oauth4webapi - npm Package Compare versions

Comparing version 1.4.1 to 2.0.0

164

build/index.d.ts

		@@ -1,11 +0,7 @@
		/** @ignore */
		export declare type JsonObject = {
		declare type JsonObject = {
		[Key in string]?: JsonValue;
		};
		/** @ignore */
		export declare type JsonArray = JsonValue[];
		/** @ignore */
		export declare type JsonPrimitive = string \| number \| boolean \| null;
		/** @ignore */
		export declare type JsonValue = JsonPrimitive \| JsonObject \| JsonArray;
		declare type JsonArray = JsonValue[];
		declare type JsonPrimitive = string \| number \| boolean \| null;
		declare type JsonValue = JsonPrimitive \| JsonObject \| JsonArray;
		/**
		@@ -93,38 +89,2 @@ * Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be
		/**
		* JSON Web Key
		*
		* @ignore
		*/
		export interface JWK {
		/** Key Type */
		readonly kty?: string;
		/** Key ID */
		readonly kid?: string;
		/** Algorithm */
		readonly alg?: string;
		/** Public Key Use */
		readonly use?: string;
		/** Key Operations */
		readonly key_ops?: string[];
		/** (RSA) Exponent */
		readonly e?: string;
		/** (RSA) Modulus */
		readonly n?: string;
		/**
		* (EC) Curve
		*
		* (OKP) The subtype of key pair
		*/
		readonly crv?: string;
		/**
		* (EC) X Coordinate
		*
		* (OKP) The public key
		*/
		readonly x?: string;
		/** (EC) Y Coordinate */
		readonly y?: string;
		readonly [parameter: string]: JsonValue \| undefined;
		}
		/**
		* Authorization Server Metadata
		@@ -417,7 +377,7 @@ *
		* JWS `alg` algorithm required for signing the ID Token issued to this Client. When not
		* configured the default is to allow only {@link JWSAlgorithm supported algorithms} listed in
		* configured the default is to allow only algorithms listed in
		* {@link AuthorizationServer.id_token_signing_alg_values_supported `as.id_token_signing_alg_values_supported`}
		* and fall back to `RS256` when the authorization server metadata is not set.
		*/
		id_token_signed_response_alg?: JWSAlgorithm;
		id_token_signed_response_alg?: string;
		/**
		@@ -437,14 +397,14 @@ * JWS `alg` algorithm required for signing authorization responses. When not configured the
		* JWS `alg` algorithm REQUIRED for signing UserInfo Responses. When not configured the default is
		* to allow only {@link JWSAlgorithm supported algorithms} listed in
		* to allow only algorithms listed in
		* {@link AuthorizationServer.userinfo_signing_alg_values_supported `as.userinfo_signing_alg_values_supported`}
		* and fall back to `RS256` when the authorization server metadata is not set.
		*/
		userinfo_signed_response_alg?: JWSAlgorithm;
		userinfo_signed_response_alg?: string;
		/**
		* JWS `alg` algorithm REQUIRED for signed introspection responses. When not configured the
		* default is to allow only {@link JWSAlgorithm supported algorithms} listed in
		* default is to allow only algorithms listed in
		* {@link AuthorizationServer.introspection_signing_alg_values_supported `as.introspection_signing_alg_values_supported`}
		* and fall back to `RS256` when the authorization server metadata is not set.
		*/
		introspection_signed_response_alg?: JWSAlgorithm;
		introspection_signed_response_alg?: string;
		/** Default Maximum Authentication Age. */
		@@ -585,3 +545,3 @@ default_max_age?: number;
		* @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-dpop-with-pushed-authorizat)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-with-pushed-authorizat)
		*/
		@@ -653,3 +613,3 @@ export declare function pushedAuthorizationRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: PushedAuthorizationRequestOptions): Promise<Response>;
		* @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-protected-resource-access)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-protected-resource-access)
		*/
		@@ -670,3 +630,3 @@ export declare function protectedResourceRequest(accessToken: string, method: 'GET' \| 'POST' \| 'PUT' \| 'DELETE' \| 'PATCH' \| string, url: URL, headers: Headers, body: RequestInit['body'], options?: ProtectedResourceRequestOptions): Promise<Response>;
		* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-protected-resource-access)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-protected-resource-access)
		*/
		@@ -712,27 +672,2 @@ export declare function userInfoRequest(as: AuthorizationServer, client: Client, accessToken: string, options?: UserInfoRequestOptions): Promise<Response>;
		export declare const skipSubjectCheck: unique symbol;
		export interface SkipJWTSignatureCheckOptions {
		/**
		* DANGER ZONE
		*
		* When JWT assertions are received via direct communication between the Client and the
		* Token/UserInfo/Introspection endpoint (which they are in this library's supported profiles and
		* exposed functions) the TLS server validation MAY be used to validate the issuer in place of
		* checking the assertion's signature.
		*
		* Set this to `true` to omit verifying the JWT assertion's signature (e.g. ID Token, JWT Signed
		* Introspection, or JWT Signed UserInfo Response).
		*
		* Setting this to `true` also means that:
		*
		* - The Authorization Server's JSON Web Key Set will not be requested. That is useful for
		* javascript runtimes that execute on the edge and cannot reliably share an in-memory cache of
		* the JSON Web Key Set in between invocations.
		* - Any JWS Algorithm may be used, not just the {@link JWSAlgorithm supported ones}.
		*
		* Default is `false`.
		*/
		skipJwtSignatureCheck?: boolean;
		}
		export interface ProcessUserInfoResponseOptions extends HttpRequestOptions, SkipJWTSignatureCheckOptions {
		}
		/**
		@@ -754,3 +689,3 @@ * Validates Response instance to be one coming from the
		*/
		export declare function processUserInfoResponse(as: AuthorizationServer, client: Client, expectedSubject: string \| typeof skipSubjectCheck, response: Response, options?: ProcessUserInfoResponseOptions): Promise<UserInfoResponse>;
		export declare function processUserInfoResponse(as: AuthorizationServer, client: Client, expectedSubject: string \| typeof skipSubjectCheck, response: Response): Promise<UserInfoResponse>;
		export interface TokenEndpointRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions, DPoPRequestOptions {
		@@ -770,3 +705,3 @@ /** Any additional parameters to send. This cannot override existing parameter values. */
		* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-dpop-access-token-request)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
		*/
		@@ -792,4 +727,2 @@ export declare function refreshTokenGrantRequest(as: AuthorizationServer, client: Client, refreshToken: string, options?: TokenEndpointRequestOptions): Promise<Response>;
		export declare function getValidatedIdTokenClaims(ref: TokenEndpointResponse): IDToken \| undefined;
		export interface ProcessRefreshTokenResponseOptions extends HttpRequestOptions, SkipJWTSignatureCheckOptions {
		}
		/**
		@@ -809,3 +742,3 @@ * Validates Refresh Token Grant Response instance to be one coming from the
		*/
		export declare function processRefreshTokenResponse(as: AuthorizationServer, client: Client, response: Response, options?: ProcessRefreshTokenResponseOptions): Promise<TokenEndpointResponse \| OAuth2Error>;
		export declare function processRefreshTokenResponse(as: AuthorizationServer, client: Client, response: Response): Promise<TokenEndpointResponse \| OAuth2Error>;
		/**
		@@ -825,3 +758,3 @@ * Performs an Authorization Code grant request at the
		* @see [RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-dpop-access-token-request)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
		*/
		@@ -898,4 +831,2 @@ export declare function authorizationCodeGrantRequest(as: AuthorizationServer, client: Client, callbackParameters: CallbackParameters, redirectUri: string, codeVerifier: string, options?: TokenEndpointRequestOptions): Promise<Response>;
		export declare const skipAuthTimeCheck: unique symbol;
		export interface ProcessAuthorizationCodeOpenIDResponseOptions extends HttpRequestOptions, SkipJWTSignatureCheckOptions {
		}
		/**
		@@ -921,3 +852,3 @@ * (OpenID Connect only) Validates Authorization Code Grant Response instance to be one coming from
		*/
		export declare function processAuthorizationCodeOpenIDResponse(as: AuthorizationServer, client: Client, response: Response, expectedNonce?: string \| typeof expectNoNonce, maxAge?: number \| typeof skipAuthTimeCheck, options?: ProcessAuthorizationCodeOpenIDResponseOptions): Promise<OpenIDTokenEndpointResponse \| OAuth2Error>;
