From 8aa5ceec0492a288bef3d46b439a8a4ea4f5e719 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Fri, 7 Feb 2020 10:55:17 +0000 Subject: [PATCH 1/2] Added Express 4.17 as a peer dependency --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index a0e57e69..53e23080 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,9 @@ "test": "mocha", "test:ci": "nyc --reporter=lcov npm test" }, + "peerDependencies": { + "express": ">= 4.17.0" + }, "dependencies": { "@hapi/joi": "^16.1.8", "cb": "^0.1.0", From 5ce1ec117c253891a6768375b6f2205b2e8f68f5 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Fri, 7 Feb 2020 10:58:20 +0000 Subject: [PATCH 2/2] Corrected express version and property use in the readme --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 992c089e..a3e168d0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Express.js middleware for OpenID Relying Party (aka OAuth 2.0 Client). Easily ad This library requires: - Node v10.13 or higher -- Express v4.16 or higher +- Express v4.17 or higher **Please Note:** This library is currently in pre-release status and has not had a complete security review. We **do not** recommend using this library in production yet. As we move towards early access, please be aware that releases may contain breaking changes. We will be monitoring the Issues queue here for feedback and questions. PRs and comments on existing PRs are welcome! @@ -60,13 +60,15 @@ APP_SESSION_SECRET=LONG_RANDOM_VALUE ```js // index.js -const { auth } = require('express-openid-connect'); -app.use(auth({ - issuerBaseURL: 'https://YOUR_DOMAIN', - baseURL: 'https://YOUR_APPLICATION_ROOT_URL', - clientID: 'YOUR_CLIENT_ID', - appSessionKey: 'LONG_RANDOM_STRING' -})); +const { auth } = require("express-openid-connect"); +app.use( + auth({ + issuerBaseURL: "https://YOUR_DOMAIN", + baseURL: "https://YOUR_APPLICATION_ROOT_URL", + clientID: "YOUR_CLIENT_ID", + appSessionSecret: "LONG_RANDOM_STRING" + }) +); ``` With this basic configuration, your application will require authentication for all routes and store the user identity in an encrypted and signed cookie.