deprecates requestAgentOption for requestAgent

CHANGELOG.md

@@ -1,3 +1,8 @@
+# 3.0.1
+
+- [#28](https://github.com/okta/okta-jwt-verifier-js/pull/25) - Fix for deprecated option `requestAgentOptions` in favor of `requestAgent` (via jwks-rsa)
+  - More info: https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options
+
 # 3.0.0
 
 ### Breaking Changes

lib.d.ts

@@ -11,8 +11,8 @@
  */
 
 /* eslint-disable node/no-missing-import */
-import { AgentOptions as HttpAgentOptions } from "node:http";
-import { AgentOptions as HttpsAgentOptions } from "node:https";
+import { Agent as HttpAgent } from "node:http";
+import { Agent as HttpsAgent } from "node:https";
 /* eslint-enable node/no-missing-import */
 
 export = OktaJwtVerifier;
@@ -113,13 +113,14 @@ declare namespace OktaJwtVerifier {
     jwksUri?: string;
 
     /**
-     * Additional options to pass to the jwks-rsa constructor
-     *
-     * Can be used to configure the underlying axios agent within the jwks-rsa library,
-     * for example to add additional certificate authorities without having to set the
-     * NODE_EXTRA_CA_CERTS environment variable.
+     * HttpAgent or HttpsAgent to use for requests to the JWKS endpoint. It should
+     * conform to the `HttpAgent` interface from node's `http` module or 
+     * the `HttpsAgent` interface from node's `https` module. 
+     * 
+     * Read more: https://nodejs.org/api/http.html#class-httpagent
+     * Agent example: https://github.com/TooTallNate/node-https-proxy-agent
      */
-    requestAgentOptions?: HttpAgentOptions | HttpsAgentOptions;
+     requestAgent?: HttpAgent | HttpsAgent;
   }
 
   type Algorithm =

lib.js

@@ -177,6 +177,14 @@ class OktaJwtVerifier {
       assertClientId(options.clientId);
     }
 
+    // https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options
+    if (options.requestAgentOptions) {
+      // jwks-rsa no longer accepts 'requestAgentOptions' and instead requires a http(s).Agent be passed directly
+      const msg = `\`requestAgentOptions\` has been deprecated, use \`requestAgent\` instead. 
+      For more info see https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options`;
+      throw new ConfigurationValidationError(msg);
+    }
+
     this.claimsToAssert = options.assertClaims || {};
     this.issuer = options.issuer;
     this.jwksUri = getJwksUri(options);
@@ -187,7 +195,9 @@ class OktaJwtVerifier {
       cacheMaxEntries: 3,
       jwksRequestsPerMinute: options.jwksRequestsPerMinute || 10,
       rateLimit: true,
-      requestAgentOptions: options.requestAgentOptions,
+      // https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options
+      // requestAgentOptions: options.requestAgentOptions,    !! DEPRECATED !!
+      requestAgent: options.requestAgent,
     });
     this.verifier = nJwt.createVerifier().setSigningAlgorithm('RS256').withKeyResolver((kid, cb) => {
       if (kid) {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@okta/jwt-verifier",
   "private": true,
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "Easily validate Okta access tokens",
   "repository": "https://github.com/okta/okta-jwt-verifier-js",
   "homepage": "https://github.com/okta/okta-jwt-verifier-js",

test/spec/configuration.spec.js

@@ -89,6 +89,20 @@ describe('jwt-verifier configuration validation', () => {
     expect(createInstance).toThrow();
   });
 
+  it('should throw if `requestAgentOptions` is passed', () => {
+    function createInstance() {
+      new OktaJwtVerifier({
+        issuer: 'https://foo',
+        clientId: '123456',
+        requestAgentOptions: {
+          timeout: 10000
+        }
+      });
+    }
+
+    expect(createInstance).toThrow();
+  });
+
   it('should NOT throw if clientId not matching {clientId} is provided', () => {
     function createInstance() {
       new OktaJwtVerifier({