Skip to content

Commit 2b7aed7

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1969 from kubernetes-client/dependabot/npm_and_yarn/openid-client-6.1.3
build(deps): bump openid-client from 5.7.0 to 6.1.3
2 parents 8e6b706 + 79a319d commit 2b7aed7

File tree

3 files changed

+61
-88
lines changed

3 files changed

+61
-88
lines changed

package-lock.json

+28-81
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@
9494
"typescript": "~5.6.2"
9595
},
9696
"optionalDependencies": {
97-
"openid-client": "^5.3.0"
97+
"openid-client": "^6.1.3"
9898
},
9999
"bugs": {
100100
"url": "https://github.com/kubernetes-client/javascript/issues"

src/oidc_auth.ts

+32-6
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import https = require('https');
2-
import { Client, ClientMetadata, Issuer } from 'openid-client';
2+
import * as oidc from 'openid-client';
3+
import { ClientMetadata } from 'openid-client';
34
import request = require('request');
45
import { base64url } from 'rfc4648';
56
import { TextDecoder } from 'util';
@@ -13,6 +14,29 @@ interface JwtObj {
1314
signature: string;
1415
}
1516

17+
interface Token {
18+
id_token: string;
19+
refresh_token: string;
20+
expires_at: number;
21+
}
22+
23+
interface Client {
24+
refresh(token: string): Promise<Token>;
25+
}
26+
27+
class OidcClient implements Client {
28+
public constructor(readonly config: oidc.Configuration) {}
29+
30+
public async refresh(token: string): Promise<Token> {
31+
const newToken = await oidc.refreshTokenGrant(this.config, token);
32+
return {
33+
id_token: newToken.id_token,
34+
refresh_token: newToken.refresh_token,
35+
expires_at: newToken.expiresIn(),
36+
} as Token;
37+
}
38+
}
39+
1640
export class OpenIDConnectAuth implements Authenticator {
1741
public static decodeJWT(token: string): JwtObj | null {
1842
const parts = token.split('.');
@@ -97,22 +121,24 @@ export class OpenIDConnectAuth implements Authenticator {
97121
const newToken = await client.refresh(user.authProvider.config['refresh-token']);
98122
user.authProvider.config['id-token'] = newToken.id_token;
99123
user.authProvider.config['refresh-token'] = newToken.refresh_token;
100-
this.currentTokenExpiration = newToken.expires_at || 0;
124+
this.currentTokenExpiration = newToken.expires_at;
101125
}
102126
return user.authProvider.config['id-token'];
103127
}
104128

105129
private async getClient(user: User): Promise<Client> {
106-
const oidcIssuer = await Issuer.discover(user.authProvider.config['idp-issuer-url']);
107130
const metadata: ClientMetadata = {
108131
client_id: user.authProvider.config['client-id'],
109132
client_secret: user.authProvider.config['client-secret'],
110133
};
111-
112134
if (!user.authProvider.config['client-secret']) {
113135
metadata.token_endpoint_auth_method = 'none';
114136
}
115-
116-
return new oidcIssuer.Client(metadata);
137+
const configuration = await oidc.discovery(
138+
user.authProvider.config['idp-issuer-url'],
139+
user.authProvider.config['client-id'],
140+
metadata,
141+
);
142+
return new OidcClient(configuration);
117143
}
118144
}

0 commit comments

Comments
 (0)