Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const { Assertion } = require("../../assertion");
const { BasePlugin } = require("../../plugin");
const { Issuer } = require("openid-client");
const jwt = require("jsonwebtoken");
const oauth2 = require("simple-oauth2");
const queryString = require("query-string");
const request = require("request");
const URI = require("uri-js");
Issuer.useRequest();
Issuer.defaultHttpOptions = { timeout: 10000, headers: {} };
const exit_failure = function(message = "", code = 1) {
if (message) {
console.log(message);
}
process.exit(code);
};
const issuer_encrypt_secret =
process.env.EAS_ISSUER_ENCRYPT_SECRET ||
exit_failure("missing EAS_ISSUER_ENCRYPT_SECRET env variable");
const issuer_sign_secret =
process.env.EAS_ISSUER_SIGN_SECRET ||
exit_failure("missing EAS_ISSUER_SIGN_SECRET env variable");
module.exports = function(app, passport, provisioning) {
var fs = require('fs')
, crypto = require('crypto')
, pem2jwk = require('pem-jwk').pem2jwk
, jose = require('node-jose')
, Issuer = require('openid-client').Issuer
, Strategy = require('openid-client').Strategy
, User = require('../models/user')
, Device = require('../models/device')
, Role = require('../models/role')
, api = require('../api')
, config = require('../config.js')
, log = require('../logger');
Issuer.useRequest();
var strategyConfig = config.api.authenticationStrategies['login-gov'];
log.info('Configuring login.gov authentication', strategyConfig);
let loginGov = {};
var key = fs.readFileSync(strategyConfig.keyFile, 'ascii');
var jwk = pem2jwk(key);
var keys = [jwk];
function getParams() {
return {
response_type: 'code',
acr_values: strategyConfig.acr_values,
scope: 'openid email',
redirect_uri: strategyConfig.redirect_uri,
nonce: crypto.randomBytes(32).toString('hex'),