Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
fetch-mw-oauth2
Advanced tools
This library adds support to OAuth2 to fetch by wrapping the fetch function.
It works both for fetch()
in a browser, as well as node-fetch.
npm i fetch-mw-oauth2
The fetch-mw-oauth2
package effectively works as follows:
fetch()
function.This new fetch()
function can now be used in place of the regular fetch,
but it takes responsibility of oauth2 authentication.
If you already have an access and/or refresh token obtained through other means, you can set up the object as such:
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
clientId: '...',
clientSecret: '...', // Optional in some cases
tokenEndpoint: 'https://auth.example.org/token',
}, {
accessToken: '...',
refreshToken: '...',
});
const response = await oauth2.fetch('https://my-api.example.org/articles', {
method: 'POST',
body: 'Hello world',
});
The fetch function simply calls the javascript fetch()
function but adds
an Authorization: Bearer ...
header.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'authorization_code',
clientId: '...',
code: '...',
redirect_uri: 'https://my-app.example.org/cb',
tokenEndpoint: 'https://auth.example.org/token',
codeVerifier: '...' // If PKCE was used in authorization request
});
The library does not take responsibility for redirecting a user to an
authorization endpoint and redirecting back. That's up to you. After that's
done though, you should have a code
variable that you can use to setup
the OAuth2 object.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'password',
clientId: '...',
clientSecret: '...',
userName: '...',
password: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'client_credentials',
clientId: '...',
clientSecret: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
It might be preferable to use this library as a more traditional 'middleware'.
The OAuth2 object also exposes a fetchMw
function that takes 2 arguments:
request
next
The next argument is a function that also takes a request and returns a response.
Usually you will want to use this with some kind of fetch middleware container, as such:
myFetchMiddleware(oauth2.fetchMw);
But it's also possible to use it directly. For example:
oauth2.fetchMw(myRequest, innerRequest => fetch(innerRequest));
The current features have been implemented:
client_credentials
grant-type support.password
grant-type support.authorization_code
grant-type supportThe following features are planned mid/long-term
implicit
grant-type supportFAQs
Fetch middleware to add OAuth2 support
The npm package fetch-mw-oauth2 receives a total of 1,741 weekly downloads. As such, fetch-mw-oauth2 popularity was classified as popular.
We found that fetch-mw-oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.