diff --git a/.version b/.version index 3a285c2b..aa6c8967 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -v3.1.0 \ No newline at end of file +v3.2.0 \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index b1659047..f007d7c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## [v3.2.0](https://github.com/auth0/express-openid-connect/tree/v3.2.0) (2026-07-03) +[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v3.1.0...v3.2.0) + +**Added** +- feat(customTokenExchange): promote actor_token, organization, requested_token_type to first-class options [\#834](https://github.com/auth0/express-openid-connect/pull/834) ([cschetan77](https://github.com/cschetan77)) + ## [v3.1.0](https://github.com/auth0/express-openid-connect/tree/v3.1.0) (2026-06-30) [Full Changelog](https://github.com/auth0/express-openid-connect/compare/v3.0.0...v3.1.0) diff --git a/docs/assets/navigation.js b/docs/assets/navigation.js index 9322b0db..7fb2a788 100644 --- a/docs/assets/navigation.js +++ b/docs/assets/navigation.js @@ -1 +1 @@ -window.navigationData = "eJyV1FFPwjAQB/Dv0mciQhSVNyQ8mJhIxDfjQ+0O1qy0o3dNUON3NwyUDrrbfN39++vaa/v6JQi2JMZiAYja2dm21B6ymffOi54oJeViLJSRiID9ROgip7URPVFom4nxYHj73fszJ0oB4osrwB4tbQn8UirAflSvM8PrUcwEyp3Xn5K0s3Pp5RoIPKbJdJbj76UqVC6tBfPoVi7QU7kbnPabwtwEU2nMu1QF555kWM7ZpV5Va2uwogAPuUJDB+40xqIBya2rns62u51aAbvuxjg3yaNbacuxcaAFaml45y4/lWB19gybAEhJqpY4o3r7WybGIoPSg5IEmUj4WDqLwE6wj/x7hmdYesCcOQq1BLcZh0VOna0+pK04wmP7BfFaLcNxh0csyRxqHYa3XptErgO7IOfTzY0DXaG5/DBOZq3eIcextSvKnsJkspVueddPMhz3kFXhqZE6bg19lID9WvFEuby7GVwPI0kSwbqkhTZgqXpSjtwyWFW9Cf3zVN0dXcVkoDyJBMqZYWr3v9McVJEafKy2EbNNkAYbjX25DXmwyoQMmpnfAAN52ATtAScN+xHXz5i3H7llCgQ=" \ No newline at end of file +window.navigationData = "eJyV1ctOwzAQBdB/8bqiUPHsDqoukJBAlB1iYZxpY8WxU89YKiD+HTUp1GmdSdh2ro87fuX1SxBsSEzFAhC1s/NNpT1kc++dFyNRScrFVCgjEQHHidBJTqURI1Fom4np2eT6e/Rn3ioFiC+uALu3tCXwS6kAx1G9zUwuLlsMzYzUZYfRFFkgUO68/pSknX2SXpZA4DHtpbMcfydVoXJpLZgHt3KBHqvt4LTfFeYmmElj3qUqOPcgw3LOLvWq7q3DigI85AoNA7jDGIsGJFfWh2K+2a7UCti+O+PcJA9upS3HxoEeqGfDB+/yYwVWZ8+wDoCUpFqJI2rUXFMxFRlUHpQkyETCx8pZBHaCJvLvGZ5h6QFz5ii0Etxi7JqcOVv/kLbiCI81DfFaK8Nxu1cwyexqA4b3XptEbgC7IOfTmxsHhkJP8sM4mfV6uxzHtq4oewqTyV66510/yHDcfVaH689KhNFHBThuFQ+U05urs4tJJEkiKCtaaAOW6idlzy2DVfWbMD5Otd3L85gMlCeRQDkzTG3/7ywHVaQG76t9xHwdpMFOoyn3IfdWmZBBN/MbYCAP66A94G3HesT1I+btB7n9H2k=" \ No newline at end of file diff --git a/docs/assets/search.js b/docs/assets/search.js index 4fc01c1d..ddeb4353 100644 --- a/docs/assets/search.js +++ b/docs/assets/search.js @@ -1 +1 @@ -window.searchData = "eJy1nVuP2ziygP+L+9UnUemufstms0Cws8ginTkvjaCh2IxbG7fk0WVOcoL89wUpyS6SRbkka54StFUXkh9vVRT1c1NX/9ds7h9/br4V5X5zD3663ZT5i9jcbx5E0xRV+e77qajF/l1dV/Vmu+nq4+Z+szvmTSOa18Qzr57bl+NmOz6yud9sfm1H/RH4Z/27qmzautu1M/Te6ULIxnZzymtRtg7HLy6A54fIh72YY1w9fbNV9Q/b6vD0zVabNm+7hm/3/PxKlt/Oqute5oYa96P47MCb3U40zafqmyjPHhRlK+qv+U40r9HPk/RqhcqV0FPLVXpnCNBlwp46DAtV3uap4JnVHl9stGiGambZLBpxfnqxSVVRT+2Pk2DZ1B6fY9T3wsugV4uvtWieWRYvz84yh7ns2ueqLv4/b4uq/Hde5y+iFXVDWqcfncNr/fRnfuzEbPV3mqijrI6SuJzp9oUod3TLTrpyEVzFkd0xL17m18hZbEUnno7VLj8uaB5LfCWnClG2TwXd46f9uUiu40q1F0+75/x4FOVhPjOW+F/g1NOLaJ+rBXXl0LKKi/uiOR3zH7Odusit4kax7ye9p+eibGc7Y0qv4tKxOhQL/dFEV3HmJf/+lC/g+iK3ihtltWRAHqVWceFUVy+n+U1yFlvFiVrsi1rs2qeuLma7Ygiv5NChaNpaPb3AIU14JYf+6EQzv50ucmu6sbCdsOxK7jRVVy/oQkhwLUdOVdmIpxe845rhjSa9rkvO5TzLpenV/TyXml21wJVRah0X2rxd4MIgtYoLXbF42amJLnUG74b+lu++7Z7zshTH36pD1bUfTlKO9Mz1LH8/VDS/VYeD2H/oyIFs0sBd0RyVcNW5RzNncRwOVeVvcmkx35mqPA6CKzpSda0zXsJwp+ra6UDHXKeatqrJvjLtzCi22AkM6Nv8ePyS775NcGk8wsdxXDj8Tk9mlN7zYmNqEjN9ngq2vCv3p6ooW9VT2cXrIy9ikD2NsnPd0Sq6Kr8Whwk30O8zIiBfW1GPDrDU3imR3UXEUSjsrst424qXU/tQHEXZOjs64UEv1yi56X7OcqNrn72edaZ9KXAcBW4zrE8FvJa90wSv0cV05KP4o3MFM2kP6ovEctNfzOGGZx+JrdAQX/JG/P7xN67pRsjHbjHYh4PeNI2oZRM+FIeyKA9vjgeeC714Poo3vXiuxNd26p+CDJZwnfom3DGTGU517fO/nNEkpy9d+3wlesR34f3f55ieCPTxTT6IXS2YHaKXaEaJW0xXu2+fqqOoc0fsgzJe7b61SOYG813TVi//EO2OTDgQtpXA10FgueF90eyqP0X9422+exb/yr+/ocNPtgdnyZ2UfMm/TwWgOK6IMv9yFJ/EUbyItmZ2v16oRUI3OCDzhh/KcUqQvY/phBSsynFmyHvB5Y4cRL8ueHDtCm0XDqJfEkxvCTnGn9v29Kl4EexJSQq0Z4HbDP/eiPrNQdDBWNp014g6H0SWGy/2cvhqf7yVGZR/FMdW1DwXRkGVevk6Ct7iyGnOiqDYn1ZYCRR7tcObOyEXe7XgX2kiLpqmE/Xf5ixKepE1liZHcch3Px7yF/FQtOJtVX0rmD2vl2zyF9EUrdiNkje4otpzzsK4l1hhRXzqmud+4Duvsz/24VGmJ70CbaFeXxQsd6yuupYOTNk+nJ9dbq6ZsQRZYfHR9MdXuPbGh5cb5O7xLeOzNvgcR+q8bPKd5GROn0NiyzqcHmKQGq4HGsyn+OGGffWSu3b5pNa7s4SrVJbLE5Pqh/LoWE3RxqVM1cvcav6Uu9ZQtOnh+VvNNsM4Psf0OIKvYV7sOjpE6TQ+StxqWvWMwrmAoq1joQUOaJ1J7UvUauLddxmqOIipGKnz6RmxvIkDRFf0Xz9DNFEc55m8ts6X+DIKruWIM6t1zZHpxNYCR7ov/5F5cOf5yKsOGQr+Esec+chZ3k3nJVku4t6kdoET/Qf/PqfHsAKwlvJZAVjNdWemo+3q8lPFs94/3VY3meyj5zyD52dnmTPabzp5uTBjeW2LQKS/WHsEVv7tSquZhjnNdjXf9uEkymL/0X3aRHuAX5FVsd/x1N0Nj9Jl0P2bLkN/gmHKav/EeqVA+njFGFyky/GxP+zspk97gF8K5qbE1j5rV6J77yqhase3VdmK7yRu+hNzXxVwptMJtcPLAtNzn+HwZJBZm364TvSifT1fRG9xZgg5cR0YQk3rGH3rPOo9YfrKQW+mA40MrsiI4S5v6awj6UKTG2K3ODG8rTCr/geZNRpBBmy5ZodnZ5rT3uNQORIZV35ffiXnLMquEpLGi15orgPaYNKPppOjifYIfzjZTRxhoJTeXT3AYHo7dWqabXX6sALfpCMq7rI5FRV3G8Vt9+AOzA0/rfeWGFbIe0Ns9O7K22E5WWmaOe3RRcbGs/lXTaEHFxkaBiKmNfPpRSYb/HZh8+Z6dQ4CQ60ur9TpjalmkrH7tI0RqF8LgxKPzegCX5rq2LXi7537CLvLwN0ovO+uHGGnSuJ8c8cVc3a6cSXePMP4Qa61Z9keJW42rb12zLHMefOYlcfpU+Qy0Sj2g9yDPJjpjv47fRp0NUrX0OXUIc/1mqiujseiJLOhbrfOMmuZX9RdBtk1e4us6RvbTKr4a5rKeSrY7cvkgeBp08TI+XDFAfX75FipLVv3omnriszbWArvLg9PFqZ30WHwQCc8bWOHiWwnx1DDNdQsMORol3/nP45VPjXa4sdmLMCvdQFLLXMC0bx2pRXzlsw0OE1Lgf+BNUw/i3xP7+Kcxs8iS4zjdtUCGFPhNPLB9RbsbvW85TtdjkWL+QlXGEv7WY5MLfQn3Li67J/nhDz3s7+SuJnyhpBfwa2re5MJl3g7lVnuODOAE25MJ/9mmV/cOis0izVeoFfOXM4Yb7W5Z+ksgehyedF7MqYovW9ea79Nao1Z74d87Up16KV5bT/EVo+PtSKFXfvMVaFCoW+fBQo8XRRdfpyl7t0fXX5sXPr6X2cpfF/ujt1eOFWOv3OVjtuNN3T94Z8plZ+3m6Lci++b+5+bP0WtduL3G/9V8CrbbDdfC3Hcy+u3xq3Zrnp56ZOP+2rXqf9+Hh77XyHvvJIP90+/9jbbR28bxq+iBD5/3j6OwuoH9YdRx+UvShA220egBMESBE3Q32wffUrQtwR9TTDYbB+DbQivwjjQBANLMNAEw832MaQshpZgqAlGm+1jRAlGlmCkCcab7WNMuRpbgrEmmGy2j8k2SF95WaoJJpZgogmmm+1jSrmaWoKpJphtto8ZJZhZgpkOgOQBPMpZsOEBgx6FD80PAZBOEEgugGQIbIhApwgkGxCQwjZIoJMEkg8IqZYFGybQaQLJCJA8gQ0U6ESB5ARiUtiGCnSqQLICCSlsgwU6WSB5AZItsOECnS6QzADJF9iAgU6YL5nxydHJtwnzdcJ8yYxPEubbhPnGGKUGKXqUIoYpnTBfMuOThPk2Yb5OmC+Z8cnRyrcJ83XCfMmMTxLm24T5OmG+ZMYnCfNtwnydMF8