3.0.2

CHANGELOG.md

@@ -29,6 +29,10 @@ Yay for [SemVer](http://semver.org/).
 
 <!-- TOC END -->
 ## 3.0.x
+### 3.0.2
+- [DIFF](https://github.com/panva/node-oidc-provider/compare/v3.0.1...v3.0.2)
+- base64url dependency replaced
+
 ### 3.0.1
 - [DIFF](https://github.com/panva/node-oidc-provider/compare/v3.0.0...v3.0.1)
 - dependency tree updates

README.md

@@ -1,6 +1,6 @@
 # oidc-provider
 
-[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url] [![snyk][snyk-image]][snyk-url]
+[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url]
 
 oidc-provider is an OpenID Provider implementation of [OpenID Connect][openid-connect]. It allows to
 export a complete mountable or standalone OpenID Provider implementation. This implementation does
@@ -139,8 +139,6 @@ See the list of available emitted [event names](/docs/events.md) and their descr
 [conformance-url]: https://github.com/panva/oidc-provider-conformance-tests
 [codecov-image]: https://img.shields.io/codecov/c/github/panva/node-oidc-provider/master.svg
 [codecov-url]: https://codecov.io/gh/panva/node-oidc-provider
-[snyk-image]: https://snyk.io/test/npm/oidc-provider/badge.svg
-[snyk-url]: https://snyk.io/test/npm/oidc-provider
 [npm-url]: https://www.npmjs.com/package/oidc-provider
 [openid-certified-link]: https://openid.net/certification/
 [openid-connect]: https://openid.net/connect/

lib/actions/grants/authorization_code.js

@@ -1,6 +1,6 @@
 const { get } = require('lodash');
 const assert = require('assert');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const crypto = require('crypto');
 const { InvalidGrantError } = require('../../helpers/errors');
 const presence = require('../../helpers/validate_presence');
@@ -30,7 +30,7 @@ module.exports.handler = function getAuthorizationCodeHandler(provider) {
         assert(expected);
 
         if (code.codeChallengeMethod === 'S256') {
-          expected = base64url(crypto.createHash('sha256').update(expected).digest());
+          expected = base64url.encode(crypto.createHash('sha256').update(expected).digest());
         }
 
         assert.equal(code.codeChallenge, expected);

lib/helpers/jwt.js

@@ -1,4 +1,4 @@
-const { encode, decode } = require('base64url');
+const { encode, decode } = require('base64-url');
 const { randomBytes } = require('crypto');
 const assert = require('assert');
 const epochTime = require('../helpers/epoch_time');

lib/models/base_token.js

@@ -19,7 +19,7 @@ const IN_PAYLOAD = [
 const { pick } = require('lodash');
 const constantEquals = require('../helpers/constant_equals');
 const assert = require('assert');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const uuid = require('uuid/v4');
 const { randomBytes } = require('crypto');
 
@@ -44,7 +44,7 @@ module.exports = function getBaseToken(provider) {
     constructor(payload) {
       Object.assign(this, payload);
 
-      this.jti = this.jti || base64url(uuid());
+      this.jti = this.jti || base64url.encode(uuid());
 
       this.kind = this.kind || this.constructor.name;
       assert.equal(this.kind, this.constructor.name, 'kind mismatch');
@@ -135,7 +135,7 @@ module.exports = function getBaseToken(provider) {
       });
 
       const [header, payload] = jwt.split('.');
-      const signature = base64url(randomBytes(64));
+      const signature = base64url.encode(randomBytes(64));
 
       return [`${this.jti}${signature}`, {
         header,

lib/models/client.js

@@ -4,7 +4,7 @@ const crypto = require('crypto');
 const { JWK: { createKeyStore } } = require('node-jose');
 const LRU = require('lru-cache');
 const assert = require('assert');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const httpRequest = require('../helpers/http');
 const uuid = require('uuid/v4');
 
@@ -209,15 +209,15 @@ module.exports = function getClient(provider) {
       .compact()
       .forEach((alg) => {
         if (alg.startsWith('HS')) {
-          promises.push(client.keystore.add({ alg, kty: 'oct', k: base64url(client.clientSecret) }));
+          promises.push(client.keystore.add({ alg, kty: 'oct', k: base64url.encode(client.clientSecret) }));
         } else if (alg.match(/^(?:A|PBES2.+)(\d{3})(?:GCM)?KW$/)) {
           const len = parseInt(RegExp.$1, 10) / 8;
           const key = crypto.createHash('sha256')
             .update(client.clientSecret)
             .digest()
             .slice(0, len);
 
