🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →

Book a Demo Install Sign in

@panva/oauth4webapi

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@panva/oauth4webapi

OAuth 2 / OpenID Connect Client for Web API runtimes

Source

npm

Version: 0.7.0

Version published: 4 years ago

Weekly downloads: 1.8K

Maintainers: 1

Weekly downloads

Created: 4 years ago

Source

OAuth 2 / OpenID Connect Client for Web APIs runtime

This is a collection of bits and pieces upon which a more streamlined Client module may be written.

In Scope & Implemented

Authorization Server Metadata discovery
OpenID Connect 1.0 and OAuth 2.0 Authorization Code Flow
PKCE
Refresh Token Grant
Device Authorization Grant
Client Credentials Grant
Demonstrating Proof-of-Possession at the Application Layer (DPoP)
Token Introspection
JWT Token Introspection
Token Revocation
JWT Secured Authorization Response Mode (JARM)
Confidential and Public Client
JWT-Secured Authorization Request (JAR)
Pushed Authorization Requests (PAR)
UserInfo Requests (Bearer and DPoP)
JWT UserInfo Responses
Protected Resource Requests (Bearer and DPoP)
Authorization Server Issuer Identification

Dependencies: 0

Examples

example ESM import

import * as oauth2 from '@panva/oauth4webapi'

example Deno import

import * as oauth2 from 'https://deno.land/x/doauth/src/index.ts'

Authorization Code Flow - OpenID Connect source, or plain OAuth 2.0 source
Private Key JWT Client Authentication - source | diff from code flow
DPoP - source | diff from code flow
Pushed Authorization Request (PAR) - source | diff from code flow
JWT Authorization Response Mode (JARM) - source | diff from code flow
Client Credentials Grant - source
Device Authorization Grant - source

Runtime requirements

The supported javascript runtimes include ones that

are reasonably up to date ECMAScript (targets ES2020, but may be further transpiled for compatibility)
support required Web API globals and standard built-in objects
- Fetch API and its related globals fetch, Response, Headers
- Web Crypto API and its related globals crypto, CryptoKey
- Encoding API and its related globals TextEncoder, TextDecoder
- URL API and its related globals URL, URLSearchParams
- atob and btoa
- Uint8Array

Other than browsers the supported runtimes are

Deno (^1.21.0)
Cloudflare Workers
Vercel Edge Functions
Next.js Middlewares
Electron (renderer process)

Pending runtime support

Node.js - once fetch and Web Crypto API are available as globals
Electron (main process) - once fetch and Web Crypto API are available as globals

Out of scope

CommonJS
OAuth 2.0 & OpenID Connect Implicit Flows
OAuth 2.0 Resource Owner Password Credentials
OpenID Connect Hybrid Flows
MTLS (because fetch does not support client certificates)
JWS HMAC Signed Responses
JWE Encrypted Messages

FAQs

What is @panva/oauth4webapi?

Is @panva/oauth4webapi popular?

Is @panva/oauth4webapi well maintained?

Package last updated on 05 May 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@panva/oauth4webapi

OAuth 2 / OpenID Connect Client for Web APIs runtime

In Scope & Implemented

Dependencies: 0

Documentation

Examples

Runtime requirements

Out of scope

Related posts

@panva/oauth4webapi

OAuth 2 / OpenID Connect Client for Web APIs runtime

In Scope & Implemented

Dependencies: 0

Examples

Runtime requirements

Out of scope

Related posts

Shai Hulud Strikes Again (v2)

Introducing Webhook Events for Alert Changes