y45OE+TZhvk6YL5nxScJ8mzBfJ8yXzPgkYb5NmK8TFkhmApKwwCYs0AkLJDMBSVhgExbohAWSmYAkLLAJC4yZUE2FATX0BsRkqBMWSGYCkrDAJizQCQskMwFJWGATFuiEBZKZgCQssAkLdMICyUxAEhbYhAU6YYFkJiAJC2zCAp2wQDITkIQFNmGBTlgomQk9asYIbcJCnbBQMhOShIU2YaFOWCiZCUnCQpuwUCcslMyEJGGhTVhorLfUgotecRFLLp2wUDITkoSFNmGhTlgomQnJlVdoExbqhIWSmZAkLLQJC3XCQslMmJKWbcJCnbBQMhOShIU2YaFOWCSZicgxLLIJi3TCIslMRBIW2YRFOmGRZCYiCYtswiKdsEgyE5GzZGQTFumERZKZiCQssgmLjFW9WtbT63piYa8TFklmInIMi2zCIp2wSDITkYRFNmGRTlgkmYnIMSyyCYt0wiLJTEQSFtmERTphsWQmJgmLbcJinbBYMhOThMU2YbFOWCyZiUnCYpuwWCcslszEJGGxTVisExZLZmKSsNgmLNYJiyUzMUlYbBMWG3tHtXkkCYuJ7aNOWCyZiUnCYpuwWCcslszEJGGxTVisExZLZmKSsNgmLNYJSyQzCTlLJjZhiU5YIplJSMISm7BEJyyRzCQkYYlNWKITlkhmEpKwxCYs0QlLJDMJuZdMbMISnbAkcs7PiU1YohOWSGYSEs/EJiwxIhQqREHimRBBCp2wRDKTkHgmNmGJTlgimUlIPBObsEQnLFWEkXimNmGpTlgqmUnJATC1CUt1wlLJTErimdqEpTphqWQmJfFMbcJSnbBUMpOSeKY2YalOWBo5Qx2pTViqE5ZKZlJy9ExtwlKdsDRx7m5Sm7DUiIOpQBjJdkqEwnTCUslMSrKd2oSlOmGZZCYl2c5swjKdsAycy8fMJizTCcsUYbSwTVimE5YpwugIoE1YphOWSWYysmNkNmGZTlgWOQf9zCYs0wnLYneZbcIynbBMMpORXTKzCct0wjLJTOaTlm3CMiPaqsKtZJfMiICrGXH1nKb733Rx9LdBXnKTkd2y/82UN+Kunu+cdfrfTHkj9OpJejI6AuoRwVfPiL56oSuu3v9kihvxV08ilNExVI+IwHpGCNaTFGV0GNUjgrCeEYX1FHYks/1vprwRiPUUeXQw1SNCsZ4Ri/VUMNYju2v/o6nA4G8I+TvC9gSAVtRfhf09OnRPBv4NAvvQv0eH76ngvxn978P/Ht0HqASAmQHoUwAeDTGVBDCzAH0awKMxpBIBZiZABffphSNQuQAzGQDOJBNQ2QAzHdDnA7yEtk9gaKYE+pyAR/cDKitgpAXA7zHMSAVEZgCM1AD4ffaJ7ghEdgCM9AD4vjv3RSQIwMgQgAr6gyP/RSQJwMgSgAr8gysHRlBoZApABf8ByHwqEMkCMLIFoBIAAHRHIhIGYGQMQCUBHPYJDI2cAag0ADjSaUTaAIy8AahUADhSakTqAIzcAah0ADjSakT6AIz8AQQ9hnRqjUghgJFDAJUWoIPLQGQRwEgjQNBjSM8oRCYBjFQCqOwA0Ck6ILIJYKQTQGUIgE7TAZFRACOlACpLAHSqDoisAhhpBVCZAqDTdUBkFsBILUCQTvQkIrsARnoBVMYA6JwfEBkGMFIMoLIGQOf9gMgygJFmAJU5ADr3B0SmAYxUA6jsAT2lELkGMJINEAYTUwqRbwAj4QBhODGlEDkHMJIOEPYc0n2ZyDuAkXgAlUtwzUlE7gGM5AOE7l0vEOkHMPIPEKbuKYnIQICRgoCwp5AejIgsBBhpCFCZBcfqlkhEgJGJAJVcoHM3QOQiwEhGQNSfCqEHMyIfAUZCAqL+ZAg9mBE5CTCSEqDyDEBnhIHIS4CRmACVawA6KwxEbgKM5ASofAME9GBG5CfGv6kDZn+KuhX79/1Bs8fHjf3S1M/N03AODS5fYPy5kYuL+5+/fl1Ont3//IUOn8nfpFn9ZPNFWXJRlfSictHZ/yf0Z6i2NMcXzfGg0OP6evlYGSp2gEod8BTpd39fdIXRRVcY8XQRt3gjhai04VjcCHiaz5cZocKGqLBhL5gyHVXnHJEqP0O6Imab4jvDUTERLmHC1qTfPTOc5sUeYp4XatU0Xt5a+bkJ015Hxm0NfFU4UolqMcxYqohbvy/6Iu+iL/KW6avGC2ouagMEYhAz1Q7XcCLnADnHqzeqm8m9/qVlmZ12VEQULkRuhUy35JHhXX/kGY8lHu4TTMekKjEcd8a6AOviDXFKV3E+6Yy14c4Q8br8eMUFUhNhLTOUXD4Ig5QhpoDHFPqAINKDRg/gjR4TV8cjWlGVMce3idvfkV4047AZMW9yR+pQZ2BjMt7OjtSgpmXzgW9bR6pQw0bchtXvTkfKUOtGzNZV36e6qEDtyGxG47uQiDU0A0C6QNmT3YCAJ1LeFLBTr6ESExRiIWSygL+bjZxCPjH19O8x4gUlXlr50bB8CbjVJvW5CpogxBImFfiKfMQXatGI6Rp1+9FFY4bHNY/ZlWyVxESVogpNec3bvxSKF0V47gx4uJ3fJ8Z68FQXMJ0hvxGA2gL1hIjp2vhFUtTdkWc+bwk03q+LAMM7GB4W1rcH0KYFuRTzXCI/IoA0og4a83oofvUTL6bw9AnDqlaGY+bo1CsPdSlm1fWXnSINiNKUN4UYdzThEuK1D/Aqa7hbA49muOP4PJ8O+sQoo6Ko0/CGBuNTDggBVKyYN7GNL11jl/CSLuSxebkRGnUY1OgJr+9qX4pA5UKjXMzD0PjwA9KFGi3mDVKXV5MxQnje7ydp2UnmaRy+DYxGKoSDz+OS/L4EKi9qzZjHF/pkBNKDwyw81s9X8qGZEA8t3iw19t4jw03gjcEk5h6X+DQFKixyM+YtJqwb+JCfeDnn8ca/oukHUl3RRQ+vP2nfnkR7d1S8gFs864V4PGTgZmXGuYxPc6DKR80a82qL/sQGUolqLuZVnRV5k8cBUI/ndXT8BXDUy/H+gzdOK0XUAhDVfMYj3+7b8qACKhqv/ZyRoQwtbTJ2NaG7h9EUglQlXi+c8dw7f/EcVTuaRnzeNKIexz0HdZxhvPF5HWj4+DnyBk1EzNh6fzUvqmnEUTau0zweBecvwaLCoY7H3JMZH3BFulCPY+4pKnW38PnD36iYaFLMeLU96hrvfkHKUBNmPMf6b04gKlHZUl5tj5+dR82PRhOfh/Tkt3OQe6i6Et4aQv8UPXISjQvMBa72oVkUh0CoMtM9w4Un+pIbj1NztFArODwt+964guMWU6m1h6wMbwq8WT4SLuIttcejtRaHomntbB6eo5ljFtEXfTRG+LwxYtBisYWq3+cWTWnajRflolrHc7PHG9vHCzmsPFaAo1TMcOXVuwYxxNhZdiU2VVfrMwjOLQS8cWgcEZ9ejIgozi0EXGoHXeZyEGcWAm5f73URTSsPgqJOz9U3flMALZUQupk/LCaYrTte2YhbEa+ZuACbdy5ifXgNzW3O4UtmaPBHdZ/w6uryXSNUVwitlIfDcDEUwgAvlobVUnpO+fNGIDuVkCCtCa+jj99OQsVDtKfMWhpvekauoKE+GXLnwMxbDepc0WzQZjrmYlW7VXivwoVYJ2pSHl32LcXYQTw1MUMVeFzUleGpOJhVWqXsNN7eiPek2jEOLm5GdA7HCZlZbtcNpri4OHDBHG3Hb80giHE4gFlnZsQwQAgzQ/ZSR6fnmNDSboYKMymH041MNQZHIWIyHBd0zBnI+IYUqmbkV8qbrKkvPiGFaOJIefOGI+yirQ6H4vr+OMLyfCU/jYKqFPWicBjEkzFx5/GqVktiUXsywPsMYB64UFpd53xwB2MeoiE+GYmGegRBwhsH0DfzUNujASXl9dmuoI5KBMghZtqg/1QGxkfbTTHmhM/bzak4iWNRis394+dfv/4LWviwTg=="; \ No newline at end of file +window.searchData = "eJy1nVuP2ziyx7+L+9UnUemuvGWzWSDYWWSRZM5LI2goNuPWxpY8usxJTpDvviAl2UWyKJdkzVOCtqpYFH+81V8Sf27q6v+azavHn5tvRbnfvAI/3W7K/CQ2rzYfRdMUVfn2+7moxf5tXVf1Zrvp6uPm1WZ3zJtGNC+Ja148t6fjZjtesnm12fzajv4j8C/+d1XZtHW3a2f4fdCNUBnbzTmvRdk6Ar+GAJ4fohj2Yk7h6uq7S1X/sEsdrr671KbN267hl3u5fqWS38y6173NHXfcj+JLAK93O9E0n6pvorxEUJStqL/mO9G8RD9P0qtVKldGTy3X6YNhQNcJR+ooWKj6Nk8Fr1jt8sWFFs1wm1llFo24XL24SHWjntofZ8EqU7t8TqG+F14HvVp8rUXzzCrxeu2s4jQu2zfHvDjRxfW/8Ylsui83HT30F7kCHsJxRNu1z1Vd/H/eFlX577zOT6IVdUOWSV86p3fVT3/mx07Mdv+gmToq6qiJK5huX4hyR3M4GcrVcJVAdrJ15t+Ri9mKQTwdq11+XNA8lvlKQRWibJ8KenyajudquU4o1V487Z7z41GUh/nMWOZ/QVBPJ9E+VwvulcPLKiHui+Z8zH/MDupqt0oYxb6fop+ei7KdHYxpvUpIx+pQLIxHM10lmFP+/SlfwPXVbpUwymrJgDxarRLCua5O5/lNcjFbJYha7Ita7Nqnri5mh2IYrxTQoWjaWl29ICDNeKWA/uhEM7+drnZrhrGwnbDtSuE0VVcv6ELIcK1AzlXZiKcT3h/OiEazXjck5+aDFdL0XmReSM2uWhDKaLVOCG3eLghhsFolhK5YvOzUTJcGg3dDf8t333bPeVmK42/Voera92dpR0bmupa/Hyqa36rDQezfd+RANlnAQ9EclXHVuUczZ3UcAVXlb3JpMT+YqjwOhisGUnWtM7vDCKfq2um0zNygmraqyb4yHcxotjgIDOib/Hj8ku++TXBpXMLHcVw4/E5PZpTfy2JjahIzY55KDb0t9+eqKFvVU9nV6/NEYrA9j7Zzw9FudFV+LQ4TYaDfZ2RAvraiHgNguX1QJruriaNSOFxX4W0rTuf2Y3EUZevs6EQEvV2j7Kb7OSuMrn32etaZ5UuD42hwX8H6VMBr2QfN8BZdzEA+iD86V+qVjqC+Wiwv+os53PDKR2YrNMSXvBG/f/iNW3Qj5GX3FNing143jahlE34sDmVRHl4fD7wQevN8NG9681yZrx3UPwWZLOEG9U24cyYzgura5385s0nOWLr2+Ub2iB/Cu7/PKXoi0ccv8qPY1YLZIXqLZrS4p+hq9+1TdRR17sh9UIVXu28tsrmj+K5pq9M/RLsj5RGibGXwdTBYXvC+aHbVn6L+8SbfPYt/5d9f0+knO4KL5U5anvLvUwkoTiiizL8cxSdxFCfR1szu1xu1yOiOAKTK+b4cpwTZ+5hBSMOqHGeGvDdcHshB9OuCj65doR3CQfRLguktIafw57Y9fypOgj0pSYP2YnBfwb83on59EHQyli66a0SdDybLCy/2cvhqfyiN7h/FsRU1L4TRUEkvX0fDewI5z1kRFPvzCiuBYq92eHMn5GKvFvwrTcRF03Si/tucRUlvssbS5CgO+e7Hx/wkPhateFNV3wpmz+stm/wkmqIVu9HyjlBUe85ZGPcWK6yIz13z3A98l3X2hz49yoykd6At1Ourg+WB1VXX0okpO4bLtcuLa2YsQVZYfDT9wzbc8saLlxfI3eNbhc/a4HMCqfOyyXeSkzl9Dpkt63B6ikF6uJ1oMK/ipxv21Sl37fJJrw8XC1etrJAnJtX35dGxmqILlzZVb3Nv8efctYaiix6uv7fYZhjH5xQ9juBrFC92HZ2idBY+WtxbtOoZhXMBRZeOjRYEoHUmtS9Rq4m332Wq4iCmcqTOq+c8zdRWtftRwRtFPOjmjtq7K3U7KKfQNSOyablrQXgTD13dDOvWc1fzwxHf2zpfEstouFYgVX3Iy2HdsiQew36tsIYllNjfSZTDz1phOnXUW3FNS6kLAum+/Ec+ebF4UDAd/CWBLW5G0ssdIeLxW+UdJkZs/PuMMZqX8recz0r5a6E7e1Lb1eWnild6f3Vb3VVkr9fwCrxcO6s4o/2m5fKFGvmtTSkhuLJ2pSzF90armQVzmu2mwvv+LMpi/8H9fJN2Af9GVsV+x3P3MFxK10GPb7oO/TMzU6X2V6xXC+SPV40hRLoeH/qXAdz0aRfwa8HcBtveZ+2D9ehdNVTt+KYqW/GdxE2/Yu6rNM4HOAi3w8s003OfEfCkrKFNP9wgetP+Pl9N7wlmSHJyAxiSm+sU+sb5csFE0TdeLWAG0Mh0nsxR7/KW1rnJEJrcMLsniOFtnln3f7BZoxGkRMAtdrh2ZnHae05KlZNKxrvyKzlnUeUqI1l40RvNDUAbTPrRdHI00S7hDye7iYdmKKcPNx+ZMaOdek6fXer04zH8Ih06jKvMKR3GXShuu4/uVPDw03pvUWKHvDcox+huvD2ZkzdNK067dFFh49sgN4tCFy4qaBiImKWZVy8qssFv3zavb9/OwWC4q8tv6vTGVCuSsfu0CyNQv5V4Jy6b0QW+NNWxa8XfO/dLE64CHkbjfXfjpQmqJs53xVwqhzOMGwrHjMIPcq09q+zR4u6i1T9zSh4M7i54eChDSttiP9h9lI8Cu/UmZ0yDr0b5Grqceqx4vSaqq+OxKEn93R3WxWat4hd1l8F2zd4i7/SdbSZd/DVN5XwO3R3L5CPo00UTI+fHGwGo3yfHSm3ZuhdNW1ekUmg5fLhePFmZPkRHgQdaYrcLO0zo65yCGm5BzYKCHO3y7/zHscqnRlt82YwF+K0uYLllTiBa1C4hO29JncZZtDT4H1ij6GeR7+ldnLPwi8mSwnG7agmMqXQaeeF6C3a3e97yna6HW8KcHYO798wqenofMREBY1cxK5CpPcZEGDd3HPOCkA+53ZL+pqIh7FcI6+a2aCIk3iZpVjhO8XEijGndcVbxi1tnhWaxhir0fqUrGOMVTvcCIUsgun5X7B2ZzpTRNy+13ya9xqyXob52pXrCq3lpX8R2j5/hRg679pnrQmVh3zwLlPO6Orr+OMvd2z+6/Ni4/PW/znL4rtwdu71wuhx/5zoddzqv6fuHf6Zcft5uinIvvm9e/dz8KWqVBHi18V8EL7LNdvO1EMe9/DLeuCvcVadTr3vuq12n/vt5uOx/hXwKRl7cX/3S22wfvW2YvPC86PPn7eNorH5Qfxh9XP+iDGGzfQTKECxD0Az9zfbRpwx9y9DXDIPN9jHYhvAizRLNMLAMA80w3GwfQ6rE0DIMNcNos32MKMPIMow0w3izfYypUGPLMNYMk832MdkG6Yso8DXDxDJMNMN0s31MqVBTyzDVDLPN9jGjDDPLMNMBkDyARwULNjxg0KPwofkhANIJAskFkAyBDRHoFIFkAwLS2AYJdJJA8gEkS2DDBDpNIBkBkiewgQKdKJCcAMkU2FCBThVIViAhS7bBAp0skLwAyRbYcIFOF0hmgOQLbMBAJ8yXzPjk6OTbhPk6Yb5kxicJ823CfGOMUoMUPUoRw5ROmC+Z8UnCfJswXyfMl8z4JGG+TZivE+ZLZnySMN8mzNcJ8yUzfkwa24T5OmG+ZMYnCfNtwnydMF8y45OE+TZhvk6YL5nxScJ8mzBfJyyQzAQkYYFNWKATFkhmApKwwCYs0AkLJDMBSVhgExYYM6GaCknCAmIy1AkLJDMBSVhgExbohAWSmSCiBv3AJizQCQskMwFJWGATFuiEBZKZgCQssAkLdMICyUxAEhbYhAU6YYFkJiAJC2zCAp2wUDITkoSFNmGhTlgomQlJwkKbsFAnLJTMhD41Y4Q2YaFOWCiZCUnCQpuw0FhvqQUXveIillw6YaFkJiQJC23CQp2wUDITkoSFNmGhTlgomQlJwkKbsFAnLJTMhCl5t23CQp2wUDITkoSFNmGhTlgkmYk8quTIJizSCYskMxFJWGQTFumERZKZiBzDIpuwSCcsksxEJGGRTVikExZJZiKSsMgmLDJW9WpZT6/riYW9TlgkmYlIwiKbsEgnLJLMRCRhkU1YpBMWSWYicgyLbMIinbBIMhORhEU2YZFOWCyZickxLLYJi3XCYslMTBIW24TFOmGxZCYmCYttwmKdsFgyE5OExTZhsU5YLJmJScJim7BYJyyWzMQkYbFNWGzsHdXmkSQsJraPOmGxZCYmCYttwmKdsFgyE5OExTZhsU5YLJmJScJim7BYJyyRzCQkYYlNWKITlkhmEpKwxCYs0QlLJDMJOUsmNmGJTlgimUlIwhKbsEQnLJHMJCRhiU1YohOWSGYSkrDEJizRCUskMwm5l0xswhIjQ5E45+eESFLohCWSmYTEM7EJS3TCEslMQuKZ2IQlOmGpIozEM7UJS3XCUslMSuKZ2oSlOmGpZCYl8UxtwlKdsFQyk5IDYGoTluqEpZKZlMQztQlLdcJSyUxK4pnahKU6YalkJiXxTG3CUp2wVDKTkgNgahOWGnkwlQgjCUuJVJhOWJo5kyypTViqE5ZJZlISz8wmLNMJyxRhdB7OJizTCcskMxmJZ2YTlumEZYFzR5fZhGU6YZlkJiPZzmzCMp2wTDKTkWxnNmGZTlgmmclItjObsEwnLEucS+bMJizTCcskM1lIGtuEZUa2VaVbyY6REQlXM+MqocnIntH/ppujvw324Jzs+t9MeyPv6vnOqve/mfZG6tWT9GR0HtIjkq+ekX31FG7kJqv/zbQ3ErCeIo7ORnpECtYzcrBePFE+kYX1jDSsp/KwHtlT+x9NB0Yq1kudk2//m2lvZGM9NcB5dN7dIxKynkGgSuPTWWgq6W9l/VXa36NT92Ti3yCwT/17dPqeSv6b2f8+/e/RDFMCgKkA9BKAR6fxKRHAVAF6GcCjezElBJhKQC8FeHQ3osQAUw3o5QCPTulTgoCpCPSSgEd3JEoUMFWBXhYAuiNQwoChDIBK9oNDQCLEATDUAfB7AcohIhEkGgoBqKQ/vYgGQiMAQyQAlfcnpT4gVAIwZAJQmX8AUg8FQikAQyoAlf0HoDsCoRaAIReAUgBA6lmUAwJDQzIApQIA0B2BUA3AkA3AT90KJCEcgKEcgN9TSHckQjwAQz2AoKeQ7kiEgACGggBBT2FG3kNCRABDRYCgl0LpjkQICWAoCRA4VXUgpAQwtARQ8gDQMhsQcgIYegIoiQBoqQ0ISQEMTQGUTAC03AaErACGrgBKKgBacgNCWgBDWwAlF9CJdiDUBTDkBVCKAdCyHRAKAxgSAyjVAGjpDgiVAQyZAZRyALR8B4TSAIbUAGGPId0RCLUBDLkBlIIAtIwHhOIAhuQAYTjRkwjVAQzZAZSSALQWCITyAIb0AEpNAFoPBEJ9AEN+AKUoAK0JAqFAgCFBgFIV6CmF0CDAECFA6QpAy4pA6BBgCBEQeRNzEqFFgCFGQAQTcxKhR4AhSIDSGIAWN4HQJMAQJUDpDK5JjdAlwBAmQGkN9HYaCGkCDG0Cosg9pxHqBBjyBEQ9hY6nTAgKDYkComRigUyoFGDIFBC5lTAghAowlAqIegzp0YwQK8BQK0AJEEBLxUAIFmAoFqBECKDlYiBECzBUC4h7DOnRjBAuwFAuQIkRQMvGQIgX49/Ug4J/iroV+3f9A4OPjxv7vbufm6fheUK5eFFlykcL5fLk1c9fv65PEL76+Qs9RCh/k8XqD8dfnSVXV0lvKpet/X/CdIZry3N89RwPDoEb6/WERVTtCNU6YjpqNQ9BgFyEGdfHrj9DEznykR+f6+b6jbWrpxTdpTSZ62l4Zhq5Q82ZMltPP9Th6itEvkJmaMTxDMghwrZHa7uRIwnL8+WLa6gV0L2DAbGU2ajqmV5MBvYV8Z1cDoNA1cxQNfme9E88DU+uowhDjO5Cr5rHyLt6jLzeR8ZsZ+0MCOQSkEtguSKOc0D+UD+LeP3M8leN34G6ug0QiAGPv8v3lVFwaDCJApYXqpvJjMq1ZYEHzOiIqFyIwgqZYcnxbdc/3o/7RIL7F2/oVq7E8Gg/9oWnrJiHhvJVXJ7qx94y7I0HxvglGeQG148Hvnm4LHKGK8hjCp0Mi/zgqjFhcJ8JgmhF40fEGz8mjvVAftGsHPFmZfuIDuQOjcNRPMOdfhcj1LQRt2nxMRrIFWpY5mRlHoqBnKHWZc4y/RH1VxdoSGSCbxz4i1yhkcdn9m/6hF7kE00BPrOfq7e97QkqRCyETBbkG+51J1dIWqdCfYrpp39dGA/TuGMGMC6RmV1J+XNVNEGIJUwq8NknaM2NWpQ7YlMfGUP19vBaF5i3z/ZJzFQpGjpSXvv2L1/jmQBPniFv/Lm8t48X9Hj9F/LuHH36C2oMhB1zyrucNY06FO7wvB4/fjkdEYbgTXm1s06VQRVDITFnX/J4GOQRLVpi3qIFv+eMuyne4vnhuMtg1nnwqd881Dt54//wSWbkAbnIeKEY30LDHRKvNJjrluEbNhh43HECXiMe9JlRJp9Rp+ERbhzSgxBAC5SYN6qOHzfA4wEe6pmTxvVb/6jF0O1JeTXTzgBC9UKjXMwboIwjfZAvnFPhVe76Hj7uJHgz6UdjJ+HV0ziCHo1UqOv5vE5MnhyE6osAi3mko8OAkB/UZWJeH758+hL3PDy2MPM+xncssTfcCDDm3JirVeLYIVRdNNrHvPWE9a1LHChOvDFzD0XTj6WaJxQWNyp0sDDavyNHAdeT9QEIPGrgpmAmGoxzl9Bci4aOhDfY0+cnIZdoVEt4vdTKvskHL1CnZwYmvdgdHd0un8eDckSsATPUpTLeiGZ3b9DzsewbRGeHMrwU9Nj3CX3nGzUcCizxhy7u8QI85d+fjBWlj3qiz5tL1OW476CuM8QT8MbqsjI2s3jN7PParv8ONrrXeC3jjas1j+mstFPMqO8xV/HGAd3IF+ovzMVNpb7kXY8fTEf1xCslj3e/R2fjp5aQN7wV9Xgc6MdyoIUOHpR5tewPKEIu0I1KeYPnua5OZ31MQXfI582BkwetoT6IkE94t348SvxJnSWOgkS4+rx1hHYqOYILDaHMHMLwwSB94MMz8xwv1KIQT/P+KNkxM9uDW3sElE/OIlh5Lat/9xo7w2MzUwSsxaFoWltG9RH5Pm8VQfRsnIBgSrGDFxMuvHUJuI2pPO3Gj1zjO4XR8GZVz7lOylBdM15HH7+SYwlueKQG5pb/5rdH8d4U1z/g9rCm6mp9kgvQDM7cJo9D9tPJSN1i+Zk56V58mW2Bl6z86ilfJC54SmHqF9czRhAiKKxs1Hg95n0bv+GKmxGv7AJmhzc/wor94S1cwFtnjIdpoikF1TLh3fzr0Xpo4kSVS3k8DJ9rQxygUTsYdvLZZTPJjM0SPRLkNeHd9fH4PlQ9dK9TbiTDp99RKGjIT8ZZiZkIHdy58u6gKYDMOUD7zPhe5TWxTzSs8WYD+7PlOEA83zGXRXhg1NnHEzxz34ydncfPuWKfeNxgys2NmUbEm4CQ2bKOTxpjt3hTHzDv3XD4FBrQ0E3LmPfMTG3ih0uYY4700elqGFowznBhyodYrmW6MTgK0agVjnta5mMUTfdFT7zgJuJ6wMfSoYZCE37GvEPEIXLIIapnxrtXjvSStgIeR7DLA1AzXJunLaFGQe0aDtNAMj7Q5/EaR9PrqH0n4MUQMJ8JU14dzzQF2iN9vJ5BnHuMJgv8OCOz1teDX9HUhXpbymugrqAeC8HP0DDHoP70HYwPnqWAcZc+bzfn4iyORSk2rx4///r1XzUIIU8="; \ No newline at end of file diff --git a/docs/classes/SessionExpiredError.html b/docs/classes/SessionExpiredError.html index c60f79ef..308b14d2 100644 --- a/docs/classes/SessionExpiredError.html +++ b/docs/classes/SessionExpiredError.html @@ -5,9 +5,9 @@
const { SessionExpiredError } = require('express-openid-connect');

app.get('/api/data', async (req, res, next) => {
try {
if (req.oidc.accessToken.isExpired()) {
await req.oidc.accessToken.refresh();
}
} catch (err) {
if (err instanceof SessionExpiredError) {
return res.oidc.login();
}
return next(err);
}
});
-

Hierarchy

Index

Constructors

Hierarchy

  • Error
    • SessionExpiredError
Index

Constructors

Properties

Constructors

Properties

code: "ERR_SESSION_EXPIRED"
name: "SessionExpiredError"
status: 401
statusCode: 401
+

Constructors

Properties

code: "ERR_SESSION_EXPIRED"
name: "SessionExpiredError"
status: 401
statusCode: 401
diff --git a/docs/functions/attemptSilentLogin.html b/docs/functions/attemptSilentLogin.html index 0a1f97f6..463de30b 100644 --- a/docs/functions/attemptSilentLogin.html +++ b/docs/functions/attemptSilentLogin.html @@ -3,4 +3,4 @@
const { attemptSilentLogin } = require('express-openid-connect');

app.get('/', attemptSilentLogin(), (req, res) => {
res.render('homepage', {
isAuthenticated: req.isAuthenticated() // show a login or logout button
});
});
-

Returns RequestHandler

+

Returns RequestHandler

diff --git a/docs/functions/auth.html b/docs/functions/auth.html index cf087842..62ea6a61 100644 --- a/docs/functions/auth.html +++ b/docs/functions/auth.html @@ -5,4 +5,4 @@
const express = require('express');
const { auth } = require('express-openid-connect');

const app = express();

app.use(
auth({
issuerBaseURL: 'https://YOUR_DOMAIN',
baseURL: 'https://YOUR_APPLICATION_ROOT_URL',
clientID: 'YOUR_CLIENT_ID',
secret: 'LONG_RANDOM_STRING',
})
);

app.get('/', (req, res) => {
res.send(`hello ${req.oidc.user.name}`);
});

app.listen(3000, () => console.log('listening at http://localhost:3000'))
-

Parameters

Returns RequestHandler

+

Parameters

Returns RequestHandler

diff --git a/docs/functions/claimCheck.html b/docs/functions/claimCheck.html index c61a09ae..b09ec635 100644 --- a/docs/functions/claimCheck.html +++ b/docs/functions/claimCheck.html @@ -2,4 +2,4 @@
const { claimCheck } = require('express-openid-connect');

app.get('/admin/community', claimCheck((req, claims) => {
return claims.isAdmin && claims.roles.includes('community');
}), (req, res) => {
res.send(...);
});
-

Parameters

Returns RequestHandler

+

Parameters

Returns RequestHandler

diff --git a/docs/functions/claimEquals.html b/docs/functions/claimEquals.html index 622d64f7..adb4cd90 100644 --- a/docs/functions/claimEquals.html +++ b/docs/functions/claimEquals.html @@ -4,4 +4,4 @@

Parameters

Returns RequestHandler

+

Returns RequestHandler

diff --git a/docs/functions/claimIncludes.html b/docs/functions/claimIncludes.html index 5e887cb2..611df07e 100644 --- a/docs/functions/claimIncludes.html +++ b/docs/functions/claimIncludes.html @@ -4,4 +4,4 @@

Parameters

Returns RequestHandler

+

Returns RequestHandler

diff --git a/docs/functions/requiresAuth.html b/docs/functions/requiresAuth.html index 9b248748..fbcf815c 100644 --- a/docs/functions/requiresAuth.html +++ b/docs/functions/requiresAuth.html @@ -3,4 +3,4 @@
const { auth, requiresAuth } = require('express-openid-connect');

app.use(
auth({
...
authRequired: false
})
);

app.get('/profile', requiresAuth(), (req, res) => {
res.send(`hello ${req.oidc.user.name}`);
});
-

Parameters

Returns RequestHandler

+

Parameters

Returns RequestHandler

diff --git a/docs/index.html b/docs/index.html index e887e4d2..42a2fc30 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1 +1 @@ -express-openid-connect
express-openid-connect
    Preparing search index...

    express-openid-connect

    Classes

    SessionExpiredError

    Interfaces

    AccessToken
    AuthorizationParameters
    BackchannelLogoutOptions
    CallbackOptions
    ConfigParams
    CookieConfigParams
    CustomTokenExchangeOptions
    LoginOptions
    LogoutOptions
    OpenidRequest
    OpenidResponse
    RefreshParams
    RequestContext
    ResponseContext
    Session
    SessionConfigParams
    SessionStore
    SessionStorePayload
    TokenExchangeResponse
    TokenParameters

    Type Aliases

    IdTokenClaims

    Functions

    attemptSilentLogin
    auth
    claimCheck
    claimEquals
    claimIncludes
    requiresAuth
    +express-openid-connect
    express-openid-connect
      Preparing search index...

      express-openid-connect

      Classes

      SessionExpiredError

      Interfaces

      AccessToken
      ActClaim
      AuthorizationParameters
      BackchannelLogoutOptions
      CallbackOptions
      ConfigParams
      CookieConfigParams
      CustomTokenExchangeOptions
      LoginOptions
      LogoutOptions
      OpenidRequest
      OpenidResponse
      RefreshParams
      RequestContext
      ResponseContext
      Session
      SessionConfigParams
      SessionStore
      SessionStorePayload
      TokenExchangeResponse
      TokenParameters

      Type Aliases

      IdTokenClaims

      Functions

      attemptSilentLogin
      auth
      claimCheck
      claimEquals
      claimIncludes
      requiresAuth
      diff --git a/docs/interfaces/AccessToken.html b/docs/interfaces/AccessToken.html index 358885d8..93a7b802 100644 --- a/docs/interfaces/AccessToken.html +++ b/docs/interfaces/AccessToken.html @@ -1,14 +1,14 @@ -AccessToken | express-openid-connect
      express-openid-connect
        Preparing search index...

        Interface AccessToken

        interface AccessToken {
            access_token: string;
            expires_in: number;
            isExpired: () => boolean;
            token_type: string;
            refresh(params?: RefreshParams): Promise<AccessToken>;
        }
        Index

        Properties

        access_token +AccessToken | express-openid-connect
        express-openid-connect
          Preparing search index...

          Interface AccessToken

          interface AccessToken {
              access_token: string;
              expires_in: number;
              isExpired: () => boolean;
              token_type: string;
              refresh(params?: RefreshParams): Promise<AccessToken>;
          }
          Index

          Properties

          access_token: string

          The access token itself, can be an opaque string, JWT, or non-JWT token.

          -
          expires_in: number

          Number of seconds until the access token expires.

          -
          isExpired: () => boolean

          Returns true if the access_token has expired.

          -
          token_type: string

          The type of access token, Usually "Bearer".

          -

          Methods

          expires_in: number

          Number of seconds until the access token expires.

          +
          isExpired: () => boolean

          Returns true if the access_token has expired.

          +
          token_type: string

          The type of access token, Usually "Bearer".

          +

          Methods

          • Performs refresh_token grant type exchange and updates the session's access token.

            let accessToken = req.oidc.accessToken;
            if (accessToken.isExpired()) {
            accessToken = await accessToken.refresh();
            }
            -

            Parameters

            Returns Promise<AccessToken>

          +

          Parameters

          Returns Promise<AccessToken>

          diff --git a/docs/interfaces/ActClaim.html b/docs/interfaces/ActClaim.html new file mode 100644 index 00000000..c93c554b --- /dev/null +++ b/docs/interfaces/ActClaim.html @@ -0,0 +1,7 @@ +ActClaim | express-openid-connect
          express-openid-connect
            Preparing search index...

            Interface ActClaim

            The act (actor) claim from an RFC 8693 delegation token exchange. +Present on TokenExchangeResponse when actor_token was provided and +the authorization server included the claim in the returned token.

            +
            interface ActClaim {
                sub: string;
                [key: string]: unknown;
            }

            Indexable

            • [key: string]: unknown
            Index

            Properties

            sub +

            Properties

            sub: string

            Subject identifier of the acting party.

            +
            diff --git a/docs/interfaces/AuthorizationParameters.html b/docs/interfaces/AuthorizationParameters.html index 773d3cbd..883cd4ed 100644 --- a/docs/interfaces/AuthorizationParameters.html +++ b/docs/interfaces/AuthorizationParameters.html @@ -1,5 +1,5 @@ AuthorizationParameters | express-openid-connect
            express-openid-connect
              Preparing search index...

              Interface AuthorizationParameters

              Authorization parameters for OpenID Connect requests.

              -
              interface AuthorizationParameters {
                  acr_values?: string;
                  audience?: string;
                  claims?: string | object;
                  claims_locales?: string;
                  client_id?: string;
                  code_challenge?: string;
                  code_challenge_method?: string;
                  display?: string;
                  id_token_hint?: string;
                  login_hint?: string;
                  max_age?: number;
                  nonce?: string;
                  prompt?: string;
                  redirect_uri?: string;
                  registration?: string;
                  request?: string;
                  request_uri?: string;
                  resource?: string | string[];
                  response_mode?: string;
                  response_type?: string;
                  scope?: string;
                  state?: string;
                  ui_locales?: string;
                  [key: string]: unknown;
              }

              Indexable

              • [key: string]: unknown
              Index

              Properties

              interface AuthorizationParameters {
                  acr_values?: string;
                  audience?: string;
                  claims?: string | object;
                  claims_locales?: string;
                  client_id?: string;
                  code_challenge?: string;
                  code_challenge_method?: string;
                  display?: string;
                  id_token_hint?: string;
                  login_hint?: string;
                  max_age?: number;
                  nonce?: string;
                  prompt?: string;
                  redirect_uri?: string;
                  registration?: string;
                  request?: string;
                  request_uri?: string;
                  resource?: string | string[];
                  response_mode?: string;
                  response_type?: string;
                  scope?: string;
                  state?: string;
                  ui_locales?: string;
                  [key: string]: unknown;
              }

              Indexable

              • [key: string]: unknown
              Index

              Properties

              acr_values?: string
              audience?: string
              claims?: string | object
              claims_locales?: string
              client_id?: string
              code_challenge?: string
              code_challenge_method?: string
              display?: string
              id_token_hint?: string
              login_hint?: string
              max_age?: number
              nonce?: string
              prompt?: string
              redirect_uri?: string
              registration?: string
              request?: string
              request_uri?: string
              resource?: string | string[]
              response_mode?: string
              response_type?: string
              scope?: string
              state?: string
              ui_locales?: string
              +

              Properties

              acr_values?: string
              audience?: string
              claims?: string | object
              claims_locales?: string
              client_id?: string
              code_challenge?: string
              code_challenge_method?: string
              display?: string
              id_token_hint?: string
              login_hint?: string
              max_age?: number
              nonce?: string
              prompt?: string
              redirect_uri?: string
              registration?: string
              request?: string
              request_uri?: string
              resource?: string | string[]
              response_mode?: string
              response_type?: string
              scope?: string
              state?: string
              ui_locales?: string
              diff --git a/docs/interfaces/BackchannelLogoutOptions.html b/docs/interfaces/BackchannelLogoutOptions.html index 658c1c08..8f2cf0f8 100644 --- a/docs/interfaces/BackchannelLogoutOptions.html +++ b/docs/interfaces/BackchannelLogoutOptions.html @@ -1,5 +1,5 @@ BackchannelLogoutOptions | express-openid-connect
              express-openid-connect
                Preparing search index...

                Interface BackchannelLogoutOptions

                Custom options to configure Back-Channel Logout on your application.

                -
                interface BackchannelLogoutOptions {
                    isLoggedOut?:
                        | false
                        | ((req: Request, config: ConfigParams) => boolean | Promise<boolean>);
                    onLogin?:
                        | false
                        | ((req: Request, config: ConfigParams) => void | Promise<void>);
                    onLogoutToken?: (
                        decodedToken: object,
                        config: ConfigParams,
                    ) => void | Promise<void>;
                    store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>;
                }
                Index

                Properties

                interface BackchannelLogoutOptions {
                    isLoggedOut?:
                        | false
                        | ((req: Request, config: ConfigParams) => boolean | Promise<boolean>);
                    onLogin?:
                        | false
                        | ((req: Request, config: ConfigParams) => void | Promise<void>);
                    onLogoutToken?: (
                        decodedToken: object,
                        config: ConfigParams,
                    ) => void | Promise<void>;
                    store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>;
                }
                Index

                Properties

                onLogin?: false | ((req: Request, config: ConfigParams) => void | Promise<void>)

                When backchannelLogout is enabled, upon successful login the SDK will remove any existing Back-Channel +

                onLogin?: false | ((req: Request, config: ConfigParams) => void | Promise<void>)

                When backchannelLogout is enabled, upon successful login the SDK will remove any existing Back-Channel logout entries for the same sub, to prevent the user from being logged out by an old Back-Channel logout.

