fetch-mw-oauth2
Advanced tools
This library adds support to OAuth2 to fetch by wrapping the fetch function.
It works both for fetch() in a browser, as well as node-fetch.
npm i fetch-mw-oauth2
The fetch-mw-oauth2 package effectively works as follows:
fetch() function.This new fetch() function can now be used in place of the regular fetch,
but it takes responsibility of oauth2 authentication.
If you already have an access and/or refresh token obtained through other means, you can set up the object as such:
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
clientId: '...',
clientSecret: '...', // Optional in some cases
tokenEndpoint: 'https://auth.example.org/token',
}, {
accessToken: '...',
refreshToken: '...',
});
const response = await oauth2.fetch('https://my-api.example.org/articles', {
method: 'POST',
body: 'Hello world',
});
The fetch function simply calls the javascript fetch() function but adds
an Authorization: Bearer ... header.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'authorization_code',
clientId: '...',
code: '...',
redirect_uri: 'https://my-app.example.org/cb',
tokenEndpoint: 'https://auth.example.org/token',
codeVerifier: '...' // If PKCE was used in authorization request
});
The library does not take responsibility for redirecting a user to an
authorization endpoint and redirecting back. That's up to you. After that's
done though, you should have a code variable that you can use to setup
the OAuth2 object.
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'password',
clientId: '...',
clientSecret: '...',
userName: '...',
password: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
const { OAuth2 } = require('fetch-mw-oauth2');
const oauth2 = new OAuth2({
grantType: 'client_credentials',
clientId: '...',
clientSecret: '...',
tokenEndpoint: 'https://auth.example.org/token',
});
It might be preferable to use this library as a more traditional 'middleware'.
The OAuth2 object also exposes a fetchMw function that takes 2 arguments:
requestnextThe next argument is a function that also takes a request and returns a response.
Usually you will want to use this with some kind of fetch middleware container, as such:
myFetchMiddleware(oauth2.fetchMw);
But it's also possible to use it directly. For example:
oauth2.fetchMw(myRequest, innerRequest => fetch(innerRequest));
The current features have been implemented:
client_credentials grant-type support.password grant-type support.authorization_code grant-type supportThe following features are planned mid/long-term
implicit grant-type supportFAQs
Fetch middleware to add OAuth2 support
We found that fetch-mw-oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.