Merge pull request #176 from auth0/release-2.2.0

Release 2.2.0

CHANGELOG.md

@@ -1,5 +1,15 @@
 # CHANGELOG
 
+## [2.2.0](https://github.com/auth0/express-openid-connect/tree/v2.2.0) (2021-01-14)
+[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.1.0...v2.2.0)
+
+**Added**
+- afterCallback Hook [#168](https://github.com/auth0/express-openid-connect/pull/168) ([davidpatrick](https://github.com/davidpatrick))
+
+**Changed**
+- Move transient cookies into single cookie [#171](https://github.com/auth0/express-openid-connect/pull/171) ([davidpatrick](https://github.com/davidpatrick))
+- Use native node hkdf when available (Node >=15) [#177](https://github.com/auth0/express-openid-connect/pull/177) ([panva](https://github.com/panva))
+
 ## [2.1.0](https://github.com/auth0/express-openid-connect/tree/v2.1.0) (2020-12-15)
 [Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.0.0...v2.1.0)
 

EXAMPLES.md

@@ -215,4 +215,23 @@ app.use(
     // auth0Logout: true // if using custom domain with Auth0
   })
 );
+```
+
+## 8. Validate Claims from an ID token before logging a user in
+
+The `afterCallback` hook can be used to do validation checks on claims after the ID token has been received in the callback phase.
+
+```js
+app.use(
+  auth({
+    afterCallback: (req, res, session) => {
+      const claims = jose.JWT.decode(session.id_token); // using jose library to decode JWT
+      if (claims.org_id !== 'Required Organization') {
+        throw new Error('User is not a part of the Required Organization');
+      }
+      return session;
+    }
+  })
+);
+
 ```

docs/globals.html

@@ -2747,6 +2747,9 @@
 		<li class=" tsd-kind-interface">
 			<a href="interfaces/responsecontext.html" class="tsd-kind-icon">Response<wbr>Context</a>
 		</li>
+		<li class=" tsd-kind-interface">
+			<a href="interfaces/session.html" class="tsd-kind-icon">Session</a>
+		</li>
 		<li class=" tsd-kind-interface">
 			<a href="interfaces/sessionconfigparams.html" class="tsd-kind-icon">Session<wbr>Config<wbr>Params</a>
 		</li>
@@ -2830,6 +2833,7 @@ <h2>Getting Started</h2>
     <span class="hljs-attr">baseURL</span>: <span class="hljs-string">&#x27;https://YOUR_APPLICATION_ROOT_URL&#x27;</span>,
     <span class="hljs-attr">clientID</span>: <span class="hljs-string">&#x27;YOUR_CLIENT_ID&#x27;</span>,
     <span class="hljs-attr">secret</span>: <span class="hljs-string">&#x27;LONG_RANDOM_STRING&#x27;</span>,
+    <span class="hljs-attr">idpLogout</span>: <span class="hljs-literal">true</span>,
   })
 );</code></pre>
 			<p>With this basic configuration, your application will require authentication for all routes and store the user identity in an encrypted and signed cookie.</p>
@@ -2897,6 +2901,7 @@ <h3>Interfaces</h3>
 							<li class="tsd-kind-interface tsd-has-type-parameter"><a href="interfaces/openidresponse.html" class="tsd-kind-icon">Openid<wbr>Response</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/requestcontext.html" class="tsd-kind-icon">Request<wbr>Context</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/responsecontext.html" class="tsd-kind-icon">Response<wbr>Context</a></li>
+							<li class="tsd-kind-interface"><a href="interfaces/session.html" class="tsd-kind-icon">Session</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/sessionconfigparams.html" class="tsd-kind-icon">Session<wbr>Config<wbr>Params</a></li>
 						</ul>
 					</section>
@@ -2926,7 +2931,7 @@ <h3>attempt<wbr>Silent<wbr>Login</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L637">index.d.ts:637</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L671">index.d.ts:671</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -2957,7 +2962,7 @@ <h3>auth</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L537">index.d.ts:537</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L571">index.d.ts:571</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3007,7 +3012,7 @@ <h3>claim<wbr>Check</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L617">index.d.ts:617</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L651">index.d.ts:651</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3064,7 +3069,7 @@ <h3>claim<wbr>Equals</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L578">index.d.ts:578</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L612">index.d.ts:612</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3107,7 +3112,7 @@ <h3>claim<wbr>Includes</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L598">index.d.ts:598</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L632">index.d.ts:632</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3150,7 +3155,7 @@ <h3>requires<wbr>Auth</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L559">index.d.ts:559</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L593">index.d.ts:593</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3163,7 +3168,7 @@ <h3>requires<wbr>Auth</h3>
 app.use(
   auth({
      ...
-     authRequired: <span class="hljs-literal">false</span>
+     <span class="hljs-attr">authRequired</span>: <span class="hljs-literal">false</span>
   })
 );
 

docs/index.html

@@ -2747,6 +2747,9 @@
 		<li class=" tsd-kind-interface">
 			<a href="interfaces/responsecontext.html" class="tsd-kind-icon">Response<wbr>Context</a>
 		</li>
+		<li class=" tsd-kind-interface">
+			<a href="interfaces/session.html" class="tsd-kind-icon">Session</a>
+		</li>
 		<li class=" tsd-kind-interface">
 			<a href="interfaces/sessionconfigparams.html" class="tsd-kind-icon">Session<wbr>Config<wbr>Params</a>
 		</li>
@@ -2830,6 +2833,7 @@ <h2>Getting Started</h2>
     <span class="hljs-attr">baseURL</span>: <span class="hljs-string">&#x27;https://YOUR_APPLICATION_ROOT_URL&#x27;</span>,
     <span class="hljs-attr">clientID</span>: <span class="hljs-string">&#x27;YOUR_CLIENT_ID&#x27;</span>,
     <span class="hljs-attr">secret</span>: <span class="hljs-string">&#x27;LONG_RANDOM_STRING&#x27;</span>,
+    <span class="hljs-attr">idpLogout</span>: <span class="hljs-literal">true</span>,
   })
 );</code></pre>
 			<p>With this basic configuration, your application will require authentication for all routes and store the user identity in an encrypted and signed cookie.</p>
@@ -2898,6 +2902,7 @@ <h3>Interfaces</h3>
 							<li class="tsd-kind-interface tsd-has-type-parameter"><a href="interfaces/openidresponse.html" class="tsd-kind-icon">Openid<wbr>Response</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/requestcontext.html" class="tsd-kind-icon">Request<wbr>Context</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/responsecontext.html" class="tsd-kind-icon">Response<wbr>Context</a></li>
+							<li class="tsd-kind-interface"><a href="interfaces/session.html" class="tsd-kind-icon">Session</a></li>
 							<li class="tsd-kind-interface"><a href="interfaces/sessionconfigparams.html" class="tsd-kind-icon">Session<wbr>Config<wbr>Params</a></li>
 						</ul>
 					</section>
@@ -2927,7 +2932,7 @@ <h3>attempt<wbr>Silent<wbr>Login</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L637">index.d.ts:637</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L671">index.d.ts:671</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -2958,7 +2963,7 @@ <h3>auth</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L537">index.d.ts:537</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L571">index.d.ts:571</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3008,7 +3013,7 @@ <h3>claim<wbr>Check</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L617">index.d.ts:617</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L651">index.d.ts:651</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3065,7 +3070,7 @@ <h3>claim<wbr>Equals</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L578">index.d.ts:578</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L612">index.d.ts:612</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3108,7 +3113,7 @@ <h3>claim<wbr>Includes</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L598">index.d.ts:598</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L632">index.d.ts:632</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3151,7 +3156,7 @@ <h3>requires<wbr>Auth</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L559">index.d.ts:559</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L593">index.d.ts:593</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">
@@ -3164,7 +3169,7 @@ <h3>requires<wbr>Auth</h3>
 app.use(
   auth({
      ...
-     authRequired: <span class="hljs-literal">false</span>
+     <span class="hljs-attr">authRequired</span>: <span class="hljs-literal">false</span>
   })
 );
 

docs/interfaces/accesstoken.html

@@ -2764,6 +2764,9 @@
 		<li class=" tsd-kind-interface">
 			<a href="responsecontext.html" class="tsd-kind-icon">Response<wbr>Context</a>
 		</li>
+		<li class=" tsd-kind-interface">
+			<a href="session.html" class="tsd-kind-icon">Session</a>
+		</li>
 		<li class=" tsd-kind-interface">
 			<a href="sessionconfigparams.html" class="tsd-kind-icon">Session<wbr>Config<wbr>Params</a>
 		</li>
@@ -2827,7 +2830,7 @@ <h3>access_<wbr>token</h3>
 				<div class="tsd-signature tsd-kind-icon">access_<wbr>token<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div>
 				<aside class="tsd-sources">
 					<ul>
-						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L478">index.d.ts:478</a></li>
+						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L512">index.d.ts:512</a></li>
 					</ul>
 				</aside>
 				<div class="tsd-comment tsd-typography">
@@ -2842,7 +2845,7 @@ <h3>expires_<wbr>in</h3>
 				<div class="tsd-signature tsd-kind-icon">expires_<wbr>in<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">number</span></div>
 				<aside class="tsd-sources">
 					<ul>
-						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L488">index.d.ts:488</a></li>
+						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L522">index.d.ts:522</a></li>
 					</ul>
 				</aside>
 				<div class="tsd-comment tsd-typography">
@@ -2857,7 +2860,7 @@ <h3>is<wbr>Expired</h3>
 				<div class="tsd-signature tsd-kind-icon">is<wbr>Expired<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-symbol">(</span><span class="tsd-signature-symbol">)</span><span class="tsd-signature-symbol"> =&gt; </span><span class="tsd-signature-type">boolean</span></div>
 				<aside class="tsd-sources">
 					<ul>
-						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L493">index.d.ts:493</a></li>
+						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L527">index.d.ts:527</a></li>
 					</ul>
 				</aside>
 				<div class="tsd-comment tsd-typography">
@@ -2887,7 +2890,7 @@ <h3>token_<wbr>type</h3>
 				<div class="tsd-signature tsd-kind-icon">token_<wbr>type<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div>
 				<aside class="tsd-sources">
 					<ul>
-						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L483">index.d.ts:483</a></li>
+						<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L517">index.d.ts:517</a></li>
 					</ul>
 				</aside>
 				<div class="tsd-comment tsd-typography">
@@ -2909,7 +2912,7 @@ <h3>refresh</h3>
 					<li class="tsd-description">
 						<aside class="tsd-sources">
 							<ul>
-								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/df1d82b/index.d.ts#L505">index.d.ts:505</a></li>
+								<li>Defined in <a href="https://github.com/auth0/express-openid-connect/blob/75a7982/index.d.ts#L539">index.d.ts:539</a></li>
 							</ul>
 						</aside>
 						<div class="tsd-comment tsd-typography">