@octokit/auth-oauth-user - npm Package Compare versions

Comparing version 2.1.1 to 2.1.2

160

dist-node/index.js

		@@ -1,22 +0,49 @@
		'use strict';
		"use strict";
		var __create = Object.create;
		var __defProp = Object.defineProperty;
		var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
		var __getOwnPropNames = Object.getOwnPropertyNames;
		var __getProtoOf = Object.getPrototypeOf;
		var __hasOwnProp = Object.prototype.hasOwnProperty;
		var __export = (target, all) => {
		for (var name in all)
		__defProp(target, name, { get: all[name], enumerable: true });
		};
		var __copyProps = (to, from, except, desc) => {
		if (from && typeof from === "object" \|\| typeof from === "function") {
		for (let key of __getOwnPropNames(from))
		if (!__hasOwnProp.call(to, key) && key !== except)
		__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) \|\| desc.enumerable });
		}
		return to;
		};
		var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
		// If the importer is in node compatibility mode or this is not an ESM
		// file that has been converted to a CommonJS file using a Babel-
		// compatible transform (i.e. "__esModule" has not been set), then set
		// "default" to the CommonJS "module.exports" for node compatibility.
		isNodeMode \|\| !mod \|\| !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
		mod
		));
		var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);

		Object.defineProperty(exports, '__esModule', { value: true });
		// pkg/dist-src/index.js
		var dist_src_exports = {};
		__export(dist_src_exports, {
		createOAuthUserAuth: () => createOAuthUserAuth,
		requiresBasicAuth: () => requiresBasicAuth
		});
		module.exports = __toCommonJS(dist_src_exports);
		var import_universal_user_agent = require("universal-user-agent");
		var import_request = require("@octokit/request");

		function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
		// pkg/dist-src/version.js
		var VERSION = "2.1.2";

		var universalUserAgent = require('universal-user-agent');
		var request = require('@octokit/request');
		var authOauthDevice = require('@octokit/auth-oauth-device');
		var oauthMethods = require('@octokit/oauth-methods');
		var btoa = _interopDefault(require('btoa-lite'));

		const VERSION = "2.1.1";

		// @ts-nocheck there is only place for one of us in this file. And it's not you, TS
		// pkg/dist-src/get-authentication.js
		var import_auth_oauth_device = require("@octokit/auth-oauth-device");
		var import_oauth_methods = require("@octokit/oauth-methods");
		async function getAuthentication(state) {
		// handle code exchange form OAuth Web Flow
		if ("code" in state.strategyOptions) {
		const {
		authentication
		} = await oauthMethods.exchangeWebFlowCode({
		const { authentication } = await (0, import_oauth_methods.exchangeWebFlowCode)({
		clientId: state.clientId,
		@@ -35,5 +62,4 @@ clientSecret: state.clientSecret,
		}
		// handle OAuth device flow
		if ("onVerification" in state.strategyOptions) {
		const deviceAuth = authOauthDevice.createOAuthDeviceAuth({
		const deviceAuth = (0, import_auth_oauth_device.createOAuthDeviceAuth)({
		clientType: state.clientType,
		@@ -53,3 +79,2 @@ clientId: state.clientId,
		}
		// use existing authentication
		if ("token" in state.strategyOptions) {
		@@ -69,5 +94,7 @@ return {

