Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

simple-oauth2

Package Overview
Dependencies
Maintainers
2
Versions
53
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

simple-oauth2 - npm Package Compare versions

Comparing version 2.5.2 to 3.0.0

lib/access-token.js

20

CHANGELOG.md
# Changelog
## 3.0.0
### Breaking changes
* [#260](https://github.com/lelylan/simple-oauth2/pull/260) Use @hapi/wreck v15. This version changes how a **baseUrl** is resolved against a **path**, affecting how `auth.tokenHost`, `auth.tokenPath`, `auth.authorizeHost` and `auth.authorizePath` are resolved when using the `.getToken` methods. See [@hapi/wreck](https://github.com/hapijs/wreck/issues/244) breaking changes to better understand potential issues that may arise.
* [#260](https://github.com/lelylan/simple-oauth2/pull/260) Use new Node.js WHATWG URL api instead of the legacy url module. This change affects how `auth.authorizeHost` and `auth.authorizePath` are resolved when using the `authorizationCode.authorizeURL` method.
* [#256](https://github.com/lelylan/simple-oauth2/pull/256) Users can override the `grant_type` parameter when performing a token exchange throught the `.getToken` method. Useful in cases where the auth server uses a value different from the standard.
* [#256](https://github.com/lelylan/simple-oauth2/pull/256) Token exchange methods no longer mutate provided arguments
* [#255](https://github.com/lelylan/simple-oauth2/pull/255) Follow up to 20 redirects by default
* [#200](https://github.com/lelylan/simple-oauth2/pull/200) [#256](https://github.com/lelylan/simple-oauth2/pull/256) Change default multiple scope encoding from using comma to spaces on all token exchange methods
* [#88](https://github.com/lelylan/simple-oauth2/pull/88) Change JSON response parsing mode from `smart` to `strict`. Since the OAuth2 specification indicates only JSON responses are valid, any non-JSON response throws an error instead of resolving into a Buffer. Use `http.json = true` to restore the previous behavior.
### New features
* [#270](https://github.com/lelylan/simple-oauth2/pull/270) All token exchange methods now accept an optional argument to override non-essential [http options](https://github.com/hapijs/wreck/blob/master/API.md#requestmethod-uri-options) or [read parsing options](https://github.com/hapijs/wreck/blob/master/API.md#readresponse-options).
* [#268](https://github.com/lelylan/simple-oauth2/pull/268) All token exchange methods can be called without arguments
* [#263](https://github.com/lelylan/simple-oauth2/pull/263) Use @hapi/joi v16. No breaking changes are expected.
## 2.5.2

@@ -4,0 +24,0 @@

30

index.js
'use strict';
const Joi = require('@hapi/joi');
const authCodeModule = require('./lib/client/auth-code');
const passwordModule = require('./lib/client/password');
const accessTokenModule = require('./lib/access-token');
const clientCredentialsModule = require('./lib/client/client');
const Client = require('./lib/client');
const AuthorizationCode = require('./lib/grants/authorization-code');
const PasswordOwner = require('./lib/grants/password-owner');
const ClientCredentials = require('./lib/grants/client-credentials');
const AccessToken = require('./lib/access-token');

@@ -16,4 +17,4 @@ // https://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-A.1

client: Joi.object().keys({
id: Joi.string().regex(vsCharRegEx).allow(''),
secret: Joi.string().regex(vsCharRegEx).allow(''),
id: Joi.string().pattern(vsCharRegEx).allow(''),
secret: Joi.string().pattern(vsCharRegEx).allow(''),
secretParamName: Joi.string().default('client_secret'),

@@ -26,3 +27,3 @@ idParamName: Joi.string().default('client_id'),

revokePath: Joi.string().default('/oauth/revoke'),
authorizeHost: Joi.string().default(Joi.ref('tokenHost')),
authorizeHost: Joi.string().uri({ scheme: ['http', 'https'] }).default(Joi.ref('tokenHost')),
authorizePath: Joi.string().default('/oauth/authorize'),

@@ -32,4 +33,4 @@ }).required(),

options: Joi.object().keys({
bodyFormat: Joi.any().only('form', 'json').default('form'),
authorizationMethod: Joi.any().only('header', 'body').default('header'),
bodyFormat: Joi.any().valid('form', 'json').default('form'),
authorizationMethod: Joi.any().valid('header', 'body').default('header'),
}).default(),

