openid-client
Advanced tools
Comparing version 4.7.2 to 4.7.3
@@ -5,2 +5,9 @@ # Changelog | ||
## [4.7.3](https://github.com/panva/node-openid-client/compare/v4.7.2...v4.7.3) (2021-04-30) | ||
### Bug Fixes | ||
* **fapi:** validate ID Token's iat regardless of which channel it came from ([b68b9ab](https://github.com/panva/node-openid-client/commit/b68b9ab5af6a85a2f42adf6b782cef7e08378658)) | ||
## [4.7.2](https://github.com/panva/node-openid-client/compare/v4.7.1...v4.7.2) (2021-04-23) | ||
@@ -7,0 +14,0 @@ |
@@ -727,2 +727,4 @@ /* eslint-disable max-classes-per-file */ | ||
const fapi = this.constructor.name === 'FAPIClient'; | ||
if (returnedBy === 'authorization') { | ||
@@ -743,15 +745,3 @@ if (!payload.at_hash && tokenSet.access_token) { | ||
const fapi = this.constructor.name === 'FAPIClient'; | ||
if (fapi) { | ||
if (payload.iat < timestamp - 3600) { | ||
throw new RPError({ | ||
printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat], | ||
now: timestamp, | ||
tolerance: this[CLOCK_TOLERANCE], | ||
iat: payload.iat, | ||
jwt: idToken, | ||
}); | ||
} | ||
if (!payload.s_hash && (tokenSet.state || state)) { | ||
@@ -778,2 +768,12 @@ throw new RPError({ | ||
if (fapi && payload.iat < timestamp - 3600) { | ||
throw new RPError({ | ||
printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat], | ||
now: timestamp, | ||
tolerance: this[CLOCK_TOLERANCE], | ||
iat: payload.iat, | ||
jwt: idToken, | ||
}); | ||
} | ||
if (tokenSet.access_token && payload.at_hash !== undefined) { | ||
@@ -780,0 +780,0 @@ try { |
{ | ||
"name": "openid-client", | ||
"version": "4.7.2", | ||
"version": "4.7.3", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
180332