@bity/oauth2-auth-code-pkce - npm Package Compare versions

Comparing version 2.2.0 to 2.3.0

index.js

@@ -0,1 +1,2 @@
+"use strict";
 /**
@@ -71,2 +72,3 @@ * An implementation of rfc6749#section-4.1 and rfc7636.
 };
+Object.defineProperty(exports, "__esModule", { value: true });
 ;
@@ -84,3 +86,3 @@ ;
 }());
-export { ErrorOAuth2 };
+exports.ErrorOAuth2 = ErrorOAuth2;
 // For really unknown errors.
@@ -94,3 +96,3 @@ var ErrorUnknown = /** @class */ (function (_super) {
 }(ErrorOAuth2));
-export { ErrorUnknown };
+exports.ErrorUnknown = ErrorUnknown;
 // Some generic, internal errors that can happen.
@@ -104,3 +106,3 @@ var ErrorNoAuthCode = /** @class */ (function (_super) {
 }(ErrorOAuth2));
-export { ErrorNoAuthCode };
+exports.ErrorNoAuthCode = ErrorNoAuthCode;
 var ErrorInvalidReturnedStateParam = /** @class */ (function (_super) {
@@ -113,3 +115,3 @@ __extends(ErrorInvalidReturnedStateParam, _super);
 }(ErrorOAuth2));
-export { ErrorInvalidReturnedStateParam };
+exports.ErrorInvalidReturnedStateParam = ErrorInvalidReturnedStateParam;
 var ErrorInvalidJson = /** @class */ (function (_super) {
@@ -122,3 +124,3 @@ __extends(ErrorInvalidJson, _super);
 }(ErrorOAuth2));
-export { ErrorInvalidJson };
+exports.ErrorInvalidJson = ErrorInvalidJson;
 // Errors that occur across many endpoints
@@ -132,3 +134,3 @@ var ErrorInvalidScope = /** @class */ (function (_super) {
 }(ErrorOAuth2));
-export { ErrorInvalidScope };
+exports.ErrorInvalidScope = ErrorInvalidScope;
 var ErrorInvalidRequest = /** @class */ (function (_super) {
@@ -141,3 +143,3 @@ __extends(ErrorInvalidRequest, _super);
 }(ErrorOAuth2));
-export { ErrorInvalidRequest };
+exports.ErrorInvalidRequest = ErrorInvalidRequest;
 var ErrorInvalidToken = /** @class */ (function (_super) {
@@ -150,3 +152,3 @@ __extends(ErrorInvalidToken, _super);
 }(ErrorOAuth2));
-export { ErrorInvalidToken };
+exports.ErrorInvalidToken = ErrorInvalidToken;
 /**
@@ -163,3 +165,3 @@ * Possible authorization grant errors given by the redirection from the
 }(ErrorOAuth2));
-export { ErrorAuthenticationGrant };
+exports.ErrorAuthenticationGrant = ErrorAuthenticationGrant;
 var ErrorUnauthorizedClient = /** @class */ (function (_super) {
@@ -172,3 +174,3 @@ __extends(ErrorUnauthorizedClient, _super);
 }(ErrorAuthenticationGrant));
-export { ErrorUnauthorizedClient };
+exports.ErrorUnauthorizedClient = ErrorUnauthorizedClient;
 var ErrorAccessDenied = /** @class */ (function (_super) {
@@ -181,3 +183,3 @@ __extends(ErrorAccessDenied, _super);
 }(ErrorAuthenticationGrant));
-export { ErrorAccessDenied };
+exports.ErrorAccessDenied = ErrorAccessDenied;
 var ErrorUnsupportedResponseType = /** @class */ (function (_super) {
@@ -190,3 +192,3 @@ __extends(ErrorUnsupportedResponseType, _super);
 }(ErrorAuthenticationGrant));
-export { ErrorUnsupportedResponseType };
+exports.ErrorUnsupportedResponseType = ErrorUnsupportedResponseType;
 var ErrorServerError = /** @class */ (function (_super) {
@@ -199,3 +201,3 @@ __extends(ErrorServerError, _super);
 }(ErrorAuthenticationGrant));
-export { ErrorServerError };
+exports.ErrorServerError = ErrorServerError;
 var ErrorTemporarilyUnavailable = /** @class */ (function (_super) {
@@ -208,3 +210,3 @@ __extends(ErrorTemporarilyUnavailable, _super);
 }(ErrorAuthenticationGrant));
-export { ErrorTemporarilyUnavailable };
+exports.ErrorTemporarilyUnavailable = ErrorTemporarilyUnavailable;
 /**
@@ -220,3 +222,3 @@ * A list of possible access token response errors.
 }(ErrorOAuth2));
-export { ErrorAccessTokenResponse };
+exports.ErrorAccessTokenResponse = ErrorAccessTokenResponse;
 var ErrorInvalidClient = /** @class */ (function (_super) {
@@ -229,3 +231,3 @@ __extends(ErrorInvalidClient, _super);
 }(ErrorAccessTokenResponse));
-export { ErrorInvalidClient };
+exports.ErrorInvalidClient = ErrorInvalidClient;
 var ErrorInvalidGrant = /** @class */ (function (_super) {
@@ -238,3 +240,3 @@ __extends(ErrorInvalidGrant, _super);
 }(ErrorAccessTokenResponse));
-export { ErrorInvalidGrant };
+exports.ErrorInvalidGrant = ErrorInvalidGrant;
 var ErrorUnsupportedGrantType = /** @class */ (function (_super) {
@@ -247,3 +249,3 @@ __extends(ErrorUnsupportedGrantType, _super);
 }(ErrorAccessTokenResponse));
-export { ErrorUnsupportedGrantType };
+exports.ErrorUnsupportedGrantType = ErrorUnsupportedGrantType;
 /**
@@ -257,4 +259,4 @@ * WWW-Authenticate error object structure for less error prone handling.
 }());
-export { ErrorWWWAuthenticate };
-export var RawErrorToErrorClassMap = {
+exports.ErrorWWWAuthenticate = ErrorWWWAuthenticate;
+exports.RawErrorToErrorClassMap = {
     invalid_request: ErrorInvalidRequest,
