feat: add RPError indicators for unix timestamp comparison failures

closes #250
panva · Apr 28, 2020 · fe3db5c · fe3db5c
1 parent 69214ec
commit fe3db5c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/lib/client.js b/lib/client.js
@@ -722,6 +722,9 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
     if (maxAge && (payload.auth_time + maxAge < timestamp - this[CLOCK_TOLERANCE])) {
       throw new RPError({
         printf: ['too much time has elapsed since the last End-User authentication, max_age %i, auth_time: %i, now %i', maxAge, payload.auth_time, timestamp - this[CLOCK_TOLERANCE]],
+        now: timestamp,
+        tolerance: this[CLOCK_TOLERANCE],
+        auth_time: payload.auth_time,
         jwt: idToken,
       });
     }
@@ -754,6 +757,9 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
         if (payload.iat < timestamp - 3600) {
           throw new RPError({
             printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat],
+            now: timestamp,
+            tolerance: this[CLOCK_TOLERANCE],
+            iat: payload.iat,
             jwt: idToken,
           });
         }
@@ -864,6 +870,9 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
       if (payload.nbf > timestamp + this[CLOCK_TOLERANCE]) {
         throw new RPError({
           printf: ['JWT not active yet, now %i, nbf %i', timestamp + this[CLOCK_TOLERANCE], payload.nbf],
+          now: timestamp,
+          tolerance: this[CLOCK_TOLERANCE],
+          nbf: payload.nbf,
           jwt,
         });
       }
@@ -879,6 +888,9 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
       if (timestamp - this[CLOCK_TOLERANCE] >= payload.exp) {
         throw new RPError({
           printf: ['JWT expired, now %i, exp %i', timestamp - this[CLOCK_TOLERANCE], payload.exp],
+          now: timestamp,
+          tolerance: this[CLOCK_TOLERANCE],
+          exp: payload.exp,
           jwt,
         });
       }

diff --git a/types/index.d.ts b/types/index.d.ts
@@ -779,5 +779,11 @@ export namespace errors {
      * from got.
      */
     response?: any;
+    now?: number;
+    tolerance?: number;
+    nbf?: number;
+    exp?: number;
+    iat?: number;
+    auth_time?: number;
   }
 }