fix: #13 rename clockSkew to clockSkewInSeconds in settings

ncats · Sep 8, 2021 · ca09d98 · ca09d98
1 parent be7733b
commit ca09d98
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 13 deletions.
diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
@@ -50,7 +50,7 @@ export interface OidcClientSettings {
     /** Number (in seconds) indicating the age of state entries in storage for authorize requests that are considered abandoned and thus can be cleaned up (default: 300) */
     staleStateAge?: number;
     /** The window of time (in seconds) to allow the current time to deviate when validating id_token's iat, nbf, and exp values (default: 300) */
-    clockSkew?: number;
+    clockSkewInSeconds?: number;
     userInfoJwtIssuer?: "ANY" | "OP" | string;
     mergeClaims?: boolean;
 
@@ -91,7 +91,7 @@ export class OidcClientSettingsStore {
     public readonly filterProtocolClaims: boolean | undefined;
     public readonly loadUserInfo: boolean | undefined;
     public readonly staleStateAge: number;
-    public readonly clockSkew: number;
+    public readonly clockSkewInSeconds: number;
     public readonly userInfoJwtIssuer: "ANY" | "OP" | string | undefined;
     public readonly mergeClaims: boolean | undefined;
 
@@ -113,7 +113,7 @@ export class OidcClientSettingsStore {
         // behavior flags
         filterProtocolClaims = true, loadUserInfo = true,
         staleStateAge = DefaultStaleStateAge,
-        clockSkew = DefaultClockSkewInSeconds,
+        clockSkewInSeconds = DefaultClockSkewInSeconds,
         userInfoJwtIssuer = "OP",
         mergeClaims = false,
         // other behavior
@@ -148,7 +148,7 @@ export class OidcClientSettingsStore {
         this.filterProtocolClaims = !!filterProtocolClaims;
         this.loadUserInfo = !!loadUserInfo;
         this.staleStateAge = staleStateAge;
-        this.clockSkew = clockSkew;
+        this.clockSkewInSeconds = clockSkewInSeconds;
         this.userInfoJwtIssuer = userInfoJwtIssuer;
         this.mergeClaims = !!mergeClaims;
 

diff --git a/src/ResponseValidator.ts b/src/ResponseValidator.ts
@@ -275,7 +275,7 @@ export class ResponseValidator {
         const issuer = await this._metadataService.getIssuer();
 
         const audience = state.client_id;
-        const clockSkewInSeconds = this._settings.clockSkew;
+        const clockSkewInSeconds = this._settings.clockSkewInSeconds;
         Log.debug("ResponseValidator._validateIdTokenAttributes: Validaing JWT attributes; using clock skew (in seconds) of: ", clockSkewInSeconds);
 
         const now = Timer.getEpochTime();
@@ -358,8 +358,7 @@ export class ResponseValidator {
         }
 
         const audience = state.client_id;
-
-        const clockSkewInSeconds = this._settings.clockSkew;
+        const clockSkewInSeconds = this._settings.clockSkewInSeconds;
         Log.debug("ResponseValidator._validateIdToken: Validaing JWT; using clock skew (in seconds) of: ", clockSkewInSeconds);
 
         await JoseUtil.validateJwt(id_token, key, issuer, audience, clockSkewInSeconds);

diff --git a/src/UserInfoService.ts b/src/UserInfoService.ts
@@ -86,8 +86,7 @@ export class UserInfoService {
             }
 
             const audience = this._settings.client_id;
-
-            const clockSkewInSeconds = this._settings.clockSkew;
+            const clockSkewInSeconds = this._settings.clockSkewInSeconds;
             Log.debug("UserInfoService._getClaimsFromJwt: Validaing JWT; using clock skew (in seconds) of: ", clockSkewInSeconds);
 
             await JoseUtil.validateJwt(responseText, key, issuer, audience, clockSkewInSeconds, undefined, true);

diff --git a/src/UserManager.ts b/src/UserManager.ts
@@ -194,7 +194,7 @@ export class UserManager extends OidcClient {
     protected async _validateIdTokenFromTokenRefreshToken(profile: any, id_token: string) {
         const issuer = await this.metadataService.getIssuer();
         const now = Timer.getEpochTime();
-        const payload = await JoseUtil.validateJwtAttributes(id_token, issuer, this.settings.client_id, this.settings.clockSkew, now);
+        const payload = await JoseUtil.validateJwtAttributes(id_token, issuer, this.settings.client_id, this.settings.clockSkewInSeconds, now);
         if (!payload) {
             Log.error("UserManager._validateIdTokenFromTokenRefreshToken: Failed to validate id_token");
             throw new Error("Failed to validate id_token");

diff --git a/test/unit/OidcClientSettings.test.ts b/test/unit/OidcClientSettings.test.ts
@@ -408,7 +408,7 @@ describe("OidcClientSettings", () => {
             });
 
             // assert
-            expect(subject.clockSkew).toEqual(5 * 60); // 5 mins
+            expect(subject.clockSkewInSeconds).toEqual(5 * 60); // 5 mins
         });
 
         it("should return value from initial settings", () => {
@@ -417,11 +417,11 @@ describe("OidcClientSettings", () => {
                 authority: "authority",
                 client_id: "client",
                 redirect_uri: "redirect",
-                clockSkew: 10
+                clockSkewInSeconds: 10
             });
 
             // assert
-            expect(subject.clockSkew).toEqual(10);
+            expect(subject.clockSkewInSeconds).toEqual(10);
         });
     });