diff --git a/.changeset/slow-ads-dress.md b/.changeset/slow-ads-dress.md deleted file mode 100644 index fa63ccd4b4..0000000000 --- a/.changeset/slow-ads-dress.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@graphql-yoga/plugin-jwt': patch ---- - -Fix typo of the option `singingKeyProviders` => `signingKeyProviders`. diff --git a/packages/plugins/jwt/src/__tests__/jwt.spec.ts b/packages/plugins/jwt/src/__tests__/jwt.spec.ts index c60134755a..498c950812 100644 --- a/packages/plugins/jwt/src/__tests__/jwt.spec.ts +++ b/packages/plugins/jwt/src/__tests__/jwt.spec.ts @@ -45,7 +45,7 @@ I3OrgFkoqk03cpX4AL2GYC2ejytAqboL6pFTfmTgg2UtvKIeaTyF describe('jwt plugin', () => { test('incoming http request is reject when auth token is not present', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider('topsecret')], + singingKeyProviders: [createInlineSigningKeyProvider('topsecret')], }); const response = await test.queryWithoutAuth(); expect(response.status).toBe(401); @@ -62,7 +62,7 @@ describe('jwt plugin', () => { test('should allow to continue if reject.missingToken is set to false', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider('topsecret')], + singingKeyProviders: [createInlineSigningKeyProvider('topsecret')], reject: { missingToken: false, invalidToken: true, @@ -75,7 +75,7 @@ describe('jwt plugin', () => { test('any prefix is supported when strict prefix validation is not configured', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenLookupLocations: [ extractFromHeader({ name: 'Authorization', @@ -89,7 +89,7 @@ describe('jwt plugin', () => { test('incoming http has a token but prefix does not match or missing', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider('topsecret')], + singingKeyProviders: [createInlineSigningKeyProvider('topsecret')], }); // does not match prefix let response = await test.queryWithAuth('Basic 123'); @@ -120,7 +120,7 @@ describe('jwt plugin', () => { test('token provided but jwt token is not valid for decoding', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider('topsecret')], + singingKeyProviders: [createInlineSigningKeyProvider('topsecret')], }); const response = await test.queryWithAuth('Bearer BadJwt'); expect(response.status).toBe(400); @@ -137,7 +137,7 @@ describe('jwt plugin', () => { test('invalid token can be accepted when reject.invalidToken=false is set', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider('topsecret')], + singingKeyProviders: [createInlineSigningKeyProvider('topsecret')], reject: { invalidToken: false, }, @@ -149,7 +149,7 @@ describe('jwt plugin', () => { it('should not allow non matching issuer', async () => { const secret = 'topsecret'; const server = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenVerification: { issuer: ['http://yoga'], }, @@ -168,7 +168,7 @@ describe('jwt plugin', () => { it('should allow matching issuer', async () => { const secret = 'topsecret'; const server = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenVerification: { issuer: ['http://yoga'], }, @@ -182,7 +182,7 @@ describe('jwt plugin', () => { it('should not allow non matching audience', async () => { const secret = 'topsecret'; const server = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenVerification: { audience: 'my.app', }, @@ -203,7 +203,7 @@ describe('jwt plugin', () => { it('should allow matching audience', async () => { const secret = 'topsecret'; const server = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenVerification: { audience: 'my.app', }, @@ -234,7 +234,7 @@ describe('jwt plugin', () => { try { const server = createTestServer({ - signingKeyProviders: [ + singingKeyProviders: [ createRemoteJwksSigningKeyProvider({ jwksUri: `http://localhost:${(jwksServer.address() as any).port}`, }), @@ -259,7 +259,7 @@ describe('jwt plugin', () => { it('should not accept token without algorithm', async () => { const secret = 'topsecret'; const server = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], }); const response = await server.queryWithAuth(buildJWTWithoutAlg()); @@ -276,7 +276,7 @@ describe('jwt plugin', () => { test('valid token is injected to the GraphQL context', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], }); const