Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@badgateway/oauth2-client
Advanced tools
@badgateway/oauth2-client - npm Package Compare versions
Comparing version 2.0.17 to 2.0.18
@@ -1,2 +0,2 @@ | ||
| !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.OAuth2Client=t():e.OAuth2Client=t()}(self,(()=>(()=>{var e={934:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.generateQueryString=t.tokenResponseToOAuth2Token=t.OAuth2Client=void 0;const n=r(443),o=r(618);function i(e,t){return new URL(e,t).toString()}function s(e){return e.then((e=>{var t;return{accessToken:e.access_token,expiresAt:e.expires_in?Date.now()+1e3*e.expires_in:null,refreshToken:null!==(t=e.refresh_token)&&void 0!==t?t:null}}))}function a(e){return new URLSearchParams(Object.fromEntries(Object.entries(e).filter((([e,t])=>void 0!==t)))).toString()}t.OAuth2Client=class{constructor(e){this.discoveryDone=!1,this.serverMetadata=null,this.settings=e}async refreshToken(e){if(!e.refreshToken)throw new Error("This token didn't have a refreshToken. It's not possible to refresh this");const t={grant_type:"refresh_token",refresh_token:e.refreshToken};return this.settings.clientSecret||(t.client_id=this.settings.clientId),s(this.request("tokenEndpoint",t))}async clientCredentials(e){var t;const r={grant_type:"client_credentials",scope:null===(t=null==e?void 0:e.scope)||void 0===t?void 0:t.join(" ")};if(!this.settings.clientSecret)throw new Error("A clientSecret must be provied to use client_credentials");return s(this.request("tokenEndpoint",r))}async password(e){var t;const r={grant_type:"password",...e,scope:null===(t=e.scope)||void 0===t?void 0:t.join(" ")};if(!this.settings.clientSecret)throw new Error("A clientSecret must be provied to use client_credentials");return s(this.request("tokenEndpoint",r))}get authorizationCode(){return new o.OAuth2AuthorizationCodeClient(this)}async introspect(e){const t={token:e.accessToken,token_type_hint:"access_token"};return this.request("introspectionEndpoint",t)}async getEndpoint(e){if(void 0!==this.settings[e])return i(this.settings[e],this.settings.server);if("discoveryEndpoint"!==e&&(await this.discover(),void 0!==this.settings[e]))return i(this.settings[e],this.settings.server);if(!this.settings.server)throw new Error(`Could not determine the location of ${e}. Either specify ${e} in the settings, or the "server" endpoint to let the client discover it.`);switch(e){case"authorizationEndpoint":return i("/authorize",this.settings.server);case"tokenEndpoint":return i("/token",this.settings.server);case"discoveryEndpoint":return i("/.well-known/oauth-authorization-server",this.settings.server);case"introspectionEndpoint":return i("/introspect",this.settings.server)}}async discover(){var e;if(this.discoveryDone)return;let t;this.discoveryDone=!0;try{t=await this.getEndpoint("discoveryEndpoint")}catch(e){return void console.warn('[oauth2] OAuth2 discovery endpoint could not be determined. Either specify the "server" or "discoveryEndpoint')}const r=await fetch(t,{headers:{Accept:"application/json"}});if(!r.ok)return;if(!(null===(e=r.headers.get("Content-Type"))||void 0===e?void 0:e.startsWith("application/json")))return void console.warn("[oauth2] OAuth2 discovery endpoint was not a JSON response. Response is ignored");this.serverMetadata=await r.json();const n=[["authorization_endpoint","authorizationEndpoint"],["token_endpoint","tokenEndpoint"],["introspection_endpoint","introspectionEndpoint"]];if(null!