Merge pull request kubernetes-client#1967 from kubernetes-client/depe…

…ndabot/npm_and_yarn/release-1.x/openid-client-6.1.3 build(deps): bump openid-client from 5.7.0 to 6.1.3
kopernic-pl · Oct 26, 2024 · 6437e26 · 6437e26
2 parents 10484a4 + 670a199
commit 6437e26
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 75 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -65,7 +65,7 @@
         "js-yaml": "^4.1.0",
         "jsonpath-plus": "^10.0.0",
         "node-fetch": "^2.6.9",
-        "openid-client": "^5.6.5",
+        "openid-client": "^6.1.3",
         "rfc4648": "^1.3.0",
         "stream-buffers": "^3.0.2",
         "tar": "^7.0.0",

diff --git a/src/oidc_auth.ts b/src/oidc_auth.ts
@@ -1,5 +1,5 @@
 import https from 'node:https';
-import { Client, Issuer } from 'openid-client';
+import * as oidc from 'openid-client';
 import { base64url } from 'rfc4648';
 
 import { Authenticator } from './auth';
@@ -11,6 +11,29 @@ interface JwtObj {
     signature: string;
 }
 
+interface Token {
+    id_token: string;
+    refresh_token: string;
+    expires_at: number;
+}
+
+interface Client {
+    refresh(token: string): Promise<Token>;
+}
+
+class OidcClient implements Client {
+    public constructor(readonly config: oidc.Configuration) {}
+
+    public async refresh(token: string): Promise<Token> {
+        const newToken = await oidc.refreshTokenGrant(this.config, token);
+        return {
+            id_token: newToken.id_token,
+            refresh_token: newToken.refresh_token,
+            expires_at: newToken.expiresIn(),
+        } as Token;
+    }
+}
+
 export class OpenIDConnectAuth implements Authenticator {
     public static decodeJWT(token: string): JwtObj | null {
         const parts = token.split('.');
@@ -95,16 +118,16 @@ export class OpenIDConnectAuth implements Authenticator {
             const newToken = await client.refresh(user.authProvider.config['refresh-token']);
             user.authProvider.config['id-token'] = newToken.id_token;
             user.authProvider.config['refresh-token'] = newToken.refresh_token;
-            this.currentTokenExpiration = newToken.expires_at || 0;
+            this.currentTokenExpiration = newToken.expires_at;
         }
         return user.authProvider.config['id-token'];
     }
 
     private async getClient(user: User): Promise<Client> {
-        const oidcIssuer = await Issuer.discover(user.authProvider.config['idp-issuer-url']);
-        return new oidcIssuer.Client({
-            client_id: user.authProvider.config['client-id'],
-            client_secret: user.authProvider.config['client-secret'],
-        });
+        const configuration = await oidc.discovery(
+            user.authProvider.config['idp-issuer-url'],
+            user.authProvider.config['client-id'],
+        );
+        return new OidcClient(configuration);
     }
 }