Skip to content

Commit f9c6efe

Browse files
manfredsteyermanfredsteyer
committed
updated docs
1 parent 91fa005 commit f9c6efe

26 files changed

+2821
-463
lines changed

Diff for: angular-oauth2-oidc/docs/classes/AbstractValidationHandler.html

+11-4
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>
@@ -481,7 +487,7 @@ <h3 id="methods">
481487

482488
<tr>
483489
<td class="col-md-4">
484-
<div class="io-line">Defined in <a href="" data-line="86" class="link-to-prism">src/token-validation/validation-handler.ts:86</a></div>
490+
<div class="io-line">Defined in <a href="" data-line="87" class="link-to-prism">src/token-validation/validation-handler.ts:87</a></div>
485491
</td>
486492
</tr>
487493

@@ -548,7 +554,7 @@ <h3 id="methods">
548554

549555
<tr>
550556
<td class="col-md-4">
551-
<div class="io-line">Defined in <a href="" data-line="69" class="link-to-prism">src/token-validation/validation-handler.ts:69</a></div>
557+
<div class="io-line">Defined in <a href="" data-line="70" class="link-to-prism">src/token-validation/validation-handler.ts:70</a></div>
552558
</td>
553559
</tr>
554560

@@ -609,7 +615,7 @@ <h3 id="methods">
609615

610616
<tr>
611617
<td class="col-md-4">
612-
<div class="io-line">Defined in <a href="" data-line="41" class="link-to-prism">src/token-validation/validation-handler.ts:41</a></div>
618+
<div class="io-line">Defined in <a href="" data-line="42" class="link-to-prism">src/token-validation/validation-handler.ts:42</a></div>
613619
</td>
614620
</tr>
615621

@@ -644,7 +650,7 @@ <h3 id="methods">
644650

645651
<tr>
646652
<td class="col-md-4">
647-
<div class="io-line">Defined in <a href="" data-line="36" class="link-to-prism">src/token-validation/validation-handler.ts:36</a></div>
653+
<div class="io-line">Defined in <a href="" data-line="37" class="link-to-prism">src/token-validation/validation-handler.ts:37</a></div>
648654
</td>
649655
</tr>
650656

@@ -674,6 +680,7 @@ <h3 id="methods">
674680
idTokenHeader: object;
675681
idTokenClaims: object;
676682
jwks: object;
683+
loadKeys: () &#x3D;&gt; Promise&lt;object&gt;;
677684
}
678685

679686
/**

Diff for: angular-oauth2-oidc/docs/classes/JwksValidationHandler.html

+91-13
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>
@@ -455,6 +461,9 @@ <h6><b>Methods</b></h6>
455461
<tr>
456462
<td class="col-md-4">
457463
<ul class="index-list">
464+
<li>
465+
<span class="modifier">Private</span> <a href="#alg2kty">alg2kty</a>
466+
</li>
458467
<li>
459468
<a href="#calcHash">calcHash</a>
460469
</li>
@@ -477,6 +486,39 @@ <h6><b>Methods</b></h6>
477486
<h3 id="methods">
478487
Methods
479488
</h3>
489+
<table class="table table-sm table-bordered">
490+
<tbody>
491+
<tr>
492+
<td class="col-md-4">
493+
<a name="alg2kty"></a>
494+
<b><span class="modifier">Private</span> alg2kty</b>
495+
</td>
496+
</tr>
497+
<tr>
498+
<td class="col-md-4">
499+
<span class="modifier-icon method fa fa-play lock"></span>
500+
<code>alg2kty(alg: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/string" target="_blank">string</a>)</code>
501+
</td>
502+
</tr>
503+
504+
505+
<tr>
506+
<td class="col-md-4">
507+
<div class="io-line">Defined in <a href="" data-line="99" class="link-to-prism">src/token-validation/jwks-validation-handler.ts:99</a></div>
508+
</td>
509+
</tr>
510+
511+
<tr>
512+
<td class="col-md-4">
513+
514+
<div class="io-description">
515+
<b>Returns : </b> <code>&quot;RSA&quot; | &quot;EC&quot;</code>
516+
517+
</div>
518+
</td>
519+
</tr>
520+
</tbody>
521+
</table>
480522
<table class="table table-sm table-bordered">
481523
<tbody>
482524
<tr>
@@ -494,7 +536,7 @@ <h3 id="methods">
494536

495537
<tr>
496538
<td class="col-md-4">
497-
<div class="io-line">Defined in <a href="" data-line="71" class="link-to-prism">src/token-validation/jwks-validation-handler.ts:71</a></div>
539+
<div class="io-line">Defined in <a href="" data-line="107" class="link-to-prism">src/token-validation/jwks-validation-handler.ts:107</a></div>
498540
</td>
499541
</tr>
500542

