Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@bity/oauth2-auth-code-pkce
Advanced tools
An OAuth 2.0 client that ONLY supports Authorization Code flow with PKCE support.
A zero dependency OAuth 2.0 client supporting only the authorization code grant (RFC 6749 § 4.1) with PKCE (RFC 7636) for client side protection.
Currently the only Type/JavaScript implementation in public existence.
1 file implementation for easy auditing.
npm install @bity/oauth2-auth-code-pkce
See the source code of tests/panel.html
. It's commented with helpful
information.
Run npm run serve:tests
and navigate to
http://localhost:8080/tests/panel.html
This page acts as a test panel for various scenarios. Play around! :)
Modify the example to use the correct configuration.
Some OAuth servers will return additional parameters to the requester. In order to access these they must be explicitly asked for:
config.explicitlyExposedTokens = ['open_id'];
Then this will be available as a property:
accessContext.explicitlyExposedTokens.open_id
.
It is probable you will encounter an OAuth server which requires some additional parameters. In order to pass extra parameters, add the following to the configuration:
config.extraAuthorizationParameters = { 'some_query_string_param': 'value', ... };
If you have values which need to be computed at run-time and then passed, you can pass them like so:
oauth2.fetchAuthorizationCode({ 'another_query_string_param': computedValue });
Module system | File |
---|---|
Browser (window) | index.umd.js |
CommonJS (require e.g. nodejs) | index.js |
TypeScript | index.ts |
Grab the NPM-generated bity-oauth2-auth-code-pkce-*.tgz
tarball from CI and
then use npm publish $tarball
to publish it to NPM.
FAQs
An OAuth 2.0 client that ONLY supports Authorization Code flow with PKCE support.
The npm package @bity/oauth2-auth-code-pkce receives a total of 3,812 weekly downloads. As such, @bity/oauth2-auth-code-pkce popularity was classified as popular.
We found that @bity/oauth2-auth-code-pkce demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.