		// pkg/dist-src/auth.js
		var import_oauth_methods2 = require("@octokit/oauth-methods");
		async function auth(state, options = {}) {
		var _a, _b;
		if (!state.authentication) {
		// This is what TS makes us do ¯\_(ツ)_/¯
		state.authentication = state.clientType === "oauth-app" ? await getAuthentication(state) : await getAuthentication(state);
		@@ -79,8 +106,5 @@ }
		const currentAuthentication = state.authentication;
		// (auto) refresh for user-to-server tokens
		if ("expiresAt" in currentAuthentication) {
		if (options.type === "refresh" \|\| new Date(currentAuthentication.expiresAt) < new Date()) {
		const {
		authentication
		} = await oauthMethods.refreshToken({
		if (options.type === "refresh" \|\| new Date(currentAuthentication.expiresAt) < /* @__PURE__ */ new Date()) {
		const { authentication } = await (0, import_oauth_methods2.refreshToken)({
		clientType: "github-app",
		@@ -99,7 +123,7 @@ clientId: state.clientId,
		}
		// throw error for invalid refresh call
		if (options.type === "refresh") {
		var _state$onTokenCreated;
		if (state.clientType === "oauth-app") {
		throw new Error("[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens");
		throw new Error(
		"[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens"
		);
		}
		@@ -109,13 +133,10 @@ if (!currentAuthentication.hasOwnProperty("expiresAt")) {
		}
		await ((_state$onTokenCreated = state.onTokenCreated) === null \|\| _state$onTokenCreated === void 0 ? void 0 : _state$onTokenCreated.call(state, state.authentication, {
		await ((_a = state.onTokenCreated) == null ? void 0 : _a.call(state, state.authentication, {
		type: options.type
		}));
		}
		// check or reset token
		if (options.type === "check" \|\| options.type === "reset") {
		const method = options.type === "check" ? oauthMethods.checkToken : oauthMethods.resetToken;
		const method = options.type === "check" ? import_oauth_methods2.checkToken : import_oauth_methods2.resetToken;
		try {
		const {
		authentication
		} = await method({
		const { authentication } = await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		@@ -135,4 +156,3 @@ clientType: state.clientType,
		if (options.type === "reset") {
		var _state$onTokenCreated2;
		await ((_state$onTokenCreated2 = state.onTokenCreated) === null \|\| _state$onTokenCreated2 === void 0 ? void 0 : _state$onTokenCreated2.call(state, state.authentication, {
		await ((_b = state.onTokenCreated) == null ? void 0 : _b.call(state, state.authentication, {
		type: options.type
		@@ -143,6 +163,4 @@ }));
		} catch (error) {
		// istanbul ignore else
		if (error.status === 404) {
		error.message = "[@octokit/auth-oauth-user] Token is invalid";
		// @ts-expect-error TBD
		state.authentication.invalid = true;
		@@ -153,5 +171,4 @@ }
		}
		// invalidate
		if (options.type === "delete" \|\| options.type === "deleteAuthorization") {
		const method = options.type === "delete" ? oauthMethods.deleteToken : oauthMethods.deleteAuthorization;
		const method = options.type === "delete" ? import_oauth_methods2.deleteToken : import_oauth_methods2.deleteAuthorization;
		try {
		@@ -167,4 +184,4 @@ await method({
		} catch (error) {
		// istanbul ignore if
		if (error.status !== 404) throw error;
		if (error.status !== 404)
		throw error;
		}
		@@ -177,19 +194,7 @@ state.authentication.invalid = true;

		/**
		* The following endpoints require an OAuth App to authenticate using its client_id and client_secret.
		*
		* - [`POST /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#check-a-token) - Check a token
		* - [`PATCH /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#reset-a-token) - Reset a token
		* - [`POST /applications/{client_id}/token/scoped`](https://docs.github.com/en/rest/reference/apps#create-a-scoped-access-token) - Create a scoped access token
		* - [`DELETE /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#delete-an-app-token) - Delete an app token
		* - [`DELETE /applications/{client_id}/grant`](https://docs.github.com/en/rest/reference/apps#delete-an-app-authorization) - Delete an app authorization
		*
		* deprecated:
		*
		* - [`GET /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#check-an-authorization) - Check an authorization
		* - [`POST /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#reset-an-authorization) - Reset an authorization
		* - [`DELETE /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-an-authorization-for-an-application) - Revoke an authorization for an application
		* - [`DELETE /applications/{client_id}/grants/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-a-grant-for-an-application) - Revoke a grant for an application
		*/
		const ROUTES_REQUIRING_BASIC_AUTH = /\/applications\/[^/]+\/(token\|grant)s?/;
		// pkg/dist-src/hook.js
		var import_btoa_lite = __toESM(require("btoa-lite"));

		// pkg/dist-src/requires-basic-auth.js
		var ROUTES_REQUIRING_BASIC_AUTH = /\/applications\/[^/]+\/(token\|grant)s?/;
		function requiresBasicAuth(url) {
		@@ -199,5 +204,8 @@ return url && ROUTES_REQUIRING_BASIC_AUTH.test(url);

		// pkg/dist-src/hook.js
		async function hook(state, request, route, parameters = {}) {
		const endpoint = request.endpoint.merge(route, parameters);
		// Do not intercept OAuth Web/Device flow request
		const endpoint = request.endpoint.merge(
		route,
		parameters
		);
		if (/\/login\/(oauth\/access_token\|device\/code)$/.test(endpoint.url)) {
		@@ -207,16 +215,7 @@ return request(endpoint);
		if (requiresBasicAuth(endpoint.url)) {
		const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
		const credentials = (0, import_btoa_lite.default)(`${state.clientId}:${state.clientSecret}`);
		endpoint.headers.authorization = `basic ${credentials}`;
		return request(endpoint);
		}
		// TS makes us do this ¯\_(ツ)_/¯
		const {
		token
		} = state.clientType === "oauth-app" ? await auth({
		...state,
		request
		}) : await auth({
		...state,
		request
		});
		const { token } = state.clientType === "oauth-app" ? await auth({ ...state, request }) : await auth({ ...state, request });
		endpoint.headers.authorization = "token " + token;
		@@ -226,2 +225,3 @@ return request(endpoint);

		// pkg/dist-src/index.js
		function createOAuthUserAuth({
		@@ -231,5 +231,5 @@ clientId,
		clientType = "oauth-app",
		request: request$1 = request.request.defaults({
		request = import_request.request.defaults({
		headers: {
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${universalUserAgent.getUserAgent()}`
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`
		}
		@@ -246,5 +246,4 @@ }),
		strategyOptions,
		request: request$1
		request
		});
		// @ts-expect-error not worth the extra code needed to appease TS
		return Object.assign(auth.bind(null, state), {
		@@ -256,5 +255,6 @@ // @ts-expect-error not worth the extra code needed to appease TS
		createOAuthUserAuth.VERSION = VERSION;

		exports.createOAuthUserAuth = createOAuthUserAuth;
		exports.requiresBasicAuth = requiresBasicAuth;
		//# sourceMappingURL=index.js.map
		// Annotate the CommonJS export names for ESM import in node:
		0 && (module.exports = {
		createOAuthUserAuth,
		requiresBasicAuth
		});

181

dist-src/auth.js

		import { getAuthentication } from "./get-authentication";
		import { checkToken, deleteAuthorization, deleteToken, refreshToken, resetToken, } from "@octokit/oauth-methods";
		export async function auth(state, options = {}) {
		if (!state.authentication) {
		// This is what TS makes us do ¯\_(ツ)_/¯
		state.authentication =
		state.clientType === "oauth-app"
		? await getAuthentication(state)
		: await getAuthentication(state);
		import {
		checkToken,
		deleteAuthorization,
		deleteToken,
		refreshToken,
		resetToken
		} from "@octokit/oauth-methods";
		async function auth(state, options = {}) {
		if (!state.authentication) {
		state.authentication = state.clientType === "oauth-app" ? await getAuthentication(state) : await getAuthentication(state);
		}
		if (state.authentication.invalid) {
		throw new Error("[@octokit/auth-oauth-user] Token is invalid");
		}
		const currentAuthentication = state.authentication;
		if ("expiresAt" in currentAuthentication) {
		if (options.type === "refresh" \|\| new Date(currentAuthentication.expiresAt) < /* @__PURE__ */ new Date()) {
		const { authentication } = await refreshToken({
		clientType: "github-app",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		refreshToken: currentAuthentication.refreshToken,
		request: state.request
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		...authentication
		};
		}
		if (state.authentication.invalid) {
		throw new Error("[@octokit/auth-oauth-user] Token is invalid");
		}
		if (options.type === "refresh") {
		if (state.clientType === "oauth-app") {
		throw new Error(
		"[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens"
		);
		}
		const currentAuthentication = state.authentication;
		// (auto) refresh for user-to-server tokens
		if ("expiresAt" in currentAuthentication) {
		if (options.type === "refresh" \|\|
		new Date(currentAuthentication.expiresAt) < new Date()) {
		const { authentication } = await refreshToken({
		clientType: "github-app",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		refreshToken: currentAuthentication.refreshToken,
		request: state.request,
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		...authentication,
		};
		}
		if (!currentAuthentication.hasOwnProperty("expiresAt")) {
		throw new Error("[@octokit/auth-oauth-user] Refresh token missing");
		}
		// throw error for invalid refresh call
		if (options.type === "refresh") {
		if (state.clientType === "oauth-app") {
		throw new Error("[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens");
		}
		if (!currentAuthentication.hasOwnProperty("expiresAt")) {
		throw new Error("[@octokit/auth-oauth-user] Refresh token missing");
		}
		await state.onTokenCreated?.(state.authentication, {
		type: options.type
		});
		}
		if (options.type === "check" \|\| options.type === "reset") {
		const method = options.type === "check" ? checkToken : resetToken;
		try {
		const { authentication } = await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		// @ts-expect-error TBD
		...authentication
		};
		if (options.type === "reset") {
		await state.onTokenCreated?.(state.authentication, {
		type: options.type,
		type: options.type
		});
		}
		return state.authentication;
		} catch (error) {
		if (error.status === 404) {
		error.message = "[@octokit/auth-oauth-user] Token is invalid";
		state.authentication.invalid = true;
		}
		throw error;
		}
		// check or reset token
		if (options.type === "check" \|\| options.type === "reset") {
		const method = options.type === "check" ? checkToken : resetToken;
		try {
		const { authentication } = await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request,
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		// @ts-expect-error TBD
		...authentication,
		};
		if (options.type === "reset") {
		await state.onTokenCreated?.(state.authentication, {
		type: options.type,
		});
		}
		return state.authentication;
		}
		catch (error) {
		// istanbul ignore else
		if (error.status === 404) {
		error.message = "[@octokit/auth-oauth-user] Token is invalid";
		// @ts-expect-error TBD
		state.authentication.invalid = true;
		}
		throw error;
		}
		}
		if (options.type === "delete" \|\| options.type === "deleteAuthorization") {
		const method = options.type === "delete" ? deleteToken : deleteAuthorization;
		try {
		await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request
		});
		} catch (error) {
		if (error.status !== 404)
		throw error;
		}
		// invalidate
		if (options.type === "delete" \|\| options.type === "deleteAuthorization") {
		const method = options.type === "delete" ? deleteToken : deleteAuthorization;
		try {
		await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request,
		});
		}
		catch (error) {
		// istanbul ignore if
		if (error.status !== 404)
		throw error;
		}
		state.authentication.invalid = true;
		return state.authentication;
		}
		state.authentication.invalid = true;
		return state.authentication;
		}
		return state.authentication;
		}
		export {
		auth
		};

