Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SDK-3503] Add *_jwt token endpoint auth methods #376

Merged
merged 13 commits into from
Jul 20, 2022
+496 −111
Merged

[SDK-3503] Add *_jwt token endpoint auth methods #376

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
b3e934d
JWT client authn initial commit
adamjmcgrath Oct 13, 2021
ead1608
Jwt client authn (#291)
madaster97 Jul 14, 2022
764aceb
Merge branch 'master' into jwt-client-authn
adamjmcgrath Jul 14, 2022
fff3d14
Config updates
adamjmcgrath Jul 19, 2022
32afbc8
Add some e2e and integration tests
adamjmcgrath Jul 19, 2022
22d19ff
Remove erroneous code
adamjmcgrath Jul 19, 2022
946fb88
Docs update
adamjmcgrath Jul 19, 2022
2a17711
Updates per code review
adamjmcgrath Jul 20, 2022
959de09
Fix tests
adamjmcgrath Jul 20, 2022
9a66859
Change example app to pkcs8, update docs
adamjmcgrath Jul 20, 2022
b845ae0
Formatting on docs
adamjmcgrath Jul 20, 2022
c838f8a
Truncate JWK example in docs
adamjmcgrath Jul 20, 2022
213a177
Update index.d.ts
adamjmcgrath Jul 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions end-to-end/fixture/oidc-provider.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,8 @@ const config = {
keys: [
{
kty: 'RSA',
n: '20yjkC7WmelNZN33GAjFaMvKaInjTz3G49eUwizpuAW6Me9_1FMSAK6nM1XI7VBpy_o5-ffNleRIgcvFudZuSvZiAYBBS2HS5F5PjluVExPwHTD7X7CIwqJxq67N5sTeFkh_ZL4fWK-Na4VlFEsKhcjDrLGxhPCuOgr9FmL0u0Vx_TM3Mk3DEhaf-tMlFx-K3R2GRJRe1wnYhOt1sXm8SNUM2uMZI05W6eRFn1gUAdTLNdCTvDY67ZAl6wyOewYo-WGpzwFYXLXDvc-f8vYucRM3Hq_GSzvFQ4l0nRLLj_33vlCg8mB1CEw_LudadzticAir3Ux3bnpno9yndUZR6w',
e: 'AQAB',
use: 'sig',
kid: 'cZNBq0YuRtJ2W9K2xSKZunnLayHcARrjcKtvbkELbdY',
alg: 'RS256',
n: 'wJ0FAxJvhTqQGORKMdYInzfjduWHmjikWPv4t-gze-NPgCawwsmOC5N5pgb2qPK_3hdvLAucm36kJyq1C9XDdmA6va51qDHWsAwOd0ob5Tm1xosiULr83KiFhGPCBsgWEPvO3vkdqEwTOq0_p55TfJFfnP5IrwrrUPPwCfDXlGc5xiV-ah4JcqlTdZTk_CfIO7zdhAJUBORam5dDoPzZ035f8GOw6k1ktcX2QxquO3zVcQ4ZOeSwve9ox2ZwNTXOassurfR8jC_E8LcytY083UJ0DdRUJ-8NKjnH_RczfKYmd8nyvjAsD4HBMu97xBat1vP975oHsVA5a9rE-j0lQw',
},
],
},
Expand Down
55 changes: 28 additions & 27 deletions examples/private-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAwJ0FAxJvhTqQGORKMdYInzfjduWHmjikWPv4t+gze+NPgCaw
wsmOC5N5pgb2qPK/3hdvLAucm36kJyq1C9XDdmA6va51qDHWsAwOd0ob5Tm1xosi
ULr83KiFhGPCBsgWEPvO3vkdqEwTOq0/p55TfJFfnP5IrwrrUPPwCfDXlGc5xiV+
ah4JcqlTdZTk/CfIO7zdhAJUBORam5dDoPzZ035f8GOw6k1ktcX2QxquO3zVcQ4Z
OeSwve9ox2ZwNTXOassurfR8jC/E8LcytY083UJ0DdRUJ+8NKjnH/RczfKYmd8ny
vjAsD4HBMu97xBat1vP975oHsVA5a9rE+j0lQwIDAQABAoIBAAtObEfk4iT47hJ3
/B72yGTIPBLzoEUeRA9xIwVwnO0Nx9Hm84NLn4nwaziiugHq1fZse7sjJ1s9UNd3
u07pimK9fVU7E27/FfIZkxPPhtmqzI/OBQKmJ0ewoL3HuVD6l8kBbwBJsUL6zDoq
h00IjzAFvI4ToyKbSnrjBtkeiRkN6BVN+tphvOWdwKTjvNxWvNMVIe/1mx92pWO8
n5s2K6GqsO70Z0fD+KeFKypl17h6jMhLAA4cdEfKJE005KBoazdkiCxtNqfi4VJJ
6Abo/u8TLmzyk/K5KG/bfh035gX4/1sV5ndU6qJQkH0VFSpsjM26QH5Fzoi4nkzT
8PcSrwkCgYEA34YEDR3P4qFp/bXOds06zcpQWfNl1o+/XXvSjO89J4HxIrgzB6L7
1jO678RK9cBJ3btf/tUrd2egwkdg6Z2ZKHd9u6NJZH0Vj/e2PkGbG0FTcDvFggft
O0+7gJZNT/s+Y1N9YyKOma4LqhmY92JwPelJ7/YBJTRsM4Ni6GZtK7cCgYEA3JlM
FnCIfk0Li5uun7Ad8d7k05zi0rKUy3St7quCJwzJ9IJMmDtS3BExpIC9nMbo4qAR
O4aPrHHDKk2iQEzg4dqQfUrb3cI08cAoqVXdpUw0Y3AJTfImeb8UznD4HyOCKK86
jpglM2e0DprMFhUCQTHvpXa/wpPWtmxYVTkiatUCgYBUhAvMGdWcz4OQFso2SWtO
nIy9NjbvZfLpmgQGnf71jUBr7FH/NTUbzPuF5SaivU4wtMSbSmbhAyHZ07tlGd3r
WyMDa744bMNWaEdUSuIm8BBog3EutWiR4Jf5Ctu4vjrcu5jRfyOEIDbw3jTkdSgT
gL4gKVhNhQDUiX1AeloVCQKBgFg65/fBopYBcrCv37P22MM4hwUsJnxm+KQ3Uqm2
5yN/NfcZdlEcyRNDvTsyUqQ12kdqBfps42HxTkHJMy/Mj9VFeazjF/UmC871ME4q
DbBjPkDXOqF2THU9O7El9ddeeFyVWTJXH+njfFyrBR1/4Zr5wgPH7wJ/5synoNzV
MTLRAoGAfzbKaTylKwTk8NYaHD1vd1ZJyEfxnGO6Bcpi10PdAaZYo+t4BFnqj4mC
lcU3j4lVuB2R5zvLeev1OY4S4pSI/diU7oReS1qEsP72y9XO1Onj7XMeel/imJdD
woPqTchUlLVjldlmf1BTor9CTHNWsaAa40kPVpdK0HEIfJOEsmg=
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDbTKOQLtaZ6U1k
3fcYCMVoy8poieNPPcbj15TCLOm4Bbox73/UUxIArqczVcjtUGnL+jn5982V5EiB
y8W51m5K9mIBgEFLYdLkXk+OW5UTE/AdMPtfsIjConGrrs3mxN4WSH9kvh9Yr41r
