feat: update jose and openid-client (#3039)

Updates the `jose` and `openid-client` packages.

BREAKING CHANGE:

The `jwt` option has been simplified and the NextAuth.js issued JWT is now encrypted by default.

If you want to override the defaults, you can still use the `encode` and `decode` functions. These are advanced options and they should only be used if you know what you are doing.

The default secret generation has been removed in this PR, which will be added back in a separate one. Remember, that is only for developer convenience, it is **highly** recommended to always create your own secret for production.

Author: panva

package-lock.json

@@ -62,11 +62,12 @@
   "dependencies": {
     "@babel/runtime": "^7.15.4",
     "futoin-hkdf": "^1.4.2",
-    "jose": "^1.27.2",
+    "jose": "^4.1.2",
     "oauth": "^0.9.15",
-    "openid-client": "^4.9.0",
+    "openid-client": "^5.0.1",
     "preact": "^10.5.14",
-    "preact-render-to-string": "^5.1.19"
+    "preact-render-to-string": "^5.1.19",
+    "uuid": "^8.3.2"
   },
   "peerDependencies": {
     "nodemailer": "^6.6.5",
@@ -91,6 +92,7 @@
     "@testing-library/react": "^12.1.2",
     "@testing-library/react-hooks": "^7.0.2",
     "@testing-library/user-event": "^13.2.1",
+    "@types/node": "^16.11.6",
     "@types/nodemailer": "^6.4.4",
     "@types/oauth": "^0.9.1",
     "@types/react": "^17.0.27",
@@ -124,6 +126,9 @@
     "typescript": "^4.4.3",
     "whatwg-fetch": "^3.6.2"
   },
+  "engines": {
+    "node": "^12.19.0 || ^14.15.0 || ^16.13.0"
+  },
   "prettier": {
     "semi": false
   },

package.json

@@ -64,8 +64,7 @@ export default async function oAuthCallback(params: {
   try {
     const client = await openidClient(options)
 
-    /** @type {import("openid-client").TokenSet} */
-    let tokens
+    let tokens: TokenSet
 
     const pkce = await usePKCECodeVerifier({
       options,

src/core/lib/oauth/callback.ts

@@ -3,7 +3,6 @@ import * as jwt from "../../../jwt"
 import { generators } from "openid-client"
 import { InternalOptions } from "src/lib/types"
 
-const PKCE_LENGTH = 64
 const PKCE_CODE_CHALLENGE_METHOD = "S256"
 const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
 
@@ -25,15 +24,14 @@ export async function createPKCE(options) {
     // Provider does not support PKCE, return nothing.
     return
   }
-  const codeVerifier = generators.codeVerifier(PKCE_LENGTH)
+  const codeVerifier = generators.codeVerifier()
   const codeChallenge = generators.codeChallenge(codeVerifier)
 
   // Encrypt code_verifier and save it to an encrypted cookie
   const encryptedCodeVerifier = await jwt.encode({
     maxAge: PKCE_MAX_AGE,
     ...options.jwt,
     token: { code_verifier: codeVerifier },
-    encryption: true,
   })
 
   const cookieExpires = new Date()
@@ -44,7 +42,6 @@ export async function createPKCE(options) {
       code_challenge: codeChallenge,
       code_verifier: codeVerifier,
     },
-    pkceLength: PKCE_LENGTH,
     method: PKCE_CODE_CHALLENGE_METHOD,
   })
   return {
@@ -85,8 +82,6 @@ export async function usePKCECodeVerifier(params: {
   const pkce = await jwt.decode({
     ...options.jwt,
     token: codeVerifier,
-    maxAge: PKCE_MAX_AGE,
-    encryption: true,
   })
 
   // remove PKCE cookie after it has been used up

src/core/lib/oauth/pkce-handler.ts

@@ -1,6 +1,6 @@
 import { Adapter } from "../adapters"
 import { Provider, CredentialInput, ProviderType } from "../providers"
-import { TokenSetParameters } from "openid-client"
+import type { TokenSetParameters } from "openid-client"
 import { JWT, JWTOptions } from "../jwt"
 import { LoggerInstance } from "../lib/logger"
 

src/core/types.ts

@@ -1,142 +1,85 @@
 import crypto from "crypto"
-import jose from "jose"
-import logger from "../lib/logger"
+import { EncryptJWT, jwtDecrypt } from "jose"
+import uuid from "uuid"
 import { NextApiRequest } from "next"
-import type { JWT, JWTDecodeParams, JWTEncodeParams } from "./types"
+import type { JWT, JWTDecodeParams, JWTEncodeParams, JWTOptions } from "./types"
 
 export * from "./types"
 
