openid-client - npm Package Compare versions

Comparing version 4.9.0 to 4.9.1

lib/client.js

@@ -128,2 +128,13 @@ /* eslint-disable max-classes-per-file */
 function getKeystore(jwks) {
+  if (!isPlainObject(jwks) || !Array.isArray(jwks.keys) || jwks.keys.some((k) => !isPlainObject(k) || !('kty' in k))) {
+    throw new TypeError('jwks must be a JSON Web Key Set formatted object');
+  }
+
+  // eslint-disable-next-line no-restricted-syntax
+  for (const jwk of jwks.keys) {
+    if (jwk.kid === undefined) {
+      jwk.kid = `DONOTUSE.${random()}`;
+    }
+  }
+
   const keystore = jose.JWKS.asKeyStore(jwks);
@@ -1430,2 +1441,8 @@ if (keystore.all().some((key) => key.type !== 'private')) {
       metadata.jwks = keystore.toJWKS(false);
+      // eslint-disable-next-line no-restricted-syntax
+      for (const jwk of metadata.jwks.keys) {
+        if (jwk.kid.startsWith('DONOTUSE.')) {
+          delete jwk.kid;
+        }
+      }
     }
@@ -1530,3 +1547,3 @@
         ...header,
-        kid: symmetric ? undefined : key.kid,
+        kid: symmetric || key.kid.startsWith('DONOTUSE.') ? undefined : key.kid,
       });
@@ -1690,11 +1707,6 @@ }
 
-  let ath;
-  if (accessToken) {
-    ath = base64url.encode(crypto.createHash('sha256').update(accessToken).digest());
-  }
-
   return jose.JWS.sign({
     iat: now(),
     jti: random(),
-    ath,
+    ath: accessToken ? base64url.encode(crypto.createHash('sha256').update(accessToken).digest()) : undefined,
     ...payload,
@@ -1701,0 +1713,0 @@ }, jwk, {

lib/helpers/client.js

@@ -50,3 +50,3 @@ const jose = require('jose');
   }
-  return jose.JWS.sign(payload, key, { alg, typ: 'JWT', kid: key.kid });
+  return jose.JWS.sign(payload, key, { alg, typ: 'JWT', kid: key.kid.startsWith('DONOTUSE.') ? undefined : key.kid });
 }
@@ -53,0 +53,0 @@

package.json

 {
   "name": "openid-client",
-  "version": "4.9.0",
+  "version": "4.9.1",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

134485

increased by0.46%

Lines of code

3470

increased by0.32%

No dependency changes