hWUUSwqFyMOssbGE8K46Cv0WYvS7RXH9MzcyTcMSFp/60yUXH4rdHYZElF7XCdiE
63WxebxI1Qza4xkjTlbp5EWfWBQB1Ms10JO8NjrtkCXrDI57Bij5YanPAVhctcO9
z5/y9i5xEzcer8ZLO8VDiXSdEsuP/fe+UKDyYHUITD8u51p3O2JwCKvdTHduemej
3Kd1RlHrAgMBAAECggEATWdzpASkQpcSdjPSb21JIIAt5VAmJ2YKuYjyPMdVh1qe
Kdn7KJpZlFwRMBFrZjgn35Nmu1A4BFwbK5UdKUcCjvsABL+cTFsu8ORI+Fpi9+Tl
r6gGUfQhkXF85bhBfN6n9P2J2akxrz/njrf6wXrrL+V5C498tQuus1YFls0+zIpD
N+GngNOPHlGeY3gW4K/HjGuHwuJOvWNmE4KNQhBijdd50Am824Y4NV/SmsIo7z+s
8CLjp/qtihwnE4rkUHnR6M4u5lpzXOnodzkDTG8euOJds0T8DwLNTx1b+ETim35i
D/hOCVwl8QFoj2aatjuJ5LXZtZUEpGpBF2TQecB+gQKBgQDvaZ1jG/FNPnKdayYv
z5yTOhKM6JTB+WjB0GSx8rebtbFppiHGgVhOd1bLIzli9uMOPdCNuXh7CKzIgSA6
Q76Wxfuaw8F6CBIdlG9bZNL6x8wp6zF8tGz/BgW7fFKBwFYSWzTcStGr2QGtwr6F
9p1gYPSGfdERGOQc7RmhoNNHcQKBgQDqfkhpPfJlP/SdFnF7DDUvuMnaswzUsM6D
ZPhvfzdMBV8jGc0WjCW2Vd3pvsdPgWXZqAKjN7+A5HiT/8qv5ruoqOJSR9ZFZI/B
8v+8gS9Af7K56mCuCFKZmOXUmaL+3J2FKtzAyOlSLjEYyLuCgmhEA9Zo+duGR5xX
AIjx7N/ZGwKBgCZAYqQeJ8ymqJtcLkq/Sg3/3kzjMDlZxxIIYL5JwGpBemod4BGe
QuSujpCAPUABoD97QuIR+xz1Qt36O5LzlfTzBwMwOa5ssbBGMhCRKGBnIcikylBZ
Z3zLkojlES2n9FiUd/qmfZ+OWYVQsy4mO/jVJNyEJ64qou+4NjsrvfYRAoGAORki
3K1+1nSqRY3vd/zS/pnKXPx4RVoADzKI4+1gM5yjO9LOg40AqdNiw8X2lj9143fr
nH64nNQFIFSKsCZIz5q/8TUY0bDY6GsZJnd2YAg4JtkRTY8tPcVjQU9fxxtFJ+X1
9uN1HNOulNBcCD1k0hr1HH6qm5nYUb8JmY8KOr0CgYB85pvPhBqqfcWi6qaVQtK1
ukIdiJtMNPwePfsT/2KqrbnftQnAKNnhsgcYGo8NAvntX4FokOAEdunyYmm85mLp
BGKYgVXJqnm6+TJyCRac1ro3noG898P/LZ8MOBoaYQtWeWRpDc46jPrA0FqUJy+i
ca/T0LLtgmbMmxSv/MmzIg==
-----END PRIVATE KEY-----
21 changes: 18 additions & 3 deletions index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ import {
UserinfoResponse,
} from 'openid-client';
import { Request, Response, RequestHandler } from 'express';
import { KeyInput } from 'jose';
import { JSONWebKey, KeyInput } from 'jose';
import { KeyObject } from 'crypto';
adamjmcgrath marked this conversation as resolved.
Show resolved Hide resolved

/**
* Session object
Expand Down Expand Up @@ -492,13 +493,27 @@ interface ConfigParams {
* ...
* clientAssertionSigningKey: {
* kty: 'RSA',
* n: 'u2fhZbXdBdp3_p5bVfq15LaP4iuiV9cMLYLbCPfXJEQSDyhatRmEvNLAy5twwY1GG5jKgfKa4jYIrfLVVdT252uyBhe97Lx9uB2Y8NnzEmdYVpXlnTGLo1Ts-QwLISBiDgjltoVT3p4XkEoSODWQq-4JwLgmbP1pV64IVWoyaoVXmy-_oRHVSyD57wtRBBObXHGi1xeBzSiyt0YFDxkfFcuLUSplQQbZNtjUdmH8K6zrLRUryQslUmz2XeiR6Oe6SJ_GcePpgBYTktxD7iU0X6eRheAsioF2uuw-0JKjxMK_cy3ybreE3MkpvT_88hBHqidLnHOP68XZ6bMp3XIqhQ',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ',
* d: 'Cmvt9GaHKoaqKp4qzR66k8P1P2oWxpS-aB-BR7_klm80o-QmGzEWmRuNPiVgQVs2XV2DUXOo2lCP7gB1jabgriDmjwEt_ibDRQRcV3R_WHQnzPTcBoBVWBlmbjkVu1teKJKlF5_VeKlI_SypU7fi2jTMFQwIkwIKpCYY74sOz66PMfzvY5_3B2akADygzTjWXVkw6T-koEbDBN0dSZ2xwe_HmavhlvBFQ9U7pAcujtQtDN456ZesqUs6nw8_PKWzIGgbXhHg1Ozwxjr0ZE2OPLX1huL3AqiT2fPPgyXpYRTYZ_RitXJpfS3vAqyvSVUZsqe87lx1LlwTjTKbVg__Jw',
* p: 'y5iuhteuCPZcyL7PgRrXmPYSgXc2eBTN8BWnDtHPRqDmeWzKe68usTOCUaBcHkCLvjiDMkpeSmvEWNOeH9mF2IPJp7dZMllTY4LKJxjOXRyVSeL7U0_Qmkj2Qm0UupI78lrDXhK49P6asPJiivwqeWpG8VJodXG054UmnDdIMwM',
* q: '66Rexr5EP5LrXAKRFZE-2R6CX8EgXuUtZdTsiNHsbnNzw_8IehJmCFOFMHU9ojYY7jm0cbFrZ_NqWeBG-5pcvCV5YVdydBVSNwW6ndnxnj3BGPiFQVsIESAL3nfVHZBa73VKv4AOOwsSd3w_5Kp2_tbwJrlZ17lNQa18LzIZcdc',
* dp: 'GVGVcqNjuy2YAEbqWy3RXe5MAtmmZmx_57lpmwgwdKIRx0vmKldwwQycyjXc_s4cEr3IYvqomyynsDwwz9knMfPBoh_E8eP14MwlA5OsJhwl3JhjlMq6MFWeekhCaalB1zO-U_aUFbOL3TFnW81cItk6lUwgPWq0io4ebRLa4a0',
* dq: 'SyER8q2xFs_h6GkNFuJDNnhKuvrZNkg9bC0x6QF9L03yB_hlHH6HN3phiaynpPM4iaOuS1100CTEsLkYCJoTnQ0ZoRZ_cFFn8BEMic12AqzPxwVdfxPmA4fDIP_128ItrBEqbtoGL379OUlNGbvbyq5-zOnloij7X8hPQsDnaes',
* qi: 'JTtu5XhXvr4xRg9EomRbqs5Si1nIsVLs3MVRggutGlEOvYZQZTxjEqAb6dnl-DSKEV3fSdxM_I61P0oE8eLpboTvqYoNZB4jL3CY_gS8-81SWrNqfk8z2P6UIGyRmKAfAZ2oKZZoHv2neygqD6AvKTV8AWHXTGUOw5n90YP2HMw'
* },
* }))
*
* Or KeyObject:
*
* app.use(auth({
* ...
* clientAssertionSigningKey: crypto.createPrivateKey({ key: '-----BEGIN PRIVATE KEY-----\nMIIEo...PgCaw\n-----END PRIVATE KEY-----' }),
* }))
*
* ```
*/
clientAssertionSigningKey?: KeyInput | object;
clientAssertionSigningKey?: KeyInput | KeyObject | JSONWebKey;

/**
* The algorithm to sign the client assertion JWT.
Expand Down
13 changes: 7 additions & 6 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
},
"devDependencies": {
"@types/express": "^4.17.6",
"@types/node": "^18.0.6",
"chai": "^4.2.0",
"chai-as-promised": "^7.1.1",
"connect-redis": "^5.1.0",
Expand Down