Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
byu-wabs-oauth
Advanced tools
Readme
Manage OAuth client grant and auth code grant access tokens for BYU's implementation of WSO2.
$ npm install byu-wabs-oauth
Use this grant type for communicating from one server to another where a specific user’s permission to access data is not required.
const byuOAuth = require('byu-wabs-oauth')
;(async function () {
const oauth = await byuOAuth('<client_id>', '<client_secret>')
const token = await oauth.getClientGrantToken()
})()
Use this grant type if you need the user's authorization to access data. Getting this grant type is a two step process.
const byuOAuth = require('byu-wabs-oauth')
const querystring = require('querystring')
const redirectUrl = 'http://localhost:3000/'
// start a server that will listen for the OAuth code grant redirect
const server = http.createServer(async (req, res) => {
const oauth = await byuOAuth('<client_id>', '<client_secret>')
const qs = querystring.parse(req.url.split('?')[1] || '')
// if there is no code then redirect browser to authorization url
if (!qs.code) {
const url = await oauth.getAuthorizationUrl(redirectUrl)
res.setHeader('Location', url)
res.end()
// if there is a code then use the code to get the code grant token
} else {
const token = await oauth.getCodeGrantToken(qs.code, redirectUrl)
res.write(token.accessToken)
res.end()
}
});
const listener = server.listen(3000)
byuWabsOAuth (clientId: string, clientSecret: string, options: ByuJWT.Options) : Promise<ByuOAuth>
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
clientId | string | Yes | The client ID or consumer key |
clientSecret | string | Yes | The client secret or consumer secret |
options | ByuJWT.Options | No | The ByuJWT Options |
Returns a Promise that resolves to an object with the following methods and properties:
Methods:
Properties:
Example
const byuOAuth = require('byu-wabs-oauth')
const oauth = await byuOauth('<client_id>', '<client_secret>')
getAuthorizationUrl ( redirectUri: string [, state: string ] ): Promise<string>
Get the URL that needs to be visited to acquire an auth code grant code.
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
redirectUri | string | Yes | The URL that the API manager will redirect to after the user has authorized the application. |
state | string | No | State information to add to the URL. You can read this state information when the redirectUri is called. |
Returns a Promise that resolves to the URL.
Example
;(async () => {
const byuOAuth = require('byu-wabs-oauth')
const oauth = await byuOauth('<client_id>', '<client_secret>')
const url = await oauth.getAuthorizationUrl('https://my-server.com', 'state info')
})()
getClientGrantToken (): Promise<Token>
Get a client grant token.
Parameters
None
Returns a Promise that resolves to a token.
Example
;(async () => {
const byuOAuth = require('byu-wabs-oauth')
const oauth = await byuOauth('<client_id>', '<client_secret>')
const token = await oauth.getClientGrantToken()
})()
getAuthCodeGrantToken ( code: string, redirectUri: string): Promise<Token>
Get a code grant token.
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
code | string | Yes | The code grant code that signifies authorization |
redirectUri | string | Yes | The original URI specified when calling the getAuthorizationUrl function. |
Returns a Promise that resolves to a token.
Example
See the Code Grant Token example.
refreshToken ( refreshToken: string ): Promise<Token>
Get a new access token using a refresh token.
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
accessToken | string | Yes | The access token to refresh. |
refreshToken | string | Yes | The associated refresh token. |
Returns a Promise that resolves to a token.
Example
;(async () => {
const byuOAuth = require('byu-wabs-oauth')
const oauth = await byuOauth('<client_id>', '<client_secret>')
const token = await oauth.refreshToken('<access_token>', '<refresh_token>')
})()
revokeToken ( accessToken: string [, refreshToken: string ] ): Promise<void>
Revoke an access token and / or a refresh token.
Parameters
Parameter | Type | Required | Default | Description |
---|---|---|---|---|
accessToken | string | Yes | N/A | The access token to revoke. |
refreshToken | string | No | N/A | The associated refresh token to also revoke. |
Returns a Promise that resolves to undefined.
Example
;(async () => {
const byuOAuth = require('byu-wabs-oauth')
const oauth = await byuOauth('<client_id>', '<client_secret>')
await oauth.revokeToken('<access_token>', '<refresh_token>')
})()
This object has information about the current token as well as methods for managing the token. These are the properties:
undefined
if the token has been
revoked.undefined
for client grant tokens,
although client grant tokens can still be refreshed using the refresh
function on this object.aws sso login --profile byu-oit-devx-prd
npm install
npm test
./iac/vars.tfvars
.consumer_key = ""
consumer_secret = ""
callback_url = ""
net_id = ""
password = ""
export AWS_PROFILE=byu-oit-devx-prd
aws sso login --profile $AWS_PROFILE
./iac
directory, apply the changes in Terraform.Ensure you use same version of terraform (as of right now v1.2.2 is latest).
terraform init
terraform apply --var-file vars.tfvars
FAQs
Manage OAuth client grant and auth code grant access tokens for BYU's implementation of WSO2.
The npm package byu-wabs-oauth receives a total of 364 weekly downloads. As such, byu-wabs-oauth popularity was classified as not popular.
We found that byu-wabs-oauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.