client-oauth2
Advanced tools
Comparing version
@@ -5,3 +5,2 @@ var extend = require('xtend') | ||
var parseUrl = require('url').parse | ||
var omit = require('object.omit') | ||
@@ -205,2 +204,14 @@ var btoa = typeof Buffer === 'function' ? btoaBuffer : window.btoa | ||
/** | ||
* Merge request options from an options object. | ||
*/ | ||
function requestOptions (requestOptions, options) { | ||
return extend(requestOptions, { | ||
body: extend(options.body, requestOptions.body), | ||
query: extend(options.query, requestOptions.query), | ||
headers: extend(options.headers, requestOptions.headers), | ||
options: extend(options.options, requestOptions.options) | ||
}) | ||
} | ||
/** | ||
* Construct an object that can handle the multiple OAuth 2.0 flows. | ||
@@ -251,7 +262,7 @@ * | ||
* | ||
* @param {Object} options | ||
* @param {Object} requestObject | ||
* @return {Promise} | ||
*/ | ||
ClientOAuth2.prototype._request = function (options) { | ||
return this.request(this._requestOptions(options)) | ||
ClientOAuth2.prototype._request = function (requestObject) { | ||
return this.request(requestObject) | ||
.then(function (res) { | ||
@@ -269,11 +280,2 @@ if (res.status < 200 || res.status >= 399) { | ||
ClientOAuth2.prototype._requestOptions = function (options) { | ||
return extend(options, { | ||
body: extend(this.options.body, options.body), | ||
query: extend(this.options.query, options.query), | ||
headers: extend(this.options.headers, options.headers), | ||
options: extend(this.options.options, options.options) | ||
}) | ||
} | ||
/** | ||
@@ -292,8 +294,3 @@ * Set `popsicle` as the default request method. | ||
this.client = client | ||
this.data = omit(data, [ | ||
'access_token', 'refresh_token', 'token_type', 'expires_in', 'scope', | ||
'state', 'error', 'error_description', 'error_uri' | ||
]) | ||
this.data = data | ||
this.tokenType = data.token_type && data.token_type.toLowerCase() | ||
@@ -326,6 +323,6 @@ this.accessToken = data.access_token | ||
* | ||
* @param {Object} opts | ||
* @param {Object} requestOptions | ||
* @return {Object} | ||
*/ | ||
ClientOAuth2Token.prototype.sign = function (opts) { | ||
ClientOAuth2Token.prototype.sign = function (requestObject) { | ||
if (!this.accessToken) { | ||
@@ -335,8 +332,8 @@ throw new Error('Unable to sign without access token') | ||
opts.headers = opts.headers || {} | ||
requestObject.headers = requestObject.headers || {} | ||
if (this.tokenType === 'bearer') { | ||
opts.headers.Authorization = 'Bearer ' + this.accessToken | ||
requestObject.headers.Authorization = 'Bearer ' + this.accessToken | ||
} else { | ||
var parts = opts.url.split('#') | ||
var parts = requestObject.url.split('#') | ||
var token = 'access_token=' + this.accessToken | ||
@@ -347,11 +344,11 @@ var url = parts[0].replace(/[?&]access_token=[^&#]/, '') | ||
// Prepend the correct query string parameter to the url. | ||
opts.url = url + (url.indexOf('?') > -1 ? '&' : '?') + token + fragment | ||
requestObject.url = url + (url.indexOf('?') > -1 ? '&' : '?') + token + fragment | ||
// Attempt to avoid storing the url in proxies, since the access token | ||
// is exposed in the query parameters. | ||
opts.headers.Pragma = 'no-store' | ||
opts.headers['Cache-Control'] = 'no-store' | ||
requestObject.headers.Pragma = 'no-store' | ||
requestObject.headers['Cache-Control'] = 'no-store' | ||
} | ||
return opts | ||
return requestObject | ||
} | ||
@@ -362,7 +359,7 @@ | ||
* | ||
* @param {Object} opts | ||
* @param {Object} options | ||
* @return {Promise} | ||
*/ | ||
ClientOAuth2Token.prototype.request = function (opts) { | ||
return this.client.request(this.client._requestOptions(this.sign(opts))) | ||
ClientOAuth2Token.prototype.request = function (options) { | ||
return this.client.request(requestOptions(this.sign(options), this.client.options)) | ||
} | ||
@@ -375,6 +372,7 @@ | ||
*/ | ||
ClientOAuth2Token.prototype.refresh = function () { | ||
ClientOAuth2Token.prototype.refresh = function (options) { | ||
var self = this | ||
var options = this.client.options | ||
options = extend(this.client.options, options) | ||
if (!this.refreshToken) { | ||
@@ -384,3 +382,3 @@ return Promise.reject(new Error('No refresh token set')) | ||
return this.client._request({ | ||
return this.client._request(requestOptions({ | ||
url: options.accessTokenUri, | ||
@@ -395,3 +393,3 @@ method: 'POST', | ||
} | ||
}) | ||
}, options)) | ||
.then(handleAuthResponse) | ||
@@ -444,3 +442,3 @@ .then(function (data) { | ||
return this.client._request({ | ||
return this.client._request(requestOptions({ | ||
url: options.accessTokenUri, | ||
@@ -457,3 +455,3 @@ method: 'POST', | ||
} | ||
}) | ||
}, options)) | ||
.then(handleAuthResponse) | ||
@@ -493,6 +491,7 @@ .then(function (data) { | ||
* @param {String} [state] | ||
* @param {Object} [options] | ||
* @return {Promise} | ||
*/ | ||
TokenFlow.prototype.getToken = function (uri, state) { | ||
var options = this.client.options | ||
TokenFlow.prototype.getToken = function (uri, state, options) { | ||
options = extend(this.client.options, options) | ||
@@ -564,3 +563,3 @@ // Make sure the uri matches our expected redirect uri. | ||
return this.client._request({ | ||
return this.client._request(requestOptions({ | ||
url: options.accessTokenUri, | ||
@@ -575,3 +574,3 @@ method: 'POST', | ||
} | ||
}) | ||
}, options)) | ||
.then(handleAuthResponse) | ||
@@ -611,8 +610,10 @@ .then(function (data) { | ||
* @param {String} [state] | ||
* @param {Object} [options] | ||
* @return {Promise} | ||
*/ | ||
CodeFlow.prototype.getToken = function (uri, state) { | ||
CodeFlow.prototype.getToken = function (uri, state, options) { | ||
var self = this | ||
var options = this.client.options | ||
options = extend(this.client.options, options) | ||
expects(options, [ | ||
@@ -652,3 +653,3 @@ 'clientId', | ||
return this.client._request({ | ||
return this.client._request(requestOptions({ | ||
url: options.accessTokenUri, | ||
@@ -664,3 +665,3 @@ method: 'POST', | ||
} | ||
}) | ||
}, options)) | ||
.then(handleAuthResponse) | ||
@@ -707,3 +708,3 @@ .then(function (data) { | ||
return this.client._request({ | ||
return this.client._request(requestOptions({ | ||
url: options.accessTokenUri, | ||
@@ -717,3 +718,3 @@ method: 'POST', | ||
} | ||
}) | ||
}, options)) | ||
.then(handleAuthResponse) | ||
@@ -720,0 +721,0 @@ .then(function (data) { |
{ | ||
"name": "client-oauth2", | ||
"version": "2.0.0", | ||
"version": "2.1.0", | ||
"description": "Straight-forward execution of OAuth 2.0 flows and authenticated API requests", | ||
@@ -51,3 +51,2 @@ "main": "client-oauth2.js", | ||
"phantomjs-prebuilt": "^2.1.4", | ||
"pre-commit": "^1.0.4", | ||
"standard": "^6.0.7", | ||
@@ -58,5 +57,5 @@ "watchify": "^3.7.0" | ||
"object.omit": "^2.0.0", | ||
"popsicle": "^3.2.2", | ||
"popsicle": "^5.0.0", | ||
"xtend": "^4.0.1" | ||
} | ||
} |
@@ -34,6 +34,6 @@ # Client OAuth 2.0 | ||
* **clientId** The client id string assigned to you by the provider | ||
* **clientSecret** The client secret string assigned to you by the provider | ||
* **accessTokenUri** The url to request the access token | ||
* **authorizationUri** The url to redirect users to authenticate with the provider | ||
* **redirectUri** A custom url for the provider to redirect users back to your application | ||
* **clientSecret** The client secret string assigned to you by the provider (not required for `token`) | ||
* **accessTokenUri** The url to request the access token (not required for `token`) | ||
* **authorizationUri** The url to redirect users to authenticate with the provider (only required for `token` and `code`) | ||
* **redirectUri** A custom url for the provider to redirect users back to your application (only required for `token` and `code`) | ||
* **scopes** An array of scopes to authenticate against | ||
@@ -54,3 +54,3 @@ | ||
// Refresh the users credentials and save the updated access token. | ||
token.refresh().then(updateToken) | ||
token.refresh().then(storeNewToken) | ||
@@ -68,2 +68,4 @@ token.request({ | ||
**P.S.** All authorization methods accept `options` as the last argument, useful for overriding the global configuration on a per-request basis. | ||
### [Authorization Code Grant](http://tools.ietf.org/html/rfc6749#section-4.1) | ||
@@ -70,0 +72,0 @@ |
27544
1.82%18
-5.26%613
0.16%181
1.12%+ Added
- Removed
- Removed
Updated