Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
react-oauth2-code-pkce
Advanced tools
react-oauth2-code-pkce - npm Package Compare versions
Comparing version 1.20.2 to 1.21.0
@@ -11,4 +11,4 @@ "use strict"; | ||
| // Set default values for internal config object | ||
| const { autoLogin = true, clearURL = true, decodeToken = true, scope = undefined, preLogin = () => null, postLogin = () => null, onRefreshTokenExpire = undefined, storage = 'local', storageKeyPrefix = 'ROCP_', refreshWithScope = true, refreshTokenExpiryStrategy = 'renewable', } = passedConfig; | ||
| const config = Object.assign(Object.assign({}, passedConfig), { autoLogin: autoLogin, clearURL: clearURL, decodeToken: decodeToken, scope: scope, preLogin: preLogin, postLogin: postLogin, onRefreshTokenExpire: onRefreshTokenExpire, storage: storage, storageKeyPrefix: storageKeyPrefix, refreshWithScope: refreshWithScope, refreshTokenExpiryStrategy: refreshTokenExpiryStrategy }); | ||
| const { autoLogin = true, clearURL = true, decodeToken = true, scope = undefined, preLogin = () => null, postLogin = () => null, onRefreshTokenExpire = undefined, storage = 'local', storageKeyPrefix = 'ROCP_', refreshWithScope = true, refreshTokenExpiryStrategy = 'renewable', tokenRequestCredentials = 'same-origin', } = passedConfig; | ||
| const config = Object.assign(Object.assign({}, passedConfig), { autoLogin: autoLogin, clearURL: clearURL, decodeToken: decodeToken, scope: scope, preLogin: preLogin, postLogin: postLogin, onRefreshTokenExpire: onRefreshTokenExpire, storage: storage, storageKeyPrefix: storageKeyPrefix, refreshWithScope: refreshWithScope, refreshTokenExpiryStrategy: refreshTokenExpiryStrategy, tokenRequestCredentials: tokenRequestCredentials }); | ||
| validateConfig(config); | ||
@@ -15,0 +15,0 @@ return config; |
@@ -57,4 +57,4 @@ "use strict"; | ||
| } | ||
| function postTokenRequest(tokenEndpoint, tokenRequest) { | ||
| return (0, httpUtils_1.postWithXForm)(tokenEndpoint, tokenRequest).then((response) => { | ||
| function postTokenRequest(tokenEndpoint, tokenRequest, credentials) { | ||
| return (0, httpUtils_1.postWithXForm)({ url: tokenEndpoint, request: tokenRequest, credentials: credentials }).then((response) => { | ||
| return response.json().then((body) => { | ||
@@ -85,3 +85,3 @@ if (isTokenResponse(body)) { | ||
| const tokenRequest = Object.assign(Object.assign({ grant_type: 'authorization_code', code: authCode, client_id: config.clientId, redirect_uri: config.redirectUri, code_verifier: codeVerifier }, config.extraTokenParameters), config.extraAuthParams); | ||
| return postTokenRequest(config.tokenEndpoint, tokenRequest); | ||
| return postTokenRequest(config.tokenEndpoint, tokenRequest, config.tokenRequestCredentials); | ||
| }; | ||
@@ -94,3 +94,3 @@ exports.fetchTokens = fetchTokens; | ||
| refreshRequest.scope = config.scope; | ||
| return postTokenRequest(config.tokenEndpoint, refreshRequest); | ||
| return postTokenRequest(config.tokenEndpoint, refreshRequest, config.tokenRequestCredentials); | ||
| }; | ||
@@ -97,0 +97,0 @@ exports.fetchWithRefreshToken = fetchWithRefreshToken; |
| import type { TTokenRequest } from './types'; | ||
| export declare function postWithXForm(url: string, request: TTokenRequest): Promise<Response>; | ||
| interface PostWithXFormParams { | ||
| url: string; | ||
| request: TTokenRequest; | ||
| credentials: RequestCredentials; | ||
| } | ||
| export declare function postWithXForm({ url, request, credentials }: PostWithXFormParams): Promise<Response>; | ||
| export {}; |
@@ -21,4 +21,4 @@ "use strict"; | ||
| } | ||
| function postWithXForm(url, request) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| function postWithXForm(_a) { | ||
| return __awaiter(this, arguments, void 0, function* ({ url, request, credentials }) { | ||
| return fetch(url, { | ||
@@ -28,2 +28,3 @@ method: 'POST', | ||
| headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, | ||
| credentials: credentials, | ||
| }).then((response) => __awaiter(this, void 0, void 0, function* () { | ||
@@ -30,0 +31,0 @@ if (!response.ok) { |
@@ -74,2 +74,3 @@ import type { ReactNode } from 'react'; | ||
| refreshWithScope?: boolean; | ||
| tokenRequestCredentials?: RequestCredentials; | ||
| }; | ||
@@ -107,3 +108,4 @@ export type TRefreshTokenExpiredEvent = { | ||
| refreshWithScope: boolean; | ||
| tokenRequestCredentials: RequestCredentials; | ||
| }; | ||
| export {}; |
| { | ||
| "name": "react-oauth2-code-pkce", | ||
| "version": "1.20.2", | ||
| "version": "1.21.0", | ||
| "description": "Provider agnostic react package for OAuth2 Authorization Code flow with PKCE", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
@@ -173,2 +173,7 @@ # react-oauth2-code-pkce | ||
| refreshWithScope?: boolean // default: true | ||
| // Controls whether browser credentials (cookies, TLS client certificates, or authentication headers containing a username and password) are sent when requesting tokens. | ||
| // Warning: Including browser credentials deviates from the standard protocol and can introduce unforeseen security issues. Only set this to 'include' if you know what | ||
| // you are doing and CSRF protection is present. Setting this to 'include' is required when the token endpoint requires client certificate authentication, but likely is | ||
| // not needed in any other case. Use with caution. | ||
| tokenRequestCredentials?: 'same-origin'|'include'|'omit' // default: 'same-origin' | ||
| } | ||
@@ -175,0 +180,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.26%
52820
- Lines of code
- increased by1.26%
801
- Number of lines in readme file
- increased by2.23%
229
No dependency changes