4.0.0