Socket
Socket
Sign inDemoInstall

client-oauth2

Package Overview
Dependencies
Maintainers
5
Versions
39
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

client-oauth2 - npm Package Compare versions

Comparing version 3.4.1 to 4.0.0

16

package.json
{
"name": "client-oauth2",
"version": "3.4.1",
"version": "4.0.0",
"description": "Straight-forward execution of OAuth 2.0 flows and authenticated API requests",

@@ -24,2 +24,5 @@ "main": "src/client-oauth2.js",

},
"engines": {
"node": ">=4.2.0"
},
"repository": {

@@ -42,7 +45,6 @@ "type": "git",

"body-parser": "^1.15.2",
"browserify": "^13.1.0",
"browserify": "^14.1.0",
"chai": "^3.2.0",
"cors": "^2.8.1",
"envify": "^3.4.1",
"es6-promise": "^3.1.2",
"envify": "^4.0.0",
"express": "^4.14.0",

@@ -60,11 +62,11 @@ "is-travis": "^1.0.0",

"mocha": "^3.0.2",
"object-assign": "^4.1.1",
"phantomjs": "^2.1.3",
"phantomjs-prebuilt": "^2.1.4",
"standard": "^8.1.0",
"standard": "^9.0.2",
"watchify": "^3.7.0"
},
"dependencies": {
"popsicle": "^8.2.0",
"xtend": "^4.0.1"
"popsicle": "^9.1.0"
}
}

4

README.md

@@ -183,2 +183,6 @@ # Client OAuth 2.0

## Dependencies
Requires an ES5 environment with global `Promise` and `Object.assign`.
## License

@@ -185,0 +189,0 @@

160

src/client-oauth2.js

@@ -1,2 +0,1 @@

var extend = require('xtend')
var Querystring = require('querystring')

@@ -91,8 +90,8 @@ var Url = require('url')

*
* @param {Object} obj
* @param {Array} props
* @param {Object} obj
* @param {...string} props
*/
function expects (obj, props) {
for (var i = 0; i < props.length; i++) {
var prop = props[i]
function expects (obj) {
for (var i = 1; i < arguments.length; i++) {
var prop = arguments[i]

@@ -157,18 +156,11 @@ if (obj[prop] == null) {

// Check the required parameters are set.
expects(options, [
'clientId',
'redirectUri',
'authorizationUri'
])
expects(options, 'clientId', 'authorizationUri')
return options.authorizationUri + '?' + Querystring.stringify(extend(
options.query,
{
client_id: options.clientId,
redirect_uri: options.redirectUri,
scope: sanitizeScope(options.scopes),
response_type: tokenType,
state: options.state
}
))
return options.authorizationUri + '?' + Querystring.stringify(Object.assign({}, options.query, {
client_id: options.clientId,
redirect_uri: options.redirectUri,
scope: sanitizeScope(options.scopes),
response_type: tokenType,
state: options.state
}))
}

@@ -201,7 +193,9 @@

function requestOptions (requestOptions, options) {
return extend(requestOptions, {
body: extend(options.body, requestOptions.body),
query: extend(options.query, requestOptions.query),
headers: extend(options.headers, requestOptions.headers)
})
return {
url: requestOptions.url,
method: requestOptions.method,
body: Object.assign({}, requestOptions.body, options.body),
query: Object.assign({}, requestOptions.query, options.query),
headers: Object.assign({}, requestOptions.headers, options.headers)
}
}

@@ -242,3 +236,4 @@

ClientOAuth2.prototype.createToken = function (access, refresh, type, data) {
var options = extend(
var options = Object.assign(
{},
data,

@@ -361,9 +356,9 @@ typeof access === 'string' ? { access_token: access } : access,

*
* @param {Object} opts
* @return {Promise}
*/
ClientOAuth2Token.prototype.refresh = function (options) {
ClientOAuth2Token.prototype.refresh = function (opts) {
var self = this
var options = Object.assign({}, this.client.options, opts)
options = extend(this.client.options, options)
if (!this.refreshToken) {

@@ -376,3 +371,3 @@ return Promise.reject(new Error('No refresh token'))

method: 'POST',
headers: extend(DEFAULT_HEADERS, {
headers: Object.assign({}, DEFAULT_HEADERS, {
Authorization: auth(options.clientId, options.clientSecret)

@@ -386,3 +381,3 @@ }),

.then(function (data) {
return self.client.createToken(extend(self.data, data))
return self.client.createToken(Object.assign({}, self.data, data))
})

@@ -416,13 +411,13 @@ }

* @param {string} password
* @param {Object} [opts]
* @return {Promise}
*/
OwnerFlow.prototype.getToken = function (username, password, options) {
OwnerFlow.prototype.getToken = function (username, password, opts) {
var self = this
var options = Object.assign({}, this.client.options, opts)
options = extend(this.client.options, options)
return this.client._request(requestOptions({
url: options.accessTokenUri,
method: 'POST',
headers: extend(DEFAULT_HEADERS, {
headers: Object.assign({}, DEFAULT_HEADERS, {
Authorization: auth(options.clientId, options.clientSecret)

@@ -456,7 +451,7 @@ }),

*
* @param {Object} options
* @param {Object} [opts]
* @return {string}
*/
TokenFlow.prototype.getUri = function (options) {
options = extend(this.client.options, options)
TokenFlow.prototype.getUri = function (opts) {
var options = Object.assign({}, this.client.options, opts)

@@ -470,8 +465,7 @@ return createUri(options, 'token')

* @param {string|Object} uri
* @param {Object} [options]
* @param {Object} [opts]
* @return {Promise}
*/
TokenFlow.prototype.getToken = function (uri, options) {
options = extend(this.client.options, options)
TokenFlow.prototype.getToken = function (uri, opts) {
var options = Object.assign({}, this.client.options, opts)
var url = typeof uri === 'object' ? uri : Url.parse(uri, true)

@@ -495,3 +489,4 @@ var expectedUrl = Url.parse(options.redirectUri)

// implementations (Instagram) have a bug where state is passed via query.
var data = extend(
var data = Object.assign(
{},
typeof url.query === 'string' ? Querystring.parse(url.query) : (url.query || {}),

@@ -531,20 +526,15 @@ typeof url.hash === 'string' ? Querystring.parse(url.hash.substr(1)) : (url.hash || {})

*
* @param {Object} [options]
* @param {Object} [opts]
* @return {Promise}
*/
CredentialsFlow.prototype.getToken = function (options) {
CredentialsFlow.prototype.getToken = function (opts) {
var self = this
var options = Object.assign({}, this.client.options, opts)
options = extend(this.client.options, options)
expects(options, 'clientId', 'clientSecret', 'accessTokenUri')
expects(options, [
'clientId',
'clientSecret',
'accessTokenUri'
])
return this.client._request(requestOptions({
url: options.accessTokenUri,
method: 'POST',
headers: extend(DEFAULT_HEADERS, {
headers: Object.assign({}, DEFAULT_HEADERS, {
Authorization: auth(options.clientId, options.clientSecret)

@@ -576,6 +566,7 @@ }),

*
* @param {Object} [opts]
* @return {string}
*/
CodeFlow.prototype.getUri = function (options) {
options = extend(this.client.options, options)
CodeFlow.prototype.getUri = function (opts) {
var options = Object.assign({}, this.client.options, opts)

@@ -590,21 +581,18 @@ return createUri(options, 'code')

* @param {string|Object} uri
* @param {Object} [options]
* @param {Object} [opts]
* @return {Promise}
*/
CodeFlow.prototype.getToken = function (uri, options) {
CodeFlow.prototype.getToken = function (uri, opts) {
var self = this
var options = Object.assign({}, this.client.options, opts)
options = extend(this.client.options, options)
expects(options, 'clientId', 'accessTokenUri')
expects(options, [
'clientId',
'clientSecret',
'redirectUri',
'accessTokenUri'
])
var url = typeof uri === 'object' ? uri : Url.parse(uri, true)
var expectedUrl = Url.parse(options.redirectUri)
if (typeof url.pathname === 'string' && url.pathname !== expectedUrl.pathname) {
if (
typeof options.redirectUri === 'string' &&
typeof url.pathname === 'string' &&
url.pathname !== Url.parse(options.redirectUri).pathname
) {
return Promise.reject(

@@ -635,13 +623,19 @@ new TypeError('Redirected path should match configured path, but got: ' + url.pathname)

var headers = Object.assign({}, DEFAULT_HEADERS)
var body = { code: data.code, grant_type: 'authorization_code', redirect_uri: options.redirectUri }
// `client_id`: REQUIRED, if the client is not authenticating with the
// authorization server as described in Section 3.2.1.
// Reference: https://tools.ietf.org/html/rfc6749#section-3.2.1
if (options.clientSecret) {
headers.Authorization = auth(options.clientId, options.clientSecret)
} else {
body.client_id = options.clientId
}
return this.client._request(requestOptions({
url: options.accessTokenUri,
method: 'POST',
headers: extend(DEFAULT_HEADERS),
body: {
code: data.code,
grant_type: 'authorization_code',
redirect_uri: options.redirectUri,
client_id: options.clientId,
client_secret: options.clientSecret
}
headers: headers,
body: body
}, options))

@@ -668,16 +662,12 @@ .then(function (data) {

* @param {string} token A JWT token.
* @param {Object} [options]
* @param {Object} [opts]
* @return {Promise}
*/
JwtBearerFlow.prototype.getToken = function (token, options) {
JwtBearerFlow.prototype.getToken = function (token, opts) {
var self = this
var options = Object.assign({}, this.client.options, opts)
var headers = Object.assign({}, DEFAULT_HEADERS)
options = extend(this.client.options, options)
expects(options, 'accessTokenUri')
expects(options, [
'accessTokenUri'
])
var headers = extend(DEFAULT_HEADERS)
// Authentication of the client is optional, as described in

@@ -684,0 +674,0 @@ // Section 3.2.1 of OAuth 2.0 [RFC6749]

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc