Socket
Socket
Sign inDemoInstall

passport-oauth2

Package Overview
Dependencies
Maintainers
1
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passport-oauth2 - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

37

lib/strategy.js

@@ -6,2 +6,3 @@ /**

, url = require('url')
, uid = require('uid2')
, util = require('util')

@@ -99,2 +100,4 @@ , utils = require('./utils')

this._scopeSeparator = options.scopeSeparator || ' ';
this._state = options.state;
this._key = options.sessionKey || ('oauth2:' + url.parse(options.authorizationURL).hostname);
this._trustProxy = options.proxy;

@@ -142,2 +145,24 @@ this._passReqToCallback = options.passReqToCallback;

if (this._state) {
if (!req.session) { return this.error(new Error('OAuth2Strategy requires session support when using state. Did you forget app.use(express.session(...))?')); }
var key = this._key;
if (!req.session[key]) {
return this.fail({ message: 'Unable to verify authorization request state.' }, 403);
}
var state = req.session[key].state;
if (!state) {
return this.fail({ message: 'Unable to verify authorization request state.' }, 403);
}
delete req.session[key].state;
if (Object.keys(req.session[key]).length === 0) {
delete req.session[key];
}
if (state !== req.query.state) {
return this.fail({ message: 'Invalid authorization request state.' }, 403);
}
}
// NOTE: The module oauth (0.9.5), which is a dependency, automatically adds

@@ -196,3 +221,13 @@ // a 'type=web_server' parameter to the percent-encoded data sent in

var state = options.state;
if (state) { params.state = state; }
if (state) {
params.state = state;
} else if (this._state) {
if (!req.session) { return this.error(new Error('OAuth2Strategy requires session support when using state. Did you forget app.use(express.session(...))?')); }
var key = this._key;
state = uid(24);
if (!req.session[key]) { req.session[key] = {}; }
req.session[key].state = state;
params.state = state;
}

@@ -199,0 +234,0 @@ var location = this._oauth2.getAuthorizeUrl(params);

5

package.json
{
"name": "passport-oauth2",
"version": "1.0.0",
"version": "1.1.0",
"description": "OAuth 2.0 authentication strategy for Passport.",

@@ -36,3 +36,4 @@ "keywords": [

"passport-strategy": "1.x.x",
"oauth": "0.9.x"
"oauth": "0.9.x",
"uid2": "0.0.x"
},

@@ -39,0 +40,0 @@ "devDependencies": {

4

README.md

@@ -26,2 +26,6 @@ # passport-oauth2

## Install
$ npm install passport-oauth2
## Usage

@@ -28,0 +32,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc