Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if(!audience){
return next(new Error('audience is required'));
}
audience = asResource(audience);
var user = options.getUserFromRequest(req);
if(!user) return res.send(401);
var ctx = options.wctx || req.query.wctx;
if (!options.jwt) {
var profileMap = options.profileMapper(user);
var claims = profileMap.getClaims(options);
var ni = profileMap.getNameIdentifier(options);
saml11.create({
signatureAlgorithm: options.signatureAlgorithm,
digestAlgorithm: options.digestAlgorithm,
cert: options.cert,
key: options.key,
issuer: asResource(options.issuer),
lifetimeInSeconds: options.lifetime || (60 * 60 * 8),
audiences: audience,
attributes: claims,
nameIdentifier: ni.nameIdentifier,
nameIdentifierFormat: ni.nameIdentifierFormat,
encryptionPublicKey: options.encryptionPublicKey,
encryptionCert: options.encryptionCert
}, function(err, assertion) {
if (err) return next(err);
var escapedWctx = utils.escape(utils.escape(ctx)); // we need an escaped value for RequestSecurityTokenResponse.Context
var escapedAssertion = utils.escape(assertion); // we need an escaped value for RequestSecurityTokenResponse.Context