==this.serverMetadata)for(const[e,r]of n)this.serverMetadata[e]&&(this.settings[r]=i(this.serverMetadata[e],t))}async request(e,t){const r=await this.getEndpoint(e),o={"Content-Type":"application/x-www-form-urlencoded"};if(this.settings.clientSecret){const e=btoa(this.settings.clientId+":"+this.settings.clientSecret);o.Authorization="Basic "+e}else"authorization_code"===t.grant_type&&(t.client_id=this.settings.clientId);const i=await fetch(r,{method:"POST",body:a(t),headers:o});if(i.ok)return await i.json();let s,c,h;throw i.headers.has("Content-Type")&&i.headers.get("Content-Type").startsWith("application/json")&&(s=await i.json()),(null==s?void 0:s.error)?(c="OAuth2 error "+s.error+".",s.error_description&&(c+=" "+s.error_description),h=s.error):(c="HTTP Error "+i.status+" "+i.statusText,401===i.status&&this.settings.clientSecret&&(c+=". It's likely that the clientId and/or clientSecret was incorrect"),h=null),new n.OAuth2Error(c,h,i.status)}},t.tokenResponseToOAuth2Token=s,t.generateQueryString=a},618:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.getCodeChallenge=t.generateCodeVerifier=t.OAuth2AuthorizationCodeClient=void 0;const n=r(934),o=r(443);async function i(e){const t=s();if(null==t?void 0:t.subtle)return["S256",c(await t.subtle.digest("SHA-256",a(e)))];{const t=r(212).createHash("sha256");return t.update(a(e)),["S256",t.digest("base64url")]}}function s(){if("undefined"!=typeof window&&window.crypto)return window.crypto;if("undefined"!=typeof self&&self.crypto)return self.crypto;const e=r(212);return e.webcrypto?e.webcrypto:null}function a(e){const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=255&e.charCodeAt(r);return t}function c(e){return btoa(String.fromCharCode(...new Uint8Array(e))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}t.OAuth2AuthorizationCodeClient=class{constructor(e){this.client=e}async getAuthorizeUri(e){const[t,r]=await Promise.all([e.codeVerifier?i(e.codeVerifier):void 0,this.client.getEndpoint("authorizationEndpoint")]),o={client_id:this.client.settings.clientId,response_type:"code",redirect_uri:e.redirectUri,code_challenge_method:null==t?void 0:t[0],code_challenge:null==t?void 0:t[1]};return e.state&&(o.state=e.state),e.scope&&(o.scope=e.scope.join(" ")),r+"?"+(0,n.generateQueryString)(o)}async getTokenFromCodeRedirect(e,t){const{code:r}=await this.validateResponse(e,{state:t.state});return this.getToken({code:r,redirectUri:t.redirectUri,codeVerifier:t.codeVerifier})}async validateResponse(e,t){var r;const n=new URL(e).searchParams;if(n.has("error"))throw new o.OAuth2Error(null!==(r=n.get("error_description"))&&void 0!==r?r:"OAuth2 error",n.get("error"),0);if(!n.has("code"))throw new Error(`The url did not contain a code parameter ${e}`);if(!n.has("state"))throw new Error(`The url did not contain state parameter ${e}`);if(t.state&&t.state!==n.get("state"))throw new Error(`The "state" parameter in the url did not match the expected value of ${t.state}`);return{code:n.get("code"),scope:n.has("scope")?n.get("scope").split(" "):void 0}}async getToken(e){const t={grant_type:"authorization_code",code:e.code,redirect_uri:e.redirectUri,code_verifier:e.codeVerifier};return(0,n.tokenResponseToOAuth2Token)(this.client.request("tokenEndpoint",t))}},t.generateCodeVerifier=async function(){const e=s();if(e){const t=new Uint8Array(32);return e.getRandomValues(t),c(t)}{const e=r(212);return new Promise(((t,r)=>{e.randomBytes(32,((e,n)=>{e&&r(e),t(n.toString("base64url"))}))}))}},t.getCodeChallenge=i},443:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.OAuth2Error=void 0;class r extends Error{constructor(e,t,r){super(e),this.oauth2Code=t,this.httpCode=r}}t.OAuth2Error=r},13:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.OAuth2Fetch=void 0,t.OAuth2Fetch=class{constructor(e){this.token=null,this.activeRefresh=null,this.refreshTimer=null,this.options=e,e.getStoredToken&&(async()=>{this.token=await e.getStoredToken()})(),this.scheduleRefresh()}async fetch(e,t){const r=new Request(e,t);return this.mw()(r,(e=>fetch(e)))}mw(){return async(e,t)=>{const r=await this.getAccessToken();let n=e.clone();n.headers.set("Authorization","Bearer "+r);let o=await t(n);if(!o.ok&&401===o.status){const r=await this.refreshToken();n=e.clone(),n.headers.set("Authorization","Bearer "+r.accessToken),o=await t(n)}return o}}async getToken(){return this.token&&(null===this.token.expiresAt||this.token.expiresAt>Date.now())?this.token:this.refreshToken()}async getAccessToken(){return(await this.getToken()).accessToken}async refreshToken(){var e,t;if(this.activeRefresh)return this.activeRefresh;const r=this.token;this.activeRefresh=(async()=>{var e,t;let n=null;try{(null==r?void 0:r.refreshToken)&&(n=await this.options.client.refreshToken(r))}catch(e){console.warn("[oauth2] refresh token not accepted, we'll try reauthenticating")}if(n||(n=await this.options.getNewToken()),!n){const r=new Error("Unableto obtain OAuth2 tokens, a full reauth may be needed");throw null===(t=(e=this.options).onError)||void 0===t||t.call(e,r),r}return n})();try{const r=await this.activeRefresh;return this.token=r,null===(t=(e=this.options).storeToken)||void 0===t||t.call(e,r),this.scheduleRefresh(),r}catch(e){throw this.options.onError&&this.options.onError(e),e}finally{this.activeRefresh=null}}scheduleRefresh(){if(this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null),!this.token||!this.token.expiresAt||!this.token.refreshToken)return;const e=this.token.expiresAt-Date.now();e<12e4||(this.refreshTimer=setTimeout((async()=>{try{await this.refreshToken()}catch(e){console.error("[fetch-mw-oauth2] error while doing a background OAuth2 auto-refresh",e)}}),e-6e4))}}},212:()=>{}},t={};function r(n){var o=t[n];if(void 0!==o)return o.exports;var i=t[n]={exports:{}};return e[n](i,i.exports,r),i.exports}var n={};return(()=>{"use strict";var e=n;Object.defineProperty(e,"__esModule",{value:!0}),e.OAuth2Error=e.OAuth2Fetch=e.generateCodeVerifier=e.OAuth2AuthorizationCodeClient=e.OAuth2Client=void 0;var t=r(934);Object.defineProperty(e,"OAuth2Client",{enumerable:!0,get:function(){return t.OAuth2Client}});var o=r(618);Object.defineProperty(e,"OAuth2AuthorizationCodeClient",{enumerable:!0,get:function(){return o.OAuth2AuthorizationCodeClient}}),Object.defineProperty(e,"generateCodeVerifier",{enumerable:!0,get:function(){return o.generateCodeVerifier}});var i=r(13);Object.defineProperty(e,"OAuth2Fetch",{enumerable:!0,get:function(){return i.OAuth2Fetch}});var s=r(443);Object.defineProperty(e,"OAuth2Error",{enumerable:!0,get:function(){return s.OAuth2Error}})})(),n})())); | ||
| !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.OAuth2Client=t():e.OAuth2Client=t()}(self,(()=>(()=>{var e={934:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.generateQueryString=t.tokenResponseToOAuth2Token=t.OAuth2Client=void 0;const n=r(443),o=r(618);function i(e,t){return new URL(e,t).toString()}function s(e){return e.then((e=>{var t;return{accessToken:e.access_token,expiresAt:e.expires_in?Date.now()+1e3*e.expires_in:null,refreshToken:null!==(t=e.refresh_token)&&void 0!==t?t:null}}))}function a(e){return new URLSearchParams(Object.fromEntries(Object.entries(e).filter((([e,t])=>void 0!==t)))).toString()}t.OAuth2Client=class{constructor(e){this.discoveryDone=!1,this.serverMetadata=null,this.settings=e}async refreshToken(e){if(!e.refreshToken)throw new Error("This token didn't have a refreshToken. It's not possible to refresh this");const t={grant_type:"refresh_token",refresh_token:e.refreshToken};return this.settings.clientSecret||(t.client_id=this.settings.clientId),s(this.request("tokenEndpoint",t))}async clientCredentials(e){var t;const r={grant_type:"client_credentials",scope:null===(t=null==e?void 0:e.scope)||void 0===t?void 0:t.join(" ")};if(!this.settings.clientSecret)throw new Error("A clientSecret must be provided to use client_credentials");return s(this.request("tokenEndpoint",r))}async password(e){var t;const r={grant_type:"password",...e,scope:null===(t=e.scope)||void 0===t?void 0:t.join(" ")};if(!this.settings.clientSecret)throw new Error("A clientSecret must be provided to use client_credentials");return s(this.request("tokenEndpoint",r))}get authorizationCode(){return new o.OAuth2AuthorizationCodeClient(this)}async introspect(e){const t={token:e.accessToken,token_type_hint:"access_token"};return this.request("introspectionEndpoint",t)}async getEndpoint(e){if(void 0!==this.settings[e])return i(this.settings[e],this.settings.server);if("discoveryEndpoint"!==e&&(await this.discover(),void 0!==this.settings[e]))return i(this.settings[e],this.settings.server);if(!this.settings.server)throw new Error(`Could not determine the location of ${e}. Either specify ${e} in the settings, or the "server" endpoint to let the client discover it.`);switch(e){case"authorizationEndpoint":return i("/authorize",this.settings.server);case"tokenEndpoint":return i("/token",this.settings.server);case"discoveryEndpoint":return i("/.well-known/oauth-authorization-server",this.settings.server);case"introspectionEndpoint":return i("/introspect",this.settings.server)}}async discover(){var e;if(this.discoveryDone)return;let t;this.discoveryDone=!0;try{t=await this.getEndpoint("discoveryEndpoint")}catch(e){return void console.warn('[oauth2] OAuth2 discovery endpoint could not be determined. Either specify the "server" or "discoveryEndpoint')}const r=await fetch(t,{headers:{Accept:"application/json"}});if(!r.ok)return;if(!(null===(e=r.headers.get("Content-Type"))||void 0===e?void 0:e.startsWith("application/json")))return void console.warn("[oauth2] OAuth2 discovery endpoint was not a JSON response. Response is ignored");this.serverMetadata=await r.json();const n=[["authorization_endpoint","authorizationEndpoint"],["token_endpoint","tokenEndpoint"],["introspection_endpoint","introspectionEndpoint"]];if(null!==this.serverMetadata)for(const[e,r]of n)this.serverMetadata[e]&&(this.settings[r]=i(this.serverMetadata[e],t))}async request(e,t){const r=await this.getEndpoint(e),o={"Content-Type":"application/x-www-form-urlencoded"};if(this.settings.clientSecret){const e=btoa(this.settings.clientId+":"+this.settings.clientSecret);o.Authorization="Basic "+e}else"authorization_code"===t.grant_type&&(t.client_id=this.settings.clientId);const i=await fetch(r,{method:"POST",body:a(t),headers:o});if(i.ok)return await i.json();let s,c,h;throw i.headers.has("Content-Type")&&i.headers.get("Content-Type").startsWith("application/json")&&(s=await i.json()),(null==s?void 0:s.error)?(c="OAuth2 error "+s.error+".",s.error_description&&(c+=" "+s.error_description),h=s.error):(c="HTTP Error "+i.status+" "+i.statusText,401===i.status&&this.settings.clientSecret&&(c+=". It's likely that the clientId and/or clientSecret was incorrect"),h=null),new n.OAuth2Error(c,h,i.status)}},t.tokenResponseToOAuth2Token=s,t.generateQueryString=a},618:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.getCodeChallenge=t.generateCodeVerifier=t.OAuth2AuthorizationCodeClient=void 0;const n=r(934),o=r(443);async function i(e){const t=s();if(null==t?void 0:t.subtle)return["S256",c(await t.subtle.digest("SHA-256",a(e)))];{const t=r(212).createHash("sha256");return t.update(a(e)),["S256",t.digest("base64url")]}}function s(){if("undefined"!=typeof window&&window.crypto)return window.crypto;if("undefined"!=typeof self&&self.crypto)return self.crypto;const e=r(212);return e.webcrypto?e.webcrypto:null}function a(e){const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=255&e.charCodeAt(r);return t}function c(e){return btoa(String.fromCharCode(...new Uint8Array(e))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}t.OAuth2AuthorizationCodeClient=class{constructor(e){this.client=e}async getAuthorizeUri(e){const[t,r]=await Promise.all([e.codeVerifier?i(e.codeVerifier):void 0,this.client.getEndpoint("authorizationEndpoint")]),o={client_id:this.client.settings.clientId,response_type:"code",redirect_uri:e.redirectUri,code_challenge_method:null==t?void 0:t[0],code_challenge:null==t?void 0:t[1]};return e.state&&(o.state=e.state),e.scope&&(o.scope=e.scope.join(" ")),r+"?"+(0,n.generateQueryString)(o)}async getTokenFromCodeRedirect(e,t){const{code:r}=await this.validateResponse(e,{state:t.state});return this.getToken({code:r,redirectUri:t.redirectUri,codeVerifier:t.codeVerifier})}async validateResponse(e,t){var r;const n=new URL(e).searchParams;if(n.has("error"))throw new o.OAuth2Error(null!==(r=n.get("error_description"))&&void 0!==r?r:"OAuth2 error",n.get("error"),0);if(!n.has("code"))throw new Error(`The url did not contain a code parameter ${e}`);if(!n.has("state"))throw new Error(`The url did not contain state parameter ${e}`);if(t.state&&t.state!==n.get("state"))throw new Error(`The "state" parameter in the url did not match the expected value of ${t.state}`);return{code:n.get("code"),scope:n.has("scope")?n.get("scope").split(" "):void 0}}async getToken(e){const t={grant_type:"authorization_code",code:e.code,redirect_uri:e.redirectUri,code_verifier:e.codeVerifier};return(0,n.tokenResponseToOAuth2Token)(this.client.request("tokenEndpoint",t))}},t.generateCodeVerifier=async function(){const e=s();if(e){const t=new Uint8Array(32);return e.getRandomValues(t),c(t)}{const e=r(212);return new Promise(((t,r)=>{e.randomBytes(32,((e,n)=>{e&&r(e),t(n.toString("base64url"))}))}))}},t.getCodeChallenge=i},443:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.OAuth2Error=void 0;class r extends Error{constructor(e,t,r){super(e),this.oauth2Code=t,this.httpCode=r}}t.OAuth2Error=r},13:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.OAuth2Fetch=void 0,t.OAuth2Fetch=class{constructor(e){this.token=null,this.activeRefresh=null,this.refreshTimer=null,this.options=e,e.getStoredToken&&(async()=>{this.token=await e.getStoredToken()})(),this.scheduleRefresh()}async fetch(e,t){const r=new Request(e,t);return this.mw()(r,(e=>fetch(e)))}mw(){return async(e,t)=>{const r=await this.getAccessToken();let n=e.clone();n.headers.set("Authorization","Bearer "+r);let o=await t(n);if(!o.ok&&401===o.status){const r=await this.refreshToken();n=e.clone(),n.headers.set("Authorization","Bearer "+r.accessToken),o=await t(n)}return o}}async getToken(){return this.token&&(null===this.token.expiresAt||this.token.expiresAt>Date.now())?this.token:this.refreshToken()}async getAccessToken(){return(await this.getToken()).accessToken}async refreshToken(){var e,t;if(this.activeRefresh)return this.activeRefresh;const r=this.token;this.activeRefresh=(async()=>{var e,t;let n=null;try{(null==r?void 0:r.refreshToken)&&(n=await this.options.client.refreshToken(r))}catch(e){console.warn("[oauth2] refresh token