oauth2-pkce - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

errors.d.ts

@@ -0,0 +0,0 @@ export declare class ErrorOAuth2 {

errors.js

@@ -0,0 +0,0 @@ export class ErrorOAuth2 {

helpers.d.ts

@@ -0,0 +0,0 @@ import { ErrorWWWAuthenticate } from './errors';

helpers.js

@@ -0,0 +0,0 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {

index.d.ts

@@ -53,5 +53,4 @@ export * from './errors';
     receiveCode(): Promise<void>;
-    getAccessToken(): Promise<AccessContext>;
-    getTokens(): Promise<AccessContext>;
-    exchangeAuthCodeForAccessToken(): Promise<AccessContext>;
+    getTokens(oneTimeParams?: ObjStringDict): Promise<AccessContext>;
+    exchangeAuthCodeForAccessToken(oneTimeParams?: ObjStringDict): Promise<AccessContext>;
     exchangeRefreshTokenForAccessToken(): Promise<AccessContext>;
@@ -58,0 +57,0 @@ makeRetryFetchFunction(fetchFunc: FetchFunc): FetchFunc;

index.js

@@ -81,12 +81,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     }
-    getAccessToken() {
+    getTokens(oneTimeParams) {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.getTokens();
-        });
-    }
-    getTokens() {
-        return __awaiter(this, void 0, void 0, function* () {
             const { accessToken, authorizationCode, idToken, refreshToken, scopes } = this.state;
             if (authorizationCode) {
-                return this.exchangeAuthCodeForAccessToken();
+                return this.exchangeAuthCodeForAccessToken(oneTimeParams);
             }
@@ -104,6 +99,6 @@ if (!accessToken) {
     }
-    exchangeAuthCodeForAccessToken() {
+    exchangeAuthCodeForAccessToken(oneTimeParams) {
         return __awaiter(this, void 0, void 0, function* () {
             if (!this.authCodeForAccessTokenPromise) {
-                this.authCodeForAccessTokenPromise = this.fetchAccessTokenUsingCode();
+                this.authCodeForAccessTokenPromise = this.fetchAccessTokenUsingCode(oneTimeParams);
             }
@@ -189,3 +184,3 @@ const tokenResponse = yield this.authCodeForAccessTokenPromise;
     }
-    fetchAccessTokenUsingCode() {
+    fetchAccessTokenUsingCode(oneTimeParams) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -205,3 +200,4 @@ const { authorizationCode, codeVerifier = '' } = this.state;
                 + `client_id=${encodeURIComponent(clientId)}&`
-                + `code_verifier=${codeVerifier}`;
+                + `code_verifier=${codeVerifier}&`
+                + objectToQueryString(oneTimeParams);
             return this.makeTokenRequest(url, body);
@@ -208,0 +204,0 @@ });

package.json

 {
   "name": "oauth2-pkce",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "An OAuth 2.0 client library for the Authorization Code flow with PKCE",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -121,4 +121,22 @@ # OAuth2PKCE client
 
-## Storage
+### Additional Parameters
 
+While most OAuth servers are just fine with the standard parameters, you have several options to pass additional parameters to the authentication server if required.
+
+#### Static Configuration Parameters
+* Add a map of parameters as `extraAuthorizationParams` to the configuration. They will be sent to the server when a new auth code is requested.
+* The same works for the request that fetches a refresh token: add parameters to the configuration as `extraRefreshParams`.
+
+These parameters are defined once and used through the lifetime of the client.
+
+#### Dynamic Parameters
+Several functions allow to pass `oneTimeParams` in order to send custom parameters to the server that might change in the course of the program's lifetime: `requestAuthorizationCode()`, `getTokens()`, and `exchangeAuthCodeForAccessToken()`.
+
+#### Precedence
+By providing additional parameters, you can also overwrite the standard ones. Also, the dynamicly provided parameters supersede the ones provided in the config:
+
+    dynamic parameters overwrite > configuration parameters overwrite > standard parameters
+
+### Storage
+
 OAuth2PKCE holds some state like the current access token. It needs to be persisted in a way that survives reloads because of the redirects during authentication. By default [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage) is used, but you can provide your own implementation, e.g. if you're creating an app and you want to use platform specific storage:
@@ -143,2 +161,5 @@
 
+### 2.1.0
+* Added oneTimeParams to `getTokens()` and `exchangeAuthCodeForAccessToken()`
+
 ### 2.0.0
@@ -145,0 +166,0 @@ * Feature: Made the state storage pluggable

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

172

increased by13.91%

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Total package byte prevSize

65561

decreased by-23.62%

Number of package files

9

decreased by-10%

Lines of code

559

decreased by-49.73%

No dependency changes