Revert "chore(deps): bump openid-client from 5.7.0 to 6.1.3 (#34)" (#35)

This reverts commit 7f9a7f9.

.github/workflows/ci.yml

@@ -24,10 +24,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          cache: "npm"
-          node-version-file: package.json
       - run: npm ci
       - name: Cypress run
         uses: cypress-io/github-action@v6

index.js

@@ -1,12 +1,15 @@
 import "dotenv/config";
 import express from "express";
-import * as client from "openid-client";
+import { Issuer } from "openid-client";
 import session from "express-session";
 import morgan from "morgan";
+import * as crypto from "crypto";
 import bodyParser from "body-parser";
-import { chain, isObject } from "lodash-es";
 
 const port = parseInt(process.env.PORT, 10) || 3000;
+const origin = `${process.env.HOST}`;
+const redirectUri = `${origin}${process.env.CALLBACK_URL}`;
+
 const app = express();
 
 app.set("view engine", "ejs");
@@ -19,35 +22,31 @@ app.use(
 );
 app.use(morgan("combined"));
 
-const objToUrlParams = (obj) =>
-  new URLSearchParams(
-    chain(obj)
-      .omitBy((v) => !v)
-      .mapValues((o) => (isObject(o) ? JSON.stringify(o) : o))
-      .value(),
-  );
-
-const getCurrentUrl = (req) =>
-  new URL(`${req.protocol}://${req.get("host")}${req.originalUrl}`);
-
-const getProviderConfig = async () => {
-  return await client.discovery(
-    new URL(process.env.PC_PROVIDER),
-    process.env.PC_CLIENT_ID,
-    {
-      client_secret: process.env.PC_CLIENT_SECRET,
-      id_token_signed_response_alg: process.env.PC_ID_TOKEN_SIGNED_RESPONSE_ALG,
-      userinfo_signed_response_alg:
-        process.env.PC_USERINFO_SIGNED_RESPONSE_ALG || null,
-    },
-  );
+const removeNullValues = (obj) => Object.entries(obj).reduce((a,[k,v]) => (v ? (a[k]=v, a) : a), {})
+
+const getMcpClient = async () => {
+  const mcpIssuer = await Issuer.discover(process.env.PC_PROVIDER);
+
+  return new mcpIssuer.Client({
+    client_id: process.env.PC_CLIENT_ID,
+    client_secret: process.env.PC_CLIENT_SECRET,
+    redirect_uris: [redirectUri],
+    response_types: ["code"],
+    id_token_signed_response_alg: process.env.PC_ID_TOKEN_SIGNED_RESPONSE_ALG,
+    userinfo_signed_response_alg:
+      process.env.PC_USERINFO_SIGNED_RESPONSE_ALG || null,
+  });
 };
 
+const acr_values = process.env.ACR_VALUES
+  ? process.env.ACR_VALUES.split(",")
+  : null;
+const login_hint = process.env.LOGIN_HINT || null;
+const scope = process.env.PC_SCOPES;
 const AUTHORIZATION_DEFAULT_PARAMS = {
-  redirect_uri: `${process.env.HOST}${process.env.CALLBACK_URL}`,
-  scope: process.env.PC_SCOPES,
-  login_hint: process.env.LOGIN_HINT || null,
-  acr_values: process.env.ACR_VALUES ? process.env.ACR_VALUES.split(",") : null,
+  scope,
+  login_hint,
+  acr_values,
   claims: {
     id_token: {
       amr: {
@@ -76,22 +75,19 @@ app.get("/", async (req, res, next) => {
 const getAuthorizationControllerFactory = (extraParams) => {
   return async (req, res, next) => {
     try {
-      const config = await getProviderConfig();
-      const nonce = client.randomNonce();
-      const state = client.randomState();
+      const client = await getMcpClient();
+      const nonce = crypto.randomBytes(16).toString("hex");
+      const state = crypto.randomBytes(16).toString("hex");
 
       req.session.state = state;
       req.session.nonce = nonce;
 
-      const redirectUrl = client.buildAuthorizationUrl(
-        config,
-        objToUrlParams({
-          nonce,
-          state,
-          ...AUTHORIZATION_DEFAULT_PARAMS,
-          ...extraParams,
-        }),
-      );
+      const redirectUrl = client.authorizationUrl(removeNullValues({
+        nonce,
+        state,
+        ...AUTHORIZATION_DEFAULT_PARAMS,
+        ...extraParams,
+      }));
 
       res.redirect(redirectUrl);
     } catch (e) {
@@ -147,32 +143,27 @@ app.post(
   "/custom-connection",
   bodyParser.urlencoded({ extended: false }),
   (req, res, next) => {
-    const customParams = JSON.parse(req.body["custom-params"]);
+    const customParams = JSON.parse(req.body['custom-params'])
 
     return getAuthorizationControllerFactory(customParams)(req, res, next);
   },
 );
 
 app.get(process.env.CALLBACK_URL, async (req, res, next) => {
   try {
-    const config = await getProviderConfig();
-    const currentUrl = getCurrentUrl(req);
-    const tokens = await client.authorizationCodeGrant(config, currentUrl, {
-      expectedNonce: req.session.nonce,
-      expectedState: req.session.state,
+    const client = await getMcpClient();
+    const params = client.callbackParams(req);
+    const tokenSet = await client.callback(redirectUri, params, {
+      nonce: req.session.nonce,
+      state: req.session.state,
     });
 
     req.session.nonce = null;
     req.session.state = null;
-    const claims = tokens.claims();
-    req.session.userinfo = await client.fetchUserInfo(
-      config,
-      tokens.access_token,
-      claims.sub,
-    );
-    req.session.idtoken = claims;
-    req.session.id_token_hint = tokens.id_token;
-    req.session.oauth2token = tokens;
+    req.session.userinfo = await client.userinfo(tokenSet.access_token);
+    req.session.idtoken = tokenSet.claims();
+    req.session.id_token_hint = tokenSet.id_token;
+    req.session.oauth2token = tokenSet;
     res.redirect("/");
   } catch (e) {
     next(e);
@@ -183,14 +174,11 @@ app.post("/logout", async (req, res, next) => {
   try {
     const id_token_hint = req.session.id_token_hint;
     req.session.destroy();
-    const config = await getProviderConfig();
-    const redirectUrl = client.buildEndSessionUrl(
-      config,
-      objToUrlParams({
-        post_logout_redirect_uri: `${process.env.HOST}/`,
-        id_token_hint,
-      }),
-    );
+    const client = await getMcpClient();
+    const redirectUrl = client.endSessionUrl({
+      post_logout_redirect_uri: `${origin}/`,
+      id_token_hint,
+    });
 
     res.redirect(redirectUrl);
   } catch (e) {

package.json

@@ -24,9 +24,8 @@
     "ejs": "^3.1.10",
     "express": "^4.21.1",
     "express-session": "^1.18.1",
-    "lodash-es": "^4.17.21",
     "morgan": "^1.10.0",
-    "openid-client": "^6.1.3"
+    "openid-client": "^5.7.0"
   },
   "devDependencies": {
     "prettier": "^3.3.3"

views/index.ejs

@@ -101,7 +101,7 @@
                 <p>
                     La liste des paramètres utilisables est disponible dans la
                     <a
-                            href="https://github.com/panva/openid-client/blob/v6.x/docs/README.md#clientauthorizationurlparameters"
+                            href="https://github.com/panva/openid-client/blob/v5.x/docs/README.md#clientauthorizationurlparameters"
                             target="_blank"
                             rel="noopener noreferrer"
                     >