oauth4webapi - npm Package Compare versions

Comparing version 2.4.0 to 2.4.1

build/index.d.ts

@@ -1,7 +0,11 @@
-type JsonObject = {
+/** JSON Object */
+export type JsonObject = {
     [Key in string]?: JsonValue;
 };
-type JsonArray = JsonValue[];
-type JsonPrimitive = string | number | boolean | null;
-type JsonValue = JsonPrimitive | JsonObject | JsonArray;
+/** JSON Array */
+export type JsonArray = JsonValue[];
+/** JSON Primitives */
+export type JsonPrimitive = string | number | boolean | null;
+/** JSON Values */
+export type JsonValue = JsonPrimitive | JsonObject | JsonArray;
 /**
@@ -48,4 +52,6 @@ * Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be
  *
- * @example CryptoKey algorithm for the `PS256`, `PS384`, or `PS512` JWS Algorithm Identifiers
+ * @example
  *
+ * CryptoKey algorithm for the `PS256`, `PS384`, or `PS512` JWS Algorithm Identifiers
+ *
  * ```ts
@@ -68,4 +74,6 @@ * interface PS256 extends RsaHashedKeyAlgorithm {
  *
- * @example CryptoKey algorithm for the `ES256`, `ES384`, or `ES512` JWS Algorithm Identifiers
+ * @example
  *
+ * CryptoKey algorithm for the `ES256`, `ES384`, or `ES512` JWS Algorithm Identifiers
+ *
  * ```ts
@@ -88,4 +96,6 @@ * interface ES256 extends EcKeyAlgorithm {
  *
- * @example CryptoKey algorithm for the `RS256`, `RS384`, or `RS512` JWS Algorithm Identifiers
+ * @example
  *
+ * CryptoKey algorithm for the `RS256`, `RS384`, or `RS512` JWS Algorithm Identifiers
+ *
  * ```ts
@@ -108,5 +118,7 @@ * interface RS256 extends RsaHashedKeyAlgorithm {
  *
- * @example CryptoKey algorithm for the `EdDSA` JWS Algorithm Identifier (Experimental)
+ * @example
  *
- * Runtime support for this algorithm is very limited, it depends on the [Secure Curves in the Web
+ * CryptoKey algorithm for the `EdDSA` JWS Algorithm Identifier (Experimental)
+ *
+ * Runtime support for this algorithm is limited, it depends on the [Secure Curves in the Web
  * Cryptography API](https://wicg.github.io/webcrypto-secure-curves/) proposal which is yet to be
@@ -480,3 +492,3 @@ * widely adopted. If the proposal changes this implementation will follow up with a minor release.
      *
-     * @example Tolerate 30 seconds clock skew when validating JWT claims like `exp` or `nbf`.
+     * @example Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf.
      *
@@ -494,5 +506,7 @@ * ```ts
 }
+/** @group Errors */
 export declare class UnsupportedOperationError extends Error {
     constructor(message?: string);
 }
+/** @group Errors */
 export declare class OperationProcessingError extends Error {
@@ -508,4 +522,6 @@ constructor(message: string, options?: {
      *
-     * @example A 5000ms timeout AbortSignal for every request
+     * @example
      *
+     * A 5000ms timeout AbortSignal for every request
+     *
      * ```js
@@ -536,2 +552,5 @@ * const signal = () => AbortSignal.timeout(5_000) // Note: AbortSignal.timeout may not yet be available in all runtimes.
  *
+ * @group Authorization Server Metadata
+ * @group OpenID Connect (OIDC) Discovery
+ *
  * @see [RFC 8414 - OAuth 2.0 Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414.html#section-3)
@@ -550,2 +569,5 @@ * @see [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig)
  *
+ * @group Authorization Server Metadata
+ * @group OpenID Connect (OIDC) Discovery
+ *
  * @see [RFC 8414 - OAuth 2.0 Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414.html#section-3)
@@ -558,2 +580,7 @@ * @see [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig)
  *
+ * @group Utilities
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group Proof Key for Code Exchange by OAuth Public Clients (PKCE)
+ *
  * @see [RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4)
@@ -565,2 +592,4 @@ */
  *
+ * @group Utilities
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.1)
@@ -572,2 +601,4 @@ */
  *
+ * @group Utilities
+ *
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
@@ -582,2 +613,6 @@ */
  *
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group Proof Key for Code Exchange by OAuth Public Clients (PKCE)
+ *
  * @see [RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4)
@@ -623,2 +658,6 @@ */
  *
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group JWT-Secured Authorization Request (JAR)
+ *
  * @see [RFC 9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)](https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2)
@@ -635,3 +674,5 @@ */
  *
- * @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
+ * @group Pushed Authorization Requests (PAR)
+ *
+ * @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests (PAR)](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
  * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-with-pushed-authorizat)
@@ -653,3 +694,15 @@ */
 }
-/** A helper function used to determine if a response processing function returned an OAuth2Error. */
+/**
+ * A helper function used to determine if a response processing function returned an OAuth2Error.
