refactor: upgrade got from v9.x to v11.x

BREAKING CHANGE: upgraded got http request library dependency from `v9.x` to `v11.x`. If you override some of the http request options you will most certainly have to accomodate them.

Author: panva

.github/workflows/test.yml

@@ -43,7 +43,7 @@ jobs:
  strategy:
  matrix:
  node-version:
- - 10.13.0
+ - 10.19.0
  - 10
  - 12.0.0
  - 12

README.md

@@ -81,7 +81,7 @@ or koa middlewares. Those can however be built using the exposed API.
 
 ## Install
 
-Node.js version **>=12.0.0** is recommended, but **^10.13.0** lts/dubnium is also supported.
+Node.js version **>=12.0.0** is recommended, but **^10.19.0** lts/dubnium is also supported.
 
 ```console
 npm install openid-client
@@ -260,7 +260,7 @@ private API and is subject to change between any versions.
 
 #### How do I use it outside of Node.js
 
-It is **only built for ^10.13.0 || >=12.0.0 Node.js** environment - including openid-client in
+It is **only built for ^10.19.0 || >=12.0.0 Node.js** environment - including openid-client in
 browser-environment targeted projects is not supported and may result in unexpected results.
 
 #### What's new in 3.x?

docs/README.md

@@ -360,7 +360,7 @@ Fetches an arbitrary resource with the provided Access Token in an Authorization
  - `method`: `<string>` The HTTP verb to use for the request. **Default:** 'GET'
  - `tokenType`: `<string>` The token type as the Authorization Header scheme. **Default:** 'Bearer'
  or the `token_type` property from a passed in TokenSet.
-- Returns: `Promise<Response>` Response is a [Got Response](https://github.com/sindresorhus/got/tree/v9.6.0#response)
+- Returns: `Promise<Response>` Response is a [Got Response](https://github.com/sindresorhus/got/tree/v11.5.2#response)
  with the `body` property being a `<Buffer>`
 
 
@@ -523,7 +523,7 @@ Performs Dynamic Client Read Request to retrieve a Client instance.
 #### Customizing HTTP requests
 
 The following are default [`got`][got-library] request
-[options](https://github.com/sindresorhus/got/tree/v9.6.0#options) that openid-client sets for all
+[options](https://github.com/sindresorhus/got/tree/v11.5.2#options) that openid-client sets for all
 requests.
 
 ```js
@@ -552,7 +552,7 @@ This is meant to change global request options such as `timeout` or the default
  <summary><em><strong>Example</strong></em> (Click to expand) debugging HTTP requests and responses</summary>
 
 You can use the [`got`][got-library] request
-[options.hooks](https://github.com/sindresorhus/got/tree/v9.6.0#options) to log outgoing requests and their responses.
+[options.hooks](https://github.com/sindresorhus/got/tree/v11.5.2#options) to log outgoing requests and their responses.
 
 ```js
 const { custom } = require('openid-client')
@@ -622,15 +622,15 @@ you need to work around, e.g. adding custom headers or body payload parameters.
 ```js
 const { custom } = require('openid-client');
 client[custom.http_options] = function (options) {
- // see https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
- // key, cert, ca, rejectUnauthorized
- options.cert = cert; // <string> | <string[]> | <Buffer> | <Buffer[]>
- options.key = key; // <string> | <string[]> | <Buffer> | <Buffer[]> | <Object[]>
+ // see https://github.com/sindresorhus/got/tree/v11.5.2#advanced-https-api
+ options.https = options.https || {};
+ options.https.cert = cert; // <string> | <string[]> | <Buffer> | <Buffer[]>
+ options.https.key = key; // <string> | <string[]> | <Buffer> | <Buffer[]> | <Object[]>
  // custom CA
- // options.ca = ca; // <string> | <string[]> | <Buffer> | <Buffer[]>
+ // options.https.ca = ca; // <string> | <string[]> | <Buffer> | <Buffer[]>
 