@@ -526,7 +568,7 @@ <h3 id="methods">
526568

527569
<tr>
528570
<td class="col-md-4">
529-
<div class="io-line">Defined in <a href="" data-line="78" class="link-to-prism">src/token-validation/jwks-validation-handler.ts:78</a></div>
571+
<div class="io-line">Defined in <a href="" data-line="114" class="link-to-prism">src/token-validation/jwks-validation-handler.ts:114</a></div>
530572
</td>
531573
</tr>
532574

@@ -551,7 +593,7 @@ <h3 id="methods">
551593
</tr>
552594
<tr>
553595
<td class="col-md-4">
554-
<code>validateSignature(params: <a href="../interfaces/ValidationParams.html">ValidationParams</a>)</code>
596+
<code>validateSignature(params: <a href="../interfaces/ValidationParams.html">ValidationParams</a>, retry: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/boolean" target="_blank">boolean</a>)</code>
555597
</td>
556598
</tr>
557599

@@ -686,7 +728,7 @@ <h3 id="inputs">
686728
*/
687729
gracePeriodInSec: number &#x3D; 600;
688730

689-
validateSignature(params: ValidationParams): Promise&lt;any&gt; {
731+
validateSignature(params: ValidationParams, retry: boolean &#x3D; false): Promise&lt;any&gt; {
690732
if (!params.idToken) throw new Error(&#x27;Parameter idToken expected!&#x27;);
691733
if (!params.idTokenHeader) throw new Error(&#x27;Parameter idTokenHandler expected.&#x27;);
692734
if (!params.jwks) throw new Error(&#x27;Parameter jwks expected!&#x27;);
@@ -695,23 +737,51 @@ <h3 id="inputs">
695737
throw new Error(&#x27;Array keys in jwks missing!&#x27;);
696738
}
697739

740+
console.debug(&#x27;validateSignature: retry&#x27;, retry);
741+
698742
let kid: string &#x3D; params.idTokenHeader[&#x27;kid&#x27;];
699743
let keys: object[] &#x3D; params.jwks[&#x27;keys&#x27;];
700744
let key: object;
701745

702-
if (!kid &amp;&amp; params.jwks[&#x27;keys&#x27;].length &gt; 1) {
703-
let error &#x3D; &#x27;Multiple keys but no kid in token!&#x27;;
704-
console.error(error);
705-
return Promise.reject(error);
706-
}
707-
else if (!kid) {
708-
key &#x3D; params.jwks[&#x27;keys&#x27;][0];
746+
let alg &#x3D; params.idTokenHeader[&#x27;alg&#x27;];
747+
748+
if (kid) {
749+
key &#x3D; keys.find(k &#x3D;&gt; k[&#x27;kid&#x27;] &#x3D;&#x3D; kid &amp;&amp; k[&#x27;use&#x27;] &#x3D;&#x3D; &#x27;sig&#x27;);
709750
}
710751
else {
711-
key &#x3D; keys.find(k &#x3D;&gt; k[&#x27;kid&#x27;] &#x3D;&#x3D; kid &amp;&amp; k[&#x27;use&#x27;] &#x3D;&#x3D; &#x27;sig&#x27;);
752+
let kty &#x3D; this.alg2kty(alg)
753+
let matchingKeys &#x3D; keys.filter(k &#x3D;&gt; k[&#x27;kty&#x27;] &#x3D;&#x3D; kty &amp;&amp; k[&#x27;use&#x27;] &#x3D;&#x3D; &#x27;sig&#x27;);
754+
755+
/*
756+
if (matchingKeys.length &#x3D;&#x3D; 0) {
757+
let error &#x3D; &#x27;No matching key found.&#x27;;
758+
console.error(error);
759+
return Promise.reject(error);
760+
}*/
761+
if (matchingKeys.length &gt; 1) {
762+
let error &#x3D; &#x27;More than one matching key found. Please specify a kid in the id_token header.&#x27;;
763+
console.error(error);
764+
return Promise.reject(error);
765+
}
766+
else if (matchingKeys.length &#x3D;&#x3D; 1) {
767+
key &#x3D; matchingKeys[0];
768+
}
712769
}
713770

714-
if (!key) {
771+
if (!key &amp;&amp; !retry &amp;&amp; params.loadKeys) {
772+
return params
773+
.loadKeys()
774+
.then(keys &#x3D;&gt; params.jwks &#x3D; keys)
775+
.then(_ &#x3D;&gt; this.validateSignature(params, true));
776+
}
777+
778+
if (!key &amp;&amp; retry &amp;&amp; !kid) {
779+
let error &#x3D; &#x27;No matching key found.&#x27;;
780+
console.error(error);
781+
return Promise.reject(error);
782+
}
783+
784+
if (!key &amp;&amp; retry &amp;&amp; kid) {
715785
let error &#x3D; &#x27;expected key not found in property jwks. &#x27;
716786
+ &#x27;This property is most likely loaded with the &#x27;
717787
+ &#x27;discovery document. &#x27;
@@ -732,6 +802,14 @@ <h3 id="inputs">
732802
}
733803
}
734804

805+
private alg2kty(alg: string) {
806+
switch(alg.charAt(0)) {
807+
case &#x27;R&#x27;: return &#x27;RSA&#x27;;
808+
case &#x27;E&#x27;: return &#x27;EC&#x27;;
809+
default: throw new Error(&#x27;Cannot infer kty from alg: &#x27; + alg);
810+
}
811+
}
812+
735813
calcHash(valueToHash: string, algorithm: string): string {
736814
let hashAlg &#x3D; new rs.KJUR.crypto.MessageDigest({alg: algorithm});
737815
let result &#x3D; hashAlg.digestString(valueToHash);

Diff for: angular-oauth2-oidc/docs/classes/LoginOptions.html

+59
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>
@@ -433,6 +439,9 @@ <h6><b>Properties</b></h6>
433439
<li>
434440
<a href="#customHashFragment">customHashFragment</a>
435441
</li>
442+
<li>
443+
<a href="#disableOAuth2StateCheck">disableOAuth2StateCheck</a>
444+
</li>
436445
<li>
437446
<a href="#onLoginError">onLoginError</a>
438447
</li>
@@ -488,6 +497,46 @@ <h3 id="inputs">
488497
<div class="io-description"><p>A custom hash fragment to be used instead of the
489498
actual one. This is used for silent refreshes, to
490499
pass the iframes hash fragment to this method.</p>
500+
</div>
501+
</td>
502+
</tr>
503+
504+
</tbody>
505+
</table>
506+
<table class="table table-sm table-bordered">
507+
<tbody>
508+
<tr>
509+
<td class="col-md-4">
510+
<a name="disableOAuth2StateCheck"></a>
511+
<b> disableOAuth2StateCheck</b>
512+
</td>
513+
</tr>
514+
<tr>
515+
<td class="col-md-4">
516+
<code>disableOAuth2StateCheck: <code><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/boolean" target="_blank" >boolean</a></code>
517+
</code>
518+
</td>
519+
</tr>
520+
<tr>
521+
<td class="col-md-4">
522+
<i>Type : </i> <code><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/boolean" target="_blank" >boolean</a></code>
523+
524+
</td>
525+
</tr>
526+
<tr>
527+
<td class="col-md-4">
528+
<div class="io-line">Defined in <a href="" data-line="43" class="link-to-prism">src/types.ts:43</a></div>
529+
</td>
530+
</tr>
531+
532+
<tr>
533+
<td class="col-md-4">
534+
<div class="io-description"><p>Set this to true to disable the oauth2 state
535+
check which is a best practice to avoid
536+
security attacks.
537+
As OIDC defines a nonce check that includes
538+
this, this can be set to true when only doing
539+
OIDC.</p>
491540
</div>
492541
</td>
493542
</tr>
@@ -639,6 +688,16 @@ <h3 id="inputs">
639688
* pass the iframes hash fragment to this method.
640689
*/
641690
customHashFragment?: string;
691+
692+
/**
693+
* Set this to true to disable the oauth2 state
694+
* check which is a best practice to avoid
695+
* security attacks.
696+
* As OIDC defines a nonce check that includes
697+
* this, this can be set to true when only doing
698+
* OIDC.
699+
*/
700+
disableOAuth2StateCheck?: boolean;
642701
}
643702

644703
/**

Diff for: angular-oauth2-oidc/docs/classes/NullValidationHandler.html

+6
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>

Diff for: angular-oauth2-oidc/docs/classes/OAuthErrorEvent.html

+6
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>

Diff for: angular-oauth2-oidc/docs/classes/OAuthEvent.html

+6
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,9 @@
187187
</li>
188188

189189

190+
<li class="chapter">
191+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
192+
</li>
190193

191194

192195
</ul>
@@ -366,6 +369,9 @@
366369
</li>
367370

368371

372+
<li class="chapter">
373+
<a data-type="chapter-link" href="../coverage.html" ><span class="fa fa-tasks"></span>Documentation coverage</a>
374+
</li>
369375

370376

371377
</ul>

0 commit comments

Comments
 (0)