Skip to content

Commit

Permalink
fix: updated request object mime-type as per draft-ietf-oauth-jwsreq-30
Browse files Browse the repository at this point in the history 
* Signed Request Object "typ" changed from `JWT` to
`oauth-authz-req+jwt` as per draft-ietf-oauth-jwsreq-30
* Encrypted Request Object "cty" changed from `JWT` to
`oauth-authz-req+jwt` as per draft-ietf-oauth-jwsreq-30
  • Loading branch information
@panva
panva committed Sep 11, 2020
1 parent 2afc10a commit d5cc619
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
4 changes: 2 additions & 2 deletions lib/client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1484,7 +1484,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
let signed;
let key;

const header = { alg: signingAlgorithm, typ: 'oauth.authz.req+jwt' };
const header = { alg: signingAlgorithm, typ: 'oauth-authz-req+jwt' };
const payload = JSON.stringify(defaults({}, requestObject, {
iss: this.client_id,
aud: this.issuer.issuer,
Expand Down Expand Up @@ -1526,7 +1526,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
return signed;
}

const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth.authz.req+jwt' };
const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth-authz-req+jwt' };

if (fields.alg.match(/^(RSA|ECDH)/)) {
[key] = await this.issuer.queryKeyStore({
Expand Down
32 changes: 16 additions & 16 deletions test/client/client_instance.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1966,7 +1966,7 @@ describe('Client', () => {
this.IdToken = async (key, alg, payload) => {
return jose.JWS.sign(payload, key, {
alg,
typ: 'oauth.authz.req+jwt',
typ: 'oauth-authz-req+jwt',
kid: alg.startsWith('HS') ? undefined : key.kid,
});
};
Expand Down Expand Up @@ -2812,7 +2812,7 @@ describe('Client', () => {
const key = k.get();
return jose.JWS.sign(payload, key, {
alg: 'RS256',
typ: 'oauth.authz.req+jwt',
typ: 'oauth-authz-req+jwt',
});
});
}
Expand Down Expand Up @@ -3704,7 +3704,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'oauth.authz.req+jwt' });
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'oauth-authz-req+jwt' });
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3725,7 +3725,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'oauth.authz.req+jwt' });
expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'oauth-authz-req+jwt' });
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3746,7 +3746,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((signed) => {
const parts = signed.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'oauth.authz.req+jwt' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'oauth-authz-req+jwt' }).and.have.property('kid');
const {
jti, iat, exp, ...jwt
} = JSON.parse(base64url.decode(parts[1]));
Expand All @@ -3767,7 +3767,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3777,7 +3777,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3791,7 +3791,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3806,7 +3806,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3821,7 +3821,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3836,7 +3836,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3850,7 +3850,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3865,7 +3865,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});

Expand All @@ -3879,7 +3879,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
});
});
}
Expand Down Expand Up @@ -3925,7 +3925,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
});
});

Expand All @@ -3935,7 +3935,7 @@ describe('Client', () => {
return client.requestObject({ state: 'foobar' })
.then((encrypted) => {
const parts = encrypted.split('.');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
});
});
});
Expand Down

0 comments on commit d5cc619

Please sign in to comment.