+ *
+ * @group Utilities
+ * @group Client Credentials Grant
+ * @group Device Authorization Grant
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group Token Introspection
+ * @group Token Revocation
+ * @group Refreshing an Access Token
+ * @group Pushed Authorization Requests (PAR)
+ */
 export declare function isOAuth2Error(input?: ReturnTypes): input is OAuth2Error;
@@ -664,7 +717,7 @@ export interface WWWAuthenticateChallengeParameters {
     /** NOTE: because the parameter names are case insensitive they are always returned lowercased */
-    readonly [parameter: string]: string | undefined;
+    readonly [parameter: Lowercase<string>]: string | undefined;
 }
 export interface WWWAuthenticateChallenge {
     /** NOTE: because the value is case insensitive it is always returned lowercased */
-    readonly scheme: string;
+    readonly scheme: Lowercase<string>;
     readonly parameters: WWWAuthenticateChallengeParameters;
@@ -677,2 +730,13 @@ }
  *   preserved. `undefined` when there wasn't a `WWW-Authenticate` HTTP Header returned.
+ *
+ * @group Accessing Protected Resources
+ * @group Utilities
+ * @group Client Credentials Grant
+ * @group Device Authorization Grant
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group Token Introspection
+ * @group Token Revocation
+ * @group Refreshing an Access Token
+ * @group Pushed Authorization Requests (PAR)
  */
@@ -692,3 +756,5 @@ export declare function parseWwwAuthenticateChallenges(response: Response): WWWAuthenticateChallenge[] | undefined;
  *
- * @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
+ * @group Pushed Authorization Requests (PAR)
+ *
+ * @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests (PAR)](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
  */
@@ -719,2 +785,4 @@ export declare function processPushedAuthorizationResponse(as: AuthorizationServer, client: Client, response: Response): Promise<PushedAuthorizationResponse | OAuth2Error>;
  *
+ * @group Accessing Protected Resources
+ *
  * @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
@@ -736,2 +804,5 @@ * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access)
  *
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group OpenID Connect (OIDC) UserInfo
+ *
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
@@ -796,2 +867,5 @@ * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access)
  *
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group OpenID Connect (OIDC) UserInfo
+ *
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
@@ -812,2 +886,4 @@ */
  *
+ * @group Refreshing an Access Token
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-6)
@@ -824,2 +900,4 @@ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens)
  * @returns JWT Claims Set from an ID Token.
+ *
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
  */
@@ -849,2 +927,4 @@ export declare function getValidatedIdTokenClaims(ref: OpenIDTokenEndpointResponse): IDToken;
  *
+ * @group Refreshing an Access Token
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-6)
@@ -865,2 +945,5 @@ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens)
  *
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1)
@@ -899,3 +982,3 @@ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
     /** NOTE: because the value is case insensitive it is always returned lowercased */
-    readonly token_type: string;
+    readonly token_type: 'bearer' | 'dpop' | Lowercase<string>;
     readonly [parameter: string]: JsonValue | undefined;
@@ -910,3 +993,3 @@ }
     /** NOTE: because the value is case insensitive it is always returned lowercased */
-    readonly token_type: string;
+    readonly token_type: 'bearer' | 'dpop' | Lowercase<string>;
     readonly [parameter: string]: JsonValue | undefined;
@@ -921,3 +1004,3 @@ }
     /** NOTE: because the value is case insensitive it is always returned lowercased */
-    readonly token_type: string;
+    readonly token_type: 'bearer' | 'dpop' | Lowercase<string>;
     readonly [parameter: string]: JsonValue | undefined;
@@ -930,3 +1013,3 @@ }
     /** NOTE: because the value is case insensitive it is always returned lowercased */
-    readonly token_type: string;
+    readonly token_type: 'bearer' | 'dpop' | Lowercase<string>;
     readonly [parameter: string]: JsonValue | undefined;
@@ -963,2 +1046,4 @@ }
  *
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1)
@@ -980,2 +1065,4 @@ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
  *
+ * @group Authorization Code Grant
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1)
@@ -993,2 +1080,4 @@ */
  *
+ * @group Client Credentials Grant
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)
@@ -1010,2 +1099,4 @@ * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-access-token-request)
  *
+ * @group Client Credentials Grant
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)
@@ -1027,2 +1118,4 @@ */
  *
+ * @group Token Revocation
+ *
  * @see [RFC 7009 - OAuth 2.0 Token Revocation](https://www.rfc-editor.org/rfc/rfc7009.html#section-2)
@@ -1040,2 +1133,4 @@ */
  *
+ * @group Token Revocation
+ *
  * @see [RFC 7009 - OAuth 2.0 Token Revocation](https://www.rfc-editor.org/rfc/rfc7009.html#section-2)
@@ -1067,2 +1162,4 @@ */
  *
+ * @group Token Introspection
+ *
  * @see [RFC 7662 - OAuth 2.0 Token Introspection](https://www.rfc-editor.org/rfc/rfc7662.html#section-2)
@@ -1106,2 +1203,4 @@ * @see [draft-ietf-oauth-jwt-introspection-response-12 - JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html#section-4)
  *
+ * @group Token Introspection
+ *
  * @see [RFC 7662 - OAuth 2.0 Token Introspection](https://www.rfc-editor.org/rfc/rfc7662.html#section-2)
@@ -1121,2 +1220,6 @@ * @see [draft-ietf-oauth-jwt-introspection-response-12 - JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html#section-5)
  *
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ * @group JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
+ *
  * @see [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/openid-financial-api-jarm.html)
@@ -1153,2 +1256,5 @@ */
  *
+ * @group Authorization Code Grant
+ * @group Authorization Code Grant w/ OpenID Connect (OIDC)
+ *
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.2)
@@ -1170,2 +1276,4 @@ * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
  *
+ * @group Device Authorization Grant
+ *
  * @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.1)
@@ -1195,2 +1303,4 @@ */
  *
+ * @group Device Authorization Grant
+ *
  * @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.1)
@@ -1207,2 +1317,4 @@ */
  *
+ * @group Device Authorization Grant
+ *
  * @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.4)
@@ -1224,2 +1336,4 @@ * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-access-token-request)
  *
+ * @group Device Authorization Grant
+ *
  * @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.4)
@@ -1240,4 +1354,6 @@ */
  * @param alg Supported JWS `alg` Algorithm identifier.
