Update oidc-spa so that DPoP work when the TLS terminaison is done upstream

garronej · garronej · commit 4a29af4efdc1 · 2025-12-23T14:58:45.000+01:00
diff --git a/package.json b/package.json
@@ -24,7 +24,7 @@
         "@hono/node-server": "^1.11.1",
         "@hono/zod-openapi": "^0.13.0",
         "hono": "^4.11.1",
-        "oidc-spa": "^8.7.3",
+        "oidc-spa": "^8.7.4",
         "tsafe": "^1.8.12",
         "url-join": "^5.0.0",
         "zod": "^3.23.8"
diff --git a/src/auth.ts b/src/auth.ts
@@ -25,20 +25,23 @@ export async function getUser(
     requiredRole?: "realm-admin" | "support-staff"
 ): Promise<User> {
 
-    const { isSuccess, debugErrorMessage, decodedAccessToken } =
+    const { isSuccess, errorCause, debugErrorMessage, decodedAccessToken } =
         await validateAndDecodeAccessToken({
             request: {
                 url: req.url,
                 method: req.method,
-                headers: {
-                    Authorization: req.header("Authorization"),
-                    DPoP: req.header("DPoP")
-                }
+                getHeaderValue: headerName => req.header(headerName)
             }
         });
 
     if (!isSuccess) {
-        console.warn(debugErrorMessage);
+
+        if( errorCause === "missing Authorization header" ){
+            console.warn("Anonymous request");
+        }else{
+            console.warn(debugErrorMessage);
+        }
+
         throw new HTTPException(401);
     }
 
diff --git a/yarn.lock b/yarn.lock
@@ -245,10 +245,10 @@ minimist@^1.2.6:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
   integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
 
-oidc-spa@^8.7.3:
-  version "8.7.3"
-  resolved "https://registry.yarnpkg.com/oidc-spa/-/oidc-spa-8.7.3.tgz#86b2df5ab1faf2d5485891f1e371f359107ece2c"
-  integrity sha512-q1UOUhk6Ad7IJG2XUibJYyBLFKn+FtU4O5Uu5++UCjUFgvzxN46KWOrC0LUrZrQe3lQdvsjZhR5BrPi1eex8RQ==
+oidc-spa@^8.7.4:
+  version "8.7.4"
+  resolved "https://registry.yarnpkg.com/oidc-spa/-/oidc-spa-8.7.4.tgz#db85f06f296eb110f1b800b6cf9245f2264f4707"
+  integrity sha512-+GKiMdFpeNryNymO71MJdQQq0xiwygmPjNpVojctCBamDYOoZL79Lfr239PwOf52/3g11IE3d5GMCuLPy8IAJQ==
 
 openapi3-ts@^4.1.2:
   version "4.3.1"