@@ -276,5 +278,6 @@ invalid_grant: ErrorInvalidGrant,
  */
-export function toErrorClass(rawError) {
-    return new (RawErrorToErrorClassMap[rawError] || ErrorUnknown)();
+function toErrorClass(rawError) {
+    return new (exports.RawErrorToErrorClassMap[rawError] || ErrorUnknown)();
 }
+exports.toErrorClass = toErrorClass;
 /**
@@ -285,3 +288,3 @@ * A convience function to turn, for example, `Bearer realm="bity.com",
  */
-export function fromWWWAuthenticateHeaderStringToObject(a) {
+function fromWWWAuthenticateHeaderStringToObject(a) {
     var obj = a
@@ -299,2 +302,3 @@ .slice("Bearer ".length)
 }
+exports.fromWWWAuthenticateHeaderStringToObject = fromWWWAuthenticateHeaderStringToObject;
 /**
@@ -308,12 +312,16 @@ * HTTP headers that we need to access.
  */
-export var LOCALSTORAGE_ID = "oauth2authcodepkce";
-export var LOCALSTORAGE_STATE = LOCALSTORAGE_ID + "-state";
+exports.LOCALSTORAGE_ID = "oauth2authcodepkce";
+exports.LOCALSTORAGE_STATE = exports.LOCALSTORAGE_ID + "-state";
 /**
  * The maximum length for a code verifier for the best security we can offer.
+ * Please note the NOTE section of RFC 7636 § 4.1 - the length must be >= 43,
+ * but <= 128, **after** base64 url encoding. This means 32 code verifier bytes
+ * encoded will be 43 bytes, or 96 bytes encoded will be 128 bytes. So 96 bytes
+ * is the highest valid value that can be used.
  */
-export var RECOMMENDED_CODE_VERIFIER_LENGTH = 128;
+exports.RECOMMENDED_CODE_VERIFIER_LENGTH = 96;
 /**
  * A sensible length for the state's length, for anti-csrf.
  */
-export var RECOMMENDED_STATE_LENGTH = 32;
+exports.RECOMMENDED_STATE_LENGTH = 32;
 /**
@@ -389,3 +397,3 @@ * Character set to generate code verifier defined in rfc7636.
         }
-        var state = JSON.parse(localStorage.getItem(LOCALSTORAGE_STATE) || '{}');
+        var state = JSON.parse(localStorage.getItem(exports.LOCALSTORAGE_STATE) || '{}');
         var stateQueryParam = OAuth2AuthCodePKCE.extractParamFromUrl(location.href, 'state');
@@ -398,3 +406,3 @@ if (stateQueryParam !== state.stateQueryParam) {
         state.hasAuthCodeBeenExchangedForAccessToken = false;
-        localStorage.setItem(LOCALSTORAGE_STATE, JSON.stringify(state));
+        localStorage.setItem(exports.LOCALSTORAGE_STATE, JSON.stringify(state));
         this.setState(state);
@@ -420,7 +428,7 @@ return Promise.resolve(true);
                         stateQueryParam = OAuth2AuthCodePKCE
-                            .generateRandomState(RECOMMENDED_STATE_LENGTH);
+                            .generateRandomState(exports.RECOMMENDED_STATE_LENGTH);
                         this.state = __assign(__assign({}, this.state), { codeChallenge: codeChallenge,
                             codeVerifier: codeVerifier,
                             stateQueryParam: stateQueryParam });
-                        localStorage.setItem(LOCALSTORAGE_STATE, JSON.stringify(this.state));
+                        localStorage.setItem(exports.LOCALSTORAGE_STATE, JSON.stringify(this.state));
                         url = this.config.authorizationUrl
@@ -509,3 +517,3 @@ + "?response_type=code&"
             }
-            localStorage.setItem(LOCALSTORAGE_STATE, JSON.stringify(_this.state));
+            localStorage.setItem(exports.LOCALSTORAGE_STATE, JSON.stringify(_this.state));
             return { token: accessToken, scopes: scopes };
@@ -604,3 +612,3 @@ })
                 }
-                localStorage.setItem(LOCALSTORAGE_STATE, JSON.stringify(_this.state));
+                localStorage.setItem(exports.LOCALSTORAGE_STATE, JSON.stringify(_this.state));
                 return { token: accessToken, scopes: scopes };
@@ -611,3 +619,3 @@ });
     OAuth2AuthCodePKCE.prototype.recoverState = function () {
-        this.state = JSON.parse(localStorage.getItem(LOCALSTORAGE_STATE) || '{}');
+        this.state = JSON.parse(localStorage.getItem(exports.LOCALSTORAGE_STATE) || '{}');
         return this;
@@ -617,3 +625,3 @@ };
         this.state = state;
-        localStorage.setItem(LOCALSTORAGE_STATE, JSON.stringify(state));
+        localStorage.setItem(exports.LOCALSTORAGE_STATE, JSON.stringify(state));
         return this;
@@ -653,3 +661,3 @@ };
     OAuth2AuthCodePKCE.generatePKCECodes = function () {
-        var output = new Uint32Array(RECOMMENDED_CODE_VERIFIER_LENGTH);
+        var output = new Uint32Array(exports.RECOMMENDED_CODE_VERIFIER_LENGTH);
         crypto.getRandomValues(output);
@@ -688,2 +696,2 @@ var codeVerifier = OAuth2AuthCodePKCE.base64urlEncode(Array
 }());
-export { OAuth2AuthCodePKCE };
+exports.OAuth2AuthCodePKCE = OAuth2AuthCodePKCE;

