Skip to content

Commit 6437e26

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1967 from kubernetes-client/dependabot/npm_and_yarn/release-1.x/openid-client-6.1.3
build(deps): bump openid-client from 5.7.0 to 6.1.3
2 parents 10484a4 + 670a199 commit 6437e26

File tree

3 files changed

+62
-75
lines changed

3 files changed

+62
-75
lines changed

package-lock.json

Lines changed: 31 additions & 67 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@
6565
"js-yaml": "^4.1.0",
6666
"jsonpath-plus": "^10.0.0",
6767
"node-fetch": "^2.6.9",
68-
"openid-client": "^5.6.5",
68+
"openid-client": "^6.1.3",
6969
"rfc4648": "^1.3.0",
7070
"stream-buffers": "^3.0.2",
7171
"tar": "^7.0.0",

src/oidc_auth.ts

Lines changed: 30 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import https from 'node:https';
2-
import { Client, Issuer } from 'openid-client';
2+
import * as oidc from 'openid-client';
33
import { base64url } from 'rfc4648';
44

55
import { Authenticator } from './auth';
@@ -11,6 +11,29 @@ interface JwtObj {
1111
signature: string;
1212
}
1313

14+
interface Token {
15+
id_token: string;
16+
refresh_token: string;
17+
expires_at: number;
18+
}
19+
20+
interface Client {
21+
refresh(token: string): Promise<Token>;
22+
}
23+
24+
class OidcClient implements Client {
25+
public constructor(readonly config: oidc.Configuration) {}
26+
27+
public async refresh(token: string): Promise<Token> {
28+
const newToken = await oidc.refreshTokenGrant(this.config, token);
29+
return {
30+
id_token: newToken.id_token,
31+
refresh_token: newToken.refresh_token,
32+
expires_at: newToken.expiresIn(),
33+
} as Token;
34+
}
35+
}
36+
1437
export class OpenIDConnectAuth implements Authenticator {
1538
public static decodeJWT(token: string): JwtObj | null {
1639
const parts = token.split('.');
@@ -95,16 +118,16 @@ export class OpenIDConnectAuth implements Authenticator {
95118
const newToken = await client.refresh(user.authProvider.config['refresh-token']);
96119
user.authProvider.config['id-token'] = newToken.id_token;
97120
user.authProvider.config['refresh-token'] = newToken.refresh_token;
98-
this.currentTokenExpiration = newToken.expires_at || 0;
121+
this.currentTokenExpiration = newToken.expires_at;
99122
}
100123
return user.authProvider.config['id-token'];
101124
}
102125

103126
private async getClient(user: User): Promise<Client> {
104-
const oidcIssuer = await Issuer.discover(user.authProvider.config['idp-issuer-url']);
105-
return new oidcIssuer.Client({
106-
client_id: user.authProvider.config['client-id'],
107-
client_secret: user.authProvider.config['client-secret'],
108-
});
127+
const configuration = await oidc.discovery(
128+
user.authProvider.config['idp-issuer-url'],
129+
user.authProvider.config['client-id'],
130+
);
131+
return new OidcClient(configuration);
109132
}
110133
}

0 commit comments

Comments
 (0)