-          promises.push(client.keystore.add({ alg, kty: 'oct', k: base64url(key) }));
+          promises.push(client.keystore.add({ alg, kty: 'oct', k: base64url.encode(key) }));
         }
         return undefined;
       })

lib/shared/find_client_id.js

@@ -1,4 +1,4 @@
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const { InvalidRequestError, InvalidClientError } = require('../helpers/errors');
 
 // see https://tools.ietf.org/html/rfc6749#appendix-B

package.json

@@ -1,6 +1,6 @@
 {
   "name": "oidc-provider",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "OpenID Provider (OP) implementation for Node.js OpenID Connect servers.",
   "keywords": [
     "auth",
@@ -44,7 +44,7 @@
     "lint"
   ],
   "dependencies": {
-    "base64url": "^2.0.0",
+    "base64-url": "^2.2.0",
     "debug": "^3.1.0",
     "delegates": "^1.0.0",
     "ejs": "^2.6.1",
@@ -57,7 +57,7 @@
     "lodash": "^4.17.10",
     "lru-cache": "^4.1.3",
     "node-jose": "^0.11.0",
-    "oidc-token-hash": "^2.0.0",
+    "oidc-token-hash": "^3.0.0",
     "raw-body": "^2.3.3",
     "uuid": "^3.2.1"
   },

test/backchannel_logout/backchannel_logout.test.js

@@ -2,7 +2,7 @@ const bootstrap = require('../test_helper');
 const sinon = require('sinon');
 const { expect } = require('chai');
 const { parse: parseUrl } = require('url');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const nock = require('nock');
 const Provider = require('../../lib');
 

test/base_token/base_token.test.js

@@ -1,7 +1,7 @@
 const sinon = require('sinon');
 const { expect } = require('chai');
 const bootstrap = require('../test_helper');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 
 const fail = () => { throw new Error('expected promise to be rejected'); };
 
@@ -32,7 +32,7 @@ describe('BaseToken', () => {
     const stored = this.adapter.syncFind(jti);
     const payload = JSON.parse(base64url.decode(stored.payload));
     payload.exp = 0;
-    stored.payload = base64url(JSON.stringify(payload));
+    stored.payload = base64url.encode(JSON.stringify(payload));
     expect(await this.provider.AccessToken.find(token)).to.be.undefined;
   });
 

test/core/implicit/id_token+token.authorization.test.js

@@ -1,7 +1,7 @@
 const bootstrap = require('../../test_helper');
 const url = require('url');
 const sinon = require('sinon');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const { expect } = require('chai');
 
 const route = '/auth';

test/dynamic_registration/dynamic_registration.test.js

@@ -1,7 +1,7 @@
 const bootstrap = require('../test_helper');
 const { expect } = require('chai');
 const sinon = require('sinon');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 
 function validateError(error) {
   const assert = error.exec ? 'match' : 'equal';

test/encryption/encryption.test.js

@@ -2,7 +2,7 @@ const bootstrap = require('../test_helper');
 const { expect } = require('chai');
 const { parse } = require('url');
 const url = require('url');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const jose = require('node-jose');
 const { privKey } = require('./encryption.config');
 const JWT = require('../../lib/helpers/jwt');

test/frontchannel_logout/frontchannel_logout.test.js

@@ -3,7 +3,7 @@ const { expect } = require('chai');
 const { cloneDeep } = require('lodash');
 const { parse: parseUrl } = require('url');
 const url = require('url');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const Provider = require('../../lib');
 
 describe('Front-Channel Logout 1.0', () => {

test/pkce/pkce.test.js

@@ -1,4 +1,4 @@
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const bootstrap = require('../test_helper');
 const { parse: parseUrl } = require('url');
 const { expect } = require('chai');

test/refresh/refresh.grant.test.js

@@ -1,6 +1,6 @@
 const bootstrap = require('../test_helper');
 const sinon = require('sinon');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const { parse: parseUrl } = require('url');
 const { expect } = require('chai');
 

test/signatures/signatures.test.js

@@ -4,7 +4,7 @@ const uuid = require('uuid/v4');
 const { decode } = require('../../lib/helpers/jwt');
 const epochTime = require('../../lib/helpers/epoch_time');
 const { expect } = require('chai');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 
 describe('signatures', () => {
   before(bootstrap(__dirname)); // this.provider, agent, this.AuthorizationRequest, wrap
@@ -136,7 +136,7 @@ describe('signatures', () => {
       const parts = this.idToken.split('.');
       const payload = JSON.parse(base64url.decode(parts[1]));
       payload.iss = 'foobar';
-      parts[1] = base64url(JSON.stringify(payload));
+      parts[1] = base64url.encode(JSON.stringify(payload));
       this.idToken = parts.join('.');
       const auth = new this.AuthorizationRequest({
         response_type: 'code',