@nanoauth/base
Advanced tools
@nanoauth/base — The Core of NanoAuthProvides a set of basic utilities for managing OAuth2 flows in a popup.
You can absolutely use this directly, but if there's a @nanoauth/ package specific to the site
you want to access, I recommend using that instead. The stuff in this package is pretty low-level.
Install NanoAuth as a dependency
npm install @nanoauth/base
Set up your redirect target. This should be an HTML file which just calls handleRedirect(), and it
must be served from the same origin as your application.
async getAuthorization(url: URL | string): Promise<Record<string, unknown>>Opens a popup for an OAuth2 flow and resolves with the resulting data. If the OAuth2 Provider redirects with an error or the popup fails to open, this will reject.
handleRedirect(): voidOnly used for the redirect target. Extracts the URL params for both Authorization Code (?query)
and Implicit Grant (#fragment) redirect responses, and sends them to the originating page with
postMessage.
generateRandom64(bytes: number): stringUtility for PKCE support. Uses browser crypto to securely generate a base64-encoded string of random bytes.
ErrorsPopupFailed extends ErrorFailed to open a popup. This usually happens due to a popup blocker. Check that you are calling
getAuthorization within one second of user interaction (ie, clicking a button)
StateMismatch extends ErrorThe state parameter received back from the OAuth2 provider wasn't the expected one.
OAuth2Error extends ErrorBase class for generic OAuth2 errors.
InvalidRequest extends OAuth2ErrorThe request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
UnauthorizedClient extends OAuth2ErrorThe client is not authorized to request an authorization code using this method.
AccessDenied extends OAuth2ErrorThe resource owner or authorization server denied the request.
UnsupportedResponseType extends OAuth2ErrorThe authorization server does not support obtaining an authorization code using this method.
InvalidScope extends OAuth2ErrorThe requested scope is invalid, unknown, or malformed.
ServerError extends OAuth2ErrorThe authorization server encountered an unexpected condition that prevented it from fulfilling the request.
TemporarilyUnavailable extends OAuth2ErrorThe authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
FAQs
A lightweight browser-side library for managing OAuth2 flows in a popup
We found that @nanoauth/base demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
Research
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Security News
TeamPCP is partnering with ransomware group Vect to turn open source supply chain attacks on tools like Trivy and LiteLLM into large-scale ransomware operations.