-// Set default algorithm to use for auto-generated signing key
-const DEFAULT_SIGNATURE_ALGORITHM = "HS512"
-
-// Set default algorithm for auto-generated symmetric encryption key
-const DEFAULT_ENCRYPTION_ALGORITHM = "A256GCM"
-
-// Use encryption or not by default
-const DEFAULT_ENCRYPTION_ENABLED = false
-
 const DEFAULT_MAX_AGE = 30 * 24 * 60 * 60 // 30 days
 
+const now = () => (Date.now() / 1000) | 0
+
+/** Issues a JWT. By default, the JWT is encrypted using "A256GCM". */
 export async function encode({
   token = {},
-  maxAge = DEFAULT_MAX_AGE,
   secret,
-  signingKey,
-  signingOptions = {
-    expiresIn: `${maxAge}s`,
-  },
-  encryptionKey,
-  encryptionOptions = {
-    alg: "dir",
-    enc: DEFAULT_ENCRYPTION_ALGORITHM,
-    zip: "DEF",
-  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED,
+  maxAge = DEFAULT_MAX_AGE,
 }: JWTEncodeParams) {
-  // Signing Key
-  const _signingKey = signingKey
-    ? jose.JWK.asKey(JSON.parse(signingKey))
-    : getDerivedSigningKey(secret)
-
-  // Sign token
-  const signedToken = jose.JWT.sign(token, _signingKey, signingOptions)
-
-  if (encryption) {
-    // Encryption Key
-    const _encryptionKey = encryptionKey
-      ? jose.JWK.asKey(JSON.parse(encryptionKey))
-      : getDerivedEncryptionKey(secret)
-
-    // Encrypt token
-    return jose.JWE.encrypt(signedToken, _encryptionKey, encryptionOptions)
-  }
-  return signedToken
+  const encryptionSecret = await getDerivedEncryptionKey(secret)
+  return await new EncryptJWT(token)
+    .setProtectedHeader({ alg: "dir", enc: "A256GCM" })
+    .setIssuedAt()
+    .setExpirationTime(now() + maxAge)
+    .setJti(crypto.randomUUID ? crypto.randomUUID() : uuid())
+    .encrypt(encryptionSecret)
 }
 
+/** Decodes a NextAuth.js issued JWT. */
 export async function decode({
-  secret,
   token,
-  maxAge = DEFAULT_MAX_AGE,
-  signingKey,
-  verificationKey = signingKey, // Optional (defaults to encryptionKey)
-  verificationOptions = {
-    maxTokenAge: `${maxAge}s`,
-    algorithms: [DEFAULT_SIGNATURE_ALGORITHM],
-  },
-  encryptionKey,
-  decryptionKey = encryptionKey, // Optional (defaults to encryptionKey)
-  decryptionOptions = {
-    algorithms: [DEFAULT_ENCRYPTION_ALGORITHM],
-  },
-  encryption = DEFAULT_ENCRYPTION_ENABLED,
+  secret,
 }: JWTDecodeParams): Promise<JWT | null> {
   if (!token) return null
-
-  let tokenToVerify = token
-
-  if (encryption) {
-    // Encryption Key
-    const _encryptionKey = decryptionKey
-      ? jose.JWK.asKey(JSON.parse(decryptionKey))
-      : getDerivedEncryptionKey(secret)
-
-    // Decrypt token
-    const decryptedToken = jose.JWE.decrypt(
-      token,
-      _encryptionKey,
-      decryptionOptions
-    )
-    tokenToVerify = decryptedToken.toString("utf8")
-  }
-
-  // Signing Key
-  const _signingKey = verificationKey
-    ? jose.JWK.asKey(JSON.parse(verificationKey))
-    : getDerivedSigningKey(secret)
-
-  // Verify token
-  return jose.JWT.verify(
-    tokenToVerify,
-    _signingKey,
-    verificationOptions
-  ) as JWT | null
+  const encryptionSecret = await getDerivedEncryptionKey(secret)
+  const { payload } = await jwtDecrypt(token, encryptionSecret, {
+    clockTolerance: 15,
+  })
+  return payload
 }
 
 export type GetTokenParams<R extends boolean = false> = {
+  /** The request containing the JWT either in the cookies or in the `Authorization` header. */
   req: NextApiRequest
+  /**
+   * Use secure prefix for cookie name, unless URL in `NEXTAUTH_URL` is http://
+   * or not set (e.g. development or test instance) case use unprefixed name
+   */
   secureCookie?: boolean
+  /** If the JWT is in the cookie, what name `getToken()` should look for. */
   cookieName?: string
+  /**
+   * `getToken()` will return the raw JWT if this is set to `true`
+   * @default false
+   */
   raw?: R
-  decode?: typeof decode
-  secret?: string
-} & Omit<JWTDecodeParams, "secret">
+} & Pick<JWTOptions, "decode" | "secret">
 
-/** [Documentation](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken) */
+/**
+ * Takes a NextAuth.js request (`req`) and returns either the NextAuth.js issued JWT's payload,
+ * or the raw JWT string. We look for the JWT in the either the cookies, or the `Authorization` header.
+ * [Documentation](https://next-auth.js.org/tutorials/securing-pages-and-api-routes#using-gettoken)
+ */
 export async function getToken<R extends boolean = false>(
   params?: GetTokenParams<R>
 ): Promise<R extends true ? string : JWT | null> {
   const {
     req,
-    // Use secure prefix for cookie name, unless URL is NEXTAUTH_URL is http://
-    // or not set (e.g. development or test instance) case use unprefixed name
     secureCookie = !(
       !process.env.NEXTAUTH_URL ||
       process.env.NEXTAUTH_URL.startsWith("http://")
     ),
     cookieName = secureCookie
       ? "__Secure-next-auth.session-token"
       : "next-auth.session-token",
-    raw = false,
+    raw,
     decode: _decode = decode,
   } = params ?? {}
+
   if (!req) throw new Error("Must pass `req` to JWT getToken()")
 
-  // Try to get token from cookie
   let token = req.cookies[cookieName]
 
-  // If cookie not found in cookie look for bearer token in authorization header.
-  // This allows clients that pass through tokens in headers rather than as
-  // cookies to use this helper function.
   if (!token && req.headers.authorization?.split(" ")[0] === "Bearer") {
     const urlEncodedToken = req.headers.authorization.split(" ")[1]
     token = decodeURIComponent(urlEncodedToken)
@@ -156,22 +99,22 @@ export async function getToken<R extends boolean = false>(
   }
 }
 
-// Generate warning (but only once at startup) when auto-generated keys are used
-let DERIVED_SIGNING_KEY_WARNING = false
-let DERIVED_ENCRYPTION_KEY_WARNING = false
-
-// Do the better hkdf of Node.js one added in `v15.0.0` and Third Party one
-function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
-  if (crypto.hkdfSync) {
-    return Buffer.from(
-      crypto.hkdfSync(
+/** Do the better hkdf of Node.js one added in `v15.0.0` and Third Party one */
+async function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
+  if (crypto.hkdf) {
+    return await new Promise((resolve, reject) => {
+      crypto.hkdf(
         digest,
         secret,
         Buffer.alloc(0),
         encryptionInfo,
-        byteLength
+        byteLength,
+        (err, derivedKey) => {
+          if (err) reject(err)
+          else resolve(Buffer.from(derivedKey))
+        }
       )
-    )
+    })
   }
   // eslint-disable-next-line @typescript-eslint/no-var-requires
   return require("futoin-hkdf")(secret, byteLength, {
@@ -180,38 +123,9 @@ function hkdf(secret, { byteLength, encryptionInfo, digest = "sha256" }) {
   })
 }
 
-function getDerivedSigningKey(secret) {
-  if (!DERIVED_SIGNING_KEY_WARNING) {
-    logger.warn("JWT_AUTO_GENERATED_SIGNING_KEY")
-    DERIVED_SIGNING_KEY_WARNING = true
-  }
-
-  const buffer = hkdf(secret, {
-    byteLength: 64,
-    encryptionInfo: "NextAuth.js Generated Signing Key",
-  })
-  const key = jose.JWK.asKey(buffer, {
-    alg: DEFAULT_SIGNATURE_ALGORITHM,
-    use: "sig",
-    kid: "nextauth-auto-generated-signing-key",
-  })
-  return key
-}
-
-function getDerivedEncryptionKey(secret) {
-  if (!DERIVED_ENCRYPTION_KEY_WARNING) {
-    logger.warn("JWT_AUTO_GENERATED_ENCRYPTION_KEY")
-    DERIVED_ENCRYPTION_KEY_WARNING = true
-  }
-
-  const buffer = hkdf(secret, {
+async function getDerivedEncryptionKey(secret) {
+  return await hkdf(secret, {
     byteLength: 32,
     encryptionInfo: "NextAuth.js Generated Encryption Key",
   })
-  const key = jose.JWK.asKey(buffer, {
-    alg: DEFAULT_ENCRYPTION_ALGORITHM,
-    use: "enc",
-    kid: "nextauth-auto-generated-encryption-key",
-  })
-  return key
 }