Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

authwith

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

authwith

Re-usable authentication library

  • 0.2.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2
Maintainers
1
Weekly downloads
 
Created
Source

Authwith

NPM version NPM downloads Build status Test coverage

Re-usable authentication library.

Installation

npm install authwith --save

Usage

Available implementations:

  • OAuth2
  • OpenIDConnect

Note: request (req: Request) => Promise<Response> must be provided for each implementation to support external requests (uses Servie interfaces).

OAuth 2.0

import { OAuth2 } from 'authwith'

const auth = new OAuth2(options, request)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • profileUri The URL to request user information
Parameters

These are passed as the final option to each method:

  • clientId The client id issued by the OAuth 2.0 server
  • clientSecret The client secret issued by the OAuth 2.0 server
  • redirectUri A URL on your server to receive callbacks from the OAuth 2.0 server
  • scope The requested scope string
  • state? An optional state to be verified on callback
Flow
  1. Redirect user to the URL returned from the auth.getRedirectUri(params) method
  • P.S. Save the state into the users session for verification on redirect
  1. When the callback (redirect) URL is invoked, call auth.getToken(uri, params) - this will make a request and return the access token
  2. With the access token from the response, call auth.getProfile(token, params) - this will retrieve the users profile information
  3. Refresh the token later with auth.refreshToken(refreshToken, params)

Open ID Connect

import { OpenIDConnect } from 'authwith'

const auth = new OpenIDConnect(options, request)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • issuer The issuer string for the ID token
Parameters

Extends OAuth2 parameters:

  • nonce? Verifies the nonce when reading the profile information
  • maxAge? Verifies the max age when reading the profile information
  • timestamp? Used in conjunction with maxAge to verify auth_time claim
Flow

OpenID Connect is built on top of OAuth 2.0. Internally, it will use the id_token instead of making a separate request for profile information.

TypeScript

This project is written using TypeScript and publishes the definitions directly to NPM.

License

Apache 2.0

Keywords

FAQs

Package last updated on 04 Jun 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Research

Security News

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

By Kirill Boychenko  -  Dec 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc