From 77df7aff6e426118ad4a7460a76fbdda961b9cec Mon Sep 17 00:00:00 2001 From: Andrii Honchar Date: Tue, 16 Apr 2024 14:14:55 +0200 Subject: [PATCH 01/12] fix getting key from response of getKeyFromJWKsURI --- src/OAuthClient.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/OAuthClient.js b/src/OAuthClient.js index c6b3b0d8..7273a535 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -474,8 +474,7 @@ OAuthClient.prototype.getKeyFromJWKsURI = function getKeyFromJWKsURI(id_token, k .then((response) => { if (Number(response.status) !== 200) throw new Error('Could not reach JWK endpoint'); // Find the key by KID - const responseBody = JSON.parse(response.body); - const key = responseBody.keys.find((el) => el.kid === kid); + const key = response.data.keys.find((el) => el.kid === kid); const cert = this.getPublicKey(key.n, key.e); return jwt.verify(id_token, cert); From 94f2163be632a5a6e5a899b9a61ee0c20129863b Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Fri, 8 Mar 2024 14:01:58 -0800 Subject: [PATCH 02/12] updated release version to 4.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fb92e186..9d5a2c8d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "intuit-oauth", - "version": "4.0.0", + "version": "4.1.0", "description": "Intuit Node.js client for OAuth2.0 and OpenIDConnect", "main": "./src/OAuthClient.js", "scripts": { From d40eb48f34ccac9831c1f56d96e7ceb005857041 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 9 Mar 2024 19:26:19 +0000 Subject: [PATCH 03/12] fix: sample/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026 - https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 --- sample/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sample/package.json b/sample/package.json index 80234eaa..1b4321f0 100644 --- a/sample/package.json +++ b/sample/package.json @@ -17,7 +17,7 @@ "ejs": "^3.1.9", "express": "^4.14.0", "express-session": "^1.14.2", - "intuit-oauth": "^3.0.1", + "intuit-oauth": "^4.1.0", "ngrok": "^5.0.0-beta.2", "path": "^0.12.7" }, From e0d4bb4466b635a30c1eacef8275b040fbeaa2e9 Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Mon, 11 Mar 2024 21:57:20 -0700 Subject: [PATCH 04/12] fix authResponse.json issue --- package.json | 2 +- sample/app.js | 10 +++++----- src/OAuthClient.js | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index 9d5a2c8d..e624c1fb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "intuit-oauth", - "version": "4.1.0", + "version": "4.1.1", "description": "Intuit Node.js client for OAuth2.0 and OpenIDConnect", "main": "./src/OAuthClient.js", "scripts": { diff --git a/sample/app.js b/sample/app.js index 9c56f73f..fd57bc2a 100644 --- a/sample/app.js +++ b/sample/app.js @@ -72,7 +72,7 @@ app.get('/callback', function (req, res) { oauthClient .createToken(req.url) .then(function (authResponse) { - oauth2_token_json = JSON.stringify(authResponse.getJson(), null, 2); + oauth2_token_json = JSON.stringify(authResponse.json, null, 2); }) .catch(function (e) { console.error(e); @@ -95,8 +95,8 @@ app.get('/refreshAccessToken', function (req, res) { oauthClient .refresh() .then(function (authResponse) { - console.log(`The Refresh Token is ${JSON.stringify(authResponse.getJson())}`); - oauth2_token_json = JSON.stringify(authResponse.getJson(), null, 2); + console.log(`The Refresh Token is ${JSON.stringify(authResponse.json)}`); + oauth2_token_json = JSON.stringify(authResponse.json, null, 2); res.send(oauth2_token_json); }) .catch(function (e) { @@ -118,8 +118,8 @@ app.get('/getCompanyInfo', function (req, res) { oauthClient .makeApiCall({ url: `${url}v3/company/${companyID}/companyinfo/${companyID}` }) .then(function (authResponse) { - console.log(`The response for API call is :${JSON.stringify(authResponse)}`); - res.send(JSON.parse(authResponse.text())); + console.log(`The response for API call is :${JSON.stringify(authResponse.json)}`); + res.send(authResponse.json); }) .catch(function (e) { console.error(e); diff --git a/src/OAuthClient.js b/src/OAuthClient.js index 7273a535..75006bd4 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -182,10 +182,10 @@ OAuthClient.prototype.createToken = function createToken(uri) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { response, ...authResponse } = res.json ? res : null; + const { request, ...authResponse } = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); - this.log('info', 'Create Token response is : ', JSON.stringify(authResponse, null, 2)); + this.log('info', 'Create Token response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -224,9 +224,9 @@ OAuthClient.prototype.refresh = function refresh() { }) .then((res) => { const { request, ...authResponse } = res.json ? res : null; - const json = (authResponse && authResponse.getJson()) || res; + const json = (authResponse && authResponse.json) || res; this.token.setToken(json); - this.log('info', 'Refresh Token () response is : ', JSON.stringify(authResponse, null, 2)); + this.log('info', 'Refresh Token () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -266,7 +266,7 @@ OAuthClient.prototype.refreshUsingToken = function refreshUsingToken(refresh_tok }) .then((res) => { const { request, ...authResponse } = res.json ? res : null; - const json = (authResponse && authResponse.getJson()) || res; + const json = (authResponse && authResponse.json) || res; this.token.setToken(json); this.log( 'info', @@ -402,7 +402,7 @@ OAuthClient.prototype.makeApiCall = function makeApiCall(params) { resolve(this.getTokenRequest(request)); }) .then(({ request, ...authResponse }) => { - this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse, null, 2)); + this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) .catch((e) => { From 28b0802ea2dc3169136bf89ee1f798f64628c8ad Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Wed, 13 Mar 2024 11:01:37 -0700 Subject: [PATCH 05/12] correction to get response obj updated --- src/OAuthClient.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OAuthClient.js b/src/OAuthClient.js index 75006bd4..88a49273 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -182,7 +182,7 @@ OAuthClient.prototype.createToken = function createToken(uri) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const { response, ...authResponse } = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); this.log('info', 'Create Token response is : ', JSON.stringify(authResponse.json, null, 2)); From 4363288219230b913a73057a09c2709667ce90a6 Mon Sep 17 00:00:00 2001 From: Ian Berryman Date: Mon, 18 Mar 2024 14:55:33 -0600 Subject: [PATCH 06/12] Fixes issue #164: Error converting authResponse to JSON string --- src/OAuthClient.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/OAuthClient.js b/src/OAuthClient.js index 88a49273..4f2a6883 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -271,7 +271,7 @@ OAuthClient.prototype.refreshUsingToken = function refreshUsingToken(refresh_tok this.log( 'info', 'Refresh usingToken () response is : ', - JSON.stringify(authResponse, null, 2), + JSON.stringify(authResponse.json, null, 2), ); return authResponse; }) @@ -315,9 +315,10 @@ OAuthClient.prototype.revoke = function revoke(params) { resolve(this.getTokenRequest(request)); }) - .then(({ request, ...authResponse }) => { + .then((res) => { + const { request, ...authResponse } = res.json ? res : null; this.token.clearToken(); - this.log('info', 'Revoke Token () response is : ', JSON.stringify(authResponse, null, 2)); + this.log('info', 'Revoke Token () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -353,7 +354,7 @@ OAuthClient.prototype.getUserInfo = function getUserInfo() { this.log( 'info', 'The Get User Info () response is : ', - JSON.stringify(authResponse, null, 2), + JSON.stringify(authResponse.json, null, 2), ); return authResponse; }) @@ -401,7 +402,8 @@ OAuthClient.prototype.makeApiCall = function makeApiCall(params) { resolve(this.getTokenRequest(request)); }) - .then(({ request, ...authResponse }) => { + .then((res) => { + const { request, ...authResponse } = res.json ? res : null; this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) From 184cfdcafc6f3070cdd1b44484384b460dfdd13f Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Mon, 18 Mar 2024 19:56:32 -0700 Subject: [PATCH 07/12] updated CHANGELOG.md --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6513abd..1b73dae0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,20 @@ # Changelog +## [4.1.1](https://github.com/intuit/oauth-jsclient/tree/4.1.1) +#### Features +- Stop using Popsicle and start using Axios +#### Issues Fixed +- [fix authResponse.json](https://github.com/intuit/oauth-jsclient/pull/160) + + +## [4.1.0](https://github.com/intuit/oauth-jsclient/tree/4.1.0) +#### Features +- Stop using Popsicle and start using Axios +#### Issues Fixed +- [Introduced Axios replacing Popsicle](https://github.com/intuit/oauth-jsclient/pull/157) + + ## [4.0.0](https://github.com/intuit/oauth-jsclient/tree/4.0.0) #### Breaking Changes - Minimum Node Version >= 10 From 962d7f1d19d47294ff47aa9a18c8e79e90c86761 Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Wed, 27 Mar 2024 17:01:53 -0700 Subject: [PATCH 08/12] updated package version to 4.1.