chore(deps): bump jsonwebtoken from 8.5.1 to 9.0.0

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)

app.js

@@ -11,10 +11,11 @@ const bodyParser = require('body-parser')
 const favicon = require('serve-favicon')
 const cert = require('./cert')
 
-let issuer = 'localhost:3333'
+let issuer = process.env.ISSUER || 'localhost:3333'
 let jwksOrigin = `https://${issuer}/`
 const audience = process.env.AUDIENCE || 'https://generic-audience'
 const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
+const emailCustomClaim = process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'
 
 const debug = Debug('app')
 
@@ -27,10 +28,29 @@ const corsOpts = (req, cb) => {
   cb(null, { origin: req.headers.origin })
 }
 
+const addCustomClaims = (email, customClaims, token) => {
+  const emailClaim = {}
+  emailClaim[emailCustomClaim] = email
+  return [...customClaims, emailClaim].reduce((acc, claim) => {
+    return {
+      ...acc,
+      ...claim
+    }
+  }, token)
+
+}
+
+const signToken = (token) => {
+  return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+    algorithm: 'RS256',
+    keyid: thumbprint
+  })
+}
+
 // Configure our small auth0-mock-server
 app.options('*', cors(corsOpts))
   .use(cors())
-  .use(bodyParser.json())
+  .use(bodyParser.json({ strict: false }))
   .use(bodyParser.urlencoded({ extended: true }))
   .use(cookieParser())
   .use(express.static(`${__dirname}/public`))
@@ -38,28 +58,49 @@ app.options('*', cors(corsOpts))
 
 // This route can be used to generate a valid jwt-token.
 app.post('/oauth/token', (req, res) => {
+  let date = Math.floor(Date.now() / 1000)
+  if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
+    let accessToken = signToken({
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id
+    })
+
+    let idToken = signToken({
+      iss: jwksOrigin,
+      aud: req.body.client_id,
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id,
+      name: 'Management API'
+    })
+
+    debug('Signed token for management API')
+
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else if (req.body.code) {
     const code = req.body.code
     const session = sessions[code]
-
+    let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
-  let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify({
       iss: jwksOrigin,
       aud: [audience],
       sub: 'auth0|' + session.email,
       iat: date,
       exp: date + 7200,
       azp: session.clientId
-  })), privateKey, {
+    }))
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
 
-  const token = session.customClaims.reduce((acc, claim) => {
+    let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
-    return {
-      ...acc,
-      ...claim
-    }
-  }, {
       iss: jwksOrigin,
       aud: session.clientId,
       nonce: session.nonce,
@@ -69,14 +110,9 @@ app.post('/oauth/token', (req, res) => {
       azp: session.clientId,
       name: 'Example Person',
       picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  })
+    }))
-  let idToken = jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
 
     debug('Signed token for ' + session.email)
-  // res.json({ token });
 
     res.json({
       access_token: accessToken,
@@ -85,6 +121,10 @@ app.post('/oauth/token', (req, res) => {
       expires_in: 7200,
       token_type: 'Bearer'
     })
+  } else {
+    res.status(401)
+    res.send('Missing client_id or client_secret')
+  }
 })
 
 // This route can be used to generate a valid jwt-token.
@@ -257,7 +297,7 @@ app.post('/issuer', (req, res) => {
   }
   issuer = req.body.issuer
   jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbPrint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const { privateKey: key, certDer: der, thumbprint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
   privateKey = key
   certDer = der
   thumbprint = thumb
@@ -267,6 +307,28 @@ app.post('/issuer', (req, res) => {
   res.send('ok')
 })
 
+app.get('/api/v2/users-by-email', (req, res) => {
+  res.json([])
+})
+
+app.post('/api/v2/users', (req, res) => {
+  const email = req.body.email
+  res.json({
+    user_id: `auth0|${email}`
+  })
+})
+
+app.post('/api/v2/tickets/password-change', (req, res) => {
+  res.json({
+    ticket: `https://some-url`
+  })
+})
+
+app.use(function(req, res, next) {
+  console.log('404', req.path)
+  res.status(404).send('error: 404 Not Found ' + req.path)
+})
+
 app.listen(3333, () => {
   debug('Auth0-Mock-Server listening on port 3333!')
 })

cert.js

@@ -1,7 +1,7 @@
-const base64url = require('base64-url');
+const base64url = require('base64-url')
-const createHash = require('crypto').createHash;
+const createHash = require('crypto').createHash
-const forge = require('node-forge');
+const forge = require('node-forge')
-const NodeRSA = require('node-rsa');
+const NodeRSA = require('node-rsa')
 
 const PRIVATE_KEY_PEM =
   '-----BEGIN RSA PRIVATE KEY-----\n' +
@@ -30,7 +30,7 @@ const PRIVATE_KEY_PEM =
   'JEgWBQKBgQDKD+2Yh1/rUzu15lbPH0JSpozUinuFjePieR/4n+5CtEUxWJ2f0WeK\n' +
   's4XWWf2qgUccjpiGju2UR840mgWROoZ8BfSTd5tg1F7bo0HMgu2hu0RIRpZcRhsA\n' +
   'Cd0GrJvf1t0QIdDCXAy+RpgU1SLSq4Q6Lomc0WA5C5nBw9RKEUOV9A==\n' +
-    '-----END RSA PRIVATE KEY-----\n';
+  '-----END RSA PRIVATE KEY-----\n'
 
 const PUBLIC_KEY_PEM =
   '-----BEGIN PUBLIC KEY-----\n' +
@@ -41,92 +41,92 @@ const PUBLIC_KEY_PEM =
   'qXHP6AwKZXpT6jCzjzq9uyHxVcudqw6j0kQw48/A5A6AN5fIVy1cKnd0sKdqRX1N\n' +
   'UqVoiOrO4jaDB1IdLD+YmRE/JjOHsWIMElYCPxKqnsNo6VCslGX/ziinArHhqRBr\n' +
   'HwIDAQAB\n' +
-    '-----END PUBLIC KEY-----\n';
+  '-----END PUBLIC KEY-----\n'
 
 const createCertificate = ({
                              publicKey,
                              privateKey,
-                               jwksOrigin,
+                             jwksOrigin
                            }) => {
-    const cert = forge.pki.createCertificate();
+  const cert = forge.pki.createCertificate()
-    cert.publicKey = publicKey;
+  cert.publicKey = publicKey
-    cert.serialNumber = '123';
+  cert.serialNumber = '123'
   const attrs = [
     {
       name: 'commonName',
-            value: `${jwksOrigin}`,
+      value: `${jwksOrigin}`
-        },
+    }
-    ];
+  ]
-    cert.validity.notBefore = new Date();
+  cert.validity.notBefore = new Date()
-    cert.validity.notAfter = new Date();
+  cert.validity.notAfter = new Date()
-    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
+  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
-    cert.setSubject(attrs);
+  cert.setSubject(attrs)
-    cert.setIssuer(attrs);
+  cert.setIssuer(attrs)
-    cert.sign(privateKey);
+  cert.sign(privateKey)
   return forge.pki.certificateToPem(cert)
-};
+}
 
 const getCertThumbprint = (certificate) => {
-    const shasum = createHash('sha1');
+  const shasum = createHash('sha1')
-    const der = Buffer.from(certificate).toString('binary');
+  const der = Buffer.from(certificate).toString('binary')
-    shasum.update(der);
+  shasum.update(der)
   return shasum.digest('base64')
-};
+}
 
 const createKeyPair = () => {
-    const privateKey = forge.pki.privateKeyFromPem(PRIVATE_KEY_PEM);
+  const privateKey = forge.pki.privateKeyFromPem(PRIVATE_KEY_PEM)
-    const publicKey = forge.pki.publicKeyFromPem(PUBLIC_KEY_PEM);
+  const publicKey = forge.pki.publicKeyFromPem(PUBLIC_KEY_PEM)
   return {
     privateKey,
-        publicKey,
+    publicKey
   }
-};
+}
 
 const bnToB64 = (bn) => {
-    let hex = BigInt(bn).toString(16);
+  let hex = BigInt(bn).toString(16)
   if (hex.length % 2) {
-        hex = '0' + hex;
+    hex = '0' + hex
   }
 
-    const bin = [];
+  const bin = []
-    let i = 0;
+  let i = 0
-    let d;
+  let d
-    let b;
+  let b
   while (i < hex.length) {
-        d = parseInt(hex.slice(i, i + 2), 16);
+    d = parseInt(hex.slice(i, i + 2), 16)
-        b = String.fromCharCode(d);
+    b = String.fromCharCode(d)
-        bin.push(b);
+    bin.push(b)
-        i += 2;
+    i += 2
   }
 
-    return Buffer.from(bin.join(''), 'binary').toString('base64');
+  return Buffer.from(bin.join(''), 'binary').toString('base64')
-};
+}
 
 const setup = (jwksOrigin) => {
-    const {privateKey, publicKey} = createKeyPair();
+  const { privateKey, publicKey } = createKeyPair()
   const certPem = createCertificate({
     jwksOrigin,
     privateKey,
-        publicKey,
+    publicKey
-    });
+  })
   const certDer = forge.util.encode64(
     forge.asn1
       .toDer(forge.pki.certificateToAsn1(forge.pki.certificateFromPem(certPem)))
       .getBytes()
-    );
+  )
-    const thumbprint = base64url.encode(getCertThumbprint(certDer));
+  const thumbprint = base64url.encode(getCertThumbprint(certDer))
 
-    const helperKey = new NodeRSA();
+  const helperKey = new NodeRSA()
-    helperKey.importKey(forge.pki.privateKeyToPem(privateKey));
+  helperKey.importKey(forge.pki.privateKeyToPem(privateKey))
-    const {n: modulus, e: exponent} = helperKey.exportKey('components');
+  const { n: modulus, e: exponent } = helperKey.exportKey('components')
 
   return {
     privateKey: forge.pki.privateKeyToPem(privateKey),
-        certDer: certDer,
+    certDer,
-        thumbPrint: thumbprint,
+    thumbprint: thumbprint.toString(),
     exponent: bnToB64(exponent),
     modulus: modulus.toString('base64')
   }
-};
+}
 
-module.exports = setup;
+module.exports = setup

package.json

@@ -12,17 +12,17 @@
   "license": "MIT",
   "dependencies": {
     "base64-url": "^2.3.3",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.1",
     "buffer": "^6.0.3",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.3",
     "debug": "^4.3.4",
-    "express": "^4.17.3",
+    "express": "^4.18.2",
     "https-localhost": "^4.7.1",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "node-forge": "^1.3.1",
     "node-rsa": "^1.1.1",
-    "nodemon": "^2.0.15",
+    "nodemon": "^2.0.20",
     "serve-favicon": "^2.4.2"
   }
 }