openid-client - npm Package Compare versions

Comparing version 6.1.7 to 6.2.0

build/index.js

		@@ -8,3 +8,3 @@ import * as oauth from 'oauth4webapi';
		const NAME = 'openid-client';
		const VERSION = 'v6.1.7';
		const VERSION = 'v6.2.0';
		USER_AGENT = `${NAME}/${VERSION}`;
		@@ -548,2 +548,78 @@ headers = { 'user-agent': USER_AGENT };
		}
		export async function initiateBackchannelAuthentication(config, parameters) {
		checkConfig(config);
		const { as, c, auth, fetch, tlsOnly, timeout } = int(config);
		return oauth
		.backchannelAuthenticationRequest(as, c, auth, parameters, {
		[oauth.customFetch]: fetch,
		[oauth.allowInsecureRequests]: !tlsOnly,
		headers: new Headers(headers),
		signal: signal(timeout),
		})
		.then((response) => oauth.processBackchannelAuthenticationResponse(as, c, response))
		.catch(errorHandler);
		}
		export async function pollBackchannelAuthenticationGrant(config, backchannelAuthenticationResponse, parameters, options) {
		checkConfig(config);
		parameters = new URLSearchParams(parameters);
		let interval = backchannelAuthenticationResponse.interval ?? 5;
		const pollingSignal = options?.signal ??
		AbortSignal.timeout(backchannelAuthenticationResponse.expires_in * 1000);
		try {
		pollingSignal.throwIfAborted();
		}
		catch (err) {
		errorHandler(err);
		}
		await wait(interval);
		const { as, c, auth, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);
		const response = await oauth
		.backchannelAuthenticationGrantRequest(as, c, auth, backchannelAuthenticationResponse.auth_req_id, {
		[oauth.customFetch]: fetch,
		[oauth.allowInsecureRequests]: !tlsOnly,
		additionalParameters: parameters,
		DPoP: options?.DPoP,
		headers: new Headers(headers),
		signal: pollingSignal.aborted ? pollingSignal : signal(timeout),
		})
		.catch(errorHandler);
		const p = oauth.processBackchannelAuthenticationGrantResponse(as, c, response, {
		[oauth.jweDecrypt]: decrypt,
		});
		let result;
		try {
		result = await p;
		}
		catch (err) {
		if (retryable(err, options)) {
		return pollBackchannelAuthenticationGrant(config, {
		...backchannelAuthenticationResponse,
		interval,
		}, parameters, {
		...options,
		signal: pollingSignal,
		flag: retry,
		});
		}
		if (err instanceof oauth.ResponseBodyError) {
		switch (err.error) {
		case 'slow_down':
		interval += 5;
		case 'authorization_pending':
		return pollBackchannelAuthenticationGrant(config, {
		...backchannelAuthenticationResponse,
		interval,
		}, parameters, {
		...options,
		signal: pollingSignal,
		flag: undefined,
		});
		}
		}
		errorHandler(err);
		}
		result.id_token && (await nonRepudiation?.(response));
		addHelpers(result);
		return result;
		}
		export function allowInsecureRequests(config) {
		@@ -550,0 +626,0 @@ int(config).tlsOnly = false;

package.json

		{
		"name": "openid-client",
		"version": "6.1.7",
		"version": "6.2.0",
		"description": "OAuth 2 / OpenID Connect Client API for JavaScript Runtimes",
		@@ -88,3 +88,3 @@ "keywords": [
		"jose": "^5.9.6",
		"oauth4webapi": "^3.1.4"
		"oauth4webapi": "^3.2.0"
		},
		@@ -98,3 +98,3 @@ "devDependencies": {
		"@types/koa__cors": "^5.0.0",
		"@types/node": "^22.10.1",
		"@types/node": "^22.13.4",
		"@types/passport": "^1.0.17",
		@@ -105,11 +105,11 @@ "@types/qunit": "^2.19.12",
		"chrome-launcher": "^1.1.2",
		"edge-runtime": "^4.0.0",
		"esbuild": "^0.24.0",
		"ky": "^1.7.2",
		"oidc-provider": "^8.6.0",
		"edge-runtime": "^4.0.1",
		"esbuild": "^0.24.2",
		"ky": "^1.7.5",
		"oidc-provider": "^8.7.0",
		"patch-package": "^8.0.0",
		"prettier": "^3.4.1",
		"prettier-plugin-jsdoc": "^1.3.0",
		"puppeteer-core": "^23.9.0",
		"qunit": "^2.22.0",
		"prettier": "^3.5.1",
		"prettier-plugin-jsdoc": "^1.3.2",
		"puppeteer-core": "^24.2.1",
		"qunit": "^2.24.1",
		"raw-body": "^3.0.0",
		@@ -121,5 +121,5 @@ "selfsigned": "^2.4.1",
		"typedoc-plugin-mdn-links": "^4.0.3",
		"typescript": "^5.7.2",
		"undici": "^6.21.0"
		"typescript": "^5.7.3",
		"undici": "^6.21.1"
		}
		}

README.md

		@@ -13,3 +13,3 @@ # openid-client
		- Authorization Code Flow (profiled under OpenID Connect 1.0, OAuth 2.0, OAuth 2.1, FAPI 1.0 Advanced, and FAPI 2.0)
		- Refresh Token, Device Authorization, and Client Credentials Grants
		- Refresh Token, Device Authorization, Client-Initiated Backchannel Authentication, and Client Credentials Grants
		- Demonstrating Proof-of-Possession at the Application Layer (DPoP)
		@@ -186,2 +186,23 @@ - Token Introspection and Revocation

		### Client-Initiated Backchannel Authentication (CIBA)

		```ts
		let scope!: string // Scope of the access request
		let login_hint!: string // one of login_hint, id_token_hint, or login_hint_token parameters must be provided in CIBA

		let response = await client.initiateBackchannelAuthentication(config, {
		scope,
		login_hint,
		})

		// OPTIONAL: If your client is configured with Ping Mode you'd invoke the following after getting the CIBA Ping Callback (its implementation is framework specific and therefore out of scope for openid-client)

		let tokens: client.TokenEndpointResponse =
		await client.pollBackchannelAuthenticationGrant(config, response)

		console.log('Token Endpoint Response', tokens)
		```

		This will poll in a regular interval and only resolve with tokens once the end-user authenticates.

		### Client Credentials Grant
		@@ -230,2 +251,2 @@

		[^cjs]: CJS style `require('openid-client')` is possible in Node.js versions where `process.features.require_module` is `true` or with the `--experimental-require-module` Node.js CLI flag.
		[^cjs]: CJS style `let client = require('openid-client')` is possible in Node.js versions where `process.features.require_module` is `true` by default (^20.19.0 \|\| ^22.12.0 \|\| >= 23.0.0) or with the `--experimental-require-module` Node.js CLI flag.

build/index.d.ts

Sorry, the diff of this file is too big to display

build/index.js.map

Sorry, the diff of this file is not supported yet

openid-client - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes