🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

client-oauth2

Package Overview
Dependencies
Maintainers
1
Versions
39
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

client-oauth2 - npm Package Compare versions

Comparing version

2.0.0
to
2.1.0

95

client-oauth2.js

@@ -5,3 +5,2 @@ var extend = require('xtend')

var parseUrl = require('url').parse
var omit = require('object.omit')

@@ -205,2 +204,14 @@ var btoa = typeof Buffer === 'function' ? btoaBuffer : window.btoa

/**
* Merge request options from an options object.
*/
function requestOptions (requestOptions, options) {
return extend(requestOptions, {
body: extend(options.body, requestOptions.body),
query: extend(options.query, requestOptions.query),
headers: extend(options.headers, requestOptions.headers),
options: extend(options.options, requestOptions.options)
})
}
/**
* Construct an object that can handle the multiple OAuth 2.0 flows.

@@ -251,7 +262,7 @@ *

*
* @param {Object} options
* @param {Object} requestObject
* @return {Promise}
*/
ClientOAuth2.prototype._request = function (options) {
return this.request(this._requestOptions(options))
ClientOAuth2.prototype._request = function (requestObject) {
return this.request(requestObject)
.then(function (res) {

@@ -269,11 +280,2 @@ if (res.status < 200 || res.status >= 399) {

ClientOAuth2.prototype._requestOptions = function (options) {
return extend(options, {
body: extend(this.options.body, options.body),
query: extend(this.options.query, options.query),
headers: extend(this.options.headers, options.headers),
options: extend(this.options.options, options.options)
})
}
/**

@@ -292,8 +294,3 @@ * Set `popsicle` as the default request method.

this.client = client
this.data = omit(data, [
'access_token', 'refresh_token', 'token_type', 'expires_in', 'scope',
'state', 'error', 'error_description', 'error_uri'
])
this.data = data
this.tokenType = data.token_type && data.token_type.toLowerCase()

@@ -326,6 +323,6 @@ this.accessToken = data.access_token

*
* @param {Object} opts
* @param {Object} requestOptions
* @return {Object}
*/
ClientOAuth2Token.prototype.sign = function (opts) {
ClientOAuth2Token.prototype.sign = function (requestObject) {
if (!this.accessToken) {

@@ -335,8 +332,8 @@ throw new Error('Unable to sign without access token')

opts.headers = opts.headers || {}
requestObject.headers = requestObject.headers || {}
if (this.tokenType === 'bearer') {
opts.headers.Authorization = 'Bearer ' + this.accessToken
requestObject.headers.Authorization = 'Bearer ' + this.accessToken
} else {
var parts = opts.url.split('#')
var parts = requestObject.url.split('#')
var token = 'access_token=' + this.accessToken

@@ -347,11 +344,11 @@ var url = parts[0].replace(/[?&]access_token=[^&#]/, '')

// Prepend the correct query string parameter to the url.
opts.url = url + (url.indexOf('?') > -1 ? '&' : '?') + token + fragment
requestObject.url = url + (url.indexOf('?') > -1 ? '&' : '?') + token + fragment
// Attempt to avoid storing the url in proxies, since the access token
// is exposed in the query parameters.
opts.headers.Pragma = 'no-store'
opts.headers['Cache-Control'] = 'no-store'
requestObject.headers.Pragma = 'no-store'
requestObject.headers['Cache-Control'] = 'no-store'
}
return opts
return requestObject
}

@@ -362,7 +359,7 @@

*
* @param {Object} opts
* @param {Object} options
* @return {Promise}
*/
ClientOAuth2Token.prototype.request = function (opts) {
return this.client.request(this.client._requestOptions(this.sign(opts)))
ClientOAuth2Token.prototype.request = function (options) {
return this.client.request(requestOptions(this.sign(options), this.client.options))
}

@@ -375,6 +372,7 @@

*/
ClientOAuth2Token.prototype.refresh = function () {
ClientOAuth2Token.prototype.refresh = function (options) {
var self = this
var options = this.client.options
options = extend(this.client.options, options)
if (!this.refreshToken) {

@@ -384,3 +382,3 @@ return Promise.reject(new Error('No refresh token set'))

return this.client._request({
return this.client._request(requestOptions({
url: options.accessTokenUri,

@@ -395,3 +393,3 @@ method: 'POST',

}
})
}, options))
.then(handleAuthResponse)

@@ -444,3 +442,3 @@ .then(function (data) {

return this.client._request({
return this.client._request(requestOptions({
url: options.accessTokenUri,

@@ -457,3 +455,3 @@ method: 'POST',

}
})
}, options))
.then(handleAuthResponse)

@@ -493,6 +491,7 @@ .then(function (data) {

* @param {String} [state]
* @param {Object} [options]
* @return {Promise}
*/
TokenFlow.prototype.getToken = function (uri, state) {
var options = this.client.options
TokenFlow.prototype.getToken = function (uri, state, options) {
options = extend(this.client.options, options)

@@ -564,3 +563,3 @@ // Make sure the uri matches our expected redirect uri.

return this.client._request({
return this.client._request(requestOptions({
url: options.accessTokenUri,

@@ -575,3 +574,3 @@ method: 'POST',

}
})
}, options))
.then(handleAuthResponse)

@@ -611,8 +610,10 @@ .then(function (data) {

* @param {String} [state]
* @param {Object} [options]
* @return {Promise}
*/
CodeFlow.prototype.getToken = function (uri, state) {
CodeFlow.prototype.getToken = function (uri, state, options) {
var self = this
var options = this.client.options
options = extend(this.client.options, options)
expects(options, [

@@ -652,3 +653,3 @@ 'clientId',

return this.client._request({
return this.client._request(requestOptions({
url: options.accessTokenUri,

@@ -664,3 +665,3 @@ method: 'POST',

}
})
}, options))
.then(handleAuthResponse)

@@ -707,3 +708,3 @@ .then(function (data) {

return this.client._request({
return this.client._request(requestOptions({
url: options.accessTokenUri,

@@ -717,3 +718,3 @@ method: 'POST',

}
})
}, options))
.then(handleAuthResponse)

@@ -720,0 +721,0 @@ .then(function (data) {

5

package.json
{
"name": "client-oauth2",
"version": "2.0.0",
"version": "2.1.0",
"description": "Straight-forward execution of OAuth 2.0 flows and authenticated API requests",

@@ -51,3 +51,2 @@ "main": "client-oauth2.js",

"phantomjs-prebuilt": "^2.1.4",
"pre-commit": "^1.0.4",
"standard": "^6.0.7",

@@ -58,5 +57,5 @@ "watchify": "^3.7.0"

"object.omit": "^2.0.0",
"popsicle": "^3.2.2",
"popsicle": "^5.0.0",
"xtend": "^4.0.1"
}
}

12

README.md

@@ -34,6 +34,6 @@ # Client OAuth 2.0

* **clientId** The client id string assigned to you by the provider
* **clientSecret** The client secret string assigned to you by the provider
* **accessTokenUri** The url to request the access token
* **authorizationUri** The url to redirect users to authenticate with the provider
* **redirectUri** A custom url for the provider to redirect users back to your application
* **clientSecret** The client secret string assigned to you by the provider (not required for `token`)
* **accessTokenUri** The url to request the access token (not required for `token`)
* **authorizationUri** The url to redirect users to authenticate with the provider (only required for `token` and `code`)
* **redirectUri** A custom url for the provider to redirect users back to your application (only required for `token` and `code`)
* **scopes** An array of scopes to authenticate against

@@ -54,3 +54,3 @@

// Refresh the users credentials and save the updated access token.
token.refresh().then(updateToken)
token.refresh().then(storeNewToken)

@@ -68,2 +68,4 @@ token.request({

**P.S.** All authorization methods accept `options` as the last argument, useful for overriding the global configuration on a per-request basis.
### [Authorization Code Grant](http://tools.ietf.org/html/rfc6749#section-4.1)

@@ -70,0 +72,0 @@