openid-client - npm Package Compare versions

Comparing version 5.6.5 to 5.7.0

lib/client.js

@@ -194,3 +194,3 @@ const { inspect } = require('util');
       token_endpoint_auth_method: 'client_secret_basic',
-      ...(this.fapi()
+      ...(this.fapi1()
         ? {
@@ -205,2 +205,9 @@ grant_types: ['authorization_code', 'implicit'],
         : undefined),
+      ...(this.fapi2()
+        ? {
+            id_token_signed_response_alg: 'PS256',
+            authorization_signed_response_alg: 'PS256',
+            token_endpoint_auth_method: undefined,
+          }
+        : undefined),
       ...metadata,
@@ -226,2 +233,22 @@ };
 
+    if (this.fapi2()) {
+      if (
+        properties.tls_client_certificate_bound_access_tokens &&
+        properties.dpop_bound_access_tokens
+      ) {
+        throw new TypeError(
+          'either tls_client_certificate_bound_access_tokens or dpop_bound_access_tokens must be set to true',
+        );
+      }
+
+      if (
+        !properties.tls_client_certificate_bound_access_tokens &&
+        !properties.dpop_bound_access_tokens
+      ) {
+        throw new TypeError(
+          'either tls_client_certificate_bound_access_tokens or dpop_bound_access_tokens must be set to true',
+        );
+      }
+    }
+
     handleCommonMistakes(this, metadata, properties);
@@ -830,3 +857,3 @@
 
-      if (this.fapi()) {
+      if (this.fapi1()) {
         if (!payload.s_hash && (tokenSet.state || state)) {
@@ -1638,5 +1665,13 @@ throw new RPError({
   fapi() {
+    return this.fapi1() || this.fapi2();
+  }
+
+  fapi1() {
     return this.constructor.name === 'FAPI1Client';
   }
 
+  fapi2() {
+    return this.constructor.name === 'FAPI2Client';
+  }
+
   async validateJARM(response) {
@@ -1643,0 +1678,0 @@ const expectedAlg = this.authorization_signed_response_alg;

lib/helpers/request.js

@@ -82,3 +82,3 @@ const assert = require('assert');
         htu: `${url.origin}${url.pathname}`,
-        htm: options.method,
+        htm: options.method || 'GET',
         nonce: nonces.get(nonceKey),
@@ -85,0 +85,0 @@ },

lib/issuer.js

@@ -76,2 +76,3 @@ const { inspect } = require('util');
       FAPI1Client: { value: class FAPI1Client extends Client {}, enumerable: true },
+      FAPI2Client: { value: class FAPI2Client extends Client {}, enumerable: true },
     });
@@ -78,0 +79,0 @@ }

package.json

 {
   "name": "openid-client",
-  "version": "5.6.5",
+  "version": "5.7.0",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
@@ -48,3 +48,3 @@ "keywords": [
   "dependencies": {
-    "jose": "^4.15.5",
+    "jose": "^4.15.9",
     "lru-cache": "^6.0.0",
@@ -55,8 +55,8 @@ "object-hash": "^2.2.0",
   "devDependencies": {
-    "@types/node": "^16.18.87",
+    "@types/node": "^16.18.106",
     "@types/passport": "^1.0.16",
     "base64url": "^3.0.1",
-    "chai": "^4.4.1",
-    "mocha": "^10.3.0",
-    "nock": "^13.5.4",
+    "chai": "^4.5.0",
+    "mocha": "^10.7.3",
+    "nock": "^13.5.5",
     "prettier": "^2.8.8",
@@ -63,0 +63,0 @@ "readable-mock-req": "^0.2.2",

README.md

@@ -55,10 +55,8 @@ # openid-client
 
-## Certification
-[<img width="184" height="96" align="right" src="https://cdn.jsdelivr.net/gh/panva/node-openid-client@38cf016b0837e6d4116de3780b28d222d5780bc9/OpenID_Certified.png" alt="OpenID Certification">][openid-certified-link]  
-Filip Skokan has [certified][openid-certified-link] that [openid-client][npm-url]
-conforms to the following profiles of the OpenID Connect™ protocol
+## [Certification](https://openid.net/certification/faq/)
 
-- Basic, Implicit, Hybrid, Config, Dynamic, and Form Post RP
-- FAPI 1.0 Advanced RP
+[<img width="96" height="50" align="right" src="https://user-images.githubusercontent.com/241506/166977513-7cd710a9-7f60-4944-aebe-a658e9f36375.png" alt="OpenID Certification">](#certification)
 
+[Filip Skokan](https://github.com/panva) has [certified](https://openid.net/certification) that [this software](https://github.com/panva/node-openid-client) conforms to the Basic, Implicit, Hybrid, Config, Dynamic, FAPI 1.0, and FAPI 2.0 Relying Party Conformance Profiles of the OpenID Connect™ protocol.
+
 ## Sponsor
@@ -308,3 +306,2 @@
 [feature-iss]: https://www.rfc-editor.org/rfc/rfc9207.html
-[openid-certified-link]: https://openid.net/certification/
 [passport-url]: http://passportjs.org
@@ -311,0 +308,0 @@ [npm-url]: https://www.npmjs.com/package/openid-client

types/index.d.ts

@@ -446,2 +446,3 @@ /// <reference types="node" />
   FAPI1Client: TypeOfGenericClient<TClient>;
+  FAPI2Client: TypeOfGenericClient<TClient>;
 
@@ -448,0 +449,0 @@ metadata: IssuerMetadata;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

135834

increased by0.85%

Lines of code

3704

increased by0.9%

Worsened metrics

Number of lines in readme file

321

decreased by-0.93%

Dependency changes

• Updatedjose@^4.15.9