Remove jsonwebtoken and base64url dependencies. (#113723)

2025-04-24 17:59:23 -04:00 · 2021-10-04 15:33:21 +02:00 · 2021-10-04 15:33:21 +02:00 · edf16e6012
commit edf16e6012
parent fefc34e28f
4 changed files with 32 additions and 32 deletions
--- a/package.json
+++ b/package.json
@ -272,7 +272,6 @@
    "json-stable-stringify": "^1.0.1",
    "json-stringify-pretty-compact": "1.2.0",
    "json-stringify-safe": "5.0.1",
-    "jsonwebtoken": "^8.5.1",
    "jsts": "^1.6.2",
    "kea": "^2.4.2",
    "load-json-file": "^6.2.0",
@ -554,7 +553,6 @@
    "@types/jsdom": "^16.2.3",
    "@types/json-stable-stringify": "^1.0.32",
    "@types/json5": "^0.0.30",
-    "@types/jsonwebtoken": "^8.5.5",
    "@types/license-checker": "15.0.0",
    "@types/listr": "^0.14.0",
    "@types/loader-utils": "^1.1.3",
@ -662,7 +660,6 @@
    "babel-plugin-styled-components": "^1.13.2",
    "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
    "backport": "^5.6.6",
-    "base64url": "^3.0.1",
    "callsites": "^3.1.0",
    "chai": "3.5.0",
    "chance": "1.0.18",
--- a/renovate.json5
+++ b/renovate.json5
@ -86,10 +86,9 @@
      {
        groupName: 'platform security modules',
        packageNames: [
-          'broadcast-channel', 
-          'jsonwebtoken', '@types/jsonwebtoken', 
-          'node-forge', '@types/node-forge', 
-          'require-in-the-middle', 
+          'broadcast-channel',
+          'node-forge', '@types/node-forge',
+          'require-in-the-middle',
          'tough-cookie', '@types/tough-cookie',
          'xml-crypto', '@types/xml-crypto'
        ],
--- a/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts
+++ b/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts
@ -5,10 +5,8 @@
 * 2.0.
 */

-import base64url from 'base64url';
-import { createHash } from 'crypto';
+import { createHash, createSign } from 'crypto';
 import fs from 'fs';
-import jwt from 'jsonwebtoken';
 import url from 'url';

 export function getStateAndNonce(urlWithStateAndNonce: string) {
@ -16,16 +14,20 @@ export function getStateAndNonce(urlWithStateAndNonce: string) {
  return { state: parsedQuery.state as string, nonce: parsedQuery.nonce as string };
 }

-export function createTokens(userId: string, nonce: string) {
-  const signingKey = fs.readFileSync(require.resolve('./jwks_private.pem'));
-  const iat = Math.floor(Date.now() / 1000);
+function fromBase64(base64: string) {
+  return base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+}

+export function createTokens(userId: string, nonce: string) {
+  const idTokenHeader = fromBase64(
+    Buffer.from(JSON.stringify({ alg: 'RS256' })).toString('base64')
+  );
+
+  const iat = Math.floor(Date.now() / 1000);
  const accessToken = `valid-access-token${userId}`;
  const accessTokenHashBuffer = createHash('sha256').update(accessToken).digest();
-
-  return {
-    accessToken,
-    idToken: jwt.sign(
+  const idTokenBody = fromBase64(
+    Buffer.from(
      JSON.stringify({
        iss: 'https://test-op.elastic.co',
        sub: `user${userId}`,
@ -34,10 +36,19 @@ export function createTokens(userId: string, nonce: string) {
        exp: iat + 3600,
        iat,
        // See more details on `at_hash` at https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
-        at_hash: base64url(accessTokenHashBuffer.slice(0, accessTokenHashBuffer.length / 2)),
-      }),
-      signingKey,
-      { algorithm: 'RS256' }
-    ),
-  };
+        at_hash: fromBase64(
+          accessTokenHashBuffer.slice(0, accessTokenHashBuffer.length / 2).toString('base64')
+        ),
+      })
+    ).toString('base64')
+  );
+
+  const idToken = `${idTokenHeader}.${idTokenBody}`;
+
+  const signingKey = fs.readFileSync(require.resolve('./jwks_private.pem'));
+  const idTokenSignature = fromBase64(
+    createSign('RSA-SHA256').update(idToken).sign(signingKey, 'base64')
+  );
+
+  return { accessToken, idToken: `${idToken}.${idTokenSignature}` };
 }
--- a/yarn.lock
+++ b/yarn.lock
@ -6394,13 +6394,6 @@
  resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.30.tgz#44cb52f32a809734ca562e685c6473b5754a7818"
  integrity sha512-sqm9g7mHlPY/43fcSNrCYfOeX9zkTTK+euO5E6+CVijSMm5tTjkVdwdqRkY3ljjIAf8679vps5jKUoJBCLsMDA==

-"@types/jsonwebtoken@^8.5.5":
-  version "8.5.5"
-  resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-8.5.5.tgz#da5f2f4baee88f052ef3e4db4c1a0afb46cff22c"
-  integrity sha512-OGqtHQ7N5/Ap/TUwO6IgHDuLiAoTmHhGpNvgkCm/F4N6pKzx/RBSfr2OXZSwC6vkfnsEdb6+7DNZVtiXiwdwFw==
-  dependencies:
-    "@types/node" "*"
-
 "@types/keyv@*":
  version "3.1.1"
  resolved "https://registry.yarnpkg.com/@types/keyv/-/keyv-3.1.1.tgz#e45a45324fca9dab716ab1230ee249c9fb52cfa7"
@ -9235,7 +9228,7 @@ base64-js@^1.0.2, base64-js@^1.1.2, base64-js@^1.2.0, base64-js@^1.3.0, base64-j
  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1"
  integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==

-base64url@^3.0.0, base64url@^3.0.1:
+base64url@^3.0.0:
  version "3.0.1"
  resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
  integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
@ -19171,7 +19164,7 @@ jsonparse@^1.2.0:
  resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280"
  integrity sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA=

-jsonwebtoken@^8.3.0, jsonwebtoken@^8.5.1:
+jsonwebtoken@^8.3.0:
  version "8.5.1"
  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
  integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==