client-oauth2 - npm Package Compare versions

Comparing version 2.2.0 to 3.0.0

package.json

 {
   "name": "client-oauth2",
-  "version": "2.2.0",
+  "version": "3.0.0",
   "description": "Straight-forward execution of OAuth 2.0 flows and authenticated API requests",
-  "main": "client-oauth2.js",
+  "main": "src/client-oauth2.js",
   "files": [
-    "client-oauth2.js",
+    "src/",
     "LICENSE"
   ],
   "browser": {
-    "buffer": false
+    "buffer": false,
+    "./src/request/index.js": "./src/request/browser.js"
   },
   "scripts": {
     "lint": "standard",
-    "test-browser": "karma start --single-run",
-    "test-node": "mocha -R spec --bail --require test/support/globals.js",
-    "test": "npm run lint && npm run test-node && npm run test-browser"
+    "test-server-open": "PORT=7357 node test/support/server.js & echo $! > server.pid",
+    "test-server-close": "if [ -f server.pid ]; then kill -9 $(cat server.pid); rm server.pid; fi",
+    "test-browser": "PORT=7357 karma start --single-run",
+    "test-node": "PORT=7357 mocha -R spec --bail --require test/support/globals.js",
+    "test": "npm run lint && npm run test-server-open && npm run test-node && npm run test-browser; npm run test-server-close"
   },
@@ -35,26 +38,28 @@ "repository": {
   "devDependencies": {
-    "browserify": "^12.0.2",
+    "body-parser": "^1.15.2",
+    "browserify": "^13.1.0",
     "chai": "^3.2.0",
+    "cors": "^2.8.1",
+    "envify": "^3.4.1",
     "es6-promise": "^3.1.2",
+    "express": "^4.14.0",
     "is-travis": "^1.0.0",
-    "karma": "^0.13.3",
+    "karma": "^1.3.0",
     "karma-browserify": "^5.0.2",
     "karma-chai": "^0.1.0",
-    "karma-chrome-launcher": "^0.2.0",
-    "karma-cli": "^0.1.0",
-    "karma-coverage": "^0.5.3",
-    "karma-firefox-launcher": "^0.1.3",
-    "karma-mocha": "^0.2.0",
+    "karma-chrome-launcher": "^2.0.0",
+    "karma-cli": "^1.0.1",
+    "karma-coverage": "^1.1.1",
+    "karma-firefox-launcher": "^1.0.0",
+    "karma-mocha": "^1.1.1",
     "karma-phantomjs-launcher": "^1.0.0",
-    "mocha": "^2.0.1",
+    "mocha": "^3.0.2",
     "phantomjs": "^2.1.3",
     "phantomjs-prebuilt": "^2.1.4",
-    "standard": "^6.0.7",
+    "standard": "^8.1.0",
     "watchify": "^3.7.0"
   },
   "dependencies": {
-    "object.omit": "^2.0.0",
-    "popsicle": "^5.0.0",
     "xtend": "^4.0.1"
   }
 }

README.md

@@ -7,3 +7,3 @@ # Client OAuth 2.0
 
-> Straight-forward execution of OAuth 2.0 flows and authenticated API requests.
+> Straight-forward execution of OAuth 2.0 flows and authenticated API requests. 7.58 kB in browsers, after minification and gzipping, 75% from `url` and `querystring` dependencies.
 
@@ -34,2 +34,6 @@ ## Installation
 
+**P.S.** The second argument to the constructor can inject a custom request function, and the third argument can inject a custom `Promise` implementation.
+
+### Options (global and method-based)
+
 * **clientId** The client id string assigned to you by the provider
@@ -41,4 +45,5 @@ * **clientSecret** The client secret string assigned to you by the provider (not required for `token`)
 * **scopes** An array of scopes to authenticate against
+* **state** Nonce sent back with the redirect when authorization is complete to verify authenticity (should be random for every request)
 
-**Request options**
+### Request options
 
@@ -48,3 +53,3 @@ * **body** An object to merge with the body of every request
 * **headers** An object to merge with the headers of every request
-* **options** Transport options from [popsicle](https://github.com/blakeembrey/popsicle#handling-requests)
+* **transport** Change certain request transport behaviour (currently `rejectUnauthorized` and `agent`)
 
@@ -54,3 +59,4 @@ To re-create an access token instance and make requests on behalf on the user, you can create an access token instance by using the `createToken` method on a client instance.
 ```javascript
-var token = githubAuth.createToken('access token', 'optional refresh token', 'optional token type', { optional: 'raw user data' })
+// Can also just pass the raw `data` object in place of an argument.
+var token = githubAuth.createToken('access token', 'optional refresh token', 'optional token type', { data: 'raw user data' })
 
@@ -60,13 +66,9 @@ // Refresh the users credentials and save the updated access token.
 
-token.request({
+// Sign a standard HTTP request object, updating URL with token or authorization headers.
+token.sign({
   method: 'get',
   url: 'https://api.github.com/users'
-})
-  .then(function (res) {
-    console.log(res) //=> { body: '...', status: 200, headers: { ... } }
-  })
+}) //=> { method, url, headers, ... }
 ```
 
-You can override the request mechanism if you need a custom implementation by setting `githubAuth.request = function (opts) { return new Promise(...) }`. You will need to make sure that the custom request mechanism supports the correct input and output objects.
-
 **P.S.** All authorization methods accept `options` as the last argument, useful for overriding the global configuration on a per-request basis.
@@ -78,4 +80,4 @@
 
-1. Redirect user to `githubAuth.code.getUri()`.
-2. Parse response uri and get token using `githubAuth.code.getToken(uri)`.
+1. Redirect user to `githubAuth.code.getUri([ options ])`.
+2. Parse response uri and get token using `githubAuth.code.getToken(uri [, options ])`.
 
@@ -99,3 +101,4 @@ ```javascript
       user.refresh().then(function (updatedUser) {
-        console.log(updatedUser === user) //=> true
+        console.log(updatedUser !== user) //=> true
+        console.log(updatedUser.accessToken)
       })
@@ -119,4 +122,4 @@
 
-1. Redirect user to `githubAuth.token.getUri()`.
-2. Parse response uri for the access token using `githubAuth.token.getToken(uri)`.
+1. Redirect user to `githubAuth.token.getUri([ options ])`.
+2. Parse response uri for the access token using `githubAuth.token.getToken(uri [, options ])`.
 
@@ -147,3 +150,3 @@ ```javascript
 
-1. Make a direct request for the access token on behalf of the user using `githubAuth.owner.getToken(username, password)`.
+1. Make a direct request for the access token on behalf of the user using `githubAuth.owner.getToken(username, password [, options ])`.
 
@@ -161,3 +164,3 @@ ```javascript
 
-1. Get the access token for the application by using `githubAuth.credentials.getToken()`.
+1. Get the access token for the application by using `githubAuth.credentials.getToken([ options ])`.
 
@@ -175,2 +178,4 @@ ```javascript
 
+1. Get the access token for the application by using `githubAuth.jwt.getToken(jwt [, options ])`.
+
 ```javascript
@@ -177,0 +182,0 @@ githubAuth.jwt.getToken('eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[...omitted for brevity...].J9l-ZhwP[...omitted for brevity...]')

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

30460

increased by10.78%

Dependency count

1

decreased by-66.67%

Number of package files

6

increased by50%

Lines of code

681

increased by11.09%

Number of lines in readme file

186

increased by2.76%

Worsened metrics

Dev dependency count

22

increased by22.22%

Number of medium supply chain risk alerts

3

increased byInfinity%

Dependency changes

• - Removedobject.omit@^2.0.0

• - Removedpopsicle@^5.0.0

• - Removedany-promise@1.3.0(transitive)

• - Removedarrify@1.0.1(transitive)

• - Removedasync@0.9.2(transitive)

• - Removedbuffer-from@1.1.2(transitive)

• - Removedcombined-stream@0.0.7(transitive)

• - Removedconcat-stream@1.6.2(transitive)

• - Removedcore-util-is@1.0.3(transitive)

• - Removeddelayed-stream@0.0.5(transitive)

• - Removedfor-in@1.0.2(transitive)

• - Removedfor-own@0.1.5(transitive)

• - Removedform-data@0.2.0(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedis-extendable@0.1.1(transitive)

• - Removedisarray@1.0.0(transitive)

• - Removedmake-error@1.3.6(transitive)

• - Removedmake-error-cause@1.2.2(transitive)

• - Removedmethods@1.1.2(transitive)

• - Removedmime-db@1.12.0(transitive)

• - Removedmime-types@2.0.14(transitive)

• - Removedobject.omit@2.0.1(transitive)

• - Removedpopsicle@5.0.1(transitive)

• - Removedprocess-nextick-args@2.0.1(transitive)

• - Removedpsl@1.9.0(transitive)

• - Removedpunycode@2.3.1(transitive)

• - Removedreadable-stream@2.3.8(transitive)

• - Removedsafe-buffer@5.1.2(transitive)

• - Removedstring_decoder@1.1.1(transitive)

• - Removedtough-cookie@2.5.0(transitive)

• - Removedtypedarray@0.0.6(transitive)

• - Removedutil-deprecate@1.0.2(transitive)