fix(security): remove dependency on request and replace with axios

jaredhanson / passport-openidconnect

OpenID Connect authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-openidconnect/?utm_source=github&utm_medium=referral&utm_campaign=passport-openidconnect&utm_content=about

MIT License

188 stars 173 forks source link

fix(security): remove dependency on request and replace with axios #79

Closed scottdickerson closed 2 years ago

scottdickerson commented 4 years ago

Ported from request to axios for dynamic OpenID lookup.

Also added some additional lines of logging when OAuth errors were received as they would usually fail silently

0x0ece commented 3 years ago

Hi, I created a fork of this project as it seems unmaintained. If you're interested in contributing your PR I'd be happy to merge it with your name. Alternatively I'll prob copy & paste this if I don't hear from you. https://github.com/saasform/saasform/tree/main/packages/passport-oauth2-oidc

FWIW I've been using node-fetch in other libs. But happy with axios as well.

jaredhanson commented 2 years ago

I've decided to remove the discovery and dynamic client registration capabilities from this strategy. These features were never fully baked, and the functionality is best implemented outside of an authentication strategy. As such, this package no longer depends on request, so this PR isn't needed.

If anyone was making use of discovery or dynamic client registration, I'd be curious to understand more details to help figure out a better solution.