passport-auth0 - npm Package Compare versions

Comparing version 1.2.0 to 1.2.1

CHANGELOG.md

 # Change Log
 
-## [v1.2.0](https://github.com/auth0/wp-auth0/tree/v1.2.0) (2019-07-31)
-[Full Changelog](https://github.com/auth0/wp-auth0/compare/v1.1.0...v1.2.0)
+## [v1.2.1](https://github.com/auth0/passport-auth0/tree/v1.2.1) (2019-08-12)
+[Full Changelog](https://github.com/auth0/passport-auth0/compare/v1.2.0...v1.2.1)
 
 **Closed issues**
+- Strategy constructor mutates options argument [\#91](https://github.com/auth0/passport-auth0/issues/91)
+- Infinite redirect loop, "Invalid authorization request state." [\#89](https://github.com/auth0/passport-auth0/issues/89)
+- could I use cookie-session instead of express-session? [\#87](https://github.com/auth0/passport-auth0/issues/87)
+
+**Fixed**
+- Fix strategy constructor to not mutate options argument [\#92](https://github.com/auth0/passport-auth0/pull/92) ([naptowncode](https://github.com/naptowncode))
+
+## [v1.2.0](https://github.com/auth0/passport-auth0/tree/v1.2.0) (2019-07-31)
+[Full Changelog](https://github.com/auth0/passport-auth0/compare/v1.1.0...v1.2.0)
+
+**Closed issues**
 - Not obvious how to style lock on redirect [\#74](https://github.com/auth0/passport-auth0/issues/74)
@@ -8,0 +19,0 @@ - Auth0 state parameter not always passed through [\#73](https://github.com/auth0/passport-auth0/issues/73)

lib/index.js

@@ -53,3 +53,3 @@ /**
 
-  this.options = Object.assign(options, defaultOptions);
+  this.options = Object.assign({}, options, defaultOptions);
 
@@ -56,0 +56,0 @@ if (this.options.state === undefined) {

lib/Profile.js

@@ -0,0 +0,0 @@ function Profile (data, raw) {

package.json

 {
   "name": "passport-auth0",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Auth0 platform authentication strategy for Passport.js",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

README.md

 # passport-auth0
 
+
+
+This is the [Auth0](https://auth0.com/) authentication strategy for [Passport.js](http://passportjs.org/). Passport is authentication middleware for Node.js that can be unobtrusively dropped into any Express-based web application.
+
+For Management API endpoints, please see the [Node Auth0 SDK](https://github.com/auth0/node-auth0).
+
 [![Build Status](https://travis-ci.org/auth0/passport-auth0.svg?branch=master)](https://travis-ci.org/auth0/passport-auth0)
+[![npm](https://img.shields.io/npm/v/passport-auth0)](https://npmjs.org/package/passport-auth0)
+[![npm](https://img.shields.io/npm/dm/passport-auth0)](https://npmjs.org/package/passport-auth0)
+[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
 
-This is the [Auth0](https://auth0.com/) authentication strategy for Passport.js.
+## Table of Contents
 
-## Passport.js
+- [Documentation](#documentation)
+- [Installation](#installation)
+- [Customization](#customization)
+- [Support + Feedback](#support--feedback)
+- [Vulnerability Reporting](#vulnerability-reporting)
+- [What is Auth0](#what-is-auth0)
+- [License](#license)
 
-[Passport](http://passportjs.org/) is authentication middleware for Node.js. Passport can be unobtrusively dropped into any Express-based web application.
+## Documentation
 
-## Installation
+Full documentation with examples can be found in the [Node.js Quickstart](https://auth0.com/docs/quickstart/webapp/nodejs). 
 
-    npm install passport-auth0
+You can also see fully working demos using this library in our [Auth0 blog](https://auth0.com/blog/):
 
-## Configuration
+* [Build and Authenticate a Node.js App with JSON Web Tokens](https://auth0.com/blog/building-and-authenticating-nodejs-apps/#nodejs-directory-structure)
+* [Developing a Real-Time, Collaborative Editor with Pusher](https://auth0.com/blog/developing-a-real-time-collaborative-editor-with-pusher/)
 
-Take your credentials from the _Settings_ tab of your [Auth0 application](https://manage.auth0.com/#/applications/) in the dashboard and initialize the strategy as follows:
+## Installation
 
-~~~js
-var Auth0Strategy = require('passport-auth0'),
-    passport = require('passport');
+The Auth0 Passport strategy is installed with npm. 
 
-var strategy = new Auth0Strategy({
-   domain:       'your-domain.auth0.com',
-   clientID:     'your-client-id',
-   clientSecret: 'your-client-secret',
-   callbackURL:  '/callback'
-  },
-  function(accessToken, refreshToken, extraParams, profile, done) {
-    // accessToken is the token to call Auth0 API (not needed in the most cases)
-    // extraParams.id_token has the JSON Web Token
-    // profile has all the information from the user
-    return done(null, profile);
-  }
-);
+    npm install passport-auth0
 
-passport.use(strategy);
-~~~
+## Customization
 
@@ -46,7 +47,5 @@ ### State parameter
 
-~~~js
-var Auth0Strategy = require('passport-auth0');
-
-var strategy = new Auth0Strategy({
-     domain: 'your-domain.auth0.com',
+```js
+const Auth0Strategy = require('passport-auth0');
+const strategy = new Auth0Strategy({
      // ...
@@ -59,84 +58,86 @@ state: false
 );
-~~~
+```
 
-## Usage
+[More on state handling here](https://github.com/auth0/passport-auth0/issues/40#issuecomment-511592801).
 
