UNPKG

@strongnguyen/oidc-provider

Version:

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

github.com/strongnguyen29/node-oidc-provider.git

strongnguyen29/node-oidc-provider

75 lines (59 loc) 2.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
const presence = require('../helpers/validate_presence'); const instance = require('../helpers/weak_cache'); const { UnsupportedGrantType, UnauthorizedClient } = require('../helpers/errors'); const noCache = require('../shared/no_cache'); const getTokenAuth = require('../shared/token_auth'); const { urlencoded: parseBody } = require('../shared/selective_body'); const rejectDupes = require('../shared/reject_dupes'); const paramsMiddleware = require('../shared/assemble_params'); const grantTypeSet = new Set(['grant_type']); module.exports = function tokenAction(provider) { const { params: authParams, middleware: tokenAuth } = getTokenAuth(provider, 'token'); const { grantTypeParams } = instance(provider); return [ noCache, parseBody, paramsMiddleware.bind(undefined, grantTypeParams.get(undefined)), ...tokenAuth, rejectDupes.bind(undefined, { only: grantTypeSet }), async function stripGrantIrrelevantParams(ctx, next) { const grantParams = grantTypeParams.get(ctx.oidc.params.grant_type); if (grantParams) { Object.keys(ctx.oidc.params).forEach((key) => { if (!(authParams.has(key) || grantParams.has(key))) { delete ctx.oidc.params[key]; } }); } await next(); }, async function supportedGrantTypeCheck(ctx, next) { presence(ctx, 'grant_type'); const supported = instance(provider).configuration('grantTypes'); if (!supported.has(ctx.oidc.params.grant_type) || ctx.oidc.params.grant_type === 'implicit') { throw new UnsupportedGrantType(); } await next(); }, async function allowedGrantTypeCheck(ctx, next) { if (!ctx.oidc.client.grantTypeAllowed(ctx.oidc.params.grant_type)) { throw new UnauthorizedClient('requested grant type is not allowed for this client'); } await next(); }, async function rejectDupesOptionalExcept(ctx, next) { const { grantTypeDupes } = instance(provider); const grantType = ctx.oidc.params.grant_type; if (grantTypeDupes.has(grantType)) { return rejectDupes({ except: grantTypeDupes.get(grantType) }, ctx, next); } return rejectDupes({}, ctx, next); }, async function callTokenHandler(ctx, next) { const grantType = ctx.oidc.params.grant_type; const { grantTypeHandlers } = instance(provider); await grantTypeHandlers.get(grantType)(ctx, next); provider.emit('grant.success', ctx); }, ]; };