11// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
22// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
33
4- import { Log , JoseUtil , Timer } from "./utils" ;
4+ import { Log , JoseUtil , Timer , ParsedJwt } from "./utils" ;
55import type { MetadataService } from "./MetadataService" ;
66import { UserInfoService } from "./UserInfoService" ;
77import { TokenClient } from "./TokenClient" ;
@@ -11,6 +11,7 @@ import type { SigninState } from "./SigninState";
1111import type { SigninResponse } from "./SigninResponse" ;
1212import type { State } from "./State" ;
1313import type { SignoutResponse } from "./SignoutResponse" ;
14+ import type { UserProfile } from "./User" ;
1415
1516const ProtocolClaims = [ "nonce" , "at_hash" , "iat" , "nbf" , "exp" , "aud" , "iss" , "c_hash" ] ;
1617
@@ -160,8 +161,8 @@ export class ResponseValidator {
160161 return response ;
161162 }
162163
163- protected _mergeClaims ( claims1 : any , claims2 : any ) : any {
164- const result = Object . assign ( { } , claims1 ) ;
164+ protected _mergeClaims ( claims1 : UserProfile , claims2 : any ) : UserProfile {
165+ const result = Object . assign ( { } , claims1 as Record < string , any > ) ;
165166
166167 for ( const name in claims2 ) {
167168 let values = claims2 [ name ] ;
@@ -193,10 +194,10 @@ export class ResponseValidator {
193194 return result ;
194195 }
195196
196- protected _filterProtocolClaims ( claims : any ) : any {
197+ protected _filterProtocolClaims ( claims : UserProfile ) : UserProfile {
197198 Log . debug ( "ResponseValidator._filterProtocolClaims, incoming claims:" , claims ) ;
198199
199- const result = Object . assign ( { } , claims ) ;
200+ const result = Object . assign ( { } , claims as Record < string , any > ) ;
200201
201202 if ( this . _settings . filterProtocolClaims ) {
202203 ProtocolClaims . forEach ( type => {
@@ -274,10 +275,10 @@ export class ResponseValidator {
274275
275276 const audience = state . client_id ;
276277 const clockSkewInSeconds = this . _settings . clockSkewInSeconds ;
277- Log . debug ( "ResponseValidator._validateIdTokenAttributes: Validaing JWT attributes; using clock skew (in seconds) of: " , clockSkewInSeconds ) ;
278+ Log . debug ( "ResponseValidator._validateIdTokenAttributes: Validating JWT attributes; using clock skew (in seconds) of: " , clockSkewInSeconds ) ;
278279
279280 const now = Timer . getEpochTime ( ) ;
280- const payload = await JoseUtil . validateJwtAttributes ( id_token , issuer , audience , clockSkewInSeconds , now ) ;
281+ const payload = JoseUtil . validateJwtAttributes ( id_token , issuer , audience , clockSkewInSeconds , now ) ;
281282 if ( state . nonce && state . nonce !== payload . nonce ) {
282283 Log . error ( "ResponseValidator._validateIdTokenAttributes: Invalid nonce in id_token" ) ;
283284 throw new Error ( "Invalid nonce in id_token" ) ;
@@ -292,15 +293,15 @@ export class ResponseValidator {
292293 return response ;
293294 }
294295
295- protected async _getSigningKeyForJwt ( jwt : any ) : Promise < Record < string , string > | null > {
296+ protected async _getSigningKeyForJwt ( jwt : ParsedJwt ) : Promise < Record < string , string > | null > {
296297 let keys = await this . _metadataService . getSigningKeys ( ) ;
297298 if ( ! keys ) {
298299 Log . error ( "ResponseValidator._getSigningKeyForJwt: No signing keys from metadata" ) ;
299300 throw new Error ( "No signing keys from metadata" ) ;
300301 }
301302
302303 Log . debug ( "ResponseValidator._getSigningKeyForJwt: Received signing keys" ) ;
303- const kid = jwt . header . kid ;
304+ const kid = ( jwt . header as any ) . kid ;
304305 if ( kid ) {
305306 const key = keys . filter ( key => key . kid === kid ) [ 0 ] ?? null ;
306307 return key ;
@@ -317,7 +318,7 @@ export class ResponseValidator {
317318 return keys [ 0 ] ;
318319 }
319320
320- protected async _getSigningKeyForJwtWithSingleRetry ( jwt : any ) : Promise < Record < string , string > | null > {
321+ protected async _getSigningKeyForJwtWithSingleRetry ( jwt : ParsedJwt ) : Promise < Record < string , string > | null > {
321322 const key = await this . _getSigningKeyForJwt ( jwt ) ;
322323 if ( key ) {
323324 return key ;
@@ -341,7 +342,7 @@ export class ResponseValidator {
341342 throw new Error ( "Failed to parse id_token" ) ;
342343 }
343344
344- const payload : any = jwt . payload ;
345+ const payload = jwt . payload ;
345346 if ( state . nonce !== payload . nonce ) {
346347 Log . error ( "ResponseValidator._validateIdToken: Invalid nonce in id_token" ) ;
347348 throw new Error ( "Invalid nonce in id_token" ) ;
@@ -357,7 +358,7 @@ export class ResponseValidator {
357358
358359 const audience = state . client_id ;
359360 const clockSkewInSeconds = this . _settings . clockSkewInSeconds ;
360- Log . debug ( "ResponseValidator._validateIdToken: Validaing JWT; using clock skew (in seconds) of: " , clockSkewInSeconds ) ;
361+ Log . debug ( "ResponseValidator._validateIdToken: Validating JWT; using clock skew (in seconds) of: " , clockSkewInSeconds ) ;
361362
362363 JoseUtil . validateJwt ( id_token , key , issuer , audience , clockSkewInSeconds ) ;
363364 Log . debug ( "ResponseValidator._validateIdToken: JWT validation successful" ) ;
0 commit comments