Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
fetch-mw-oauth2
Advanced tools
This library adds support to OAuth2 to fetch by wrapping the fetch function.
It works both for fetch()
in a browser, as well as node-fetch.
npm i fetch-mw-oauth2
The fetch-mw-oauth2
package effectively works as follows:
fetch()
function.This new fetch()
function can now be used in place of the regular fetch,
but it takes responsibility of oauth2 authentication.
If you already have an access and/or refresh token obtained through other means, you can set up the object as such:
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
clientId: '...',
clientSecret: '...', // Optional in some cases
tokenEndpoint: 'https://auth.example.org/token',
}, {
accessToken: '...',
refreshToken: '...',
});
const response = await oauth2.fetch('https://my-api.example.org/articles', {
method: 'POST',
body: 'Hello world',
});
The fetch function simply calls the javascript fetch()
function but adds
an Authorization: Bearer ...
header.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'authorization_code',
clientId: '...',
code: '...',
redirect_uri: 'https://my-app.example.org/cb',
tokenEndpoint: 'https://auth.example.org/token',
codeVerifier: '...' // If PKCE was used in authorization request
});
The library does not take responsibility for redirecting a user to an
authorization endpoint and redirecting back. That's up to you. After that's
done though, you should have a code
variable that you can use to setup
the OAuth2 object.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'password',
clientId: '...',
clientSecret: '...',
userName: '...',
password: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'client_credentials',
clientId: '...',
clientSecret: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
It might be preferable to use this library as a more traditional 'middleware'.
The OAuth2 object also exposes a fetchMw
function that takes 2 arguments:
request
next
The next argument is a function that also takes a request and returns a response.
Usually you will want to use this with some kind of fetch middleware container, as such:
myFetchMiddleware(oauth2.fetchMw);
But it's also possible to use it directly. For example:
oauth2.fetchMw(myRequest, innerRequest => fetch(innerRequest));
The current features have been implemented:
client_credentials
grant-type support.password
grant-type support.authorization_code
grant-type supportThe following features are planned mid/long-term
implicit
grant-type supportFAQs
Fetch middleware to add OAuth2 support
The npm package fetch-mw-oauth2 receives a total of 1,456 weekly downloads. As such, fetch-mw-oauth2 popularity was classified as popular.
We found that fetch-mw-oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.