passport-keycloak-bearer - npm Package Compare versions

Comparing version 2.0.5 to 2.1.0

package.json

 {
   "name": "passport-keycloak-bearer",
-  "version": "2.0.5",
+  "version": "2.1.0",
   "description": "HTTP Bearer authentication strategy for Passport and Keycloak",
@@ -46,27 +46,21 @@ "keywords": [
   "dependencies": {
+    "axios": "^0.21.4",
     "passport-jwt": "^4.0.0",
-    "request": "^2.88.2",
-    "request-promise-native": "^1.0.8",
-    "simple-node-logger": "^18.12.24"
+    "simple-node-logger": "^21.8.12"
   },
   "devDependencies": {
-    "chai": "^4.2.0",
+    "chai": "^4.3.4",
     "chai-passport-strategy": "^1.0.1",
-    "eslint": "^6.8.0",
-    "eslint-config-standard": "^14.1.1",
-    "eslint-plugin-import": "^2.20.2",
-    "eslint-plugin-mocha": "^6.3.0",
-    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
-    "mocha": "^7.1.1",
-    "nock": "^12.0.3",
-    "prettier": "^2.0.4",
-    "prettier-eslint": "^9.0.1",
-    "rewiremock": "^3.13.9",
+    "eslint": "^7.32.0",
+    "eslint-plugin-mocha": "^9.0.0",
+    "mocha": "^8.4.0",
+    "nock": "^13.1.3",
+    "prettier": "^2.4.1",
+    "prettier-eslint": "^13.0.0",
+    "rewiremock": "^3.14.3",
     "rimraf": "^3.0.2"
   },
   "engines": {
-    "node": ">=8.0.0"
+    "node": ">=10.0.0"
   }
 }

src/oidcMatadata.js

@@ -1,73 +0,72 @@
-const request = require('request-promise-native')
-const rsaPublicKeyPem = require('./rsaPemDecoder')
-const Token = require('./token')
+const axios = require('axios');
+const rsaPublicKeyPem = require('./rsaPemDecoder');
+const Token = require('./token');
 
 class OIDCMatadata {
-  constructor (url, realm, log) {
-    this.log = log
-    this.url = url
-    this.discoveryUrl = `${url}/realms/${realm}/.well-known/openid-configuration`
-    this.getPemKeys().catch(err => {
-      this.log.warn(err.message)
-    })
+  constructor(url, realm, log) {
+    this.log = log;
+    this.url = url;
+    this.discoveryUrl = `${url}/realms/${realm}/.well-known/openid-configuration`;
+    this.getPemKeys().catch((err) => {
+      this.log.warn(err.message);
+    });
   }
 
-  getKeysFromResponse (body) {
+  getKeysFromResponse(body) {
     if (!body.keys || body.keys.length === 0) {
-      throw new Error('We got no AAD signing Keys')
+      throw new Error('We got no AAD signing Keys');
     }
-    return body.keys.map(key => ({
+    return body.keys.map((key) => ({
       ...key,
-      pemKey: rsaPublicKeyPem(key.n, key.e)
-    }))
+      pemKey: rsaPublicKeyPem(key.n, key.e),
+    }));
   }
 
-  async getJwksUri () {
+  async getJwksUri() {
     try {
-      const discoverUrls = await request.get(this.discoveryUrl, { json: true })
+      const res = await axios.get(this.discoveryUrl);
+      const discoverUrls = res.data;
       if (!discoverUrls.jwks_uri) {
-        throw new Error(`Unable to get OIDC metadata from ${this.discoveryUrl}`)
+        throw new Error(
+          `Unable to get OIDC metadata from ${this.discoveryUrl}`
+        );
       }
-      return discoverUrls.jwks_uri
+      return discoverUrls.jwks_uri;
     } catch (error) {
       throw new Error(
-        `Unable to get OIDC metadata from ${this.discoveryUrl}: ${
-          error.message
-        }`
-      )
+        `Unable to get OIDC metadata from ${this.discoveryUrl}: ${error.message}`
+      );
     }
   }
 
-  async getPemKeys () {
+  async getPemKeys() {
     if (Array.isArray(this.keys) && this.keys.length > 0) {
-      return this.keys
+      return this.keys;
     }
-    const jwksUri = await this.getJwksUri()
+    const jwksUri = await this.getJwksUri();
     try {
-      const response = await request.get(jwksUri, { json: true })
-      this.keys = this.getKeysFromResponse(response)
-      return this.keys
+      const response = await axios.get(jwksUri);
+      this.keys = this.getKeysFromResponse(response.data);
+      return this.keys;
     } catch (error) {
-      const errorMsg = `Cannot get AAD signing Keys from url ${jwksUri}. We got a  ${
-        error.statusCode
-      }: ${error.message} `
-      throw new Error(errorMsg)
+      const errorMsg = `Cannot get AAD signing Keys from url ${jwksUri}. We got a ${error.message}`;
+      throw new Error(errorMsg);
     }
   }
 
-  async pemKeyFromToken (rawToken, done) {
-    const token = new Token(rawToken)
+  async pemKeyFromToken(rawToken) {
+    const token = new Token(rawToken);
     if (token.isExpired()) {
-      this.log.info('The access token has expired')
+      this.log.info('The access token has expired');
     }
-    this.log.debug(`Got token with kid: ${token.header.kid}`)
+    this.log.debug(`Got token with kid: ${token.header.kid}`);
 
-    const keys = await this.getPemKeys()
-    const keyforToken = keys.find(key => key.kid === token.header.kid)
-    if (!keyforToken) throw Error(`No key matching kid ${token.header.kid}`)
+    const keys = await this.getPemKeys();
+    const keyforToken = keys.find((key) => key.kid === token.header.kid);
+    if (!keyforToken) throw Error(`No key matching kid ${token.header.kid}`);
 
-    return keyforToken.pemKey
+    return keyforToken.pemKey;
   }
 }
 
-module.exports = OIDCMatadata
+module.exports = OIDCMatadata;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Dependency count

3

decreased by-25%

Dev dependency count

10

decreased by-33.33%

Worsened metrics

Total package byte prevSize

14151

decreased by-1.89%

Lines of code

208

decreased by-0.48%

Dependency changes

• + Addedaxios@^0.21.4

• + Addedaxios@0.21.4(transitive)

• + Addedfollow-redirects@1.15.9(transitive)

• + Addedsimple-node-logger@21.8.12(transitive)

• - Removedrequest@^2.88.2

• - Removedrequest-promise-native@^1.0.8

• - Removedajv@6.12.6(transitive)

• - Removedasn1@0.2.6(transitive)

• - Removedassert-plus@1.0.0(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedaws-sign2@0.7.0(transitive)

• - Removedaws4@1.13.2(transitive)

• - Removedbcrypt-pbkdf@1.0.2(transitive)

• - Removedcaseless@0.12.0(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removedcore-util-is@1.0.2(transitive)

• - Removeddashdash@1.14.1(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removedecc-jsbn@0.1.2(transitive)

• - Removedextend@3.0.2(transitive)

• - Removedextsprintf@1.3.0(transitive)

• - Removedfast-deep-equal@3.1.3(transitive)

• - Removedfast-json-stable-stringify@2.1.0(transitive)

• - Removedforever-agent@0.6.1(transitive)

• - Removedform-data@2.3.3(transitive)

• - Removedgetpass@0.1.7(transitive)

• - Removedhar-schema@2.0.0(transitive)

• - Removedhar-validator@5.1.5(transitive)

• - Removedhttp-signature@1.2.0(transitive)

• - Removedis-typedarray@1.0.0(transitive)

• - Removedisstream@0.1.2(transitive)

• - Removedjsbn@0.1.1(transitive)

• - Removedjson-schema@0.4.0(transitive)

• - Removedjson-schema-traverse@0.4.1(transitive)

• - Removedjson-stringify-safe@5.0.1(transitive)

• - Removedjsprim@1.4.2(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removedoauth-sign@0.9.0(transitive)

• - Removedperformance-now@2.1.0(transitive)

• - Removedpsl@1.13.0(transitive)

• - Removedpunycode@2.3.1(transitive)

• - Removedqs@6.5.3(transitive)

• - Removedrequest@2.88.2(transitive)

• - Removedrequest-promise-core@1.1.4(transitive)

• - Removedrequest-promise-native@1.0.9(transitive)

• - Removedsafer-buffer@2.1.2(transitive)

• - Removedsimple-node-logger@18.12.24(transitive)

• - Removedsshpk@1.18.0(transitive)

• - Removedstealthy-require@1.1.1(transitive)

• - Removedtough-cookie@2.5.0(transitive)

• - Removedtunnel-agent@0.6.0(transitive)

• - Removedtweetnacl@0.14.5(transitive)

• - Removeduri-js@4.4.1(transitive)

• - Removeduuid@3.4.0(transitive)

• - Removedverror@1.10.0(transitive)

• Updatedsimple-node-logger@^21.8.12