dist-src/get-authentication.js

		@@ -1,51 +0,50 @@
		// @ts-nocheck there is only place for one of us in this file. And it's not you, TS
		import { createOAuthDeviceAuth } from "@octokit/auth-oauth-device";
		import { exchangeWebFlowCode } from "@octokit/oauth-methods";
		export async function getAuthentication(state) {
		// handle code exchange form OAuth Web Flow
		if ("code" in state.strategyOptions) {
		const { authentication } = await exchangeWebFlowCode({
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request,
		});
		return {
		type: "token",
		tokenType: "oauth",
		...authentication,
		};
		}
		// handle OAuth device flow
		if ("onVerification" in state.strategyOptions) {
		const deviceAuth = createOAuthDeviceAuth({
		clientType: state.clientType,
		clientId: state.clientId,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request,
		});
		const authentication = await deviceAuth({
		type: "oauth",
		});
		return {
		clientSecret: state.clientSecret,
		...authentication,
		};
		}
		// use existing authentication
		if ("token" in state.strategyOptions) {
		return {
		type: "token",
		tokenType: "oauth",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		};
		}
		throw new Error("[@octokit/auth-oauth-user] Invalid strategy options");
		async function getAuthentication(state) {
		if ("code" in state.strategyOptions) {
		const { authentication } = await exchangeWebFlowCode({
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request
		});
		return {
		type: "token",
		tokenType: "oauth",
		...authentication
		};
		}
		if ("onVerification" in state.strategyOptions) {
		const deviceAuth = createOAuthDeviceAuth({
		clientType: state.clientType,
		clientId: state.clientId,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request
		});
		const authentication = await deviceAuth({
		type: "oauth"
		});
		return {
		clientSecret: state.clientSecret,
		...authentication
		};
		}
		if ("token" in state.strategyOptions) {
		return {
		type: "token",
		tokenType: "oauth",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions
		};
		}
		throw new Error("[@octokit/auth-oauth-user] Invalid strategy options");
		}
		export {
		getAuthentication
		};

dist-src/hook.js

		import btoa from "btoa-lite";
		import { auth } from "./auth";
		import { requiresBasicAuth } from "./requires-basic-auth";
		export async function hook(state, request, route, parameters = {}) {
		const endpoint = request.endpoint.merge(route, parameters);
		// Do not intercept OAuth Web/Device flow request
		if (/\/login\/(oauth\/access_token\|device\/code)$/.test(endpoint.url)) {
		return request(endpoint);
		}
		if (requiresBasicAuth(endpoint.url)) {
		const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
		endpoint.headers.authorization = `basic ${credentials}`;
		return request(endpoint);
		}
		// TS makes us do this ¯\_(ツ)_/¯
		const { token } = state.clientType === "oauth-app"
		? await auth({ ...state, request })
		: await auth({ ...state, request });
		endpoint.headers.authorization = "token " + token;
		async function hook(state, request, route, parameters = {}) {
		const endpoint = request.endpoint.merge(
		route,
		parameters
		);
		if (/\/login\/(oauth\/access_token\|device\/code)$/.test(endpoint.url)) {
		return request(endpoint);
		}
		if (requiresBasicAuth(endpoint.url)) {
		const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
		endpoint.headers.authorization = `basic ${credentials}`;
		return request(endpoint);
		}
		const { token } = state.clientType === "oauth-app" ? await auth({ ...state, request }) : await auth({ ...state, request });
		endpoint.headers.authorization = "token " + token;
		return request(endpoint);
		}
		export {
		hook
		};

dist-src/index.js

		@@ -6,22 +6,32 @@ import { getUserAgent } from "universal-user-agent";
		import { hook } from "./hook";
		export { requiresBasicAuth } from "./requires-basic-auth";
		export function createOAuthUserAuth({ clientId, clientSecret, clientType = "oauth-app", request = octokitRequest.defaults({
		import { requiresBasicAuth } from "./requires-basic-auth";
		function createOAuthUserAuth({
		clientId,
		clientSecret,
		clientType = "oauth-app",
		request = octokitRequest.defaults({
		headers: {
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${getUserAgent()}`,
		},
		}), onTokenCreated, ...strategyOptions }) {
		const state = Object.assign({
		clientType,
		clientId,
		clientSecret,
		onTokenCreated,
		strategyOptions,
		request,
		});
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${getUserAgent()}`
		}
		}),
		onTokenCreated,
		...strategyOptions
		}) {
		const state = Object.assign({
		clientType,
		clientId,
		clientSecret,
		onTokenCreated,
		strategyOptions,
		request
		});
		return Object.assign(auth.bind(null, state), {
		// @ts-expect-error not worth the extra code needed to appease TS
		return Object.assign(auth.bind(null, state), {
		// @ts-expect-error not worth the extra code needed to appease TS
		hook: hook.bind(null, state),
		});
		hook: hook.bind(null, state)
		});
		}
		createOAuthUserAuth.VERSION = VERSION;
		export {
		createOAuthUserAuth,
		requiresBasicAuth
		};

dist-src/requires-basic-auth.js

		@@ -1,20 +0,7 @@
		/**
		* The following endpoints require an OAuth App to authenticate using its client_id and client_secret.
		*
		* - [`POST /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#check-a-token) - Check a token
		* - [`PATCH /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#reset-a-token) - Reset a token
		* - [`POST /applications/{client_id}/token/scoped`](https://docs.github.com/en/rest/reference/apps#create-a-scoped-access-token) - Create a scoped access token
		* - [`DELETE /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#delete-an-app-token) - Delete an app token
		* - [`DELETE /applications/{client_id}/grant`](https://docs.github.com/en/rest/reference/apps#delete-an-app-authorization) - Delete an app authorization
		*
		* deprecated:
		*
		* - [`GET /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#check-an-authorization) - Check an authorization
		* - [`POST /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#reset-an-authorization) - Reset an authorization
		* - [`DELETE /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-an-authorization-for-an-application) - Revoke an authorization for an application
		* - [`DELETE /applications/{client_id}/grants/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-a-grant-for-an-application) - Revoke a grant for an application
		*/
		const ROUTES_REQUIRING_BASIC_AUTH = /\/applications\/[^/]+\/(token\|grant)s?/;
		export function requiresBasicAuth(url) {
		return url && ROUTES_REQUIRING_BASIC_AUTH.test(url);
		function requiresBasicAuth(url) {
		return url && ROUTES_REQUIRING_BASIC_AUTH.test(url);
		}
		export {
		requiresBasicAuth
		};

dist-src/version.js

		@@ -1,1 +0,4 @@
		export const VERSION = "2.1.1";
		const VERSION = "2.1.2";
		export {
		VERSION
		};

dist-types/auth.d.ts

		@@ -1,3 +0,3 @@
		import { OAuthAppAuthOptions, GitHubAppAuthOptions, OAuthAppAuthentication, GitHubAppAuthentication, GitHubAppAuthenticationWithExpiration, OAuthAppState, GitHubAppState } from "./types";
		import type { OAuthAppAuthOptions, GitHubAppAuthOptions, OAuthAppAuthentication, GitHubAppAuthentication, GitHubAppAuthenticationWithExpiration, OAuthAppState, GitHubAppState } from "./types";
		export declare function auth(state: OAuthAppState, options?: OAuthAppAuthOptions): Promise<OAuthAppAuthentication>;
		export declare function auth(state: GitHubAppState, options?: GitHubAppAuthOptions): Promise<GitHubAppAuthentication \| GitHubAppAuthenticationWithExpiration>;

dist-types/hook.d.ts

		@@ -1,3 +0,3 @@
		import { EndpointOptions, OctokitResponse, RequestInterface, RequestParameters, Route } from "@octokit/types";
		import { OAuthAppState, GitHubAppState } from "./types";
		import type { EndpointOptions, OctokitResponse, RequestInterface, RequestParameters, Route } from "@octokit/types";
		import type { OAuthAppState, GitHubAppState } from "./types";
		type AnyResponse = OctokitResponse<any>;
		@@ -4,0 +4,0 @@ export declare function hook(state: OAuthAppState, request: RequestInterface, route: Route \| EndpointOptions, parameters: RequestParameters): Promise<AnyResponse>;

dist-types/index.d.ts

		@@ -1,3 +0,3 @@
		import { OAuthAppStrategyOptions, GitHubAppStrategyOptions, OAuthAppAuthInterface, GitHubAppAuthInterface } from "./types";
		export { OAuthAppStrategyOptionsWebFlow, GitHubAppStrategyOptionsWebFlow, OAuthAppStrategyOptionsDeviceFlow, GitHubAppStrategyOptionsDeviceFlow, OAuthAppStrategyOptionsExistingAuthentication, GitHubAppStrategyOptionsExistingAuthentication, GitHubAppStrategyOptionsExistingAuthenticationWithExpiration, OAuthAppStrategyOptions, GitHubAppStrategyOptions, OAuthAppAuthOptions, GitHubAppAuthOptions, OAuthAppAuthentication, GitHubAppAuthentication, GitHubAppAuthenticationWithExpiration, } from "./types";
		import type { OAuthAppStrategyOptions, GitHubAppStrategyOptions, OAuthAppAuthInterface, GitHubAppAuthInterface } from "./types";
		export type { OAuthAppStrategyOptionsWebFlow, GitHubAppStrategyOptionsWebFlow, OAuthAppStrategyOptionsDeviceFlow, GitHubAppStrategyOptionsDeviceFlow, OAuthAppStrategyOptionsExistingAuthentication, GitHubAppStrategyOptionsExistingAuthentication, GitHubAppStrategyOptionsExistingAuthenticationWithExpiration, OAuthAppStrategyOptions, GitHubAppStrategyOptions, OAuthAppAuthOptions, GitHubAppAuthOptions, OAuthAppAuthentication, GitHubAppAuthentication, GitHubAppAuthenticationWithExpiration, } from "./types";
		export { requiresBasicAuth } from "./requires-basic-auth";
		@@ -4,0 +4,0 @@ export declare function createOAuthUserAuth(options: OAuthAppStrategyOptions): OAuthAppAuthInterface;

dist-types/version.d.ts

		@@ -1,1 +0,1 @@
		export declare const VERSION = "2.1.1";
		export declare const VERSION = "2.1.2";

380

dist-web/index.js

		@@ -1,222 +0,212 @@
		import { getUserAgent } from 'universal-user-agent';
		import { request } from '@octokit/request';
		import { createOAuthDeviceAuth } from '@octokit/auth-oauth-device';
		import { exchangeWebFlowCode, refreshToken, checkToken, resetToken, deleteToken, deleteAuthorization } from '@octokit/oauth-methods';
		import btoa from 'btoa-lite';
		// pkg/dist-src/index.js
		import { getUserAgent } from "universal-user-agent";
		import { request as octokitRequest } from "@octokit/request";

		const VERSION = "2.1.1";
		// pkg/dist-src/version.js
		var VERSION = "2.1.2";

		// @ts-nocheck there is only place for one of us in this file. And it's not you, TS
		// pkg/dist-src/get-authentication.js
		import { createOAuthDeviceAuth } from "@octokit/auth-oauth-device";
		import { exchangeWebFlowCode } from "@octokit/oauth-methods";
		async function getAuthentication(state) {
		// handle code exchange form OAuth Web Flow
		if ("code" in state.strategyOptions) {
		const { authentication } = await exchangeWebFlowCode({
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request,
		});
		return {
		type: "token",
		tokenType: "oauth",
		...authentication,
		};
		}
		// handle OAuth device flow
		if ("onVerification" in state.strategyOptions) {
		const deviceAuth = createOAuthDeviceAuth({
		clientType: state.clientType,
		clientId: state.clientId,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request,
		});
		const authentication = await deviceAuth({
		type: "oauth",
		});
		return {
		clientSecret: state.clientSecret,
		...authentication,
		};
		}
		// use existing authentication
		if ("token" in state.strategyOptions) {
		return {
		type: "token",
		tokenType: "oauth",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		};
		}
		throw new Error("[@octokit/auth-oauth-user] Invalid strategy options");
		if ("code" in state.strategyOptions) {
		const { authentication } = await exchangeWebFlowCode({
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request
		});
		return {
		type: "token",
		tokenType: "oauth",
		...authentication
		};
		}
		if ("onVerification" in state.strategyOptions) {
		const deviceAuth = createOAuthDeviceAuth({
		clientType: state.clientType,
		clientId: state.clientId,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions,
		request: state.request
		});
		const authentication = await deviceAuth({
		type: "oauth"
		});
		return {
		clientSecret: state.clientSecret,
		...authentication
		};
		}
		if ("token" in state.strategyOptions) {
		return {
		type: "token",
		tokenType: "oauth",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		clientType: state.clientType,
		onTokenCreated: state.onTokenCreated,
		...state.strategyOptions
		};
		}
		throw new Error("[@octokit/auth-oauth-user] Invalid strategy options");
		}

		// pkg/dist-src/auth.js
		import {
		checkToken,
		deleteAuthorization,
		deleteToken,
		refreshToken,
		resetToken
		} from "@octokit/oauth-methods";
		async function auth(state, options = {}) {
		if (!state.authentication) {
		// This is what TS makes us do ¯\_(ツ)_/¯
		state.authentication =
		state.clientType === "oauth-app"
		? await getAuthentication(state)
		: await getAuthentication(state);
		if (!state.authentication) {
		state.authentication = state.clientType === "oauth-app" ? await getAuthentication(state) : await getAuthentication(state);
		}
		if (state.authentication.invalid) {
		throw new Error("[@octokit/auth-oauth-user] Token is invalid");
		}
		const currentAuthentication = state.authentication;
		if ("expiresAt" in currentAuthentication) {
		if (options.type === "refresh" \|\| new Date(currentAuthentication.expiresAt) < /* @__PURE__ */ new Date()) {
		const { authentication } = await refreshToken({
		clientType: "github-app",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		refreshToken: currentAuthentication.refreshToken,
		request: state.request
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		...authentication
		};
		}
		if (state.authentication.invalid) {
		throw new Error("[@octokit/auth-oauth-user] Token is invalid");
		}
		if (options.type === "refresh") {
		if (state.clientType === "oauth-app") {
		throw new Error(
		"[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens"
		);
		}
		const currentAuthentication = state.authentication;
		// (auto) refresh for user-to-server tokens
		if ("expiresAt" in currentAuthentication) {
		if (options.type === "refresh" \|\|
		new Date(currentAuthentication.expiresAt) < new Date()) {
		const { authentication } = await refreshToken({
		clientType: "github-app",
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		refreshToken: currentAuthentication.refreshToken,
		request: state.request,
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		...authentication,
		};
		}
		if (!currentAuthentication.hasOwnProperty("expiresAt")) {
		throw new Error("[@octokit/auth-oauth-user] Refresh token missing");
		}
		// throw error for invalid refresh call
		if (options.type === "refresh") {
		if (state.clientType === "oauth-app") {
		throw new Error("[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens");
		}
		if (!currentAuthentication.hasOwnProperty("expiresAt")) {
		throw new Error("[@octokit/auth-oauth-user] Refresh token missing");
		}
		await state.onTokenCreated?.(state.authentication, {
		type: options.type
		});
		}
		if (options.type === "check" \|\| options.type === "reset") {
		const method = options.type === "check" ? checkToken : resetToken;
		try {
		const { authentication } = await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		// @ts-expect-error TBD
		...authentication
		};
		if (options.type === "reset") {
		await state.onTokenCreated?.(state.authentication, {
		type: options.type,
		type: options.type
		});
		}
		return state.authentication;
		} catch (error) {
		if (error.status === 404) {
		error.message = "[@octokit/auth-oauth-user] Token is invalid";
		state.authentication.invalid = true;
		}
		throw error;
		}
		// check or reset token
		if (options.type === "check" \|\| options.type === "reset") {
		const method = options.type === "check" ? checkToken : resetToken;
		try {
		const { authentication } = await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request,
		});
		state.authentication = {
		tokenType: "oauth",
		type: "token",
		// @ts-expect-error TBD
		...authentication,
		};
		if (options.type === "reset") {
		await state.onTokenCreated?.(state.authentication, {
		type: options.type,
		});
		}
		return state.authentication;
		}
		catch (error) {
		// istanbul ignore else
		if (error.status === 404) {
		error.message = "[@octokit/auth-oauth-user] Token is invalid";
		// @ts-expect-error TBD
		state.authentication.invalid = true;
		}
		throw error;
		}
		}
		if (options.type === "delete" \|\| options.type === "deleteAuthorization") {
		const method = options.type === "delete" ? deleteToken : deleteAuthorization;
		try {
		await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request
		});
		} catch (error) {
		if (error.status !== 404)
		throw error;
		}
		// invalidate
		if (options.type === "delete" \|\| options.type === "deleteAuthorization") {
		const method = options.type === "delete" ? deleteToken : deleteAuthorization;
		try {
		await method({
		// @ts-expect-error making TS happy would require unnecessary code so no
		clientType: state.clientType,
		clientId: state.clientId,
		clientSecret: state.clientSecret,
		token: state.authentication.token,
		request: state.request,
		});
		}
		catch (error) {
		// istanbul ignore if
		if (error.status !== 404)
		throw error;
		}
		state.authentication.invalid = true;
		return state.authentication;
		}
		state.authentication.invalid = true;
		return state.authentication;
		}
		return state.authentication;
		}

		/**
		* The following endpoints require an OAuth App to authenticate using its client_id and client_secret.
		*
		* - [`POST /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#check-a-token) - Check a token
		* - [`PATCH /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#reset-a-token) - Reset a token
		* - [`POST /applications/{client_id}/token/scoped`](https://docs.github.com/en/rest/reference/apps#create-a-scoped-access-token) - Create a scoped access token
		* - [`DELETE /applications/{client_id}/token`](https://docs.github.com/en/rest/reference/apps#delete-an-app-token) - Delete an app token
		* - [`DELETE /applications/{client_id}/grant`](https://docs.github.com/en/rest/reference/apps#delete-an-app-authorization) - Delete an app authorization
		*
		* deprecated:
		*
		* - [`GET /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#check-an-authorization) - Check an authorization
		* - [`POST /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#reset-an-authorization) - Reset an authorization
		* - [`DELETE /applications/{client_id}/tokens/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-an-authorization-for-an-application) - Revoke an authorization for an application
		* - [`DELETE /applications/{client_id}/grants/{access_token}`](https://docs.github.com/en/rest/reference/apps#revoke-a-grant-for-an-application) - Revoke a grant for an application
		*/
		const ROUTES_REQUIRING_BASIC_AUTH = /\/applications\/[^/]+\/(token\|grant)s?/;
		// pkg/dist-src/hook.js
		import btoa from "btoa-lite";

		// pkg/dist-src/requires-basic-auth.js
		var ROUTES_REQUIRING_BASIC_AUTH = /\/applications\/[^/]+\/(token\|grant)s?/;
		function requiresBasicAuth(url) {
		return url && ROUTES_REQUIRING_BASIC_AUTH.test(url);
		return url && ROUTES_REQUIRING_BASIC_AUTH.test(url);
		}

