chore(deps): bump jsonwebtoken from 8.5.1 to 9.0.0

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)

app.js

@@ -40,10 +40,17 @@ const addCustomClaims = (email, customClaims, token) => {
 
 }
 
+const signToken = (token) => {
+  return jwt.sign(Buffer.from(JSON.stringify(token)), privateKey, {
+    algorithm: 'RS256',
+    keyid: thumbprint
+  })
+}
+
 // Configure our small auth0-mock-server
 app.options('*', cors(corsOpts))
   .use(cors())
-  .use(bodyParser.json())
+  .use(bodyParser.json({ strict: false }))
   .use(bodyParser.urlencoded({ extended: true }))
   .use(cookieParser())
   .use(express.static(`${__dirname}/public`))
@@ -51,47 +58,73 @@ app.options('*', cors(corsOpts))
 
 // This route can be used to generate a valid jwt-token.
 app.post('/oauth/token', (req, res) => {
-  const code = req.body.code
-  const session = sessions[code]
-
   let date = Math.floor(Date.now() / 1000)
-  let accessToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
+  if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
-    iss: jwksOrigin,
+    let accessToken = signToken({
-    aud: [audience],
+      iss: jwksOrigin,
-    sub: 'auth0|' + session.email,
+      aud: [audience],
-    iat: date,
+      sub: 'auth0|management',
-    exp: date + 7200,
+      iat: date,
-    azp: session.clientId
+      exp: date + 7200,
-  }))), privateKey, {
+      azp: req.body.client_id
-    algorithm: 'RS256',
+    })
-    keyid: thumbprint
-  })
 
-  let idToken = jwt.sign(Buffer.from(JSON.stringify(addCustomClaims(session.email, session.customClaims, {
+    let idToken = signToken({
-    iss: jwksOrigin,
+      iss: jwksOrigin,
-    aud: session.clientId,
+      aud: req.body.client_id,
-    nonce: session.nonce,
+      sub: 'auth0|management',
-    sub: 'auth0|' + session.email,
+      iat: date,
-    iat: date,
+      exp: date + 7200,
-    exp: date + 7200,
+      azp: req.body.client_id,
-    azp: session.clientId,
+      name: 'Management API'
-    name: 'Example Person',
+    })
-    picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-  }))), privateKey, {
-    algorithm: 'RS256',
-    keyid: thumbprint
-  })
 
-  debug('Signed token for ' + session.email)
+    debug('Signed token for management API')
-  // res.json({ token });
 
-  res.json({
+    res.json({
-    access_token: accessToken,
+      access_token: accessToken,
-    id_token: idToken,
+      id_token: idToken,
-    scope: 'openid%20profile%20email',
+      scope: 'openid%20profile%20email',
-    expires_in: 7200,
+      expires_in: 7200,
-    token_type: 'Bearer'
+      token_type: 'Bearer'
-  })
+    })
+  } else if (req.body.code) {
+    const code = req.body.code
+    const session = sessions[code]
+    let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: [audience],
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId
+    }))
+
+    let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
+      iss: jwksOrigin,
+      aud: session.clientId,
+      nonce: session.nonce,
+      sub: 'auth0|' + session.email,
+      iat: date,
+      exp: date + 7200,
+      azp: session.clientId,
+      name: 'Example Person',
+      picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+    }))
+
+    debug('Signed token for ' + session.email)
+
+    res.json({
+      access_token: accessToken,
+      id_token: idToken,
+      scope: 'openid%20profile%20email',
+      expires_in: 7200,
+      token_type: 'Bearer'
+    })
+  } else {
+    res.status(401)
+    res.send('Missing client_id or client_secret')
+  }
 })
 
 // This route can be used to generate a valid jwt-token.
@@ -264,7 +297,7 @@ app.post('/issuer', (req, res) => {
   }
   issuer = req.body.issuer
   jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbPrint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const { privateKey: key, certDer: der, thumbprint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
   privateKey = key
   certDer = der
   thumbprint = thumb
@@ -274,6 +307,28 @@ app.post('/issuer', (req, res) => {
   res.send('ok')
 })
 
+app.get('/api/v2/users-by-email', (req, res) => {
+  res.json([])
+})
+
+app.post('/api/v2/users', (req, res) => {
+  const email = req.body.email
+  res.json({
+    user_id: `auth0|${email}`
+  })
+})
+
+app.post('/api/v2/tickets/password-change', (req, res) => {
+  res.json({
+    ticket: `https://some-url`
+  })
+})
+
+app.use(function(req, res, next) {
+  console.log('404', req.path)
+  res.status(404).send('error: 404 Not Found ' + req.path)
+})
+
 app.listen(3333, () => {
   debug('Auth0-Mock-Server listening on port 3333!')
 })

cert.js

@@ -122,8 +122,8 @@ const setup = (jwksOrigin) => {
 
   return {
     privateKey: forge.pki.privateKeyToPem(privateKey),
-    certDer: certDer,
+    certDer,
-    thumbPrint: thumbprint.toString(),
+    thumbprint: thumbprint.toString(),
     exponent: bnToB64(exponent),
     modulus: modulus.toString('base64')
   }

package.json

@@ -12,17 +12,17 @@
   "license": "MIT",
   "dependencies": {
     "base64-url": "^2.3.3",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.1",
     "buffer": "^6.0.3",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.3",
     "debug": "^4.3.4",
-    "express": "^4.18.0",
+    "express": "^4.18.2",
     "https-localhost": "^4.7.1",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "node-forge": "^1.3.1",
     "node-rsa": "^1.1.1",
-    "nodemon": "^2.0.15",
+    "nodemon": "^2.0.20",
     "serve-favicon": "^2.4.2"
   }
 }