chore(deps): bump jsonwebtoken from 8.5.1 to 9.0.0

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0. - [Release notes](https://github.com/auth0/node-jsonwebtoken/releases) - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)
chore(deps): bump express from 4.18.1 to 4.18.2
2022-12-22 06:52:39 +00:00 · 2022-10-09 06:52:35 +00:00 · 2022-10-07 06:52:24 +00:00 · 2022-09-17 06:52:27 +00:00 · 2022-07-06 06:52:23 +00:00 · 2022-06-24 06:52:29 +00:00
4 changed files with 151 additions and 727 deletions
@@ -40,10 +40,17 @@ const addCustomClaims = (email, customClaims, token) => {

 }

+const signToken = (token) => {
+  return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+    algorithm: 'RS256',
+    keyid: thumbprint
+  })
+}
+
 // Configure our small auth0-mock-server
 app.options('*', cors(corsOpts))
  .use(cors())
-  .use(bodyParser.json())
+  .use(bodyParser.json({ strict: false }))
  .use(bodyParser.urlencoded({ extended: true }))
  .use(cookieParser())
  .use(express.static(`${__dirname}/public`))
@@ -51,47 +58,73 @@ app.options('*', cors(corsOpts))

 // This route can be used to generate a valid jwt-token.
 app.post('/oauth/token', (req, res) => {
-  const code = req.body.code
-  const session = sessions[code]
-
  let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
-    iss: jwksOrigin,
-    aud: [audience],
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId
-  }))), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+  if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
+    let accessToken = signToken({
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id
+    })

-  let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
-    iss: jwksOrigin,
-    aud: session.clientId,
-    nonce: session.nonce,
-    sub: 'auth0|' + session.email,
-    iat: date,
-    exp: date + 7200,
-    azp: session.clientId,
-    name: 'Example Person',
-    picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  }))), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
+    let idToken = signToken({
+      iss: jwksOrigin,
+      aud: req.body.client_id,
+      sub: 'auth0|management',
+      iat: date,
+      exp: date + 7200,
+      azp: req.body.client_id,
+      name: 'Management API'
+    })

-  debug('Signed token for ' + session.email)
-  // res.json({ token });
+    debug('Signed token for management API')

-  res.json({
-    access_token: accessToken,
-    id_token: idToken,
-    scope: 'openid%20profile%20email',
-    expires_in: 7200,
-    token_type: 'Bearer'
-  })
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else if (req.body.code) {
+    const code = req.body.code
+    const session = sessions[code]
+    let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId
+    }))
+
+    let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: session.clientId,
+      nonce: session.nonce,
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId,
+      name: 'Example Person',
+      picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+    }))
+
+    debug('Signed token for ' + session.email)
+
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else {
+    res.status(401)
+    res.send('Missing client_id or client_secret')
+  }
 })

 // This route can be used to generate a valid jwt-token.
@@ -264,7 +297,7 @@ app.post('/issuer', (req, res) => {
  }
  issuer = req.body.issuer
  jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbPrint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const { privateKey: key, certDer: der, thumbprint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
  privateKey = key
  certDer = der
  thumbprint = thumb
@@ -274,6 +307,28 @@ app.post('/issuer', (req, res) => {
  res.send('ok')
 })

+app.get('/api/v2/users-by-email', (req, res) => {
+  res.json([])
+})
+
+app.post('/api/v2/users', (req, res) => {
+  const email = req.body.email
+  res.json({
+    user_id: `auth0|${email}`
+  })
+})
+
+app.post('/api/v2/tickets/password-change', (req, res) => {
+  res.json({
+    ticket: `https://some-url`
+  })
+})
+
+app.use(function(req, res, next) {
+  console.log('404', req.path)
+  res.status(404).send('error: 404 Not Found ' + req.path)
+})
+
 app.listen(3333, () => {
  debug('Auth0-Mock-Server listening on port 3333!')
 })
@@ -122,8 +122,8 @@ const setup = (jwksOrigin) => {

  return {
    privateKey: forge.pki.privateKeyToPem(privateKey),
-    certDer: certDer,
-    thumbPrint: thumbprint.toString(),
+    certDer,
+    thumbprint: thumbprint.toString(),
    exponent: bnToB64(exponent),
    modulus: modulus.toString('base64')
  }
@@ -12,17 +12,17 @@
  "license": "MIT",
  "dependencies": {
    "base64-url": "^2.3.3",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.1",
    "buffer": "^6.0.3",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.3",
    "debug": "^4.3.4",
-    "express": "^4.18.0",
+    "express": "^4.18.2",
    "https-localhost": "^4.7.1",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
    "node-forge": "^1.3.1",
    "node-rsa": "^1.1.1",
-    "nodemon": "^2.0.15",
+    "nodemon": "^2.0.20",
    "serve-favicon": "^2.4.2"
  }
 }
Author	SHA1	Message	Date
argoyle	6dda660e78	chore(deps): bump jsonwebtoken from 8.5.1 to 9.0.0 Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0. - [Release notes](https://github.com/auth0/node-jsonwebtoken/releases) - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)	2022-12-22 06:52:39 +00:00
argoyle	534772b315	chore(deps): bump express from 4.18.1 to 4.18.2 Bumps [express](https://github.com/expressjs/express) from 4.18.1 to 4.18.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.18.1...4.18.2)	2022-10-09 06:52:35 +00:00
argoyle	3bdfe7bf0e	chore(deps): bump body-parser from 1.20.0 to 1.20.1 Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.0 to 1.20.1. - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/body-parser/compare/1.20.0...1.20.1)	2022-10-07 06:52:24 +00:00
argoyle	edba76d0ab	chore(deps): bump nodemon from 2.0.19 to 2.0.20 Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.19 to 2.0.20. - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](https://github.com/remy/nodemon/compare/v2.0.19...v2.0.20)	2022-09-17 06:52:27 +00:00
argoyle	5289b4fa23	chore(deps): bump nodemon from 2.0.18 to 2.0.19 Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.18 to 2.0.19. - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](https://github.com/remy/nodemon/compare/v2.0.18...v2.0.19)	2022-07-06 06:52:23 +00:00
argoyle	eef7168f37	chore(deps): bump nodemon from 2.0.16 to 2.0.18 Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.16 to 2.0.18. - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](https://github.com/remy/nodemon/compare/v2.0.16...v2.0.18)	2022-06-24 06:52:29 +00:00
argoyle	596967ff72	Merge branch 'dependabot-npm_and_yarn-normalize-url-4.5.1' into 'main' chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1 See merge request unboundsoftware/auth0mock!41	2022-05-02 07:01:46 +00:00
argoyle	5f2385a92f	chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1 Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. This update includes a security fix. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits)	2022-05-02 07:00:02 +00:00
argoyle	a5653c8ea6	Merge branch 'dependabot-npm_and_yarn-ini-1.3.8' into 'main' chore(deps): [security] bump ini from 1.3.5 to 1.3.8 See merge request unboundsoftware/auth0mock!39	2022-05-02 06:59:59 +00:00
argoyle	75ec899c99	chore(deps): [security] bump ini from 1.3.5 to 1.3.8 Bumps [ini](https://github.com/npm/ini) from 1.3.5 to 1.3.8. This update includes a security fix. - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/ini/compare/v1.3.5...v1.3.8)	2022-05-02 06:58:19 +00:00
argoyle	cb31381be2	Merge branch 'dependabot-npm_and_yarn-minimist-1.2.6' into 'main' chore(deps): [security] bump minimist from 1.2.0 to 1.2.6 See merge request unboundsoftware/auth0mock!40	2022-05-02 06:58:17 +00:00
argoyle	9ee344311a	chore(deps): [security] bump minimist from 1.2.0 to 1.2.6 Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.6. This update includes security fixes. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.6)	2022-05-02 06:56:54 +00:00
argoyle	d7e3b10e80	Merge branch 'dependabot-npm_and_yarn-ansi-regex-4.1.1' into 'main' chore(deps): [security] bump ansi-regex from 4.1.0 to 4.1.1 See merge request unboundsoftware/auth0mock!38	2022-05-02 06:56:51 +00:00
argoyle	7b306dd500	chore(deps): [security] bump ansi-regex from 4.1.0 to 4.1.1 Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. This update includes a security fix. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1)	2022-05-02 06:52:21 +00:00
argoyle	22d096a2be	Merge branch 'dependabot-npm_and_yarn-nodemon-2.0.16' into 'main' chore(deps): bump nodemon from 2.0.15 to 2.0.16 See merge request unboundsoftware/auth0mock!37	2022-05-01 17:27:31 +00:00
argoyle	858cb96e10	chore(deps): bump nodemon from 2.0.15 to 2.0.16 Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.15 to 2.0.16. - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](https://github.com/remy/nodemon/compare/v2.0.15...v2.0.16)	2022-05-01 17:26:04 +00:00
argoyle	e8dd55208c	Merge branch 'dependabot-npm_and_yarn-express-4.18.1' into 'main' chore(deps): bump express from 4.18.0 to 4.18.1 See merge request unboundsoftware/auth0mock!36	2022-05-01 17:25:57 +00:00
argoyle	dbf5206c1b	chore(deps): bump express from 4.18.0 to 4.18.1 Bumps [express](https://github.com/expressjs/express) from 4.18.0 to 4.18.1. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.18.0...4.18.1)	2022-04-30 06:52:18 +00:00
argoyle	4229508bba	feat: add support for client id and secret tokens	2022-04-28 09:38:05 +02:00
argoyle	b4d5dbe9e3	feat: add dummy-implementation of management API	2022-04-26 16:54:03 +02:00
argoyle	b476cf0e36	fix: use correct return-variable	2022-04-26 15:37:19 +02:00