simple-oauth2 - npm Package Compare versions

Comparing version 3.2.0 to 3.3.0

CHANGELOG.md

		# Changelog

		## Next
		### 3.3.0
		* [#299](https://github.com/lelylan/simple-oauth2/pull/299) Add support to verify for token expiration with a custom expiration window
		* [#300](https://github.com/lelylan/simple-oauth2/pull/300) Add support to set the header credentials' encoding mode with `options.credentialsEncodingMode`.

		## 3.2.0
		### New features
		* [#298](https://github.com/lelylan/simple-oauth2/pull/298) Add support for custom scope separator by using the `options.scopeSeparator` configuration
		* [#298](https://github.com/lelylan/simple-oauth2/pull/298) Add support for custom scope separator by using `options.scopeSeparator` configuration

		@@ -7,0 +12,0 @@ ### Improvements

index.js

		@@ -32,3 +32,4 @@ 'use strict';
		scopeSeparator: Joi.string().default(' '),
		bodyFormat: Joi.any().valid('form', 'json').default('form'),
		credentialsEncodingMode: Joi.string().valid('strict', 'loose').default('strict'),
		bodyFormat: Joi.string().valid('form', 'json').default('form'),
		authorizationMethod: Joi.any().valid('header', 'body').default('header'),
		@@ -35,0 +36,0 @@ }).default(),

lib/access-token.js

		@@ -8,3 +8,3 @@ 'use strict';
		const addSeconds = require('date-fns/addSeconds');
		const isAfter = require('date-fns/isAfter');
		const isBefore = require('date-fns/isBefore');

		@@ -56,8 +56,9 @@ const GrantParams = require('./grant-params');
		/**
		* Determines if the current access token is definitely expired or not
		* Determines if the current access token has already expired or if it is about to expire
		*
		* @param {Number} expirationWindowSeconds Window of time before the actual expiration to refresh the token
		* @returns {Boolean}
		*/
		expired() {
		return isAfter(new Date(), this.token.expires_at);
		expired(expirationWindowSeconds = 0) {
		return isBefore(this.token.expires_at, Date.now() + expirationWindowSeconds * 1000);
		}
		@@ -64,0 +65,0 @@

lib/encoding.js

		@@ -10,2 +10,3 @@ 'use strict';
		* @see https://tools.ietf.org/html/rfc6749#appendix-B
		* @see https://tools.ietf.org/html/rfc6749#section-2.3.1
		*
		@@ -18,3 +19,18 @@ * @param {String} value

		module.exports = {
		/**
		* Get a string representation for the client credentials
		*
		* @param {String} clientID
		* @param {String} clientSecret
		* @returns {String} credentials
		*/
		function getCredentialsString(clientID, clientSecret) {
		return `${clientID}:${clientSecret}`;
		}

		module.exports = class Encoding {
		constructor(encodingMode) {
		this.encodingMode = encodingMode;
		}

		/**
		@@ -27,6 +43,12 @@ * Get the authorization header used to request a valid token
		getAuthorizationHeaderToken(clientID, clientSecret) {
		const encodedCredentials = `${useFormURLEncode(clientID)}:${useFormURLEncode(clientSecret)}`;
		let encodedCredentials;

		if (this.encodingMode === 'strict') {
		encodedCredentials = getCredentialsString(useFormURLEncode(clientID), useFormURLEncode(clientSecret));
		} else {
		encodedCredentials = getCredentialsString(clientID, clientSecret);
		}

		return Buffer.from(encodedCredentials).toString(HEADER_ENCODING_FORMAT);
		},
		}
		};

lib/request-options.js

		@@ -6,3 +6,3 @@ 'use strict';
		const debug = require('debug')('simple-oauth2:request-options');
		const encoding = require('./encoding');
		const Encoding = require('./encoding');

		@@ -29,2 +29,3 @@ const JSON_CONTENT_TYPE = 'application/json';
		if (this.config.options.authorizationMethod === 'header') {
		const encoding = new Encoding(this.config.options.credentialsEncodingMode);
		const credentials = encoding.getAuthorizationHeaderToken(this.config.client.id, this.config.client.secret);
		@@ -31,0 +32,0 @@

package.json

		{
		"name": "simple-oauth2",
		"version": "3.2.0",
		"version": "3.3.0",
		"description": "Node.js client for OAuth2",
		@@ -5,0 +5,0 @@ "author": "Andrea Reginato <andrea.reginato@gmail.com>",

README.md

		@@ -187,13 +187,5 @@ # Simple OAuth2
		async function run() {
		// Provide a window of time before the actual expiration to refresh the token
		const EXPIRATION_WINDOW_IN_SECONDS = 300;
		const EXPIRATION_WINDOW_IN_SECONDS = 300; // Window of time before the actual expiration to refresh the token

		const { token } = accessToken;
		const expirationTimeInSeconds = token.expires_at.getTime() / 1000;
		const expirationWindowStart = expirationTimeInSeconds - EXPIRATION_WINDOW_IN_SECONDS;

		// If the start of the window has passed, refresh the token
		const nowInSeconds = (new Date()).getTime() / 1000;
		const shouldRefresh = nowInSeconds >= expirationWindowStart;
		if (shouldRefresh) {
		if (token.expired(EXPIRATION_WINDOW_IN_SECONDS)) {
		try {
		@@ -214,9 +206,4 @@ accessToken = await accessToken.refresh();
		async function run() {
		// Revoke both access and refresh tokens
		try {
		// Revoke only the access token
		await accessToken.revoke('access_token');

		// Session ended. But the refresh_token is still valid.
		// Revoke the refresh token
		await accessToken.revoke('refresh_token');
		@@ -223,0 +210,0 @@ } catch (error) {

New alerts