auth0 · joshcanhelp · Sep 25, 2019 · Sep 2, 2019
@@ -1,3 +1,7 @@
 language: node_js
 node_js:
-  - "8"
+  - 10.13.0
+  - 10
+  - 12.0.0
+  - 12
+  - stable
@@ -26,7 +26,7 @@ In general, you won't need to configure this middleware besides the required par
 | clientID            | `env.CLIENT_ID`                 | The client id.                                                                 |
 | clientSecret        | `env.CLIENT_SECRET`             | The client secret, only required for some grants.                              |
 | clockTolerance      | `5`                             | The clock's tolerance in seconds for token verification.                       |
-| getUser             | `tokenSet => tokenSet.claims`   | An async function receiving a tokenset and returning the profile for `req.openid.user`. |
+| getUser             | `tokenSet => tokenSet.claims()` | An async function receiving a tokenset and returning the profile for `req.openid.user`. |
 | required            | `true`                            | If true requires authentication for all the routes in the stack. You can also provide a function to determine if is required based on the request.               |
 | handleUnauthorizedErrors | `true`                     | Install a middleware that handles Unauthorized/401 errors by triggering the login process. |
 | routes              | `true`                          | Installs the `GET /login` and `GET /logout` route.                              |
@@ -70,13 +70,13 @@ app.use(auth());
 
 ## Session and Context
 
-The middleware store the [openid-client TokenSet](https://www.npmjs.com/package/openid-client#tokenset) in the user's session.
+The middleware store the [openid-client TokenSet](https://github.com/panva/node-openid-client/blob/master/docs/README.md#tokenset) in the user's session.
 
 Every `req` object is augmented with the following properties when the request is authenticated
 
 -  `req.openid.user`: contains the user information, use this if you need display an attribute of the user. You can change what's end up here by using the `getUser` parameter of the `auth` middleware.
--  `req.openid.tokens`: is the instance of [TokenSet](https://www.npmjs.com/package/openid-client#tokenset).
--  `req.openid.client`: is an instance of te [OpenID Client](https://www.npmjs.com/package/openid-client).
+-  `req.openid.tokens`: is the instance of [TokenSet](https://github.com/panva/node-openid-client/blob/master/docs/README.md#tokenset).
+-  `req.openid.client`: is an instance of te [OpenID Client](https://github.com/panva/node-openid-client/blob/master/docs/README.md#client).
 -  `req.isAuthenticated()`: returns true if the request is authenticated.
 
 If the request is not authenticated `req.openid` is `undefined`.

@@ -1,17 +1,15 @@
-const { Issuer } = require('openid-client');
+const { Issuer, custom } = require('openid-client');
 const memoize = require('p-memoize');
 const url = require('url');
 const urlJoin = require('url-join');
 const pkg = require('../package.json');
 
-Issuer.defaultHttpOptions = {
+custom.setHttpOptionsDefaults({
   headers: {
     'User-Agent': `${pkg.name}/${pkg.version} (${pkg.homepage})`
   },
   timeout: 4000
-};
-
-Issuer.useRequest();
+});
 
 async function get(config) {
   const authorizeParams = config.authorizationParams;
@@ -54,7 +52,7 @@ Supported response modes:
     }
   }
 
-  client.CLOCK_TOLERANCE = config.clockTolerance;
+  client[custom.clock_tolerance] = config.clockTolerance;
 
   return client;
 }

@@ -1,4 +1,4 @@
 //This is the default function for mapping a tokenSet to a user.
 module.exports = function(tokenSet) {
-  return tokenSet && tokenSet.claims;
+  return tokenSet && tokenSet.claims();
 };
@@ -114,7 +114,7 @@ module.exports = function (params) {
       try {
         const callbackParams = client.callbackParams(req);
         debugCallback('callback parameters: %O', callbackParams);
-        tokenSet = await client.authorizationCallback(redirect_uri, callbackParams, {
+        tokenSet = await client.callback(redirect_uri, callbackParams, {
           nonce,
           state,
           response_type: authorizeParams.response_type,