		export declare function processAuthorizationCodeOpenIDResponse(as: AuthorizationServer, client: Client, response: Response, expectedNonce?: string \| typeof expectNoNonce, maxAge?: number \| typeof skipAuthTimeCheck): Promise<OpenIDTokenEndpointResponse \| OAuth2Error>;
		/**
		@@ -947,3 +878,3 @@ * (OAuth 2.0 without OpenID Connect only) Validates Authorization Code Grant Response instance to
		* @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-dpop-access-token-request)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
		*/
		@@ -1038,4 +969,2 @@ export declare function clientCredentialsGrantRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: ClientCredentialsGrantRequestOptions): Promise<Response>;
		}
		export interface ProcessIntrospectionResponseOptions extends HttpRequestOptions, SkipJWTSignatureCheckOptions {
		}
		/**
		@@ -1055,41 +984,4 @@ * Validates Response instance to be one coming from the
		*/
		export declare function processIntrospectionResponse(as: AuthorizationServer, client: Client, response: Response, options?: ProcessIntrospectionResponseOptions): Promise<IntrospectionResponse \| OAuth2Error>;
		/** @ignore */
		export interface JwksRequestOptions extends HttpRequestOptions {
		}
		export declare function processIntrospectionResponse(as: AuthorizationServer, client: Client, response: Response): Promise<IntrospectionResponse \| OAuth2Error>;
		/**
		* Performs a request to the {@link AuthorizationServer.jwks_uri `as.jwks_uri`}.
		*
		* @ignore
		*
		* @param as Authorization Server Metadata.
		*
		* @see [JWK Set Format](https://www.rfc-editor.org/rfc/rfc7517.html#section-5)
		* @see [RFC 8414 - OAuth 2.0 Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414.html#section-3)
		* @see [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig)
		*/
		export declare function jwksRequest(as: AuthorizationServer, options?: JwksRequestOptions): Promise<Response>;
		/**
		* JSON Web Key Set
		*
		* @ignore
		*/
		export interface JsonWebKeySet {
		/** Array of JWK Values */
		readonly keys: JWK[];
		}
		/**
		* Validates Response instance to be one coming from the
		* {@link AuthorizationServer.jwks_uri `as.jwks_uri`}.
		*
		* @ignore
		*
		* @param response Resolved value from {@link jwksRequest}.
		*
		* @returns Resolves with an object representing the parsed successful response.
		*
		* @see [JWK Set Format](https://www.rfc-editor.org/rfc/rfc7517.html#section-5)
		*/
		export declare function processJwksResponse(response: Response): Promise<JsonWebKeySet>;
		/**
		* Same as {@link validateAuthResponse} but for signed JARM responses.
		@@ -1188,7 +1080,5 @@ *
		* @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.4)
		* @see [draft-ietf-oauth-dpop-10 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html#name-dpop-access-token-request)
		* @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
		*/
		export declare function deviceCodeGrantRequest(as: AuthorizationServer, client: Client, deviceCode: string, options?: TokenEndpointRequestOptions): Promise<Response>;
		export interface ProcessDeviceCodeResponseOptions extends HttpRequestOptions, SkipJWTSignatureCheckOptions {
		}
		/**
		@@ -1207,3 +1097,3 @@ * Validates Device Authorization Grant Response instance to be one coming from the
		*/
		export declare function processDeviceCodeResponse(as: AuthorizationServer, client: Client, response: Response, options?: ProcessDeviceCodeResponseOptions): Promise<TokenEndpointResponse \| OAuth2Error>;
		export declare function processDeviceCodeResponse(as: AuthorizationServer, client: Client, response: Response): Promise<TokenEndpointResponse \| OAuth2Error>;
		export interface GenerateKeyPairOptions {
		@@ -1221,12 +1111,2 @@ /** Indicates whether or not the private key may be exported. Default is `false`. */
		export declare function generateKeyPair(alg: JWSAlgorithm, options?: GenerateKeyPairOptions): Promise<CryptoKeyPair>;
		/**
		* Calculates a base64url-encoded SHA-256 JWK Thumbprint.
		*
		* @ignore
		*
		* @param key A public extractable CryptoKey.
		*
		* @see [RFC 7638 - JSON Web Key (JWK) Thumbprint](https://www.rfc-editor.org/rfc/rfc7638.html)
		*/
		export declare function calculateJwkThumbprint(key: CryptoKey): Promise<string>;
		export {};

build/index.js

		let USER_AGENT;
		if (typeof navigator === 'undefined' \|\| !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
		const NAME = 'oauth4webapi';
		const VERSION = 'v1.4.1';
		const VERSION = 'v2.0.0';
		USER_AGENT = `${NAME}/${VERSION}`;
		@@ -492,5 +492,2 @@ }
		await dpopProofJwt(headers, options.DPoP, url, 'POST');
		if (!body.has('dpop_jkt')) {
		body.set('dpop_jkt', await calculateJwkThumbprint(options.DPoP.publicKey));
		}
		}
		@@ -635,4 +632,3 @@ return authenticatedRequest(as, client, 'POST', url, body, headers, options);
		}
		const jwksCache = new LRU(20);
		const cryptoKeyCaches = {};
		const jwksCache = Symbol();
		async function getPublicSigKeyFromIssuerJwksUri(as, options, header) {
		@@ -643,7 +639,7 @@ const { alg, kid } = header;
		let age;
		if (jwksCache.has(as.jwks_uri)) {
		if (as[jwksCache]) {
		;
		({ jwks, age } = jwksCache.get(as.jwks_uri));
		({ jwks, age } = as[jwksCache]);
		if (age >= 300) {
		jwksCache.delete(as.jwks_uri);
		as[jwksCache] = undefined;
		return getPublicSigKeyFromIssuerJwksUri(as, options, header);
		@@ -655,3 +651,3 @@ }
		age = 0;
		jwksCache.set(as.jwks_uri, {
		as[jwksCache] = {
		jwks,
		@@ -662,3 +658,3 @@ iat: epochTime(),
		},
		});
		};
		}
		@@ -706,3 +702,3 @@ let kty;
		if (age >= 60) {
		jwksCache.delete(as.jwks_uri);
		as[jwksCache] = undefined;
		return getPublicSigKeyFromIssuerJwksUri(as, options, header);
		@@ -715,10 +711,5 @@ }
		}
		cryptoKeyCaches[alg] \|\| (cryptoKeyCaches[alg] = new WeakMap());
		let key = cryptoKeyCaches[alg].get(jwk);
		if (!key) {
		key = await importJwk({ ...jwk, alg });
		if (key.type !== 'public') {
		throw new OPE('jwks_uri must only contain public keys');
		}
		cryptoKeyCaches[alg].set(jwk, key);
		const key = await importJwk(alg, jwk);
		if (key.type !== 'public') {
		throw new OPE('jwks_uri must only contain public keys');
		}
		@@ -731,3 +722,3 @@ return key;
		}
		export async function processUserInfoResponse(as, client, expectedSubject, response, options) {
		export async function processUserInfoResponse(as, client, expectedSubject, response) {
		assertAs(as);
		@@ -743,5 +734,3 @@ assertClient(client);
		if (getContentType(response) === 'application/jwt') {
		const { claims } = await validateJwt(await preserveBodyStream(response).text(), checkSigningAlgorithm.bind(undefined, client.userinfo_signed_response_alg, as.userinfo_signing_alg_values_supported), options?.skipJwtSignatureCheck !== true
		? getPublicSigKeyFromIssuerJwksUri.bind(undefined, as, options)
		: noSignatureCheck)
		const { claims } = await validateJwt(await preserveBodyStream(response).text(), checkSigningAlgorithm.bind(undefined, client.userinfo_signed_response_alg, as.userinfo_signing_alg_values_supported), noSignatureCheck)
		.then(validateOptionalAudience.bind(undefined, client.client_id))
		@@ -822,3 +811,3 @@ .then(validateOptionalIssuer.bind(undefined, as.issuer));
		}
		async function processGenericAccessTokenResponse(as, client, response, options, ignoreIdToken = false, ignoreRefreshToken = false, skipSignatureCheck = false) {
		async function processGenericAccessTokenResponse(as, client, response, ignoreIdToken = false, ignoreRefreshToken = false) {
		assertAs(as);
		@@ -873,5 +862,3 @@ assertClient(client);
		if (json.id_token) {
		const { claims } = await validateJwt(json.id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported), skipSignatureCheck !== true
		? getPublicSigKeyFromIssuerJwksUri.bind(undefined, as, options)
		: noSignatureCheck)
		const { claims } = await validateJwt(json.id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported), noSignatureCheck)
		.then(validatePresence.bind(undefined, ['aud', 'exp', 'iat', 'iss', 'sub']))
		@@ -891,4 +878,4 @@ .then(validateIssuer.bind(undefined, as.issuer))
		}
		export async function processRefreshTokenResponse(as, client, response, options) {
		return processGenericAccessTokenResponse(as, client, response, options, undefined, undefined, options?.skipJwtSignatureCheck === true);
		export async function processRefreshTokenResponse(as, client, response) {
		return processGenericAccessTokenResponse(as, client, response);
		}
		@@ -963,4 +950,4 @@ function validateOptionalAudience(expected, result) {
		export const skipAuthTimeCheck = Symbol();
		export async function processAuthorizationCodeOpenIDResponse(as, client, response, expectedNonce, maxAge, options) {
		const result = await processGenericAccessTokenResponse(as, client, response, options, undefined, undefined, options?.skipJwtSignatureCheck === true);
		export async function processAuthorizationCodeOpenIDResponse(as, client, response, expectedNonce, maxAge) {
		const result = await processGenericAccessTokenResponse(as, client, response);
		if (isOAuth2Error(result)) {
		@@ -1009,3 +996,3 @@ return result;
		export async function processAuthorizationCodeOAuth2Response(as, client, response) {
		const result = await processGenericAccessTokenResponse(as, client, response, undefined, true);
		const result = await processGenericAccessTokenResponse(as, client, response, true);
		if (isOAuth2Error(result)) {
		@@ -1034,3 +1021,3 @@ return result;
		export async function processClientCredentialsResponse(as, client, response) {
		const result = await processGenericAccessTokenResponse(as, client, response, undefined, true, true);
		const result = await processGenericAccessTokenResponse(as, client, response, true, true);
		if (isOAuth2Error(result)) {
		@@ -1096,3 +1083,3 @@ return result;
		}
		export async function processIntrospectionResponse(as, client, response, options) {
		export async function processIntrospectionResponse(as, client, response) {
		assertAs(as);
		@@ -1112,5 +1099,3 @@ assertClient(client);
		if (getContentType(response) === 'application/token-introspection+jwt') {
		const { claims } = await validateJwt(await preserveBodyStream(response).text(), checkSigningAlgorithm.bind(undefined, client.introspection_signed_response_alg, as.introspection_signing_alg_values_supported), options?.skipJwtSignatureCheck !== true
		? getPublicSigKeyFromIssuerJwksUri.bind(undefined, as, options)
		: noSignatureCheck)
		const { claims } = await validateJwt(await preserveBodyStream(response).text(), checkSigningAlgorithm.bind(undefined, client.introspection_signed_response_alg, as.introspection_signing_alg_values_supported), noSignatureCheck)
		.then(checkJwtType.bind(undefined, 'token-introspection+jwt'))
		@@ -1141,3 +1126,3 @@ .then(validatePresence.bind(undefined, ['aud', 'iat', 'iss']))
		}
		export async function jwksRequest(as, options) {
		async function jwksRequest(as, options) {
		assertAs(as);
		@@ -1158,3 +1143,3 @@ if (typeof as.jwks_uri !== 'string') {
		}
		export async function processJwksResponse(response) {
		async function processJwksResponse(response) {
		if (!(response instanceof Response)) {
		@@ -1425,4 +1410,4 @@ throw new TypeError('"response" must be an instance of Response');
		}
		async function importJwk(jwk) {
		const { alg, ext, key_ops, use, ...key } = jwk;
		async function importJwk(alg, jwk) {
		const { ext, key_ops, use, ...key } = jwk;
		let algorithm;
		@@ -1517,4 +1502,4 @@ switch (alg) {
		}
		export async function processDeviceCodeResponse(as, client, response, options) {
		return processGenericAccessTokenResponse(as, client, response, options, undefined, undefined, options?.skipJwtSignatureCheck === true);
		export async function processDeviceCodeResponse(as, client, response) {
		return processGenericAccessTokenResponse(as, client, response);
		}
		@@ -1554,23 +1539,1 @@ export async function generateKeyPair(alg, options) {
		}
		export async function calculateJwkThumbprint(key) {
		if (!isPublicKey(key) \|\| !key.extractable) {
		throw new TypeError('"key" must be an extractable public CryptoKey');
		}
		determineJWSAlgorithm(key);
		const jwk = await crypto.subtle.exportKey('jwk', key);
		let components;
		switch (jwk.kty) {
		case 'EC':
		components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };
		break;
		case 'OKP':
		components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };
		break;
		case 'RSA':
		components = { e: jwk.e, kty: jwk.kty, n: jwk.n };
		break;
		default:
		throw new UnsupportedOperationError();
		}
		return b64u(await crypto.subtle.digest({ name: 'SHA-256' }, buf(JSON.stringify(components))));
		}

package.json

		{
		"name": "oauth4webapi",
		"version": "1.4.1",
		"version": "2.0.0",
		"description": "OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes",
		@@ -5,0 +5,0 @@ "keywords": [

oauth4webapi - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics