upgrade to pkce-challenge@4
This commit is contained in:
parent
b6f6819b76
commit
2b23120664
|
@ -128,7 +128,7 @@
|
||||||
"otpauth": "9.1.2",
|
"otpauth": "9.1.2",
|
||||||
"parse5": "7.1.2",
|
"parse5": "7.1.2",
|
||||||
"pg": "8.11.0",
|
"pg": "8.11.0",
|
||||||
"pkce-challenge": "^3.1.0",
|
"pkce-challenge": "^4.0.1",
|
||||||
"probe-image-size": "7.2.3",
|
"probe-image-size": "7.2.3",
|
||||||
"promise-limit": "2.7.0",
|
"promise-limit": "2.7.0",
|
||||||
"pug": "3.0.2",
|
"pug": "3.0.2",
|
||||||
|
|
|
@ -35,6 +35,7 @@ function getClient(): AuthorizationCode<'client_id'> {
|
||||||
return new AuthorizationCode({
|
return new AuthorizationCode({
|
||||||
client: {
|
client: {
|
||||||
id: `http://127.0.0.1:${clientPort}/`,
|
id: `http://127.0.0.1:${clientPort}/`,
|
||||||
|
secret: '',
|
||||||
},
|
},
|
||||||
auth: {
|
auth: {
|
||||||
tokenHost: host,
|
tokenHost: host,
|
||||||
|
@ -113,7 +114,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Full flow', async () => {
|
test('Full flow', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -168,8 +169,8 @@ describe('OAuth', () => {
|
||||||
test('Two concurrent flows', async () => {
|
test('Two concurrent flows', async () => {
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
const pkceAlice = pkceChallenge.default(128);
|
const pkceAlice = await pkceChallenge(128);
|
||||||
const pkceBob = pkceChallenge.default(128);
|
const pkceBob = await pkceChallenge(128);
|
||||||
|
|
||||||
const responseAlice = await fetch(client.authorizeURL({
|
const responseAlice = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -285,8 +286,9 @@ describe('OAuth', () => {
|
||||||
assert.strictEqual((await response.json() as OAuthErrorResponse).error, 'invalid_request');
|
assert.strictEqual((await response.json() as OAuthErrorResponse).error, 'invalid_request');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// TODO: Use precomputed challenge/verifier set for this one for deterministic test
|
||||||
test('Verify PKCE', async () => {
|
test('Verify PKCE', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -405,7 +407,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Partially known scopes', async () => {
|
test('Partially known scopes', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -455,7 +457,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Duplicated scopes', async () => {
|
test('Duplicated scopes', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -487,7 +489,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Scope check by API', async () => {
|
test('Scope check by API', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -527,7 +529,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Authorization header', async () => {
|
test('Authorization header', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -624,7 +626,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Invalid redirect_uri at token endpoint', async () => {
|
test('Invalid redirect_uri at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -651,7 +653,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Invalid redirect_uri including the valid one at token endpoint', async () => {
|
test('Invalid redirect_uri including the valid one at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
@ -678,7 +680,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('No redirect_uri at token endpoint', async () => {
|
test('No redirect_uri at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = pkceChallenge.default(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
|
|
|
@ -300,8 +300,8 @@ importers:
|
||||||
specifier: 8.11.0
|
specifier: 8.11.0
|
||||||
version: 8.11.0
|
version: 8.11.0
|
||||||
pkce-challenge:
|
pkce-challenge:
|
||||||
specifier: ^3.1.0
|
specifier: ^4.0.1
|
||||||
version: 3.1.0
|
version: 4.0.1
|
||||||
probe-image-size:
|
probe-image-size:
|
||||||
specifier: 7.2.3
|
specifier: 7.2.3
|
||||||
version: 7.2.3
|
version: 7.2.3
|
||||||
|
@ -7722,7 +7722,7 @@ packages:
|
||||||
/@types/http-link-header@1.0.3:
|
/@types/http-link-header@1.0.3:
|
||||||
resolution: {integrity: sha512-y8HkoD/vyid+5MrJ3aas0FvU3/BVBGcyG9kgxL0Zn4JwstA8CglFPnrR0RuzOjRCXwqzL5uxWC2IO7Ub0rMU2A==}
|
resolution: {integrity: sha512-y8HkoD/vyid+5MrJ3aas0FvU3/BVBGcyG9kgxL0Zn4JwstA8CglFPnrR0RuzOjRCXwqzL5uxWC2IO7Ub0rMU2A==}
|
||||||
dependencies:
|
dependencies:
|
||||||
'@types/node': 20.2.5
|
'@types/node': 20.3.1
|
||||||
dev: true
|
dev: true
|
||||||
|
|
||||||
/@types/istanbul-lib-coverage@2.0.4:
|
/@types/istanbul-lib-coverage@2.0.4:
|
||||||
|
@ -10660,10 +10660,6 @@ packages:
|
||||||
shebang-command: 2.0.0
|
shebang-command: 2.0.0
|
||||||
which: 2.0.2
|
which: 2.0.2
|
||||||
|
|
||||||
/crypto-js@4.1.1:
|
|
||||||
resolution: {integrity: sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==}
|
|
||||||
dev: false
|
|
||||||
|
|
||||||
/crypto-random-string@2.0.0:
|
/crypto-random-string@2.0.0:
|
||||||
resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==}
|
resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==}
|
||||||
engines: {node: '>=8'}
|
engines: {node: '>=8'}
|
||||||
|
@ -17156,10 +17152,9 @@ packages:
|
||||||
engines: {node: '>= 6'}
|
engines: {node: '>= 6'}
|
||||||
dev: true
|
dev: true
|
||||||
|
|
||||||
/pkce-challenge@3.1.0:
|
/pkce-challenge@4.0.1:
|
||||||
resolution: {integrity: sha512-bQ/0XPZZ7eX+cdAkd61uYWpfMhakH3NeteUF1R8GNa+LMqX8QFAkbCLqq+AYAns1/ueACBu/BMWhrlKGrdvGZg==}
|
resolution: {integrity: sha512-WGmtS1stcStsvRwNXix3iR1ujFcDaJR+sEODRa2ZFruT0lM4lhPAFTL5SUpqD5vTJdRlgtuMQhcp1kIEJx4LUw==}
|
||||||
dependencies:
|
engines: {node: '>=16.20.0'}
|
||||||
crypto-js: 4.1.1
|
|
||||||
dev: false
|
dev: false
|
||||||
|
|
||||||
/pkg-dir@3.0.0:
|
/pkg-dir@3.0.0:
|
||||||
|
|
Loading…
Reference in New Issue