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e624c1fb..403bc07d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "intuit-oauth", - "version": "4.1.1", + "version": "4.1.2", "description": "Intuit Node.js client for OAuth2.0 and OpenIDConnect", "main": "./src/OAuthClient.js", "scripts": { From 1fda82ca90f389b7fa3efbfee1d15bb663abb2bd Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Wed, 20 Mar 2024 20:12:39 -0700 Subject: [PATCH 09/12] updated documentation, and removed unused var --- sample/app.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sample/app.js b/sample/app.js index fd57bc2a..77f1440a 100644 --- a/sample/app.js +++ b/sample/app.js @@ -95,7 +95,7 @@ app.get('/refreshAccessToken', function (req, res) { oauthClient .refresh() .then(function (authResponse) { - console.log(`The Refresh Token is ${JSON.stringify(authResponse.json)}`); + console.log(`\n The Refresh Token is ${JSON.stringify(authResponse.json)}`); oauth2_token_json = JSON.stringify(authResponse.json, null, 2); res.send(oauth2_token_json); }) @@ -118,7 +118,7 @@ app.get('/getCompanyInfo', function (req, res) { oauthClient .makeApiCall({ url: `${url}v3/company/${companyID}/companyinfo/${companyID}` }) .then(function (authResponse) { - console.log(`The response for API call is :${JSON.stringify(authResponse.json)}`); + console.log(`\n The response for API call is :${JSON.stringify(authResponse.json)}`); res.send(authResponse.json); }) .catch(function (e) { From ae7a3fce16330f6464d701059830006466a37b03 Mon Sep 17 00:00:00 2001 From: Rajesh Gupta Date: Wed, 20 Mar 2024 20:45:12 -0700 Subject: [PATCH 10/12] Fix for issue#167, updated documentation, and removed unused var --- README.md | 14 +++++++------- src/OAuthClient.js | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 88f8b177..d7c0dd46 100644 --- a/README.md +++ b/README.md @@ -163,7 +163,7 @@ const parseRedirect = req.url; oauthClient .createToken(parseRedirect) .then(function (authResponse) { - console.log('The Token is ' + JSON.stringify(authResponse.getJson())); + console.log('The Token is ' + JSON.stringify(authResponse.json)); }) .catch(function (e) { console.error('The error message is :' + e.originalMessage); @@ -215,7 +215,7 @@ previous refresh tokens expire 24 hours after you receive a new one. oauthClient .refresh() .then(function (authResponse) { - console.log('Tokens refreshed : ' + JSON.stringify(authResponse.getJson())); + console.log('Tokens refreshed : ' + JSON.stringify(authResponse.json)); }) .catch(function (e) { console.error('The error message is :' + e.originalMessage); @@ -232,7 +232,7 @@ You can call the below helper method to refresh tokens by explictly passing the oauthClient .refreshUsingToken('') .then(function (authResponse) { - console.log('Tokens refreshed : ' + JSON.stringify(authResponse.getJson())); + console.log('Tokens refreshed : ' + JSON.stringify(authResponse.json)); }) .catch(function (e) { console.error('The error message is :' + e.originalMessage); @@ -249,7 +249,7 @@ tokens. oauthClient .revoke() .then(function (authResponse) { - console.log('Tokens revoked : ' + JSON.stringify(authResponse.getJson())); + console.log('Tokens revoked : ' + JSON.stringify(authResponse.json)); }) .catch(function (e) { console.error('The error message is :' + e.originalMessage); @@ -265,7 +265,7 @@ how to retrieve the `token` object oauthClient .revoke(params) .then(function (authResponse) { - console.log('Tokens revoked : ' + JSON.stringify(authResponse.getJson())); + console.log('Tokens revoked : ' + JSON.stringify(authResponse.json)); }) .catch(function (e) { console.error('The error message is :' + e.originalMessage); @@ -509,10 +509,10 @@ You can use the below helper methods to make full use of the Auth Response Objec ```javascript oauthClient.createToken(parseRedirect).then(function (authResponse) { - console.log('The Token in JSON is ' + JSON.stringify(authResponse.getJson())); + console.log('The Token in JSON is ' + JSON.stringify(authResponse.json)); let status = authResponse.status(); let body = authResponse.text(); - let jsonResponse = authResponse.getJson(); + let jsonResponse = authResponse.json; let intuit_tid = authResponse.get_intuit_tid(); }); ``` diff --git a/src/OAuthClient.js b/src/OAuthClient.js index 4f2a6883..ff6092d4 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -182,7 +182,7 @@ OAuthClient.prototype.createToken = function createToken(uri) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { response, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); this.log('info', 'Create Token response is : ', JSON.stringify(authResponse.json, null, 2)); @@ -223,7 +223,7 @@ OAuthClient.prototype.refresh = function