@@ -47,10 +48,13 @@ });

const options = Joi.attempt(opts, optionsSchema, 'Invalid options provided to simple-oauth2');
const client = new Client(options);
return {
accessToken: accessTokenModule(options),
ownerPassword: passwordModule(options),
authorizationCode: authCodeModule(options),
clientCredentials: clientCredentialsModule(options),
accessToken: {
create: AccessToken.factory(options, client),
},
ownerPassword: new PasswordOwner(options, client),
authorizationCode: new AuthorizationCode(options, client),
clientCredentials: new ClientCredentials(options, client),
};
},
};

@@ -5,16 +5,16 @@ 'use strict';

/**
* Encode a single {value} using the application/x-www-form-urlencoded media type
* while also applying some additional rules specified by the spec
*
* @see https://tools.ietf.org/html/rfc6749#appendix-B
*
* @param {String} value
*/
function useFormURLEncode(value) {
return encodeURIComponent(value).replace(/%20/g, '+');
}
module.exports = {
/**
* Encode a single {value} using the application/x-www-form-urlencoded media type
* while also applying some additional rules specified by the spec
*
* @see https://tools.ietf.org/html/rfc6749#appendix-B
*
* @param {String} value
*/
useFormURLEncode(value) {
return encodeURIComponent(value).replace(/%20/g, '+');
},
/**
* Get the authorization header used to request a valid token

@@ -26,3 +26,3 @@ * @param {String} clientID

getAuthorizationHeaderToken(clientID, clientSecret) {
const encodedCredentials = `${this.useFormURLEncode(clientID)}:${this.useFormURLEncode(clientSecret)}`;
const encodedCredentials = `${useFormURLEncode(clientID)}:${useFormURLEncode(clientSecret)}`;

@@ -29,0 +29,0 @@ return Buffer.from(encodedCredentials).toString(HEADER_ENCODING_FORMAT);

{
"name": "simple-oauth2",
"version": "2.5.2",
"version": "3.0.0",
"description": "Node.js client for OAuth2",

@@ -47,17 +47,19 @@ "author": "Andrea Reginato <andrea.reginato@gmail.com>",

"dependencies": {
"@hapi/joi": "^15.1.1",
"date-fns": "^2.2.1",
"debug": "^4.1.1",
"wreck": "^14.0.2"
"@hapi/hoek": "^8.3.0",
"@hapi/joi": "^16.1.7",
"@hapi/wreck": "^15.1.0",
"date-fns": "^2.4.1",
"debug": "^4.1.1"
},
"devDependencies": {
"@hapi/boom": "^8.0.1",
"ava": "^2.4.0",
"chance": "^1.0.18",
"chance": "^1.1.0",
"chance-access-token": "^1.0.1",
"doctoc": "^1.4.0",
"eslint": "^6.4.0",
"eslint": "^6.5.1",
"eslint-config-airbnb-base": "^14.0.0",
"eslint-plugin-import": "^2.9.0",
"lodash": "^4.17.15",
"nock": "^11.3.5",
"nock": "^11.3.6",
"nyc": "^14.1.1"

@@ -64,0 +66,0 @@ },

@@ -143,5 +143,8 @@ # Simple OAuth2

// Optional per-call http options
const httpOptions = {};
// Save the access token
try {
const result = await oauth2.authorizationCode.getToken(tokenConfig)
const result = await oauth2.authorizationCode.getToken(tokenConfig, httpOptions);
const accessToken = oauth2.accessToken.create(result);

@@ -171,5 +174,8 @@ } catch (error) {

// Optional per-call http options
const httpOptions = {};
// Save the access token
try {
const result = await oauth2.ownerPassword.getToken(tokenConfig);
const result = await oauth2.ownerPassword.getToken(tokenConfig, httpOptions);
const accessToken = oauth2.accessToken.create(result);

@@ -191,5 +197,8 @@ } catch (error) {

// Optional per-call http options
const httpOptions = {};
// Get the access token object for the client
try {
const result = await oauth2.clientCredentials.getToken(tokenConfig);
const result = await oauth2.clientCredentials.getToken(tokenConfig, httpOptions);
const accessToken = oauth2.accessToken.create(result);

@@ -223,3 +232,7 @@ } catch (error) {

try {
accessToken = await accessToken.refresh();
const params = {
scope: '<scope>', // also can be an array of multiple scopes, ex. ['<scope1>, '<scope2>', '...']
};
accessToken = await accessToken.refresh(params);
} catch (error) {

@@ -226,0 +239,0 @@ console.log('Error refreshing access token: ', error.message);

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc