Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
By Trevor Norris - Jan 09, 2025
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
fetch-mw-oauth2
Advanced tools
fetch-mw-oauth2
This library adds support to OAuth2 to fetch by wrapping the fetch function.
It works both for fetch() in a browser, as well as node-fetch.
Installation
npm i fetch-mw-oauth2
Usage
The fetch-mw-oauth2 package effectively works as follows:
- You pass it OAuth2 instructions
- It returns an object with a new
fetch()function.
This new fetch() function can now be used in place of the regular fetch,
but it takes responsibility of oauth2 authentication.
Setup with access and/or refresh token
If you already have an access and/or refresh token obtained through other means, you can set up the object as such:
const OAuth2 = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
clientId: '...',
clientSecret: '...', // Optional in some cases
accessToken: '...',
refreshToken: '...',
tokenEndPoint: 'https://auth.example.org/token',
});
const response = await oauth2.fetch('https://my-api.example.org/articles', {
method: 'POST'.
body: 'Hello world',
});
The fetch function simply calls the javascript fetch() function but adds
an Authorization: Bearer ... header.
Setup via authorization_code grant
const OAuth2 = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'authorization_code',
clientId: '...',
code: '...',
tokenEndPoint: 'https://auth.example.org/token',
});
The library does not take responsibility for redirecting a user to an
authorization endpoint and redirecting back. That's up to you. After that's
done though, you should have a code variable that you can use to setup
the OAuth2 object.
Setup via 'password' grant
const OAuth2 = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'password',
clientId: '...',
clientSecret: '...',
userName: '...',
password: '...',
tokenEndPoint: 'https://auth.example.org/token',
});
Setup via 'client_credentials' grant
const OAuth2 = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'client_credentials',
clientId: '...',
clientSecret: '...',
tokenEndPoint: 'https://auth.example.org/token',
});
Project status
The current features have been implemented:
client_credentialsgrant-type support.passwordgrant-type support.authorization_codegrant-type support- Automatically refreshing tokens
The following features are planned mid/long-term
- Supply an OAuth2 discovery document instead of authorization and token uris.
implicitgrant-type support
FAQs
Fetch middleware to add OAuth2 support
The npm package fetch-mw-oauth2 receives a total of 1,741 weekly downloads. As such, fetch-mw-oauth2 popularity was classified as popular.
We found that fetch-mw-oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Sep 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
By Kirill Boychenko - Jan 08, 2025
Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
By Sarah Gooding - Jan 07, 2025