token = buildJWT({ sub: '123', scopes: ['users.read'] }, { key: secret }); const response = await test.queryWithAuth(token); @@ -302,7 +302,7 @@ describe('jwt plugin', () => { test('valid token is injected to the GraphQL context (custom field)', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], extendContext: 'my_jwt', }); const token = buildJWT({ sub: '123', scopes: ['users.read'] }, { key: secret }); @@ -329,7 +329,7 @@ describe('jwt plugin', () => { test('auth is passing when token is valid (HS256)', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], }); const token = buildJWT({ sub: '123' }, { key: secret }); const response = await test.queryWithAuth(token); @@ -353,7 +353,7 @@ describe('jwt plugin', () => { test('auth is passing when token is valid (RS256)', async () => { const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(JWKS_RSA512_PRIVATE_PEM)], + singingKeyProviders: [createInlineSigningKeyProvider(JWKS_RSA512_PRIVATE_PEM)], }); const token = buildJWT({ sub: '123' }, { key: JWKS_RSA512_PRIVATE_PEM, algorithm: 'RS256' }); const response = await test.queryWithAuth(token); @@ -397,7 +397,7 @@ describe('jwt plugin', () => { try { const test = createTestServer({ - signingKeyProviders: [ + singingKeyProviders: [ createRemoteJwksSigningKeyProvider({ jwksUri: `http://localhost:${(jwksServer.address() as any).port}`, }), @@ -438,7 +438,7 @@ describe('jwt plugin', () => { try { const test = createTestServer({ - signingKeyProviders: [ + singingKeyProviders: [ // Remote, invalid createRemoteJwksSigningKeyProvider({ jwksUri: `http://localhost:${(jwksServer.address() as any).port}`, @@ -476,7 +476,7 @@ describe('jwt plugin', () => { test('should throw when lookup is configured for cookie but no cookie store available', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenLookupLocations: [extractFromCookie({ name: 'auth' })], }); const token = buildJWT({ sub: '123' }, { key: secret }); @@ -495,7 +495,7 @@ describe('jwt plugin', () => { const secret = 'topsecret'; const test = createTestServer( { - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenLookupLocations: [extractFromCookie({ name: 'auth' })], }, [useCookies()], @@ -508,7 +508,7 @@ describe('jwt plugin', () => { test('custom getToken functiFailed to verify authentication token. Verifon', async () => { const secret = 'topsecret'; const test = createTestServer({ - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenLookupLocations: [ async payload => { expect(payload.request).toBeDefined(); @@ -539,7 +539,7 @@ describe('jwt plugin', () => { const secret = 'topsecret'; const test = createTestServer( { - signingKeyProviders: [createInlineSigningKeyProvider(secret)], + singingKeyProviders: [createInlineSigningKeyProvider(secret)], tokenLookupLocations: [ extractFromHeader({ name: 'Authorization', diff --git a/packages/plugins/jwt/src/config.ts b/packages/plugins/jwt/src/config.ts index ad2e6fdf25..8eeac0e8d9 100644 --- a/packages/plugins/jwt/src/config.ts +++ b/packages/plugins/jwt/src/config.ts @@ -23,10 +23,6 @@ export type JwtPluginOptions = { * If the first provider fails to fetch the keys, the plugin will try the next provider in the list. * */ - signingKeyProviders: AtleastOneItem; - /** - * @deprecated: please use `signingKeyProviders` instead. - */ singingKeyProviders: AtleastOneItem; /** * List of locations to look for the token in the incoming request. @@ -81,12 +77,7 @@ export type JwtPluginOptions = { }; export function normalizeConfig(input: JwtPluginOptions) { - // TODO: remove this on next major version. - if (input.singingKeyProviders) { - input.signingKeyProviders = input.singingKeyProviders; - } - - if (input.signingKeyProviders.length === 0) { + if (input.singingKeyProviders.length === 0) { throw new TypeError( 'You must provide at least one signing key provider. Please verify your `singingKeyProviders` configuration.', ); @@ -111,7 +102,7 @@ export function normalizeConfig(input: JwtPluginOptions) { } return { - singingKeyProviders: input.signingKeyProviders, + singingKeyProviders: input.singingKeyProviders, tokenLookupLocations, tokenVerification: input.tokenVerification ?? { algorithms: ['RS256', 'HS256'],