-~~~js
-app.get('/callback',
-  passport.authenticate('auth0', { failureRedirect: '/login' }),
-  function(req, res) {
-    if (!req.user) {
-      throw new Error('user null');
-    }
-    res.redirect("/");
-  }
-);
+### Scopes
 
-app.get('/login',
-  passport.authenticate('auth0', {}), function (req, res) {
-  res.redirect("/");
-});
-~~~
+If you want to change the scope of the ID token provided, add a `scope` property to the authenticate configuration passed when defining the route. These must be [OIDC standard scopes](https://auth0.com/docs/scopes/current/oidc-scopes). If you need data outside of the standard scopes, you can add [custom claims](https://auth0.com/docs/scopes/current/custom-claims) to the token.
 
-This way when you go to `/login`, you will get redirected to an Auth0 page where you can select the identity provider.
+```js
+app.get(
+	'/login',
+	passport.authenticate('auth0', {scope: 'openid email profile'}), 
+	function (req, res) {
+		res.redirect('/');
+	}
+);
+```
 
-If you want to change the scope of the ID token provided, add a `scope` property to the authenticate configuration passed when defining the route. These must be [OIDC standard scopes](https://auth0.com/docs/scopes/current/oidc-scopes). If you need data outside of the standard scopes, you can add [custom claims](https://auth0.com/docs/scopes/current/custom-claims) to the token.
+### Force a Specific IdP
 
-~~~javascript
-app.get('/login',
-  passport.authenticate('auth0', {scope: 'openid email profile'}), function (req, res) {
-  res.redirect("/");
-});
-~~~
+If you want to force a specific identity provider you can use:
 
-If you want to force an identity provider you can use:
+```js
+app.get(
+	'/login/google',
+	passport.authenticate('auth0', {connection: 'google-oauth2'}), 
+	function (req, res) {
+		res.redirect('/');
+	}
+);
+```
 
-~~~javascript
-app.get('/login/google',
-  passport.authenticate('auth0', {connection: 'google-oauth2'}), function (req, res) {
-  res.redirect("/");
-});
-~~~
-
 If you force an identity provider you can also request custom scope from that identity provider:
 
-~~~javascript
-app.get('/login/google', passport.authenticate('auth0', {
-  connection: 'google-oauth2',
-  connection_scope: 'https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/contacts.readonly'
-}), function (req, res) {
-  res.redirect("/");
-});
-~~~
+```js
+app.get(
+	'/login/google', 
+	passport.authenticate('auth0', {
+		connection: 'google-oauth2',
+		connection_scope: 'https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/contacts.readonly'
+	}), 
+	function (req, res) {
+		res.redirect('/');
+	}
+);
+```
 
+### Getting Access Tokens
+
 If you want to specify an audience for the returned `access_token` you can:
 
-~~~javascript
-app.get('/login',
-  passport.authenticate('auth0', {audience: 'urn:my-api'}), function (req, res) {
-  res.redirect("/");
-});
-~~~
+```js
+app.get(
+	'/login',
+	passport.authenticate('auth0', {audience: 'urn:my-api'}), 
+	function (req, res) {
+	  res.redirect('/');
+	}
+);
+```
 
-If you want to control the OIDC prompt you can use:
+### Silent Authentication
 
-~~~javascript
-app.get('/login',
-  passport.authenticate('auth0', {prompt: 'none'}), function (req, res) {
-  res.redirect("/");
-});
-~~~
+If you want to check authentication without showing a prompt:
 
-## API access
+```js
+app.get(
+	'/login',
+	passport.authenticate('auth0', {prompt: 'none'}), 
+	function (req, res) {
+		res.redirect('/');
+	}
+);
+```
 
-If you want to get a list of connections or users from Auth0, [use the Node.js SDK](https://github.com/auth0/node-auth0).
+## Support + Feedback
 
-## Examples
+- Use [Issues](https://github.com/auth0/passport-auth0/issues) for code-level support
+- Use our [Community](https://community.auth0.com/) for usage, questions, specific cases
 
-You can also see fully working demos using this library in our [Auth0 blog](https://auth0.com/blog/):
+## Vulnerability Reporting
 
-* [Build and Authenticate a Node.js App with JSON Web Tokens](https://auth0.com/blog/building-and-authenticating-nodejs-apps/#nodejs-directory-structure)
+Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
 
-* [Developing a Real-Time, Collaborative Editor with Pusher](https://auth0.com/blog/developing-a-real-time-collaborative-editor-with-pusher/)
-
 ## What is Auth0?
@@ -155,12 +156,4 @@
 
-## Issue Reporting
-
-If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
-
-## Author
-
-[Auth0](https://auth0.com/)
-
 ## License
 
 This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.

test/fixtures/auth0-example-profile.json

@@ -0,0 +0,0 @@ {

test/fixtures/auth0-oidc-example-profile.json

@@ -0,0 +0,0 @@ {

test/strategy.test.js

@@ -52,2 +52,18 @@ var Auth0Strategy = require('../lib');
 
+  it('should copy options object without mutating', function () {
+    var options = {
+      domain:       'test.auth0.com',
+      clientID:     'testid',
+      clientSecret: 'testsecret',
+      callbackURL:  '/callback'
+    };
+    var strategy = new Auth0Strategy(
+      options,
+      function(accessToken, idToken, profile, done) {}
+    );
+
+    strategy.options.should.be.not.equal(options);
+    options.should.not.have.property('authorizationURL');
+  });
+
   describe('authorizationParams', function () {
@@ -54,0 +70,0 @@

test/userprofile.tests.js

@@ -0,0 +0,0 @@ var auth0Profile = require('./fixtures/auth0-example-profile');

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26091

increased by6.74%

Lines of code

440

increased by3.29%

Worsened metrics

Number of lines in readme file

157

decreased by-4.27%

No dependency changes