not accepted, we'll try reauthenticating")}if(n||(n=await this.options.getNewToken()),!n){const r=new Error("Unableto obtain OAuth2 tokens, a full reauth may be needed");throw null===(t=(e=this.options).onError)||void 0===t||t.call(e,r),r}return n})();try{const r=await this.activeRefresh;return this.token=r,null===(t=(e=this.options).storeToken)||void 0===t||t.call(e,r),this.scheduleRefresh(),r}catch(e){throw this.options.onError&&this.options.onError(e),e}finally{this.activeRefresh=null}}scheduleRefresh(){var e;if(this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null),!(null===(e=this.token)||void 0===e?void 0:e.expiresAt)||!this.token.refreshToken)return;const t=this.token.expiresAt-Date.now();t<12e4||(this.refreshTimer=setTimeout((async()=>{try{await this.refreshToken()}catch(e){console.error("[fetch-mw-oauth2] error while doing a background OAuth2 auto-refresh",e)}}),t-6e4))}}},212:()=>{}},t={};function r(n){var o=t[n];if(void 0!==o)return o.exports;var i=t[n]={exports:{}};return e[n](i,i.exports,r),i.exports}var n={};return(()=>{"use strict";var e=n;Object.defineProperty(e,"__esModule",{value:!0}),e.OAuth2Error=e.OAuth2Fetch=e.generateCodeVerifier=e.OAuth2AuthorizationCodeClient=e.OAuth2Client=void 0;var t=r(934);Object.defineProperty(e,"OAuth2Client",{enumerable:!0,get:function(){return t.OAuth2Client}});var o=r(618);Object.defineProperty(e,"OAuth2AuthorizationCodeClient",{enumerable:!0,get:function(){return o.OAuth2AuthorizationCodeClient}}),Object.defineProperty(e,"generateCodeVerifier",{enumerable:!0,get:function(){return o.generateCodeVerifier}});var i=r(13);Object.defineProperty(e,"OAuth2Fetch",{enumerable:!0,get:function(){return i.OAuth2Fetch}});var s=r(443);Object.defineProperty(e,"OAuth2Error",{enumerable:!0,get:function(){return s.OAuth2Error}})})(),n})())); | ||
| //# sourceMappingURL=oauth2-client.min.js.map |
@@ -56,3 +56,3 @@ import { OAuth2Token } from './token'; | ||
| } | ||
| declare type OAuth2Endpoint = 'tokenEndpoint' | 'authorizationEndpoint' | 'discoveryEndpoint' | 'introspectionEndpoint'; | ||
| type OAuth2Endpoint = 'tokenEndpoint' | 'authorizationEndpoint' | 'discoveryEndpoint' | 'introspectionEndpoint'; | ||
| export declare class OAuth2Client { | ||
@@ -59,0 +59,0 @@ settings: ClientSettings; |
@@ -39,3 +39,3 @@ "use strict"; | ||
| if (!this.settings.clientSecret) { | ||
| throw new Error('A clientSecret must be provied to use client_credentials'); | ||
| throw new Error('A clientSecret must be provided to use client_credentials'); | ||
| } | ||
@@ -55,3 +55,3 @@ return tokenResponseToOAuth2Token(this.request('tokenEndpoint', body)); | ||
| if (!this.settings.clientSecret) { | ||
| throw new Error('A clientSecret must be provied to use client_credentials'); | ||
| throw new Error('A clientSecret must be provided to use client_credentials'); | ||
| } | ||
@@ -58,0 +58,0 @@ return tokenResponseToOAuth2Token(this.request('tokenEndpoint', body)); |
| import { OAuth2Client } from '../client'; | ||
| import { OAuth2Token } from '../token'; | ||
| declare type GetAuthorizeUrlParams = { | ||
| type GetAuthorizeUrlParams = { | ||
| /** | ||
@@ -24,3 +24,3 @@ * Where to redirect the user back to after authentication. | ||
| }; | ||
| declare type ValidateResponseResult = { | ||
| type ValidateResponseResult = { | ||
| /** | ||
@@ -27,0 +27,0 @@ * The authorization code. This code should be used to obtain an access token. |
@@ -29,2 +29,5 @@ "use strict"; | ||
| } | ||
| if (params.scope) { | ||
| query.scope = params.scope.join(' '); | ||
| } | ||
| return authorizationEndpoint + '?' + (0, client_1.generateQueryString)(query); | ||
@@ -103,14 +106,14 @@ } | ||
| async function getCodeChallenge(codeVerifier) { | ||
| /* | ||
| const webCrypto = getWebCrypto(); | ||
| if (webCrypto?.subtle) { | ||
| return ['S256', base64Url(await webCrypto.subtle.digest('SHA-256', stringToBuffer(codeVerifier)))]; | ||
| } else {*/ | ||
| // Node 14.x fallback | ||
| // eslint-disable-next-line @typescript-eslint/no-var-requires | ||
| const nodeCrypto = require('crypto'); | ||
| const hash = nodeCrypto.createHash('sha256'); | ||
| hash.update(stringToBuffer(codeVerifier)); | ||
| return ['S256', hash.digest('base64url')]; | ||
| //} | ||
| if (webCrypto === null || webCrypto === void 0 ? void 0 : webCrypto.subtle) { | ||
| return ['S256', base64Url(await webCrypto.subtle.digest('SHA-256', stringToBuffer(codeVerifier)))]; | ||
| } | ||
| else { | ||
| // Node 14.x fallback | ||
| // eslint-disable-next-line @typescript-eslint/no-var-requires | ||
| const nodeCrypto = require('crypto'); | ||
| const hash = nodeCrypto.createHash('sha256'); | ||
| hash.update(stringToBuffer(codeVerifier)); | ||
| return ['S256', hash.digest('base64url')]; | ||
| } | ||
| } | ||
@@ -117,0 +120,0 @@ exports.getCodeChallenge = getCodeChallenge; |
| import { OAuth2Token } from './token'; | ||
| import { OAuth2Client } from './client'; | ||
| declare type FetchMiddleware = (request: Request, next: (request: Request) => Promise<Response>) => Promise<Response>; | ||
| declare type OAuth2FetchOptions = { | ||
| type FetchMiddleware = (request: Request, next: (request: Request) => Promise<Response>) => Promise<Response>; | ||
| type OAuth2FetchOptions = { | ||
| /** | ||
@@ -6,0 +6,0 @@ * Reference to OAuth2 client. |
@@ -144,2 +144,3 @@ "use strict"; | ||
| scheduleRefresh() { | ||
| var _a; | ||
| if (this.refreshTimer) { | ||
@@ -149,3 +150,3 @@ clearTimeout(this.refreshTimer); | ||
| } | ||
| if (!this.token || !this.token.expiresAt || !this.token.refreshToken) { | ||
| if (!((_a = this.token) === null || _a === void 0 ? void 0 : _a.expiresAt) || !this.token.refreshToken) { | ||
| // If we don't know when the token expires, or don't have a refresh_token, don't bother. | ||
@@ -152,0 +153,0 @@ return; |
| /** | ||
| * refresh_token request body | ||
| */ | ||
| export declare type RefreshRequest = { | ||
| export type RefreshRequest = { | ||
| grant_type: 'refresh_token'; | ||
@@ -13,3 +13,3 @@ refresh_token: string; | ||
| */ | ||
| export declare type ClientCredentialsRequest = { | ||
| export type ClientCredentialsRequest = { | ||
| grant_type: 'client_credentials'; | ||
@@ -21,3 +21,3 @@ scope?: string; | ||
| */ | ||
| export declare type PasswordRequest = { | ||
| export type PasswordRequest = { | ||
| grant_type: 'password'; | ||
@@ -28,3 +28,3 @@ username: string; | ||
| }; | ||
| export declare type AuthorizationCodeRequest = { | ||
| export type AuthorizationCodeRequest = { | ||
| grant_type: 'authorization_code'; | ||
@@ -39,3 +39,3 @@ code: string; | ||
| */ | ||
| export declare type AuthorizationQueryParams = { | ||
| export type AuthorizationQueryParams = { | ||
| response_type: 'code'; | ||
@@ -52,3 +52,3 @@ client_id: string; | ||
| */ | ||
| export declare type TokenResponse = { | ||
| export type TokenResponse = { | ||
| access_token: string; | ||
@@ -60,7 +60,7 @@ token_type: string; | ||
| }; | ||
| declare type OAuth2ResponseType = 'code' | 'token'; | ||
| declare type OAuth2GrantType = 'authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:jwt-bearer' | 'urn:ietf:params:oauth:grant-type:saml2-bearer'; | ||
| declare type OAuth2AuthMethod = 'none' | 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'tls_client_auth' | 'self_signed_tls_client_auth'; | ||