                You can override this to implement your own Back-Channel Logout logic (See https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-genid.js or https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-query-store.js)

                -
                onLogoutToken?: (
                    decodedToken: object,
                    config: ConfigParams,
                ) => void | Promise<void>

                On receipt of a Logout Token the SDK validates the token then by default stores 2 entries: one +

                onLogoutToken?: (
                    decodedToken: object,
                    config: ConfigParams,
                ) => void | Promise<void>

                On receipt of a Logout Token the SDK validates the token then by default stores 2 entries: one by the token's sid claim (if available) and one by the token's sub claim (if available).

                If a session subsequently shows up with either the same sid or sub, the user if forbidden access and their cookie is deleted.

                You can override this to implement your own Back-Channel Logout logic (See https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-genid.js or https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-query-store.js)

                -
                store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>

                Used to store Back-Channel Logout entries, you can specify a separate store +

                store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>

                Used to store Back-Channel Logout entries, you can specify a separate store for this or just reuse SessionConfigParams.store if you are using one already.

                The store should have get, set and destroy methods, making it compatible with express-session stores.

                -
                +
                diff --git a/docs/interfaces/CallbackOptions.html b/docs/interfaces/CallbackOptions.html index d1409408..a92524a0 100644 --- a/docs/interfaces/CallbackOptions.html +++ b/docs/interfaces/CallbackOptions.html @@ -1,6 +1,6 @@ -CallbackOptions | express-openid-connect
                express-openid-connect
                  Preparing search index...

                  Interface CallbackOptions

                  interface CallbackOptions {
                      redirectUri: string;
                      tokenEndpointParams?: TokenParameters;
                  }
                  Index

                  Properties

                  redirectUri +CallbackOptions | express-openid-connect
                  express-openid-connect
                    Preparing search index...

                    Interface CallbackOptions

                    interface CallbackOptions {
                        redirectUri: string;
                        tokenEndpointParams?: TokenParameters;
                    }
                    Index

                    Properties

                    redirectUri: string

                    This is useful to specify in addition to ConfigParams.baseURL when your app runs on multiple domains, it should match LoginOptions.authorizationParams.redirect_uri

                    -
                    tokenEndpointParams?: TokenParameters

                    Additional request body properties to be sent to the `token_endpoint.

                    -
                    +
                    tokenEndpointParams?: TokenParameters

                    Additional request body properties to be sent to the `token_endpoint.

                    +
                    diff --git a/docs/interfaces/ConfigParams.html b/docs/interfaces/ConfigParams.html index 229f0f82..fd477e23 100644 --- a/docs/interfaces/ConfigParams.html +++ b/docs/interfaces/ConfigParams.html @@ -4,7 +4,7 @@
                    # Required
                    ISSUER_BASE_URL=https://YOUR_DOMAIN
                    BASE_URL=https://YOUR_APPLICATION_ROOT_URL
                    CLIENT_ID=YOUR_CLIENT_ID
                    SECRET=LONG_RANDOM_VALUE

                    # Not required
                    CLIENT_SECRET=YOUR_CLIENT_SECRET
                    -
                    interface ConfigParams {
                        afterCallback?: (
                            req: OpenidRequest,
                            res: OpenidResponse,
                            session: Session,
                            decodedState: { [key: string]: any },
                        ) => Session | Promise<Session>;
                        attemptSilentLogin?: boolean;
                        auth0Logout?: boolean;
                        authorizationParams?: AuthorizationParameters;
                        authRequired?: boolean;
                        backchannelLogout?: boolean | BackchannelLogoutOptions;
                        baseURL?: string;
                        clientAssertionSigningAlg?:
                            | "Ed25519"
                            | "PS256"
                            | "ES256"
                            | "RS256"
                            | "ES384"
                            | "PS384"
                            | "RS384"
                            | "ES512"
                            | "PS512"
                            | "RS512";
                        clientAssertionSigningKey?: | string
                        | CryptoKey
                        | Buffer<ArrayBufferLike>
                        | KeyObject
                        | JWK;
                        clientAuthMethod?: string;
                        clientID?: string;
                        clientSecret?: string;
                        clockTolerance?: number;
                        customFetch?: {
                            (input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
                            (input: string | Request | URL, init?: RequestInit): Promise<Response>;
                        };
                        discoveryCacheMaxAge?: number;
                        enableTelemetry?: boolean;
                        errorOnRequiredAuth?: boolean;
                        getLoginState?: (req: OpenidRequest, options: LoginOptions) => object;
                        httpTimeout?: number;
                        httpUserAgent?: string;
                        identityClaimFilter?: string[];
                        idpLogout?: boolean;
                        idTokenSigningAlg?: string;
                        issuerBaseURL?: string;
                        legacySameSiteCookie?: boolean;
                        logoutParams?: { [key: string]: any };
                        pushedAuthorizationRequests?: boolean;
                        routes?: {
                            backchannelLogout?: string;
                            callback?: string | false;
                            login?: string | false;
                            logout?: string | false;
                            postLogoutRedirect?: string;
                        };
                        secret?: string
                        | string[];
                        session?: SessionConfigParams;
                        tokenEndpointParams?: TokenParameters;
                        transactionCookie?: Pick<CookieConfigParams, "sameSite"> & {
                            name?: string;
                        };
                    }
                    Index

                    Properties

                    interface ConfigParams {
                        afterCallback?: (
                            req: OpenidRequest,
                            res: OpenidResponse,
                            session: Session,
                            decodedState: { [key: string]: any },
                        ) => Session | Promise<Session>;
                        attemptSilentLogin?: boolean;
                        auth0Logout?: boolean;
                        authorizationParams?: AuthorizationParameters;
                        authRequired?: boolean;
                        backchannelLogout?: boolean | BackchannelLogoutOptions;
                        baseURL?: string;
                        clientAssertionSigningAlg?:
                            | "Ed25519"
                            | "PS256"
                            | "ES256"
                            | "RS256"
                            | "ES384"
                            | "PS384"
                            | "RS384"
                            | "ES512"
                            | "PS512"
                            | "RS512";
                        clientAssertionSigningKey?: | string
                        | CryptoKey
                        | Buffer<ArrayBufferLike>
                        | KeyObject
                        | JWK;
                        clientAuthMethod?: string;
                        clientID?: string;
                        clientSecret?: string;
                        clockTolerance?: number;
                        customFetch?: {
                            (input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
                            (input: string | Request | URL, init?: RequestInit): Promise<Response>;
                        };
                        discoveryCacheMaxAge?: number;
                        enableTelemetry?: boolean;
                        errorOnRequiredAuth?: boolean;
                        getLoginState?: (req: OpenidRequest, options: LoginOptions) => object;
                        httpTimeout?: number;
                        httpUserAgent?: string;
                        identityClaimFilter?: string[];
                        idpLogout?: boolean;
                        idTokenSigningAlg?: string;
                        issuerBaseURL?: string;
                        legacySameSiteCookie?: boolean;
                        logoutParams?: { [key: string]: any };
                        pushedAuthorizationRequests?: boolean;
                        routes?: {
                            backchannelLogout?: string;
                            callback?: string | false;
                            login?: string | false;
                            logout?: string | false;
                            postLogoutRedirect?: string;
                        };
                        secret?: string
                        | string[];
                        session?: SessionConfigParams;
                        tokenEndpointParams?: TokenParameters;
                        transactionCookie?: Pick<CookieConfigParams, "sameSite"> & {
                            name?: string;
                        };
                    }
                    Index

                    Properties

                    afterCallback? attemptSilentLogin? auth0Logout? authorizationParams? @@ -41,14 +41,14 @@
                    app.use(auth({
                    ...
                    afterCallback: async (req, res, session, decodedState) => {
                    const userProfile = await request(`${issuerBaseURL}/userinfo`);
                    return {
                    ...session,
                    userProfile // access using `req.appSession.userProfile`
                    };
                    }
                    }))
                    -
                    attemptSilentLogin?: boolean

                    Attempt silent login (prompt: 'none') on the first unauthenticated route the user visits. +

                    attemptSilentLogin?: boolean

                    Attempt silent login (prompt: 'none') on the first unauthenticated route the user visits. For protected routes this can be useful if your Identity Provider does not default to prompt: 'none' and you'd like to attempt this before requiring the user to interact with a login prompt. For unprotected routes this can be useful if you want to check the user's logged in state on their IDP, to show them a login/logout button for example. Default is false

                    -
                    auth0Logout?: boolean

                    Boolean value to enable idpLogout with an Auth0 custom domain

                    -
                    authorizationParams?: AuthorizationParameters

                    URL parameters used when redirecting users to the authorization server to log in.

                    +
                    auth0Logout?: boolean

                    Boolean value to enable idpLogout with an Auth0 custom domain

                    +
                    authorizationParams?: AuthorizationParameters

                    URL parameters used when redirecting users to the authorization server to log in.

                    If this property is not provided by your application, its default values will be:

                    {
                    response_type: 'id_token',
                    response_mode: 'form_post',
                    scope: 'openid profile email'
                    }
                    @@ -62,8 +62,8 @@
                    app.use(auth({
                    authorizationParams: {
                    // Note: you need to provide required parameters if this object is set.
                    response_type: "id_token",
                    response_mode: "form_post",
                    scope: "openid profile email"
                    // Additional parameters
                    acr_value: "tenant:test-tenant",
                    custom_param: "custom-value"
                    }
                    }));
                    -
                    authRequired?: boolean

                    Require authentication for all routes.

                    -
                    backchannelLogout?: boolean | BackchannelLogoutOptions

                    Set to true to enable Back-Channel Logout in your application. +

                    authRequired?: boolean

                    Require authentication for all routes.

                    +
                    backchannelLogout?: boolean | BackchannelLogoutOptions

                    Set to true to enable Back-Channel Logout in your application. This will set up a web hook on your app at routes.backchannelLogout On receipt of a Logout Token the webhook will store the token, then on any subsequent requests, will check the store for a Logout Token that corresponds to the @@ -72,18 +72,18 @@ which can be any express-session compatible store, or you can reuse SessionConfigParams.store if you are using one already.

                    See: https://openid.net/specs/openid-connect-backchannel-1_0.html

                    -
                    baseURL?: string

                    REQUIRED. The root URL for the application router, eg https://localhost +

                    baseURL?: string

                    REQUIRED. The root URL for the application router, eg https://localhost Can use env key BASE_URL instead.

                    Note: In the event that the URL has a path at the end, the auth middleware will need to be bound relative to that path. I.e

                    app.use('/some/path', auth({
                    baseURL: "https://example.com/some/path"
                    [...]
                    })
                    -
                    clientAssertionSigningAlg?:
                        | "Ed25519"
                        | "PS256"
                        | "ES256"
                        | "RS256"
                        | "ES384"
                        | "PS384"
                        | "RS384"
                        | "ES512"
                        | "PS512"
                        | "RS512"

                    The algorithm to sign the client assertion JWT. +

                    clientAssertionSigningAlg?:
                        | "Ed25519"
                        | "PS256"
                        | "ES256"
                        | "RS256"
                        | "ES384"
                        | "PS384"
                        | "RS384"
                        | "ES512"
                        | "PS512"
                        | "RS512"

                    The algorithm to sign the client assertion JWT. Uses one of token_endpoint_auth_signing_alg_values_supported if not specified. If the Authorization Server discovery document does not list token_endpoint_auth_signing_alg_values_supported this property will be required.

                    -
                    clientAssertionSigningKey?:
                        | string
                        | CryptoKey
                        | Buffer<ArrayBufferLike>
                        | KeyObject
                        | JWK

                    Private key for use with 'private_key_jwt' clients.

                    +
                    clientAssertionSigningKey?:
                        | string
                        | CryptoKey
                        | Buffer<ArrayBufferLike>
                        | KeyObject
                        | JWK

                    Private key for use with 'private_key_jwt' clients.

                    Can be a PEM:

                    app.use(auth({
                    ...
                    clientAssertionSigningKey: '-----BEGIN PRIVATE KEY-----\nMIIEo...PgCaw\n-----END PRIVATE KEY-----',
                    }))
                    @@ -96,15 +96,15 @@
                    app.use(auth({
                    ...
                    clientAssertionSigningKey: crypto.createPrivateKey({ key: '-----BEGIN PRIVATE KEY-----\nMIIEo...PgCaw\n-----END PRIVATE KEY-----' }),
                    }))
                    -
                    clientAuthMethod?: string

                    String value for the client's authentication method. Default is none when using response_type='id_token', private_key_jwt when using a clientAssertionSigningKey, otherwise client_secret_basic.

                    -
                    clientID?: string

                    REQUIRED. The Client ID for your application. +

                    clientAuthMethod?: string

                    String value for the client's authentication method. Default is none when using response_type='id_token', private_key_jwt when using a clientAssertionSigningKey, otherwise client_secret_basic.

                    +
                    clientID?: string

                    REQUIRED. The Client ID for your application. Can use env key CLIENT_ID instead.

                    -
                    clientSecret?: string

                    The Client Secret for your application. +

                    clientSecret?: string

                    The Client Secret for your application. Required when requesting access tokens. Can use env key CLIENT_SECRET instead.

                    -
                    clockTolerance?: number

                    Integer value for the system clock's tolerance (leeway) in seconds for ID token verification.` +

                    clockTolerance?: number

                    Integer value for the system clock's tolerance (leeway) in seconds for ID token verification.` Default is 60

                    -
                    customFetch?: {
                        (input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
                        (input: string | Request | URL, init?: RequestInit): Promise<Response>;
                    }

                    A custom fetch function to use for all OIDC HTTP requests (discovery, token, userinfo, etc.). +

                    customFetch?: {
                        (input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
                        (input: string | Request | URL, init?: RequestInit): Promise<Response>;
                    }

                    A custom fetch function to use for all OIDC HTTP requests (discovery, token, userinfo, etc.). The SDK wraps this function to inject required headers (User-Agent, Auth0-Client telemetry) before making requests.

                    This is useful for configuring proxies or custom HTTP behavior.

                    Type Declaration

                      • (input: RequestInfo | URL, init?: RequestInit): Promise<Response>
                      • MDN Reference

                        @@ -112,29 +112,29 @@

                        Parameters

                        • input: string | Request | URL
                        • Optionalinit: RequestInit

                        Returns Promise<Response>

                    const { ProxyAgent, fetch: undiciFetch } = require('undici');
                    const dispatcher = new ProxyAgent('http://proxy.example.com:8080');

                    app.use(auth({
                    customFetch: (url, options) => undiciFetch(url, { ...options, dispatcher }),
                    // ... other options
                    }));
                    -
                    discoveryCacheMaxAge?: number

                    Maximum time (in milliseconds) to wait before fetching the Identity Provider's Discovery document again. Default is 600000 (10 minutes).

                    -
                    enableTelemetry?: boolean

                    To opt-out of sending the library and node version to your authorization server +

                    discoveryCacheMaxAge?: number

                    Maximum time (in milliseconds) to wait before fetching the Identity Provider's Discovery document again. Default is 600000 (10 minutes).

                    +
                    enableTelemetry?: boolean

                    To opt-out of sending the library and node version to your authorization server via the Auth0-Client header. Default is `true

                    -
                    errorOnRequiredAuth?: boolean

                    Throw a 401 error instead of triggering the login process for routes that require authentication. +

                    errorOnRequiredAuth?: boolean

                    Throw a 401 error instead of triggering the login process for routes that require authentication. Default is false

                    -
                    getLoginState?: (req: OpenidRequest, options: LoginOptions) => object

                    Function that returns an object with URL-safe state values for res.oidc.login(). +

                    getLoginState?: (req: OpenidRequest, options: LoginOptions) => object

                    Function that returns an object with URL-safe state values for res.oidc.login(). Used for passing custom state parameters to your authorization server.

                    app.use(auth({
                    ...
                    getLoginState(req, options) {
                    return {
                    returnTo: options.returnTo || req.originalUrl,
                    customState: 'foo'
                    };
                    }
                    }))
                    -
                    httpTimeout?: number

                    Http timeout for oidc client requests in milliseconds. Default is 5000. Minimum is 500.

                    -
                    httpUserAgent?: string

                    Optional User-Agent header value for oidc client requests. Default is express-openid-connect/{version}.

                    -
                    identityClaimFilter?: string[]

                    Array value of claims to remove from the ID token before storing the cookie session. +

                    httpTimeout?: number

                    Http timeout for oidc client requests in milliseconds. Default is 5000. Minimum is 500.

                    +
                    httpUserAgent?: string

                    Optional User-Agent header value for oidc client requests. Default is express-openid-connect/{version}.

                    +
                    identityClaimFilter?: string[]

                    Array value of claims to remove from the ID token before storing the cookie session. Default is ['aud', 'iss', 'iat', 'exp', 'nbf', 'nonce', 'azp', 'auth_time', 's_hash', 'at_hash', 'c_hash' ]

                    -
                    idpLogout?: boolean

                    Boolean value to log the user out from the identity provider on application logout. Default is false

                    -
                    idTokenSigningAlg?: string

                    String value for the expected ID token algorithm. Default is 'RS256'

                    -
                    issuerBaseURL?: string

                    REQUIRED. The root URL for the token issuer with no trailing slash. +

                    idpLogout?: boolean

                    Boolean value to log the user out from the identity provider on application logout. Default is false

                    +
                    idTokenSigningAlg?: string

                    String value for the expected ID token algorithm. Default is 'RS256'

                    +
                    issuerBaseURL?: string

                    REQUIRED. The root URL for the token issuer with no trailing slash. Can use env key ISSUER_BASE_URL instead.

                    -
                    legacySameSiteCookie?: boolean

                    Set a fallback cookie with no SameSite attribute when response_mode is form_post. +

                    legacySameSiteCookie?: boolean

                    Set a fallback cookie with no SameSite attribute when response_mode is form_post. Default is true

                    -
                    logoutParams?: { [key: string]: any }

                    Additional custom parameters to pass to the logout endpoint.

                    -
                    pushedAuthorizationRequests?: boolean

                    Perform a Pushed Authorization Request at the issuer's pushed_authorization_request_endpoint at login.

                    -
                    routes?: {
                        backchannelLogout?: string;
                        callback?: string | false;
                        login?: string | false;
                        logout?: string | false;
                        postLogoutRedirect?: string;
                    }

                    Configuration for the login, logout, callback and postLogoutRedirect routes.

                    +
                    logoutParams?: { [key: string]: any }

                    Additional custom parameters to pass to the logout endpoint.

                    +
                    pushedAuthorizationRequests?: boolean

                    Perform a Pushed Authorization Request at the issuer's pushed_authorization_request_endpoint at login.

                    +
                    routes?: {
                        backchannelLogout?: string;
                        callback?: string | false;
                        login?: string | false;
                        logout?: string | false;
                        postLogoutRedirect?: string;
                    }

                    Configuration for the login, logout, callback and postLogoutRedirect routes.

                    Type Declaration

                    • OptionalbackchannelLogout?: string

                      Relative path to the application's Back-Channel Logout web hook.

                    • Optionalcallback?: string | false

                      Relative path to the application callback to process the response from the authorization server.

                    • Optionallogin?: string | false

                      Relative path to application login.

                      @@ -142,13 +142,13 @@
                    • OptionalpostLogoutRedirect?: string

                      Either a relative path to the application or a valid URI to an external domain. This value must be registered on the authorization server. The user will be redirected to this after a logout has been performed.

                      -
                    secret?: string | string[]

                    REQUIRED. The secret(s) used to derive an encryption key for the user identity in a stateless session cookie, +

                    secret?: string | string[]

                    REQUIRED. The secret(s) used to derive an encryption key for the user identity in a stateless session cookie, to sign the transient cookies used by the login callback and to sign the custom session store cookies if {@Link signSessionStoreCookie} is true. Use a single string key or array of keys. Secrets must be at least 8 characters long. If an array of secrets is provided, only the first element will be used to sign or encrypt the values, while all the elements will be considered when decrypting or verifying the values.

                    Can use env key SECRET instead.

                    -

                    Object defining application session cookie attributes.

                    -
                    tokenEndpointParams?: TokenParameters

                    Additional request body properties to be sent to the token_endpoint during authorization code exchange or token refresh.

                    -
                    transactionCookie?: Pick<CookieConfigParams, "sameSite"> & { name?: string }

                    Configuration parameters used for the transaction cookie.

                    -
                    +
                    session?: SessionConfigParams

                    Object defining application session cookie attributes.

                    +
                    tokenEndpointParams?: TokenParameters

                    Additional request body properties to be sent to the token_endpoint during authorization code exchange or token refresh.

                    +
                    transactionCookie?: Pick<CookieConfigParams, "sameSite"> & { name?: string }

                    Configuration parameters used for the transaction cookie.

                    +
                    diff --git a/docs/interfaces/CookieConfigParams.html b/docs/interfaces/CookieConfigParams.html index ab802e17..60b94f3a 100644 --- a/docs/interfaces/CookieConfigParams.html +++ b/docs/interfaces/CookieConfigParams.html @@ -1,4 +1,4 @@ -CookieConfigParams | express-openid-connect
                    express-openid-connect
                      Preparing search index...

                      Interface CookieConfigParams

                      interface CookieConfigParams {
                          domain?: string;
                          httpOnly?: boolean;
                          path?: string;
                          sameSite?: string;
                          secure?: boolean;
                          transient?: boolean;
                      }
                      Index

                      Properties

                      domain? +CookieConfigParams | express-openid-connect
                      express-openid-connect
                        Preparing search index...

                        Interface CookieConfigParams

                        interface CookieConfigParams {
                            domain?: string;
                            httpOnly?: boolean;
                            path?: string;
                            sameSite?: string;
                            secure?: boolean;
                            transient?: boolean;
                        }
                        Index

                        Properties

                        Properties

                        domain?: string

                        Domain name for the cookie. Passed to the Response cookie as domain

                        -
                        httpOnly?: boolean

                        Flags the cookie to be accessible only by the web server. +

                        httpOnly?: boolean

                        Flags the cookie to be accessible only by the web server. Passed to the Response cookie as httponly. Defaults to true.

                        -
                        path?: string

                        Path for the cookie. +

                        path?: string

                        Path for the cookie. Passed to the Response cookie as path.

                        To prevent cookie collision when multiple apps are hosted on the same domain (e.g., example.com/app1 and example.com/app2), set this to your app's base path.

                        -
                        sameSite?: string

                        Value of the SameSite Set-Cookie attribute. +

                        sameSite?: string

                        Value of the SameSite Set-Cookie attribute. Passed to the Response cookie as samesite. Defaults to "Lax" but will be adjusted based on AuthorizationParameters.response_type. When setting to 'None' (uncommon), you should implement CSRF protection on your own routes

                        -
                        secure?: boolean

                        Marks the cookie to be used over secure channels only. +

                        secure?: boolean

                        Marks the cookie to be used over secure channels only. Passed to the Response cookie as secure. Defaults to the protocol of ConfigParams.baseURL.

                        -
                        transient?: boolean

                        Set to true to use a transient cookie (cookie without an explicit expiration). +

                        transient?: boolean

                        Set to true to use a transient cookie (cookie without an explicit expiration). Default is false

                        -
                        +
                        diff --git a/docs/interfaces/CustomTokenExchangeOptions.html b/docs/interfaces/CustomTokenExchangeOptions.html index 7962c542..3159ddae 100644 --- a/docs/interfaces/CustomTokenExchangeOptions.html +++ b/docs/interfaces/CustomTokenExchangeOptions.html @@ -1,17 +1,30 @@ CustomTokenExchangeOptions | express-openid-connect
                        express-openid-connect
                          Preparing search index...

                          Interface CustomTokenExchangeOptions

                          Options for RequestContext.customTokenExchange. All fields are optional — unset fields fall back to authorizationParams config or RFC 8693 defaults where applicable.

                          -
                          interface CustomTokenExchangeOptions {
                              audience?: string;
                              extra?: Record<string, string | number | boolean>;
                              scope?: string;
                              subject_token?: string;
                              subject_token_type?: string;
                          }
                          Index

                          Properties

                          interface CustomTokenExchangeOptions {
                              actor_token?: string;
                              actor_token_type?: string;
                              audience?: string;
                              extra?: Record<string, string | string[] | number | boolean>;
                              organization?: string;
                              requested_token_type?: string;
                              scope?: string;
                              subject_token?: string;
                              subject_token_type?: string;
                          }
                          Index

                          Properties

                          audience?: string

                          Requested audience. Defaults to authorizationParams.audience.

                          -
                          extra?: Record<string, string | number | boolean>

                          Additional parameters forwarded to the token endpoint and can be used -for vendor-specific or RFC 8693 extension parameters. -Parameters in the security denylist are silently stripped.

                          -
                          scope?: string

                          Requested scope(s). Defaults to authorizationParams.scope.

                          -
                          subject_token?: string

                          The security token to exchange. Defaults to the current user's access token.

                          -
                          subject_token_type?: string

                          URI identifying the type of subject_token. +

                          Properties

                          actor_token?: string

                          The actor token for delegation / impersonation exchanges (RFC 8693). +When provided, actor_token_type is required. +The resulting token will carry an act claim identifying the acting party.

                          +
                          actor_token_type?: string

                          URI identifying the type of actor_token (RFC 8693). +Required when actor_token is provided.

                          +
                          audience?: string

                          Requested audience. Defaults to authorizationParams.audience.

                          +
                          extra?: Record<string, string | string[] | number | boolean>

                          Additional parameters forwarded to the token endpoint. +Useful for vendor-specific or RFC 8693 extension parameters. +Parameters in the denylist are silently stripped.

                          +
                          organization?: string

                          Organization ID or name to scope the exchange to. +When provided, the issued token will be bound to that organization.

                          +
                          requested_token_type?: string

                          URI specifying the type of token the caller wants the AS to issue (RFC 8693). +e.g. urn:ietf:params:oauth:token-type:jwt

                          +
                          scope?: string

                          Requested scope(s). Defaults to authorizationParams.scope.

                          +
                          subject_token?: string

                          The security token to exchange. Defaults to the current user's access token.

                          +
                          subject_token_type?: string

                          URI identifying the type of subject_token. Defaults to urn:ietf:params:oauth:token-type:access_token.