		// pkg/dist-src/hook.js
		async function hook(state, request, route, parameters = {}) {
		const endpoint = request.endpoint.merge(route, parameters);
		// Do not intercept OAuth Web/Device flow request
		if (/\/login\/(oauth\/access_token\|device\/code)$/.test(endpoint.url)) {
		return request(endpoint);
		}
		if (requiresBasicAuth(endpoint.url)) {
		const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
		endpoint.headers.authorization = `basic ${credentials}`;
		return request(endpoint);
		}
		// TS makes us do this ¯\_(ツ)_/¯
		const { token } = state.clientType === "oauth-app"
		? await auth({ ...state, request })
		: await auth({ ...state, request });
		endpoint.headers.authorization = "token " + token;
		const endpoint = request.endpoint.merge(
		route,
		parameters
		);
		if (/\/login\/(oauth\/access_token\|device\/code)$/.test(endpoint.url)) {
		return request(endpoint);
		}
		if (requiresBasicAuth(endpoint.url)) {
		const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
		endpoint.headers.authorization = `basic ${credentials}`;
		return request(endpoint);
		}
		const { token } = state.clientType === "oauth-app" ? await auth({ ...state, request }) : await auth({ ...state, request });
		endpoint.headers.authorization = "token " + token;
		return request(endpoint);
		}

		function createOAuthUserAuth({ clientId, clientSecret, clientType = "oauth-app", request: request$1 = request.defaults({
		// pkg/dist-src/index.js
		function createOAuthUserAuth({
		clientId,
		clientSecret,
		clientType = "oauth-app",
		request = octokitRequest.defaults({
		headers: {
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${getUserAgent()}`,
		},
		}), onTokenCreated, ...strategyOptions }) {
		const state = Object.assign({
		clientType,
		clientId,
		clientSecret,
		onTokenCreated,
		strategyOptions,
		request: request$1,
		});
		"user-agent": `octokit-auth-oauth-app.js/${VERSION} ${getUserAgent()}`
		}
		}),
		onTokenCreated,
		...strategyOptions
		}) {
		const state = Object.assign({
		clientType,
		clientId,
		clientSecret,
		onTokenCreated,
		strategyOptions,
		request
		});
		return Object.assign(auth.bind(null, state), {
		// @ts-expect-error not worth the extra code needed to appease TS
		return Object.assign(auth.bind(null, state), {
		// @ts-expect-error not worth the extra code needed to appease TS
		hook: hook.bind(null, state),
		});
		hook: hook.bind(null, state)
		});
		}
		createOAuthUserAuth.VERSION = VERSION;

		export { createOAuthUserAuth, requiresBasicAuth };
		//# sourceMappingURL=index.js.map
		export {
		createOAuthUserAuth,
		requiresBasicAuth
		};

package.json

		{
		"name": "@octokit/auth-oauth-user",
		"publishConfig": {
		"access": "public"
		},
		"version": "2.1.2",
		"description": "Octokit authentication strategy for OAuth clients",
		"version": "2.1.1",
		"license": "MIT",
		"files": [
		"dist-*/",
		"bin/"
		],
		"pika": true,
		"sideEffects": false,
		"repository": "https://github.com/octokit/auth-oauth-user.js",
		"keywords": [
		@@ -18,3 +15,4 @@ "github",
		],
		"repository": "https://github.com/octokit/auth-oauth-user.js",
		"author": "Gregor Martynus (https://dev.to/gr2m)",
		"license": "MIT",
		"dependencies": {
		@@ -28,32 +26,32 @@ "@octokit/auth-oauth-device": "^4.0.0",
		},
		"peerDependencies": {},
		"devDependencies": {
		"@octokit/core": "^4.0.0",
		"@octokit/tsconfig": "^1.0.2",
		"@pika/pack": "^0.5.0",
		"@pika/plugin-build-node": "^0.9.2",
		"@pika/plugin-build-web": "^0.9.2",
		"@pika/plugin-ts-standard-pkg": "^0.9.2",
		"@octokit/tsconfig": "^2.0.0",
		"@types/btoa-lite": "^1.0.0",
		"@types/jest": "^29.0.0",
		"@types/node": "^18.0.0",
		"esbuild": "^0.17.19",
		"fetch-mock": "^9.11.0",
		"glob": "^10.2.7",
		"jest": "^29.0.0",
		"mockdate": "^3.0.4",
		"prettier": "2.8.3",
		"semantic-release": "^20.0.0",
		"prettier": "2.8.8",
		"semantic-release": "^21.0.0",
		"semantic-release-plugin-update-version-in-files": "^1.1.0",
		"ts-jest": "^29.0.0",
		"typescript": "^4.2.3"
		"typescript": "^5.0.0"
		},
		"peerDependencies": {},
		"engines": {
		"node": ">= 14"
		},
		"publishConfig": {
		"access": "public"
		},
		"source": "dist-src/index.js",
		"files": [
		"dist-/*",
		"bin/**"
		],
		"main": "dist-node/index.js",
		"browser": "dist-web/index.js",
		"types": "dist-types/index.d.ts",
		"main": "dist-node/index.js",
		"module": "dist-web/index.js"
		"module": "dist-src/index.js",
		"sideEffects": false
		}

dist-src/types.js

dist-node/index.js.map

Sorry, the diff of this file is not supported yet

dist-web/index.js.map

Sorry, the diff of this file is not supported yet

@octokit/auth-oauth-user - npm Package Compare versions

Fixed alerts

Improved metrics

Worsened metrics