Release 2.2.0

**Added** - afterCallback Hook [#168](#168) ([davidpatrick](https://github.com/davidpatrick)) **Changed** - Move transient cookies into single cookie [#171](#171) ([davidpatrick](https://github.com/davidpatrick))
auth0 · Jan 13, 2021 · b7ed8fb · b7ed8fb
1 parent ac45cdd
commit b7ed8fb
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # CHANGELOG
 
+## [2.2.0](https://github.com/auth0/express-openid-connect/tree/v2.2.0) (2021-01-14)
+[Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.1.0...v2.2.0)
+
+**Added**
+- afterCallback Hook [#168](https://github.com/auth0/express-openid-connect/pull/168) ([davidpatrick](https://github.com/davidpatrick))
+
+**Changed**
+- Move transient cookies into single cookie [#171](https://github.com/auth0/express-openid-connect/pull/171) ([davidpatrick](https://github.com/davidpatrick))
+
 ## [2.1.0](https://github.com/auth0/express-openid-connect/tree/v2.1.0) (2020-12-15)
 [Full Changelog](https://github.com/auth0/express-openid-connect/compare/v2.0.0...v2.1.0)
 

diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -215,4 +215,23 @@ app.use(
     // auth0Logout: true // if using custom domain with Auth0
   })
 );
+```
+
+## 8. Validate Claims from an ID token before logging a user in
+
+The `afterCallback` hook can be used to do validation checks on claims after the ID token has been received in the callback phase.
+
+```js
+app.use(
+  auth({
+    afterCallback: (req, res, session) => {
+      const claims = jose.JWT.decode(session.id_token); // using jose library to decode JWT
+      if (claims.org_id === 'Required Organization') {
+        throw new Error('Not a part of the Required Organization');
+      }
+      return session;
+    }
+  })
+);
+
 ```
diff --git a/middleware/auth.js b/middleware/auth.js
@@ -104,6 +104,7 @@ module.exports = function (params) {
           }
 
           if (config.afterCallback) {
+            session = Object.assign({}, session); // serializes session
             session = await config.afterCallback(req, res, session, req.openidState); 
           }
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "express-openid-connect",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Express middleware to protect web applications using OpenID Connect.",
   "homepage": "https://github.com/auth0/express-openid-connect",
   "license": "MIT",