                          -
                          +
                          diff --git a/docs/interfaces/LoginOptions.html b/docs/interfaces/LoginOptions.html index e527ba7f..3ba0904b 100644 --- a/docs/interfaces/LoginOptions.html +++ b/docs/interfaces/LoginOptions.html @@ -1,10 +1,10 @@ LoginOptions | express-openid-connect
                          express-openid-connect
                            Preparing search index...

                            Interface LoginOptions

                            Custom options to pass to login.

                            -
                            interface LoginOptions {
                                authorizationParams?: AuthorizationParameters;
                                returnTo?: string;
                                silent?: boolean;
                            }
                            Index

                            Properties

                            interface LoginOptions {
                                authorizationParams?: AuthorizationParameters;
                                returnTo?: string;
                                silent?: boolean;
                            }
                            Index

                            Properties

                            authorizationParams?: AuthorizationParameters

                            Override the default authorizationParams, if also passing a custom callback route then redirect_uri must be provided here or in config

                            -
                            returnTo?: string

                            URL to return to after login, overrides the Default is Request.originalUrl

                            -
                            silent?: boolean

                            Used by ConfigParams.attemptSilentLogin to swallow callback errors on silent login.

                            -
                            +
                            returnTo?: string

                            URL to return to after login, overrides the Default is Request.originalUrl

                            +
                            silent?: boolean

                            Used by ConfigParams.attemptSilentLogin to swallow callback errors on silent login.

                            +
                            diff --git a/docs/interfaces/LogoutOptions.html b/docs/interfaces/LogoutOptions.html index b978828b..797326fe 100644 --- a/docs/interfaces/LogoutOptions.html +++ b/docs/interfaces/LogoutOptions.html @@ -1,6 +1,6 @@ LogoutOptions | express-openid-connect
                            express-openid-connect
                              Preparing search index...

                              Interface LogoutOptions

                              Custom options to pass to logout.

                              -
                              interface LogoutOptions {
                                  logoutParams?: { [key: string]: any };
                                  returnTo?: string;
                              }
                              Index

                              Properties

                              interface LogoutOptions {
                                  logoutParams?: { [key: string]: any };
                                  returnTo?: string;
                              }
                              Index

                              Properties

                              logoutParams?: { [key: string]: any }

                              Additional custom parameters to pass to the logout endpoint.

                              -
                              returnTo?: string

                              URL to returnTo after logout, overrides the Default in routes.postLogoutRedirect

                              -
                              +
                              returnTo?: string

                              URL to returnTo after logout, overrides the Default in routes.postLogoutRedirect

                              +
                              diff --git a/docs/interfaces/OpenidRequest.html b/docs/interfaces/OpenidRequest.html index 5d323f68..14743338 100644 --- a/docs/interfaces/OpenidRequest.html +++ b/docs/interfaces/OpenidRequest.html @@ -4,6 +4,6 @@

                              use the native the Request interface of express instead; it has been extended and now includes a built in oidc param.

                              -
                              interface OpenidRequest {
                                  oidc: RequestContext;
                              }

                              Hierarchy

                              Index

                              Properties

                              interface OpenidRequest {
                                  oidc: RequestContext;
                              }

                              Hierarchy

                              Index

                              Properties

                              Properties

                              Library namespace for authentication methods and data.

                              -
                              +
                              diff --git a/docs/interfaces/OpenidResponse.html b/docs/interfaces/OpenidResponse.html index be5ed775..a5bccb99 100644 --- a/docs/interfaces/OpenidResponse.html +++ b/docs/interfaces/OpenidResponse.html @@ -4,6 +4,6 @@

                              use the native the Response interface of express instead; it has been extended and now includes a built in oidc param.

                              -
                              interface OpenidResponse {
                                  oidc: ResponseContext;
                              }

                              Hierarchy

                              Index

                              Properties

                              interface OpenidResponse {
                                  oidc: ResponseContext;
                              }

                              Hierarchy

                              Index

                              Properties

                              Properties

                              Library namespace for authentication methods and data.

                              -
                              +
                              diff --git a/docs/interfaces/RefreshParams.html b/docs/interfaces/RefreshParams.html index 032f8fc3..289b3195 100644 --- a/docs/interfaces/RefreshParams.html +++ b/docs/interfaces/RefreshParams.html @@ -1,2 +1,2 @@ -RefreshParams | express-openid-connect
                              express-openid-connect
                                Preparing search index...

                                Interface RefreshParams

                                interface RefreshParams {
                                    tokenEndpointParams?: TokenParameters;
                                }
                                Index

                                Properties

                                tokenEndpointParams?: TokenParameters
                                +RefreshParams | express-openid-connect
                                express-openid-connect
                                  Preparing search index...

                                  Interface RefreshParams

                                  interface RefreshParams {
                                      tokenEndpointParams?: TokenParameters;
                                  }
                                  Index

                                  Properties

                                  tokenEndpointParams?: TokenParameters
                                  diff --git a/docs/interfaces/RequestContext.html b/docs/interfaces/RequestContext.html index 44e88174..4870a422 100644 --- a/docs/interfaces/RequestContext.html +++ b/docs/interfaces/RequestContext.html @@ -3,7 +3,7 @@
                                  app.use(auth());

                                  app.get('/profile', (req, res) => {
                                  const user = req.oidc.user;
                                  ...
                                  })
                                  -
                                  interface RequestContext {
                                      accessToken?: AccessToken;
                                      customTokenExchange?: (
                                          options?: CustomTokenExchangeOptions,
                                      ) => Promise<TokenExchangeResponse>;
                                      idToken?: string;
                                      idTokenClaims?: IdTokenClaims;
                                      isAuthenticated: () => boolean;
                                      refreshToken?: string;
                                      user?: Record<string, any>;
                                      fetchUserInfo(): Promise<UserInfoResponse>;
                                  }
                                  Index

                                  Properties

                                  interface RequestContext {
                                      accessToken?: AccessToken;
                                      customTokenExchange?: (
                                          options?: CustomTokenExchangeOptions,
                                      ) => Promise<TokenExchangeResponse>;
                                      idToken?: string;
                                      idTokenClaims?: IdTokenClaims;
                                      isAuthenticated: () => boolean;
                                      refreshToken?: string;
                                      user?: Record<string, any>;
                                      fetchUserInfo(): Promise<UserInfoResponse>;
                                  }
                                  Index

                                  Properties

                                  accessToken?: AccessToken

                                  Credentials that can be used by an application to access an API.

                                  See: https://auth0.com/docs/protocols/oidc#access-tokens

                                  -
                                  customTokenExchange?: (
                                      options?: CustomTokenExchangeOptions,
                                  ) => Promise<TokenExchangeResponse>

                                  Performs a token exchange (RFC 8693) using the token endpoint.

                                  +
                                  customTokenExchange?: (
                                      options?: CustomTokenExchangeOptions,
                                  ) => Promise<TokenExchangeResponse>

                                  Performs a token exchange (RFC 8693) using the token endpoint.

                                  app.get('/api', requiresAuth(), async (req, res) => {
                                  const tokenSet = await req.oidc.customTokenExchange({
                                  audience: 'https://downstream-api.example.com',
                                  });
                                  res.json({ access_token: tokenSet.access_token });
                                  });
                                  @@ -24,16 +24,16 @@
                                • HTTP 401 — AS requires MFA step-up, err.error === 'mfa_required'
                                • Vendor-specific parameters must be passed via extra.

                                  -
                                  idToken?: string

                                  The OpenID Connect ID Token.

                                  +
                                  idToken?: string

                                  The OpenID Connect ID Token.

                                  See: https://auth0.com/docs/protocols/oidc#id-tokens

                                  -
                                  idTokenClaims?: IdTokenClaims

                                  An object containing all the claims of the ID Token.

                                  -
                                  isAuthenticated: () => boolean

                                  Method to check the user's authenticated state, returns true if logged in.

                                  -
                                  refreshToken?: string

                                  Credentials that can be used to refresh an access token.

                                  +
                                  idTokenClaims?: IdTokenClaims

                                  An object containing all the claims of the ID Token.

                                  +
                                  isAuthenticated: () => boolean

                                  Method to check the user's authenticated state, returns true if logged in.

                                  +
                                  refreshToken?: string

                                  Credentials that can be used to refresh an access token.

                                  See: https://auth0.com/docs/tokens/concepts/refresh-tokens

                                  -
                                  user?: Record<string, any>

                                  An object containing all the claims of the ID Token with the claims +

                                  user?: Record<string, any>

                                  An object containing all the claims of the ID Token with the claims specified in identityClaimFilter removed.

                                  -

                                  Methods

                                  • Fetches the OIDC userinfo response.

                                    +

                                  Methods

                                  • Fetches the OIDC userinfo response.

                                    app.use(auth());

                                    app.get('/user-info', async (req, res) => {
                                    const userInfo = await req.oidc.fetchUserInfo();
                                    res.json(userInfo);
                                    })
                                    -

                                    Returns Promise<UserInfoResponse>

                                  +

                                  Returns Promise<UserInfoResponse>

                                  diff --git a/docs/interfaces/ResponseContext.html b/docs/interfaces/ResponseContext.html index d4b36365..8630cf2e 100644 --- a/docs/interfaces/ResponseContext.html +++ b/docs/interfaces/ResponseContext.html @@ -3,7 +3,7 @@
                                  app.use(auth());

                                  app.get('/admin-login', (req, res) => {
                                  res.oidc.login({ returnTo: '/admin' })
                                  })
                                  -
                                  interface ResponseContext {
                                      callback: (opts?: CallbackOptions) => Promise<void>;
                                      login: (opts?: LoginOptions) => Promise<void>;
                                      logout: (opts?: LogoutOptions) => Promise<void>;
                                  }
                                  Index

                                  Properties

                                  interface ResponseContext {
                                      callback: (opts?: CallbackOptions) => Promise<void>;
                                      login: (opts?: LoginOptions) => Promise<void>;
                                      logout: (opts?: LogoutOptions) => Promise<void>;
                                  }
                                  Index

                                  Properties

                                  Properties

                                  callback: (opts?: CallbackOptions) => Promise<void>

                                  Provided by default via the /callback route. Call this to override or have other @@ -11,14 +11,14 @@

                                  app.get('/callback', (req, res) => {
                                  res.oidc.callback({ redirectUri: 'https://example.com/callback' });
                                  });
                                  -
                                  login: (opts?: LoginOptions) => Promise<void>

                                  Provided by default via the /login route. Call this to override or have other +

                                  login: (opts?: LoginOptions) => Promise<void>

                                  Provided by default via the /login route. Call this to override or have other login routes with custom authorizationParams or returnTo

                                  app.get('/admin-login', (req, res) => {
                                  res.oidc.login({
                                  returnTo: '/admin',
                                  authorizationParams: {
                                  scope: 'openid profile email admin:user',
                                  }
                                  });
                                  });
                                  -
                                  logout: (opts?: LogoutOptions) => Promise<void>

                                  Provided by default via the /logout route. Call this to override or have other +

                                  logout: (opts?: LogoutOptions) => Promise<void>

                                  Provided by default via the /logout route. Call this to override or have other logout routes with custom returnTo

                                  app.get('/admin-logout', (req, res) => {
                                  res.oidc.logout({ returnTo: '/admin-welcome' })
                                  });
                                  -
                                  +
                                  diff --git a/docs/interfaces/Session.html b/docs/interfaces/Session.html index b57ea582..4c54450a 100644 --- a/docs/interfaces/Session.html +++ b/docs/interfaces/Session.html @@ -1,14 +1,14 @@ Session | express-openid-connect
                                  express-openid-connect
                                    Preparing search index...

                                    Interface Session

                                    Session object

                                    -
                                    interface Session {
                                        access_token: string;
                                        expires_at: string;
                                        id_token: string;
                                        refresh_token: string;
                                        sessionExpiresAt?: number;
                                        token_type: string;
                                        [key: string]: any;
                                    }

                                    Indexable

                                    • [key: string]: any
                                    Index

                                    Properties

                                    interface Session {
                                        access_token: string;
                                        expires_at: string;
                                        id_token: string;
                                        refresh_token: string;
                                        sessionExpiresAt?: number;
                                        token_type: string;
                                        [key: string]: any;
                                    }

                                    Indexable

                                    • [key: string]: any
                                    Index

                                    Properties

                                    access_token: string
                                    expires_at: string
                                    id_token: string

                                    Values stored in an authentication session

                                    -
                                    refresh_token: string
                                    sessionExpiresAt?: number

                                    Unix timestamp (seconds) of the IdP-asserted session ceiling from the +

                                    Properties

                                    access_token: string
                                    expires_at: string
                                    id_token: string

                                    Values stored in an authentication session

                                    +
                                    refresh_token: string
                                    sessionExpiresAt?: number

                                    Unix timestamp (seconds) of the IdP-asserted session ceiling from the IPSIE SL1 session_expiry claim. Present when the upstream IdP signals support for session expiry enforcement (e.g. Auth0 enterprise connections with id_token_session_expiry_supported: true). The SDK enforces this as a hard expiry on every session read and before any token refresh.

