@badgateway/oauth2-client
Advanced tools
@badgateway/oauth2-client - npm Package Compare versions
Comparing version 2.1.0 to 2.1.1
@@ -34,5 +34,10 @@ "use strict"; | ||
| var _a; | ||
| const disallowed = ['client_id', 'client_secret', 'grant_type', 'scope']; | ||
| if ((params === null || params === void 0 ? void 0 : params.extraParams) && Object.keys(params.extraParams).filter((key) => disallowed.includes(key)).length > 0) { | ||
| throw new Error(`The following extraParams are disallowed: '${disallowed.join("', '")}'`); | ||
| } | ||
| const body = { | ||
| grant_type: 'client_credentials', | ||
| scope: (_a = params === null || params === void 0 ? void 0 : params.scope) === null || _a === void 0 ? void 0 : _a.join(' '), | ||
| ...params === null || params === void 0 ? void 0 : params.extraParams | ||
| }; | ||
@@ -54,5 +59,2 @@ if (!this.settings.clientSecret) { | ||
| }; | ||
| if (!this.settings.clientSecret) { | ||
| throw new Error('A clientSecret must be provided to use client_credentials'); | ||
| } | ||
| return tokenResponseToOAuth2Token(this.request('tokenEndpoint', body)); | ||
@@ -62,3 +64,2 @@ } | ||
| * Returns the helper object for the `authorization_code` grant. | ||
| * | ||
| */ | ||
@@ -151,2 +152,5 @@ get authorizationCode() { | ||
| } | ||
| if (this.serverMetadata.token_endpoint_auth_methods_supported && !this.settings.authenticationMethod) { | ||
| this.settings.authenticationMethod = this.serverMetadata.token_endpoint_auth_methods_supported[0]; | ||
| } | ||
| } | ||
@@ -158,8 +162,19 @@ async request(endpoint, body) { | ||
| }; | ||
| if (this.settings.clientSecret) { | ||
| const basicAuthStr = btoa(this.settings.clientId + ':' + this.settings.clientSecret); | ||
| headers.Authorization = 'Basic ' + basicAuthStr; | ||
| let authMethod = this.settings.authenticationMethod; | ||
| if (!authMethod) { | ||
| authMethod = this.settings.clientSecret ? 'client_secret_basic' : 'client_secret_post'; | ||
| } | ||
| else if (body.grant_type === 'authorization_code') { | ||
| body.client_id = this.settings.clientId; | ||
| switch (authMethod) { | ||
| case 'client_secret_basic': | ||
| headers.Authorization = 'Basic ' + | ||
| btoa(this.settings.clientId + ':' + this.settings.clientSecret); | ||
| break; | ||
| case 'client_secret_post': | ||
| body.client_id = this.settings.clientId; | ||
| if (this.settings.clientSecret) { | ||
| body.client_secret = this.settings.clientSecret; | ||
| } | ||
| break; | ||
| default: | ||
| throw new Error('Authentication method not yet supported:' + authMethod + '. Open a feature request if you want this!'); | ||
| } | ||
@@ -166,0 +181,0 @@ const resp = await fetch(uri, { |
@@ -59,4 +59,2 @@ "use strict"; | ||
| throw new Error(`The url did not contain a code parameter ${url}`); | ||
| if (!queryParams.has('state')) | ||
| throw new Error(`The url did not contain state parameter ${url}`); | ||
| if (params.state && params.state !== queryParams.get('state')) { | ||
@@ -63,0 +61,0 @@ throw new Error(`The "state" parameter in the url did not match the expected value of ${params.state}`); |
@@ -21,2 +21,5 @@ "use strict"; | ||
| this.refreshTimer = null; | ||
| if ((options === null || options === void 0 ? void 0 : options.scheduleRefresh) === undefined) { | ||
| options.scheduleRefresh = true; | ||
| } | ||
| this.options = options; | ||
@@ -35,3 +38,3 @@ if (options.getStoredToken) { | ||
| * first. If the access token is almost expiring, this function might attempt | ||
| 1G* to refresh it. | ||
| * to refresh it. | ||
| */ | ||
@@ -147,2 +150,5 @@ async fetch(input, init) { | ||
| var _a; | ||
| if (!this.options.scheduleRefresh) { | ||
| return; | ||
| } | ||
| if (this.refreshTimer) { | ||
@@ -149,0 +155,0 @@ clearTimeout(this.refreshTimer); |
| { | ||
| "name": "@badgateway/oauth2-client", | ||
| "version": "2.1.0", | ||
| "version": "2.1.1", | ||
| "description": "OAuth2 client for browsers and Node.js. Tiny footprint, PKCE support", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by0.89%
2142
Worsened metrics
- Total package byte prevSize
- decreased by-1.04%
150266
- Number of package files
- decreased by-2.86%
34