  // use HTTP(S)_PROXY
- // https://github.com/sindresorhus/got/tree/v9.6.0#agent
+ // https://github.com/sindresorhus/got/tree/v11.5.2#agent
  // options.agent = agent;
 
  return options;
@@ -644,20 +644,20 @@ client[custom.http_options] = function (options) {
 ```js
 const { custom } = require('openid-client');
 client[custom.http_options] = function (options) {
- // https://github.com/sindresorhus/got/tree/v9.6.0#headers
+ // https://github.com/sindresorhus/got/tree/v11.5.2#headers
  // options.headers = Object.assign(options.headers, { 'custom': 'foo' });
 
- // https://github.com/sindresorhus/got/tree/v9.6.0#timeout
+ // https://github.com/sindresorhus/got/tree/v11.5.2#timeout
  // options.timeout = timeout;
 
- // https://github.com/sindresorhus/got/tree/v9.6.0#retry
+ // https://github.com/sindresorhus/got/tree/v11.5.2#retry
  // options.retry = retry;
 
- // https://github.com/sindresorhus/got/tree/v9.6.0#followredirect
+ // https://github.com/sindresorhus/got/tree/v11.5.2#followredirect
  // options.followRedirect = false;
 
  // use HTTP(S)_PROXY
- // https://github.com/sindresorhus/got/tree/v9.6.0#agent
+ // https://github.com/sindresorhus/got/tree/v11.5.2#agent
  // options.agent = agent;
 
  return options;
@@ -987,5 +987,5 @@ request instance.
 [support-sponsor]: https://github.com/sponsors/panva
 [jose]: https://github.com/panva/jose
 [webfinger-discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery
-[got-library]: https://github.com/sindresorhus/got/tree/v9.6.0
+[got-library]: https://github.com/sindresorhus/got/tree/v11.5.2
 [client-authentication]: https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

lib/client.js

@@ -1042,7 +1042,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
 
  return request.call(this, {
  ...requestOpts,
- encoding: null,
+ responseType: 'buffer',
  method,
  url: resourceUrl,
  }, { mTLS });
@@ -1071,8 +1071,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  throw new TypeError('can only send body on POST');
  }
 
- const jwt = !!(this.userinfo_signed_response_alg
- || this.userinfo_encrypted_response_alg);
+ const jwt = !!(this.userinfo_signed_response_alg || this.userinfo_encrypted_response_alg);
 
  if (jwt) {
  options.headers = { Accept: 'application/jwt' };
@@ -1155,11 +1154,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  try {
  parsed = JSON.parse(response.body);
  } catch (error) {
- const parseError = new ParseError(
- error, response.statusCode, response.request.gotOptions, response.body,
- );
- Object.defineProperty(parseError, 'response', { value: response });
- throw parseError;
+ throw new ParseError(error, response);
  }
  }
 
@@ -1239,9 +1234,8 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  this,
  'token',
  {
- form: true,
- body,
- json: true,
+ form: body,
+ responseType: 'json',
  },
  { clientAssertionPayload },
  );
@@ -1269,9 +1263,8 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  this,
  'device_authorization',
  {
- form: true,
- body,
- json: true,
+ responseType: 'json',
+ form: body,
  },
  { clientAssertionPayload, endpointAuthMethod: 'token' },
  );
@@ -1296,17 +1289,16 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  throw new TypeError('hint must be a string');
  }
 
- const body = { ...revokeBody, token };
+ const form = { ...revokeBody, token };
 
  if (hint) {
- body.token_type_hint = hint;
+ form.token_type_hint = hint;
  }
 
  const response = await authenticatedPost.call(
  this,
  'revocation', {
- body,
- form: true,
+ form,
  }, { clientAssertionPayload },
  );
  processResponse(response, { body: false });
@@ -1322,15 +1314,15 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  throw new TypeError('hint must be a string');
  }
 
- const body = { ...introspectBody, token };
+ const form = { ...introspectBody, token };
  if (hint) {
- body.token_type_hint = hint;
+ form.token_type_hint = hint;
  }
 
  const response = await authenticatedPost.call(
  this,
  'introspection',
- { body, form: true, json: true },
+ { form, responseType: 'json' },
  { clientAssertionPayload },
  );
 
@@ -1443,8 +1435,8 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  headers: initialAccessToken ? {
  Authorization: authorizationHeaderValue(initialAccessToken),
  } : undefined,
- json: true,
- body: metadata,
+ responseType: 'json',
+ json: metadata,
  url: this.issuer.registration_endpoint,
  method: 'POST',
  });
@@ -1473,7 +1465,7 @@ module.exports = (issuer, aadIssValidation = false) => class Client extends Base
  const response = await request.call(this, {
  method: 'GET',
  url: registrationClientUri,
- json: true,
+ responseType: 'json',
  headers: { Authorization: authorizationHeaderValue(registrationAccessToken) },
  });
  const responseBody = processResponse(response, { bearer: true });

lib/device_flow_handle.js

@@ -42,13 +42,12 @@ class DeviceFlowHandle {
  instance(this).client,
  'token',
  {
- form: true,
- body: {
+ form: {
  ...instance(this).exchangeBody,
  grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
  device_code: this.device_code,
  },
- json: true,
+ responseType: 'json',
  },
  { clientAssertionPayload: instance(this).clientAssertionPayload },
  );

lib/helpers/client.js

@@ -56,12 +56,12 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) {
  case 'self_signed_tls_client_auth':
  case 'tls_client_auth':
  case 'none':
- return { body: { client_id: this.client_id } };
+ return { form: { client_id: this.client_id } };
  case 'client_secret_post':
  if (!this.client_secret) {
  throw new TypeError('client_secret_post client authentication method requires a client_secret');
  }
- return { body: { client_id: this.client_id, client_secret: this.client_secret } };
+ return { form: { client_id: this.client_id, client_secret: this.client_secret } };
  case 'private_key_jwt':
  case 'client_secret_jwt': {
  const timestamp = now();
@@ -76,7 +76,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) {
  });
 
  return {
- body: {
+ form: {
  client_id: this.client_id,
  client_assertion: assertion,
  client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
@@ -125,7 +125,7 @@ async function authenticatedPost(endpoint, opts, {
  clientAssertionPayload, endpointAuthMethod = endpoint,
 } = {}) {
  const auth = await authFor.call(this, endpointAuthMethod, { clientAssertionPayload });
- const requestOpts = merge(opts, auth, { form: true });
+ const requestOpts = merge(opts, auth);
 
  const mTLS = this[`${endpointAuthMethod}_endpoint_auth_method`].includes('tls_client_auth')
  || (endpoint === 'token' && this.tls_client_certificate_bound_access_tokens);
@@ -137,10 +137,10 @@ async function authenticatedPost(endpoint, opts, {
 
  targetUrl = targetUrl || this.issuer[`${endpoint}_endpoint`];
 
- if ('body' in requestOpts) {
- for (const [key, value] of Object.entries(requestOpts.body)) { // eslint-disable-line no-restricted-syntax, max-len
+ if ('form' in requestOpts) {
+ for (const [key, value] of Object.entries(requestOpts.form)) { // eslint-disable-line no-restricted-syntax, max-len
  if (typeof value === 'undefined') {
- delete requestOpts.body[key];
+ delete requestOpts.form[key];
  }
  }
  }

lib/helpers/request.js

@@ -33,7 +33,13 @@ module.exports = function request(options, { mTLS = false } = {}) {
  opts = options;
  }
 
- if (mTLS && (!opts.key || !opts.cert)) {
+ if (
+ mTLS
+ && (
+ (!opts.key || !opts.cert)
+ && (!opts.https || !opts.https.key || !opts.https.certificate)
+ )
+ ) {
  throw new TypeError('mutual-TLS certificate and key not set');
  }
  return got(opts);

lib/issuer.js

@@ -85,7 +85,7 @@ class Issuer {
  cache.reset();
  const response = await request.call(this, {
  method: 'GET',
- json: true,
+ responseType: 'json',
  url: this.jwks_uri,
  });
  const jwks = processResponse(response);
@@ -168,8 +168,8 @@ class Issuer {
  const response = await request.call(this, {
  method: 'GET',
  url: webfingerUrl,
- json: true,
- query: { resource, rel: REL },
+ responseType: 'json',
+ searchParams: { resource, rel: REL },
  followRedirect: true,
  });
  const body = processResponse(response);
@@ -214,7 +214,7 @@ class Issuer {
  if (parsed.pathname.includes('/.well-known/')) {
  const response = await request.call(this, {
  method: 'GET',
- json: true,
+ responseType: 'json',
  url: uri,
  });
  const body = processResponse(response);
@@ -243,7 +243,7 @@ class Issuer {
  const wellKnownUri = url.format({ ...parsed, pathname });
  const response = await request.call(this, {
  method: 'GET',
- json: true,
+ responseType: 'json',
  url: wellKnownUri,
  });
  const body = processResponse(response);

package.json

@@ -43,9 +43,8 @@
  "test": "mocha test/**/*.test.js"
  },
  "dependencies": {
- "@types/got": "^9.6.9",
  "base64url": "^3.0.1",
- "got": "^9.6.0",
+ "got": "^11.5.2",
  "jose": "^1.27.1",
  "lru-cache": "^6.0.0",
  "make-error": "^1.3.6",
@@ -70,7 +69,7 @@
  "timekeeper": "^2.2.0"
  },
  "engines": {
- "node": "^10.13.0 || >=12.0.0"
+ "node": "^10.19.0 || >=12.0.0"
  },
  "commitlint": {
  "extends": [