| declare type OAuth2CodeChallengeMethod = 'S256' | 'plain'; | ||
| export declare type OAuth2TokenTypeHint = 'access_token' | 'refresh_token'; | ||
| type OAuth2ResponseType = 'code' | 'token'; | ||
| type OAuth2GrantType = 'authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:jwt-bearer' | 'urn:ietf:params:oauth:grant-type:saml2-bearer'; | ||
| type OAuth2AuthMethod = 'none' | 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'tls_client_auth' | 'self_signed_tls_client_auth'; | ||
| type OAuth2CodeChallengeMethod = 'S256' | 'plain'; | ||
| export type OAuth2TokenTypeHint = 'access_token' | 'refresh_token'; | ||
| /** | ||
@@ -71,3 +71,3 @@ * Response from /.well-known/oauth-authorization-server | ||
| */ | ||
| export declare type ServerMetadataResponse = { | ||
| export type ServerMetadataResponse = { | ||
| /** | ||
@@ -171,7 +171,7 @@ * The authorization server's issuer identifier, which is a URL that uses | ||
| }; | ||
| export declare type IntrospectionRequest = { | ||
| export type IntrospectionRequest = { | ||
| token: string; | ||
| token_type_hint?: OAuth2TokenTypeHint; | ||
| }; | ||
| export declare type IntrospectionResponse = { | ||
| export type IntrospectionResponse = { | ||
| /** | ||
@@ -178,0 +178,0 @@ * Whether or not the token is still active. |
| /** | ||
| * Token information | ||
| */ | ||
| export declare type OAuth2Token = { | ||
| export type OAuth2Token = { | ||
| /** | ||
@@ -6,0 +6,0 @@ * OAuth2 Access Token |
| { | ||
| "name": "@badgateway/oauth2-client", | ||
| "version": "2.0.17", | ||
| "version": "2.0.18", | ||
| "description": "OAuth2 client for browsers and Node.js. Tiny footprint, PKCE support", | ||
@@ -33,4 +33,5 @@ "main": "dist/index.js", | ||
| "devDependencies": { | ||
| "@curveball/bodyparser": "^0.5.0", | ||
| "@curveball/core": "^0.20.0", | ||
| "@curveball/bodyparser": "^0.6.1", | ||
| "@curveball/core": "^0.21.1", | ||
| "@curveball/http-errors": "^0.5.0", | ||
| "@types/chai": "^4.3.1", | ||
@@ -47,5 +48,5 @@ "@types/mocha": "^10.0.0", | ||
| "ts-node": "^10.7.0", | ||
| "typescript": "^4.4.4", | ||
| "typescript": "^5.0.4", | ||
| "webpack": "^5.60.0", | ||
| "webpack-cli": "^4.9.1" | ||
| "webpack-cli": "^5.0.1" | ||
| }, | ||
@@ -52,0 +53,0 @@ "browser": "browser/oauth2-client.min.js", |
@@ -121,3 +121,3 @@ import { OAuth2Token } from './token'; | ||
| if (!this.settings.clientSecret) { | ||
| throw new Error('A clientSecret must be provied to use client_credentials'); | ||
| throw new Error('A clientSecret must be provided to use client_credentials'); | ||
| } | ||
@@ -140,3 +140,3 @@ | ||
| if (!this.settings.clientSecret) { | ||
| throw new Error('A clientSecret must be provied to use client_credentials'); | ||
| throw new Error('A clientSecret must be provided to use client_credentials'); | ||
| } | ||
@@ -143,0 +143,0 @@ return tokenResponseToOAuth2Token(this.request('tokenEndpoint', body)); |
@@ -231,3 +231,3 @@ import { OAuth2Token } from './token'; | ||
| if (!this.token || !this.token.expiresAt || !this.token.refreshToken) { | ||
| if (!this.token?.expiresAt || !this.token.refreshToken) { | ||
| // If we don't know when the token expires, or don't have a refresh_token, don't bother. | ||
@@ -234,0 +234,0 @@ return; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
- decreased by-33.33%
6
Worsened metrics
- Total package byte prevSize
- decreased by-20.41%
142795
- Dev dependency count
- increased by6.25%
17
- Number of package files
- decreased by-29.17%
34
- Lines of code
- decreased by-15.19%
2061
No dependency changes