Skip to content

Commit

Permalink
Release 2.2.0
Browse files Browse the repository at this point in the history
**Added**
- afterCallback Hook [#168](#168) ([davidpatrick](https://github.com/davidpatrick))

**Changed**
- Move transient cookies into single cookie [#171](#171) ([davidpatrick](https://github.com/davidpatrick))
  • Loading branch information
davidpatrick committed Jan 14, 2021
1 parent ac45cdd commit 71696c1
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 2 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# CHANGELOG

## [2.2.0](https://github.com/auth0/express-openid-connect/tree/v2.2.0) (2021-01-14)
[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.1.0...v2.2.0)

**Added**
- afterCallback Hook [#168](https://github.com/auth0/express-openid-connect/pull/168) ([davidpatrick](https://github.com/davidpatrick))

**Changed**
- Move transient cookies into single cookie [#171](https://github.com/auth0/express-openid-connect/pull/171) ([davidpatrick](https://github.com/davidpatrick))

## [2.1.0](https://github.com/auth0/express-openid-connect/tree/v2.1.0) (2020-12-15)
[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.0.0...v2.1.0)

Expand Down
19 changes: 19 additions & 0 deletions EXAMPLES.md
Original file line number Diff line number Diff line change
Expand Up @@ -215,4 +215,23 @@ app.use(
// auth0Logout: true // if using custom domain with Auth0
})
);
```

## 8. Validate Claims from an ID token before logging a user in

The `afterCallback` hook can be used to do validation checks on claims after the ID token has been received in the callback phase.

```js
app.use(
auth({
afterCallback: (req, res, session) => {
const claims = jose.JWT.decode(session.id_token); // using jose library to decode JWT
if (claims.org_id !== 'Required Organization') {
throw new Error('Not a part of the Required Organization');
}
return session;
}
})
);

```
28 changes: 28 additions & 0 deletions examples/validate_claims.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
const express = require('express');
const jose = require('jose');
const { auth } = require('../');

const app = express();

app.use(
auth({
authorizationParams: {
response_type: 'code id_token',
},
afterCallback: (req, res, session) => {
const claims = jose.JWT.decode(session.id_token);

if (claims.org_id !== 'Required Organization') {
throw new Error('User is not a part of the Required Organization');
}
return session;
}
})
);

app.get('/', async (req, res) => {
const userInfo = await req.oidc.fetchUserInfo();
res.send(`hello ${userInfo.sub}`);
});

module.exports = app;
1 change: 1 addition & 0 deletions middleware/auth.js
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ module.exports = function (params) {
}

if (config.afterCallback) {
session = Object.assign({}, session); // serializes session
session = await config.afterCallback(req, res, session, req.openidState);
}

Expand Down
2 changes: 1 addition & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "express-openid-connect",
"version": "2.1.0",
"version": "2.2.0",
"description": "Express middleware to protect web applications using OpenID Connect.",
"homepage": "https://github.com/auth0/express-openid-connect",
"license": "MIT",
Expand Down

0 comments on commit 71696c1

Please sign in to comment.