add authorizationId parameter for sharing an existing authorization

README.md

@@ -181,6 +181,12 @@ Finally, you may choose to overwrite some configuration defaults.
 
  > In lieu of a user session, a helper instance _could_ store the authorization state in a local variable and share it between users of the instance. Currently, this is not supported, because the primary audience for the library is thought to be a typical web application with unique user accounts.
 
+* `authorizationId`
+
+ The helper instance saves the authorization state under a key in the session object. By default, if no input is provided, the key is generated randomly based on the current timestamp. If `authorizationId` is defined, it's value is used to generate the key. Doing so allows different helper instances to share an authorization.
+
+ > In order to scale an application horizontally, while using a shared session store, the key, under which the authorization state is stored, can be controlled, so that an authorization is available throughout instances of the application running in parallel. If `authorizationId` is not set, a random key is generated for each helper instance.
+
 * `customize`
 
  You can customize the default behavior of the Issuer and Client classes and their respective instances as described in [Customizing](https:/panva/node-openid-client/tree/master/docs#customizing) section of the openid-client documentation. For example:

docs/README.md

@@ -50,6 +50,7 @@ Represents an `openid-client-helper` instance.
 | [param0.resources] | <code>object</code> | <code>{ &#x27;https://&#x27;: { scope: &#x27;*&#x27; } }</code> | A set of resources associated with resource specific scope(s). Each resource key is, generally, to comply with the proposed [Resource Parameter](https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08#section-2) definition, as it may be used as the resource indicator in systems that adopt the draft. The resource keys will be compared against the URI in requests to a protected API resource, and the key matching the left part of the URI the most will be used to retrieve corresponding access token. |
 | [param0.useMasterAccessToken] | <code>boolean</code> | <code>false</code> | Indicates whether or not the "master" access token, the one associated with scopes approved by the resource owner, is to be used if a resource specific access token cannot be obtained. Setting this to `true` is not normally recommended, for it leads to use of an access token that is not audience restricted. |
 | [param0.sessionKey] | <code>string</code> | <code>&quot;session&quot;</code> | The key identifying the session object attached to requests. |
+| [param0.authorizationId] | <code>string</code> | | Identifier for the authorization state saved in the session object, so that an authorization could be shared between the helper instances and used for horizontal scaling. |
 | [param0.useResourceIndicators] | <code>boolean</code> | <code>false</code> | Indicates whether [Resource Indicators for OAuth 2.0](https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08) are supported by the authorization server. |
 | [param0.customize] | <code>function</code> | | A function to modify openid-client defaults using its [Customizing](https:/panva/node-openid-client/tree/master/docs#customizing) means. The function will be sent the `custom` options object and the `Issuer` constructor. When an `issuer` or `client` instance is created, it will be provided as a parameter along with the `custom` object. This means that the `customize` function should check for presence of the `Issuer`, `issuer`, or/and `client` parameters, if those were to be modified. |
 

lib/index.js

@@ -54,6 +54,7 @@ const {
  * Setting this to `true` is not normally recommended,
  * for it leads to use of an access token that is not audience restricted.
  * @param {string} [param0.sessionKey=session] The key identifying the session object attached to requests.
+ * @param {string} [param0.authorizationId] Identifier for the authorization state saved in the session object, so that an authorization could be shared between the helper instances and used for horizontal scaling.
  * @param {boolean} [param0.useResourceIndicators=false] Indicates whether [Resource Indicators for OAuth 2.0]{@link https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08}
  * are supported by the authorization server.
  * @param {function} [param0.customize] A function to modify openid-client defaults using its [Customizing]{@link https:/panva/node-openid-client/tree/master/docs#customizing} means.
@@ -75,6 +76,7 @@ module.exports = function ({
  },
  useMasterAccessToken = false,
  sessionKey = 'session',
+ authorizationId,
  useResourceIndicators = false,
  customize
 }) {
@@ -105,7 +107,7 @@ module.exports = function ({
 
  const hashes = crypto.getHashes()
  /**
- * Unique identifier for this authorization in session.
+ *  Identifier for this authorization in session. Base on custom data or generate randomly.
  */
  const authorizationKey = crypto.createHash(
  hashes
@@ -114,7 +116,7 @@ module.exports = function ({
  return hash.match(/^sha1$|^sha256$/)
  }) || hashes[hashes.length - 1]
  )
- .update((new Date()).valueOf().toString())
+ .update(authorizationId || (new Date()).valueOf().toString())
  .digest('base64')
 
  const helper = {