index.ts

@@ -150,4 +150,8 @@ /**
  * The maximum length for a code verifier for the best security we can offer.
+ * Please note the NOTE section of RFC 7636 § 4.1 - the length must be >= 43,
+ * but <= 128, **after** base64 url encoding. This means 32 code verifier bytes
+ * encoded will be 43 bytes, or 96 bytes encoded will be 128 bytes. So 96 bytes
+ * is the highest valid value that can be used.
  */
-export const RECOMMENDED_CODE_VERIFIER_LENGTH = 128;
+export const RECOMMENDED_CODE_VERIFIER_LENGTH = 96;
 
@@ -154,0 +158,0 @@ /**

package.json

 {
   "name": "@bity/oauth2-auth-code-pkce",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "An OAuth 2.0 client that ONLY supports Authorization Code flow with PKCE support.",
   "main": "index.js",
   "types": "index.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/BitySA/oauth2-auth-code-pkce.git"
+  },
   "scripts": {
     "build:code:browser": "webpack",
-    "build:code:es2015": "tsc -p tsconfig.json -m es2015",
+    "build:code:es2015": "tsc -p tsconfig.json -m commonjs",
     "build:code": "npm run build:code:browser; npm run build:code:es2015",
@@ -11,0 +15,0 @@ "build": "npm run build:code",

README.md

@@ -30,4 +30,4 @@ # OAuth2AuthCodePKCE client
 |:--------------------------------|:--------------------------|
-| ESModules (import/export)       | index.js                  |
-| CommonJS2 (require e.g. nodejs) | oauth2-auth-code-pkce.js  |
+| Browser (window)                | index.umd.js              |
+| CommonJS (require e.g. nodejs)  | index.js                  |
 | TypeScript                      | index.ts                  |
@@ -34,0 +34,0 @@

webpack.config.js

@@ -19,7 +19,7 @@ const path = require('path');
   output: {
-    libraryTarget: 'commonjs2',
+    libraryTarget: 'umd',
     library: 'OAuth2AuthCodePKCE',
-    filename: 'oauth2-auth-code-pkce.js',
+    filename: 'index.umd.js',
     path: path.resolve(__dirname, './'),
   },
 };

Fixed alerts

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

124210

1.61%

Lines of code

2001

1.32%

Number of low supply chain risk alerts

0

-100%

No dependency changes