react-oauth2-code-pkce - npm Package Compare versions

Comparing version 1.9.1 to 1.10.0

dist/AuthContext.js

@@ -70,6 +70,6 @@ "use strict";
     }
-    function logOut() {
+    function logOut(state, logoutHint) {
         clearStorage();
         if ((config === null || config === void 0 ? void 0 : config.logoutEndpoint) && refreshToken)
-            (0, authentication_1.redirectToLogout)(config, refreshToken);
+            (0, authentication_1.redirectToLogout)(config, refreshToken, idToken, state, logoutHint);
     }
@@ -76,0 +76,0 @@ function login() {

dist/authentication.d.ts

@@ -8,2 +8,2 @@ import { TInternalConfig, TTokenResponse } from './Types';
 }) => Promise<TTokenResponse>;
-export declare function redirectToLogout(config: TInternalConfig, token: string): void;
+export declare function redirectToLogout(config: TInternalConfig, token: string, idToken?: string, state?: string, logoutHint?: string): void;

dist/authentication.js

@@ -80,14 +80,15 @@ "use strict";
 exports.fetchWithRefreshToken = fetchWithRefreshToken;
-function redirectToLogout(config, token) {
+function redirectToLogout(config, token, idToken, state, logoutHint) {
     var _a;
-    const params = new URLSearchParams({
-        token: token,
+    const params = new URLSearchParams(Object.assign({ token: token, 
         // TODO: Add config param for token type
-        token_type_hint: 'refresh_token',
-        client_id: config.clientId,
-        // TODO: Add extra logout params
-        post_logout_redirect_uri: (_a = config.logoutRedirect) !== null && _a !== void 0 ? _a : config.redirectUri,
-    });
+        token_type_hint: 'refresh_token', client_id: config.clientId, post_logout_redirect_uri: (_a = config.logoutRedirect) !== null && _a !== void 0 ? _a : config.redirectUri, ui_locales: window.navigator.languages.reduce((a, b) => a + ' ' + b) }, config.extraLogoutParameters));
+    if (idToken)
+        params.append('id_token_hint', idToken);
+    if (state)
+        params.append('state', state);
+    if (logoutHint)
+        params.append('logout_hint', logoutHint);
     window.location.replace(`${config.logoutEndpoint}?${params.toString()}`);
 }
 exports.redirectToLogout = redirectToLogout;

dist/Types.d.ts

@@ -34,3 +34,3 @@ import { ReactNode } from 'react';
     token: string;
-    logOut: () => void;
+    logOut: (state?: string, logoutHint?: string) => void;
     login: () => void;
@@ -65,2 +65,5 @@ error: string | null;
     };
+    extraLogoutParameters?: {
+        [key: string]: string | boolean | number;
+    };
 };
@@ -92,3 +95,6 @@ export type TRefreshTokenExpiredEvent = {
     };
+    extraLogoutParameters?: {
+        [key: string]: string | boolean | number;
+    };
 };
 export {};

package.json

 {
   "name": "react-oauth2-code-pkce",
-  "version": "1.9.1",
+  "version": "1.10.0",
   "description": "Provider agnostic react package for OAuth2 Authorization Code flow with PKCE",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

README.md

@@ -68,17 +68,20 @@ # react-oauth2-code-pkce · [![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/soofstad/react-oauth2-pkce/blob/main/LICENSE) [![npm version](https://img.shields.io/npm/v/react-oauth2-code-pkce)](https://www.npmjs.com/package/react-oauth2-code-pkce) ![CI](https://github.com/soofstad/react-oauth2-pkce/actions/workflows/tests.yaml/badge.svg)
 
-## IAuthContext values
+## API
 
-The `IAuthContext` interface that the `AuthContext` returns when called with `useContext()` provides these values;
+### IAuthContext values
 
+The object that's returned by `useContext(AuthContext)` provides these values;
+
 ```typescript
 interface IAuthContext {
-  // The access token. This is what you will use for authentication against protected API's
+  // The access token. This is what you will use for authentication against protected Web API's
   token: string
   // An object with all the properties encoded in the token (username, email, etc.), if the token is a JWT 
   tokenData?: TTokenData
-  // Login the user
+  // Function to trigger login.
   login: () => void  
-  // Logout the user from the auth provider
-  logOut: () => void
-  // Keeps any errors that occured during login or token fetching/refreshing. 
+  // Function to trigger logout from authentication provider. You may provide optional 'state', and 'logout_hint' values.
+  // See https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout for details.
+  logOut: (state?: string, logoutHint?: string) => void
+  // Keeps any errors that occured during login, token fetching/refreshing, decoding, etc.. 
   error: string | null
@@ -94,4 +97,14 @@ // The idToken, if it was returned along with the access token
 
-## All configuration parameters
+### Configuration parameters
 
+__react-oauth2-code-pkce__'s goal is to "just work" with any authentication provider that either
+supports the [OAuth2](https://datatracker.ietf.org/doc/html/rfc7636) or [OpenID Connect](https://openid.net/developers/specs/) (OIDC) standards.  
+However, many authentication providers are not following these standards, or have extended them. 
+With this in mind, if you are experiencing any problems, a good place to start is to see if the provider expects some custom parameters.
+If they do, these can be injected into the different calls with these configuration options;
+
+- `extraAuthParameters`
+- `extraTokenParameters`
+- `extraLogoutParameters`
+
 The `<AuthProvider>` takes a `config` object that supports these parameters;
@@ -135,2 +148,4 @@
   extraTokenParameters?: { [key: string]: string | boolean | number } // default: null
+  // Can be used to provide any non-standard parameters to the logout request
+  extraLogoutParameters?: { [key: string]: string | boolean | number } // default: null
   // Superseded by 'extraTokenParameters' options. Will be deprecated in 2.0
@@ -142,10 +157,4 @@ extraAuthParams?: { [key: string]: string | boolean | number }  // default: null
 
-## Known issues
+## Common issues
 
-### The page randomly refreshes in the middle of a session
-
-This will happen if you haven't provided a callback-function for the `onRefreshTokenExpire` config parameter, and the refresh token expires.
-You probably want to implement some kind of "alert/message/banner", saying that the session has expired and that the user needs to login again.
-Either by refreshing the page, or clicking a "Login-button".
-
 ### After redirect back from auth provider with `?code`, no token request is made
@@ -158,2 +167,8 @@
 
+### The page randomly refreshes in the middle of a session
+
+This will happen if you haven't provided a callback-function for the `onRefreshTokenExpire` config parameter, and the refresh token expires.
+You probably want to implement some kind of "alert/message/banner", saying that the session has expired and that the user needs to login again.
+Either by refreshing the page, or clicking a "Login-button".
+
 ## Develop
@@ -167,2 +182,2 @@
 
-You are welcome to create issues and pull requests :)
+You are most welcome to create issues and pull requests :)

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

38775

increased by4.3%

Lines of code

644

increased by1.1%

Number of lines in readme file

178

increased by9.2%

No dependency changes