From d5cc619cbf137c42898229546e44b8f065af6e3f Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 11 Sep 2020 08:31:01 +0200
Subject: [PATCH] fix: updated request object mime-type as per
 draft-ietf-oauth-jwsreq-30

* Signed Request Object "typ" changed from `JWT` to
`oauth-authz-req+jwt` as per draft-ietf-oauth-jwsreq-30
* Encrypted Request Object "cty" changed from `JWT` to
`oauth-authz-req+jwt` as per draft-ietf-oauth-jwsreq-30
---
 lib/client.js                       |  4 ++--
 test/client/client_instance.test.js | 32 ++++++++++++++---------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/lib/client.js b/lib/client.js
index 76a564a7..9deb576e 100644
--- a/lib/client.js
+++ b/lib/client.js
@@ -1484,7 +1484,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
     let signed;
     let key;
 
-    const header = { alg: signingAlgorithm, typ: 'oauth.authz.req+jwt' };
+    const header = { alg: signingAlgorithm, typ: 'oauth-authz-req+jwt' };
     const payload = JSON.stringify(defaults({}, requestObject, {
       iss: this.client_id,
       aud: this.issuer.issuer,
@@ -1526,7 +1526,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
       return signed;
     }
 
-    const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth.authz.req+jwt' };
+    const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth-authz-req+jwt' };
 
     if (fields.alg.match(/^(RSA|ECDH)/)) {
       [key] = await this.issuer.queryKeyStore({
diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js
index e0e6b1ff..198c177e 100644
--- a/test/client/client_instance.test.js
+++ b/test/client/client_instance.test.js
@@ -1966,7 +1966,7 @@ describe('Client', () => {
       this.IdToken = async (key, alg, payload) => {
         return jose.JWS.sign(payload, key, {
           alg,
-          typ: 'oauth.authz.req+jwt',
+          typ: 'oauth-authz-req+jwt',
           kid: alg.startsWith('HS') ? undefined : key.kid,
         });
       };
@@ -2812,7 +2812,7 @@ describe('Client', () => {
         const key = k.get();
         return jose.JWS.sign(payload, key, {
           alg: 'RS256',
-          typ: 'oauth.authz.req+jwt',
+          typ: 'oauth-authz-req+jwt',
         });
       });
     }
@@ -3704,7 +3704,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((signed) => {
             const parts = signed.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'oauth.authz.req+jwt' });
+            expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'none', typ: 'oauth-authz-req+jwt' });
             const {
               jti, iat, exp, ...jwt
             } = JSON.parse(base64url.decode(parts[1]));
@@ -3725,7 +3725,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((signed) => {
             const parts = signed.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'oauth.authz.req+jwt' });
+            expect(JSON.parse(base64url.decode(parts[0]))).to.eql({ alg: 'HS256', typ: 'oauth-authz-req+jwt' });
             const {
               jti, iat, exp, ...jwt
             } = JSON.parse(base64url.decode(parts[1]));
@@ -3746,7 +3746,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((signed) => {
             const parts = signed.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'oauth.authz.req+jwt' }).and.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RS256', typ: 'oauth-authz-req+jwt' }).and.have.property('kid');
             const {
               jti, iat, exp, ...jwt
             } = JSON.parse(base64url.decode(parts[1]));
@@ -3767,7 +3767,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
           });
       });
 
@@ -3777,7 +3777,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
           });
       });
 
@@ -3791,7 +3791,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128GCMKW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
           });
       });
 
@@ -3806,7 +3806,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
           });
       });
 
@@ -3821,7 +3821,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A192CBC-HS384', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
           });
       });
 
@@ -3836,7 +3836,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A256CBC-HS512', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
           });
       });
 
@@ -3850,7 +3850,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'dir', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
           });
       });
 
@@ -3865,7 +3865,7 @@ describe('Client', () => {
           return client.requestObject({ state: 'foobar' })
             .then((encrypted) => {
               const parts = encrypted.split('.');
-              expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+              expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'PBES2-HS256+A128KW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
             });
         });
 
@@ -3879,7 +3879,7 @@ describe('Client', () => {
           return client.requestObject({ state: 'foobar' })
             .then((encrypted) => {
               const parts = encrypted.split('.');
-              expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.not.have.property('kid');
+              expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'A128KW', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.not.have.property('kid');
             });
         });
       }
@@ -3925,7 +3925,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
           });
       });
 
@@ -3935,7 +3935,7 @@ describe('Client', () => {
         return client.requestObject({ state: 'foobar' })
           .then((encrypted) => {
             const parts = encrypted.split('.');
-            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth.authz.req+jwt' }).and.have.property('kid');
+            expect(JSON.parse(base64url.decode(parts[0]))).to.contain({ alg: 'RSA1_5', enc: 'A128CBC-HS256', cty: 'oauth-authz-req+jwt' }).and.have.property('kid');
           });
       });
     });