+ *
+ * @group Utilities
  */
 export declare function generateKeyPair(alg: JWSAlgorithm, options?: GenerateKeyPairOptions): Promise<CryptoKeyPair>;
 export {};

build/index.js

 let USER_AGENT;
 if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
     const NAME = 'oauth4webapi';
-    const VERSION = 'v2.4.0';
+    const VERSION = 'v2.4.1';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -197,3 +197,3 @@ }
     headers.set('accept', 'application/json');
-    return fetch(url.href, {
+    const request = new Request(url.href, {
         headers,
@@ -203,3 +203,4 @@ method: 'GET',
         signal: options?.signal ? signal(options.signal) : null,
-    }).then(processDpopNonce);
+    });
+    return fetch(request).then(processDpopNonce);
 }
@@ -659,3 +660,3 @@ function validateString(input) {
     }
-    return fetch(url.href, {
+    const request = new Request(url.href, {
         body,
@@ -666,3 +667,4 @@ headers,
         signal: options?.signal ? signal(options.signal) : null,
-    }).then(processDpopNonce);
+    });
+    return fetch(request).then(processDpopNonce);
 }
@@ -827,3 +829,3 @@ export async function userInfoRequest(as, client, accessToken, options) {
     headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');
-    return fetch(url.href, {
+    const request = new Request(url.href, {
         body,
@@ -834,3 +836,4 @@ headers,
         signal: options?.signal ? signal(options.signal) : null,
-    }).then(processDpopNonce);
+    });
+    return fetch(request).then(processDpopNonce);
 }
@@ -1195,3 +1198,3 @@ async function tokenEndpointRequest(as, client, grantType, parameters, options) {
     headers.append('accept', 'application/jwk-set+json');
-    return fetch(url.href, {
+    const request = new Request(url.href, {
         headers,
@@ -1201,3 +1204,4 @@ method: 'GET',
         signal: options?.signal ? signal(options.signal) : null,
-    }).then(processDpopNonce);
+    });
+    return fetch(request).then(processDpopNonce);
 }
@@ -1204,0 +1208,0 @@ async function processJwksResponse(response) {

package.json

 {
   "name": "oauth4webapi",
-  "version": "2.4.0",
+  "version": "2.4.1",
   "description": "OAuth 2 / OpenID Connect for JavaScript Runtimes",
@@ -66,20 +66,20 @@ "keywords": [
   "devDependencies": {
-    "@esbuild-kit/esm-loader": "^2.6.5",
-    "@types/node": "^20.9.0",
-    "@types/qunit": "^2.19.8",
+    "@types/node": "^20.10.6",
+    "@types/qunit": "^2.19.9",
     "ava": "^5.3.1",
     "edge-runtime": "^2.5.7",
-    "esbuild": "^0.19.5",
-    "jose": "^5.1.1",
+    "esbuild": "^0.19.11",
+    "jose": "^5.2.0",
     "patch-package": "^8.0.0",
-    "prettier": "^3.1.0",
-    "prettier-plugin-jsdoc": "^1.1.1",
+    "prettier": "^3.1.1",
+    "prettier-plugin-jsdoc": "^1.3.0",
     "qunit": "^2.20.0",
     "timekeeper": "^2.3.1",
-    "typedoc": "^0.25.3",
+    "tsx": "^4.7.0",
+    "typedoc": "^0.25.6",
     "typedoc-plugin-markdown": "^3.17.1",
-    "typedoc-plugin-mdn-links": "^3.1.0",
-    "typescript": "^5.2.2",
-    "undici": "^5.27.2"
+    "typedoc-plugin-mdn-links": "^3.1.10",
+    "typescript": "^5.3.3",
+    "undici": "^5.28.2"
   }
 }

README.md

@@ -44,3 +44,3 @@ # OAuth 2 / OpenID Connect for JavaScript Runtimes
 ```js
-import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.0/mod.ts'
+import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.1/mod.ts'
 ```
@@ -47,0 +47,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

127071

increased by2.63%

Lines of code

2919

increased by4.29%

No dependency changes