Socket
Socket
Sign inDemoInstall

authwith

Package Overview
Dependencies
22
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    authwith

Re-usable authentication library

Version published
Weekly downloads
8
Maintainers
1
Created
Weekly downloads
 

Readme

Source

Authwith

NPM version NPM downloads Build status Test coverage

Re-usable authentication library.

Installation

npm install authwith --save

Usage

Available implementations:

  • OAuth2
  • OpenIDConnect

Note: request (req: Request) => Promise<Response> must be provided for each implementation to support external requests (uses Servie interfaces).

OAuth 2.0

import { OAuth2 } from 'authwith'

const auth = new OAuth2(options, request)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • profileUri The URL to request user information
Parameters

These are passed as the final option to each method:

  • clientId The client id issued by the OAuth 2.0 server
  • clientSecret The client secret issued by the OAuth 2.0 server
  • redirectUri A URL on your server to receive callbacks from the OAuth 2.0 server
  • scope The requested scope string
  • state? An optional state to be verified on callback
Flow
  1. Redirect user to the URL returned from the auth.getRedirectUri(params) method
  • P.S. Save the state into the users session for verification on redirect
  1. When the callback (redirect) URL is invoked, call auth.getToken(uri, params) - this will make a request and return the access token
  2. With the access token from the response, call auth.getProfile(token, params) - this will retrieve the users profile information
  3. Refresh the token later with auth.refreshToken(refreshToken, params)

Open ID Connect

import { OpenIDConnect } from 'authwith'

const auth = new OpenIDConnect(options, request)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • issuer The issuer string for the ID token
Parameters

Extends OAuth2 parameters:

  • nonce? Verifies the nonce when reading the profile information
  • maxAge? Verifies the max age when reading the profile information
  • timestamp? Used in conjunction with maxAge to verify auth_time claim
Flow

OpenID Connect is built on top of OAuth 2.0. Internally, it will use the id_token instead of making a separate request for profile information.

TypeScript

This project is written using TypeScript and publishes the definitions directly to NPM.

License

Apache 2.0

Keywords

FAQs

Last updated on 04 Jun 2018

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Introducing SSO

Product

Introducing SSO

Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.

By Alex Morais  -  Apr 29, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc