Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@bity/oauth2-auth-code-pkce
Advanced tools
An OAuth 2.0 client that ONLY supports Authorization Code flow with PKCE support.
A zero dependency OAuth 2.0 client supporting only the authorization code grant (RFC 6749 § 4.1) with PKCE (RFC 7636) for client side protection.
Currently the only Type/JavaScript implementation in public existence.
1 file implementation for easy auditing.
npm install @bity/oauth2-auth-code-pkce
See the source code of tests/panel.html
. It's commented with helpful
information.
Run npm run serve:tests
and navigate to
http://localhost:8080/tests/panel.html
This page acts as a test panel for various scenarios. Play around! :)
Modify the example to use the correct configuration.
Some OAuth servers will return additional parameters to the requester. In order to access these they must be explicitly asked for:
config.explicitlyExposedTokens = ['open_id'];
Then this will be available as a property:
accessContext.explicitlyExposedTokens.open_id
.
It is probable you will encounter an OAuth server which requires some additional parameters. In order to pass extra parameters, add the following to the configuration:
config.extraAuthorizationParameters = { 'some_query_string_param': 'value', ... };
If you have values which need to be computed at run-time and then passed, you can pass them like so:
oauth2.fetchAuthorizationCode({ 'another_query_string_param': computedValue });
Module system | File |
---|---|
Browser (window) | index.umd.js |
CommonJS (require e.g. nodejs) | index.js |
TypeScript | index.ts |
Grab the NPM-generated bity-oauth2-auth-code-pkce-*.tgz
tarball from CI and
then use npm publish $tarball
to publish it to NPM.
FAQs
An OAuth 2.0 client that ONLY supports Authorization Code flow with PKCE support.
We found that @bity/oauth2-auth-code-pkce demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.