coolaj86/keyfetch.js-ARCHIVED
1
0
Fork 0
Code Issues Pull-Requests Releases Wiki Aktivität

v1.2.1: better trusted issuer normalization

Quellcode durchsuchen
Dieser Commit ist enthalten in:
AJ ONeal 2019-03-15 13:59:55 -06:00
Ursprung e6de23532b
Commit e274e5368a
3 geänderte Dateien mit 5 neuen und 2 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

2
keyfetch-test.js
Datei anzeigen

@ -41,6 +41,8 @@ keypairs.generate().then(function (pair) {
, keyfetch.jwt.verify(jwt, { jwks: [pair.public] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['https://example.com/'] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['https://example.com'] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['example.com'] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['example.com/'] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['*'] })
, keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ['http://example.com'] })
.then(e("bad scheme")).catch(throwIfNotExpected)

3
keyfetch.js
Datei anzeigen

@ -386,7 +386,8 @@ function ecdsaAsn1SigToJwtSig(header, b64sig) {
function isTrustedIssuer(issuer) {
return function (trusted) {
if ('*' === trusted) { return true; }
// TODO normalize and account for '*'
// TODO account for '*.example.com'
trusted = (/^http(s?):\/\//.test(trusted) ? trusted : ('https://' + trusted));
return issuer.replace(/\/$/, '') === trusted.replace(/\/$/, '') && trusted;
};
}

2
package.json
Datei anzeigen

@ -1,6 +1,6 @@
{
"name": "keyfetch",
"version": "1.2.0",
"version": "1.2.1",
"description": "Lightweight support for fetching JWKs.",
"homepage": "https://git.coolaj86.com/coolaj86/keyfetch.js",
"main": "keyfetch.js",