refresh() { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); this.log('info', 'Refresh Token () response is : ', JSON.stringify(authResponse.json, null, 2)); @@ -265,7 +265,7 @@ OAuthClient.prototype.refreshUsingToken = function refreshUsingToken(refresh_tok resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); this.log( @@ -316,7 +316,7 @@ OAuthClient.prototype.revoke = function revoke(params) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; this.token.clearToken(); this.log('info', 'Revoke Token () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; @@ -350,7 +350,7 @@ OAuthClient.prototype.getUserInfo = function getUserInfo() { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; this.log( 'info', 'The Get User Info () response is : ', @@ -403,7 +403,7 @@ OAuthClient.prototype.makeApiCall = function makeApiCall(params) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const { request, ...authResponse } = res.json ? res : null; + const authResponse = res.json ? res : null; this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse.json, null, 2)); return authResponse; }) From 82f6abf8c2ea5a77fe37d477a58e043bdaf72d51 Mon Sep 17 00:00:00 2001 From: Matthew Emerson Date: Thu, 16 May 2024 22:53:08 -0500 Subject: [PATCH 11/12] ensure authResponse is not falsy before logging authResponse.json --- src/OAuthClient.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/OAuthClient.js b/src/OAuthClient.js index ff6092d4..5304bb4c 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -185,7 +185,7 @@ OAuthClient.prototype.createToken = function createToken(uri) { const authResponse = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); - this.log('info', 'Create Token response is : ', JSON.stringify(authResponse.json, null, 2)); + this.log('info', 'Create Token response is : ', JSON.stringify(authResponse && authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -226,7 +226,7 @@ OAuthClient.prototype.refresh = function refresh() { const authResponse = res.json ? res : null; const json = (authResponse && authResponse.json) || res; this.token.setToken(json); - this.log('info', 'Refresh Token () response is : ', JSON.stringify(authResponse.json, null, 2)); + this.log('info', 'Refresh Token () response is : ', JSON.stringify(authResponse && authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -271,7 +271,7 @@ OAuthClient.prototype.refreshUsingToken = function refreshUsingToken(refresh_tok this.log( 'info', 'Refresh usingToken () response is : ', - JSON.stringify(authResponse.json, null, 2), + JSON.stringify(authResponse && authResponse.json, null, 2), ); return authResponse; }) @@ -318,7 +318,7 @@ OAuthClient.prototype.revoke = function revoke(params) { .then((res) => { const authResponse = res.json ? res : null; this.token.clearToken(); - this.log('info', 'Revoke Token () response is : ', JSON.stringify(authResponse.json, null, 2)); + this.log('info', 'Revoke Token () response is : ', JSON.stringify(authResponse && authResponse.json, null, 2)); return authResponse; }) .catch((e) => { @@ -354,7 +354,7 @@ OAuthClient.prototype.getUserInfo = function getUserInfo() { this.log( 'info', 'The Get User Info () response is : ', - JSON.stringify(authResponse.json, null, 2), + JSON.stringify(authResponse && authResponse.json, null, 2), ); return authResponse; }) @@ -404,7 +404,7 @@ OAuthClient.prototype.makeApiCall = function makeApiCall(params) { }) .then((res) => { const authResponse = res.json ? res : null; - this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse.json, null, 2)); + this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse && authResponse.json, null, 2)); return authResponse; }) .catch((e) => { From 019f1fa986eac70ee7b78c32b7578fa3732de15f Mon Sep 17 00:00:00 2001 From: ianrikriff Date: Tue, 9 Jul 2024 10:39:31 +0800 Subject: [PATCH 12/12] fix(makeApiCall): Add body checking in response when json is null --- src/OAuthClient.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/OAuthClient.js b/src/OAuthClient.js index 5304bb4c..703b95fe 100644 --- a/src/OAuthClient.js +++ b/src/OAuthClient.js @@ -403,8 +403,15 @@ OAuthClient.prototype.makeApiCall = function makeApiCall(params) { resolve(this.getTokenRequest(request)); }) .then((res) => { - const authResponse = res.json ? res : null; - this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse && authResponse.json, null, 2)); + const { body, ...authResponse } = res; + this.log('info', 'The makeAPICall () response is : ', JSON.stringify(authResponse.json, null, 2)); + + if(authResponse.json === null && body) { + return { + ...authResponse, + body: body + } + } return authResponse; }) .catch((e) => {