openid-client
Advanced tools
Comparing version 4.7.2 to 4.7.3
@@ -5,2 +5,9 @@ # Changelog | ||
| ## [4.7.3](https://github.com/panva/node-openid-client/compare/v4.7.2...v4.7.3) (2021-04-30) | ||
| ### Bug Fixes | ||
| * **fapi:** validate ID Token's iat regardless of which channel it came from ([b68b9ab](https://github.com/panva/node-openid-client/commit/b68b9ab5af6a85a2f42adf6b782cef7e08378658)) | ||
| ## [4.7.2](https://github.com/panva/node-openid-client/compare/v4.7.1...v4.7.2) (2021-04-23) | ||
@@ -7,0 +14,0 @@ |
@@ -727,2 +727,4 @@ /* eslint-disable max-classes-per-file */ | ||
| const fapi = this.constructor.name === 'FAPIClient'; | ||
| if (returnedBy === 'authorization') { | ||
@@ -743,15 +745,3 @@ if (!payload.at_hash && tokenSet.access_token) { | ||
| const fapi = this.constructor.name === 'FAPIClient'; | ||
| if (fapi) { | ||
| if (payload.iat < timestamp - 3600) { | ||
| throw new RPError({ | ||
| printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat], | ||
| now: timestamp, | ||
| tolerance: this[CLOCK_TOLERANCE], | ||
| iat: payload.iat, | ||
| jwt: idToken, | ||
| }); | ||
| } | ||
| if (!payload.s_hash && (tokenSet.state || state)) { | ||
@@ -778,2 +768,12 @@ throw new RPError({ | ||
| if (fapi && payload.iat < timestamp - 3600) { | ||
| throw new RPError({ | ||
| printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat], | ||
| now: timestamp, | ||
| tolerance: this[CLOCK_TOLERANCE], | ||
| iat: payload.iat, | ||
| jwt: idToken, | ||
| }); | ||
| } | ||
| if (tokenSet.access_token && payload.at_hash !== undefined) { | ||
@@ -780,0 +780,0 @@ try { |
| { | ||
| "name": "openid-client", | ||
| "version": "4.7.2", | ||
| "version": "4.7.3", | ||
| "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.15%
180332
No dependency changes