UNPKG

oauth2orize-openid

Version:

Extensions to support OpenID Connect with OAuth2orize.

github.com/jaredhanson/oauth2orize-openid

jaredhanson/oauth2orize-openid

87 lines (73 loc) 2.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/** * Module dependencies. */ var AuthorizationError = require('../errors/authorizationerror'); /** * Parse request parameters defined by OpenID Connect. * * This module is a wildcard parser that parses authorization requests for * extensions parameters defined by OpenID Connect. * * Examples: * * server.grant(openid.extensions()); * * References: * - [OpenID Connect Basic Client Profile 1.0 - draft 28](http://openid.net/specs/openid-connect-basic-1_0.html) * - [OpenID Connect Implicit Client Profile 1.0 - draft 11](http://openid.net/specs/openid-connect-implicit-1_0.html) * - [OpenID Connect Messages 1.0 - draft 20](http://openid.net/specs/openid-connect-messages-1_0.html) * * @return {Object} module * @api public */ module.exports = function() { function request(req) { var q = req.query , ext = {}; // TODO: Only parse these if scope includes `openid` function parse(param, split) { if (!q[param]) { return; } if (typeof q[param] !== 'string') { throw new AuthorizationError('Failed to parse ' + param + ' as string', 'invalid_request'); } return (split) ? q[param].split(' ') : q[param]; } ext.nonce = parse('nonce'); ext.display = parse('display') || 'page'; if (q.prompt) { ext.prompt = parse('prompt', true); } if (q.max_age) { ext.maxAge = parseInt(q.max_age); } if (q.ui_locales) { ext.uiLocales = parse('ui_locales', true); } if (q.claims_locales) { ext.claimsLocales = parse('claims_locales', true); } ext.idTokenHint = q.id_token_hint; ext.loginHint = q.login_hint; if (q.acr_values) { ext.acrValues = parse('acr_values', true); } if (q.claims) { try { ext.claims = JSON.parse(q.claims); } catch (_) { throw new AuthorizationError('Failed to parse claims as JSON', 'invalid_request'); } } if (q.registration) { try { ext.registration = JSON.parse(q.registration); } catch (_) { throw new AuthorizationError('Failed to parse registration as JSON', 'invalid_request'); } } // NOTE: The below parameters should be implemented in a separate extension, tracking // the following IETF draft: // https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-06 // http://openid.net/specs/openid-connect-core-1_0.html#JWTRequests // TODO: Add support for "request" parameter // TODO: Add support for "request_uri" parameter if (ext.prompt && ext.prompt.length > 1) { if (ext.prompt.indexOf('none') != -1) { throw new AuthorizationError('Prompt includes none with other values', 'invalid_request'); } } return ext; } var mod = {}; mod.name = '*'; mod.request = request; return mod; }