                                    -
                                    token_type: string
                                    +
                                    token_type: string
                                    diff --git a/docs/interfaces/SessionConfigParams.html b/docs/interfaces/SessionConfigParams.html index 10ffb030..1c1668af 100644 --- a/docs/interfaces/SessionConfigParams.html +++ b/docs/interfaces/SessionConfigParams.html @@ -1,5 +1,5 @@ SessionConfigParams | express-openid-connect
                                    express-openid-connect
                                      Preparing search index...

                                      Interface SessionConfigParams

                                      Configuration parameters used for the application session.

                                      -
                                      interface SessionConfigParams {
                                          absoluteDuration?: number | boolean;
                                          cookie?: CookieConfigParams;
                                          genid?: (req: OpenidRequest) => string | Promise<string>;
                                          name?: string;
                                          requireSignedSessionStoreCookie?: boolean;
                                          rolling?: boolean;
                                          rollingDuration?: number;
                                          signSessionStoreCookie?: boolean;
                                          store?: SessionStore;
                                      }
                                      Index

                                      Properties

                                      interface SessionConfigParams {
                                          absoluteDuration?: number | boolean;
                                          cookie?: CookieConfigParams;
                                          genid?: (req: OpenidRequest) => string | Promise<string>;
                                          name?: string;
                                          requireSignedSessionStoreCookie?: boolean;
                                          rolling?: boolean;
                                          rollingDuration?: number;
                                          signSessionStoreCookie?: boolean;
                                          store?: SessionStore;
                                      }
                                      Index

                                      Properties

                                      absoluteDuration? cookie? genid? name? @@ -12,8 +12,8 @@ The amount of time after the user has logged in that they will be logged out. Set this to false if you don't want an absolute duration on your session. Default is 604800 seconds (7 days).

                                      -

                                      Configuration parameters used for the session cookie and transient cookies.

                                      -
                                      genid?: (req: OpenidRequest) => string | Promise<string>

                                      A Function for generating a session id when using a custom session store. +

                                      Configuration parameters used for the session cookie and transient cookies.

                                      +
                                      genid?: (req: OpenidRequest) => string | Promise<string>

                                      A Function for generating a session id when using a custom session store. For full details see the documentation for express-session at genid.

                                      Be aware the default implementation is slightly different in this library as @@ -23,10 +23,10 @@ to hijack a session by guessing the session ID, you must use a suitable cryptographically strong random value of sufficient size or sign the cookie by setting {@Link signSessionStoreCookie} to true.

                                      -
                                      name?: string

                                      String value for the cookie name used for the internal session. +

                                      name?: string

                                      String value for the cookie name used for the internal session. This value must only include letters, numbers, and underscores. Default is appSession.

                                      -
                                      requireSignedSessionStoreCookie?: boolean

                                      If you enable {@Link signSessionStoreCookie} your existing sessions will +

                                      requireSignedSessionStoreCookie?: boolean

                                      If you enable {@Link signSessionStoreCookie} your existing sessions will be invalidated. You can use this flag to temporarily allow unsigned cookies while you sign your user's session cookies. For example:

                                      Set {@Link signSessionStoreCookie} to true and {@Link requireSignedSessionStoreCookie} to false. @@ -35,21 +35,21 @@ have expired, then you can remove the {@Link requireSignedSessionStoreCookie} config option which will set it to true.

                                      Signed session store cookies will be mandatory in the next major release.

                                      -
                                      rolling?: boolean

                                      If you want your session duration to be rolling, eg reset everytime the +

                                      rolling?: boolean

                                      If you want your session duration to be rolling, eg reset everytime the user is active on your site, set this to a true. If you want the session duration to be absolute, where the user is logged out a fixed time after login, regardless of activity, set this to false Default is true.

                                      -
                                      rollingDuration?: number

                                      Integer value, in seconds, for application session rolling duration. +

                                      rollingDuration?: number

                                      Integer value, in seconds, for application session rolling duration. The amount of time for which the user must be idle for then to be logged out. Default is 86400 seconds (1 day).

                                      -
                                      signSessionStoreCookie?: boolean

                                      Sign the session store cookies to reduce the chance of collisions +

                                      signSessionStoreCookie?: boolean

                                      Sign the session store cookies to reduce the chance of collisions and reduce the ability to hijack a session by guessing the session ID.

                                      This is required if you override {@Link genid} and don't use a suitable cryptographically strong random value of sufficient size.

                                      -
                                      store?: SessionStore

                                      By default the session is stored in an encrypted cookie. But when the session +

                                      store?: SessionStore

                                      By default the session is stored in an encrypted cookie. But when the session gets too large it can bump up against the limits of cookie storage. In these instances you can use a custom session store. The store should have get, set and destroy methods, making it compatible with express-session stores.

                                      -
                                      +
                                      diff --git a/docs/interfaces/SessionStore.html b/docs/interfaces/SessionStore.html index e51ac598..da2425bd 100644 --- a/docs/interfaces/SessionStore.html +++ b/docs/interfaces/SessionStore.html @@ -1,7 +1,7 @@ -SessionStore | express-openid-connect
                                      express-openid-connect
                                        Preparing search index...

                                        Interface SessionStore<Data>

                                        interface SessionStore<Data = Session> {
                                            destroy(sid: string, callback?: (err?: any) => void): void;
                                            get(
                                                sid: string,
                                                callback: (err: any, session?: SessionStorePayload<Data>) => void,
                                            ): void;
                                            set(
                                                sid: string,
                                                session: SessionStorePayload<Data>,
                                                callback?: (err?: any) => void,
                                            ): void;
                                            [key: string]: any;
                                        }

                                        Type Parameters

                                        Indexable

                                        • [key: string]: any
                                        Index

                                        Methods

                                        destroy +SessionStore | express-openid-connect
                                        express-openid-connect
                                          Preparing search index...

                                          Interface SessionStore<Data>

                                          interface SessionStore<Data = Session> {
                                              destroy(sid: string, callback?: (err?: any) => void): void;
                                              get(
                                                  sid: string,
                                                  callback: (err: any, session?: SessionStorePayload<Data>) => void,
                                              ): void;
                                              set(
                                                  sid: string,
                                                  session: SessionStorePayload<Data>,
                                                  callback?: (err?: any) => void,
                                              ): void;
                                              [key: string]: any;
                                          }

                                          Type Parameters

                                          Indexable

                                          • [key: string]: any
                                          Index

                                          Methods

                                          Methods

                                          • Destroys the session with the given session ID.

                                            -

                                            Parameters

                                            • sid: string
                                            • Optionalcallback: (err?: any) => void

                                            Returns void

                                          • Gets the session from the store given a session ID and passes it to callback.

                                            -

                                            Parameters

                                            Returns void

                                          • Upsert a session in the store given a session ID and SessionData

                                            -

                                            Parameters

                                            Returns void

                                          +

                                          Parameters

                                          • sid: string
                                          • Optionalcallback: (err?: any) => void

                                          Returns void

                                          • Gets the session from the store given a session ID and passes it to callback.

                                            +

                                            Parameters

                                            Returns void

                                          • Upsert a session in the store given a session ID and SessionData

                                            +

                                            Parameters

                                            Returns void

                                          diff --git a/docs/interfaces/SessionStorePayload.html b/docs/interfaces/SessionStorePayload.html index 07ee4a4c..dacd0881 100644 --- a/docs/interfaces/SessionStorePayload.html +++ b/docs/interfaces/SessionStorePayload.html @@ -1,10 +1,10 @@ -SessionStorePayload | express-openid-connect
                                          express-openid-connect
                                            Preparing search index...

                                            Interface SessionStorePayload<Data>

                                            interface SessionStorePayload<Data = Session> {
                                                cookie: { expires: number; maxAge: number };
                                                data: Data;
                                                header: { exp: number; iat: number; uat: number };
                                            }

                                            Type Parameters

                                            Index

                                            Properties

                                            cookie +SessionStorePayload | express-openid-connect
                                            express-openid-connect
                                              Preparing search index...

                                              Interface SessionStorePayload<Data>

                                              interface SessionStorePayload<Data = Session> {
                                                  cookie: { expires: number; maxAge: number };
                                                  data: Data;
                                                  header: { exp: number; iat: number; uat: number };
                                              }

                                              Type Parameters

                                              Index

                                              Properties

                                              Properties

                                              cookie: { expires: number; maxAge: number }

                                              This makes it compatible with some express-session stores that use this to set their ttl.

                                              -
                                              data: Data

                                              The session data.

                                              -
                                              header: { exp: number; iat: number; uat: number }

                                              Type Declaration

                                              • exp: number

                                                timestamp (in secs) when the session expires.

                                                +
                                              data: Data

                                              The session data.

                                              +
                                              header: { exp: number; iat: number; uat: number }

                                              Type Declaration

                                              • exp: number

                                                timestamp (in secs) when the session expires.

                                              • iat: number

                                                timestamp (in secs) when the session was created.

                                              • uat: number

                                                timestamp (in secs) when the session was last touched.

                                                -
                                              +
                                              diff --git a/docs/interfaces/TokenExchangeResponse.html b/docs/interfaces/TokenExchangeResponse.html index dc741656..bc8c8d66 100644 --- a/docs/interfaces/TokenExchangeResponse.html +++ b/docs/interfaces/TokenExchangeResponse.html @@ -1,6 +1,7 @@ TokenExchangeResponse | express-openid-connect
                                              express-openid-connect
                                                Preparing search index...

                                                Interface TokenExchangeResponse

                                                Represents the response from a token exchange request (RFC 8693).

                                                -
                                                interface TokenExchangeResponse {
                                                    access_token?: string;
                                                    expires_at?: number;
                                                    id_token?: string;
                                                    issued_token_type?: string;
                                                    refresh_token?: string;
                                                    scope?: string;
                                                    token_type?: string;
                                                    [key: string]: unknown;
                                                }

                                                Indexable

                                                • [key: string]: unknown

                                                  Vendor-specific or extension fields returned by the authorization server.

                                                  -
                                                Index

                                                Properties

                                                interface TokenExchangeResponse {
                                                    access_token?: string;
                                                    act?: ActClaim;
                                                    expires_at?: number;
                                                    id_token?: string;
                                                    issued_token_type?: string;
                                                    refresh_token?: string;
                                                    scope?: string;
                                                    token_type?: string;
                                                    [key: string]: unknown;
                                                }

                                                Indexable

                                                • [key: string]: unknown

                                                  Vendor-specific or extension fields returned by the authorization server.

                                                  +
                                                Index

                                                Properties

                                                access_token?: string

                                                The exchanged access token.

                                                -
                                                expires_at?: number

                                                Absolute UNIX timestamp (seconds) at which the access token expires. +

                                                act?: ActClaim

                                                Actor claim from an RFC 8693 delegation exchange. +Populated when actor_token was provided and the AS included the claim +in the returned id_token or JWT access_token.

                                                +
                                                expires_at?: number

                                                Absolute UNIX timestamp (seconds) at which the access token expires. Use this instead of expires_in when persisting or forwarding expiry.

                                                -
                                                id_token?: string

                                                ID token, if the AS returned one (uncommon for token exchange).

                                                -
                                                issued_token_type?: string

                                                RFC 8693 — the type of token that was issued. +

                                                id_token?: string

                                                ID token, if the AS returned one (uncommon for token exchange).

                                                +
                                                issued_token_type?: string

                                                RFC 8693 — the type of token that was issued. Typically "urn:ietf:params:oauth:token-type:access_token".

                                                -
                                                refresh_token?: string

                                                Refresh token, if the AS returned one.

                                                -
                                                scope?: string

                                                Space-separated scopes granted by the AS.

                                                -
                                                token_type?: string

                                                Usually "Bearer".

                                                -
                                                +
                                                refresh_token?: string

                                                Refresh token, if the AS returned one.

                                                +
                                                scope?: string

                                                Space-separated scopes granted by the AS.

                                                +
                                                token_type?: string

                                                Usually "Bearer".

                                                +
                                                diff --git a/docs/interfaces/TokenParameters.html b/docs/interfaces/TokenParameters.html index aea88141..e968f2ec 100644 --- a/docs/interfaces/TokenParameters.html +++ b/docs/interfaces/TokenParameters.html @@ -1 +1 @@ -TokenParameters | express-openid-connect
                                                express-openid-connect
                                                  Preparing search index...

                                                  Interface TokenParameters

                                                  Indexable

                                                  • [key: string]: unknown
                                                  +TokenParameters | express-openid-connect
                                                  express-openid-connect
                                                    Preparing search index...

                                                    Interface TokenParameters

                                                    Indexable

                                                    • [key: string]: unknown
                                                    diff --git a/docs/types/IdTokenClaims.html b/docs/types/IdTokenClaims.html index 5bd23e25..25bfd355 100644 --- a/docs/types/IdTokenClaims.html +++ b/docs/types/IdTokenClaims.html @@ -3,4 +3,4 @@ session lifetime, as asserted by the upstream IdP via the IPSIE SL1 protocol. Present when the IdP signals support for session expiry enforcement (e.g. Auth0 enterprise connections with id_token_session_expiry_supported: true).

                                                    -
                                                    +
                                                    diff --git a/package.json b/package.json index 953fab79..04644fab 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "express-openid-connect", - "version": "3.1.0", + "version": "3.2.0", "description": "Express middleware to protect web applications using OpenID Connect.", "repository": "auth0/express-openid-connect", "homepage": "https://github.com/auth0/express-openid-connect",