Skip to content

Commit

Permalink
fix: request object type changed from 'JWT' to 'oauth.authz.req+jwt'
Browse files Browse the repository at this point in the history 
BREAKING CHANGE: Signed Request Object "typ" changed from `JWT` to
`oauth.authz.req+jwt`

BREAKING CHANGE: Encrypted Request Object "cty" changed from `JWT` to
`oauth.authz.req+jwt`
  • Loading branch information
@panva
panva committed Sep 8, 2020
1 parent 821b93e commit 641a42f
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
4 changes: 2 additions & 2 deletions lib/client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1499,7 +1499,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
let signed;
let key;

const header = { alg: signingAlgorithm, typ: 'JWT' };
const header = { alg: signingAlgorithm, typ: 'oauth.authz.req+jwt' };
const payload = JSON.stringify(defaults({}, requestObject, {
iss: this.client_id,
aud: this.issuer.issuer,
Expand Down Expand Up @@ -1541,7 +1541,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
return signed;
}

const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'JWT' };
const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth.authz.req+jwt' };

if (fields.alg.match(/^(RSA|ECDH)/)) {
[key] = await this.issuer.queryKeyStore({
Expand Down
32 changes: 16 additions & 16 deletions test/client/client_instance.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1966,7 +1966,7 @@ describe('Client', () => {
this.IdToken = async (key, alg, payload) => {
return jose.JWS.sign(payload, key, {
alg,
typ: 'JWT',
typ: 'oauth.authz.req+jwt',
kid: alg.startsWith('HS') ? undefined : key.kid,
});
};
Expand Down Expand Up @@ -2812,7 +2812,7 @@ describe('Client', () => {
const key = k.get();
return jose.JWS.sign(payload, key, {
alg: 'RS256',
typ: 'JWT',
typ: 'oauth.authz.req+jwt',
});
});
}
Expand Down Expand Up @@ -3704,7 +3704,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'JWT' });
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'oauth.authz.req+jwt' });
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3725,7 +3725,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'JWT' });
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'oauth.authz.req+jwt' });
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3746,7 +3746,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'JWT' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'oauth.authz.req+jwt' }).and.have.property('kid');
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3767,7 +3767,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'JWT' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3777,7 +3777,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'JWT' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3791,7 +3791,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3806,7 +3806,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3821,7 +3821,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3836,7 +3836,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3850,7 +3850,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3865,7 +3865,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3879,7 +3879,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'JWT' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
});
});
}
Expand Down Expand Up @@ -3925,7 +3925,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'JWT' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3935,7 +3935,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'JWT' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
});
});
});
Expand Down

0 comments on commit 641a42f

Please sign in to comment.