* Abstract logout-causing error type from tokenRefreshFunction calls
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* OIDC: only pass logo_uri, policy_uri, tos_uri if they conform to "common base"
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Handle when `aud` OIDC claim is an Array
The `aud` claim of OIDC id_tokens [can be an array](ce6d694639/src/Claims.ts (L92)) but the existing logic
incorrectly assumes `aud` is always a string.
This PR adds the necessary check.
* Clarify `aud` OIDC claim check
* Fix for prettier
---------
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
* Update src with globalThis
* Update spec with globalThis
* Replace in more spec/ places
* More changes to src/
* Add a linter rule for global
* Prettify
* lint
* Fix hashed ID server lookups with no Olm
It used the hash function from Olm (presumably to work cross-platform)
but subtle crypto is available on node nowadays so we can just use
that.
Refactor existing code that did this out to a common function, add
tests.
* Test the code when crypto is available
* Test case of no crypto available
* Move digest file to src to get it out of the way of the olm / e2e stuff
* Fix import
* Fix error string & doc
* subtle crypto, not webcrypto
* Extract the base64 part
* Fix test
* Move test file too
* Add more doc
* Fix imports
* Inline subtlecrypto shim
The presence of this thing just makes code more confusing.
* Remove pre-node-20 webcrypto hack
Until node 20.0, the webcrypto API lived at `crypto.webCrypto`. It's now
available at the same place as in web -- `globalThis.crypto`.
See: https://nodejs.org/docs/latest-v20.x/api/webcrypto.html#web-crypto-api
* oidc auth test: Clean up mocking
THe previous reset code wasn't really resetting the right thing. Let's just
re-init `window.crypto` on each test.
* Remove `crypto` shim
This isn't very useful any more.
* Add `device_authorization_endpoint` field to OIDC issuer well-known metadata
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Allow `validateIdToken` to skip handling nonce when none is present
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Tweak registerOidcClient to check OIDC grant_types_supported before registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update dependency oidc-client-ts to v3
* Update jwt-decode so that oidc-client-ts doesn't run its own and thus we can mock
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Merge
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* delint
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Sort package.json
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Ensure oidc-client-ts 3.0.1 to drop crypto-js
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
* add tokenRefresher class
* export generateScope
* export oidc from matrix
* mark experimental
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* remove some vars in test
* make TokenRefresher un-abstract, comments and improvements
* remove invalid jsdoc
* Update src/oidc/tokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Code review improvements
* document TokenRefreshFunction
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use oidc-client-ts during oidc discovery
* export new type for auth config
* deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl
* testing util for oidc configurations
* test generateOidcAuthorizationUrl
* lint
* test discovery
* dont pass whole client wellknown to oidc validation funcs
* add nonce
* use oidc-client-ts for oidc response
* validate user state and update tests
* use oidc-client-ts for code exchange
* use oidc-client-ts in completing auth grant
* use client userState for homeserver
* more comments
* use oidc-client-ts during oidc discovery
* export new type for auth config
* deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl
* testing util for oidc configurations
* test generateOidcAuthorizationUrl
* lint
* test discovery
* dont pass whole client wellknown to oidc validation funcs
* add nonce
* use client userState for homeserver
* utils for authorization step in OIDC code grant
* tidy
* completeAuthorizationCodeGrant util functions
* response_mode=query
* add scope to bearertoken type
* add is_guest to whoami response type
* doc comments
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use shimmed TextEncoder
* fetchMockJest -> fetchMock
* comment
* bearertokenresponse
* test for lowercase bearer
* handle lowercase token_type
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* validate m.authentication, fetch issuer wellknown
* move validation functions into separate file
* test validateWellKnownAuthentication
* test validateOIDCIssuerWellKnown
* add authentication cases to autodiscovery tests
* test invalid authentication config on wk
* improve types
* test case for account:false
* use hasOwnProperty in validateWellKnownAuthentication
* comments
* make registration_endpoint optional
