auth0 / node-samlp

SAML Protocol support for node (only IdP for now)
MIT License
136 stars 117 forks source link

Fix cryptographically insecure ID generation #116

Closed tomauth0 closed 3 years ago

tomauth0 commented 3 years ago

Description

The existing methods of ID generation are not cryptographically secure. This PR introduces the id-generation lib - a lightweight lib for generating suitably random IDs with a given dictionary. Utils.js updated to make use of this lib

Also used the opportunity to cleanup some of the utils file - swapping out vars and removing some unneeded syntax

References

https://github.com/auth0/node-samlp/issues/111

Testing

Unit tests added for ID length and dictionary memebership

Checklist