Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

simple-oauth2

Package Overview
Dependencies
Maintainers
2
Versions
53
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

simple-oauth2 - npm Package Compare versions

Comparing version 4.0.0 to 4.1.0

9

CHANGELOG.md
# Changelog
## 4.1.0
### Improvements
- [#398](https://github.com/lelylan/simple-oauth2/pull/328) Add support to refresh persitent access tokens
### Maintainance
- [#326](https://github.com/lelylan/simple-oauth2/pull/326) Remove usage of [date-fns](https://date-fns.org/) production dependency
- [#325](https://github.com/lelylan/simple-oauth2/pull/325) Setup [volta](https://volta.sh/) instead of nvm to handle node versions
- [#322](https://github.com/lelylan/simple-oauth2/pull/322) Update acorn version in package-lock file
## 4.0.0

@@ -4,0 +13,0 @@ ### Breaking changes

12

lib/access-token/index.js
'use strict';
const Hoek = require('@hapi/hoek');
const { isBefore } = require('date-fns');
const GrantParams = require('../grant-params');

@@ -32,3 +31,3 @@ const { parseToken } = require('./token-parser');

expired(expirationWindowSeconds = 0) {
return isBefore(this.token.expires_at, Date.now() + expirationWindowSeconds * 1000);
return this.token.expires_at - (Date.now() + expirationWindowSeconds * 1000) <= 0;
}

@@ -84,2 +83,11 @@

}
/**
* Get the access token's internal JSON representation
*
* @returns {String}
*/
toJSON() {
return this.token;
}
};

7

lib/access-token/token-parser.js
'use strict';
const debug = require('debug')('simple-oauth2:access-token');
const { isDate, parseISO, addSeconds } = require('date-fns');

@@ -10,7 +9,7 @@ const EXPIRES_AT_PROPERTY_NAME = 'expires_at';

function getExpirationDate(expiresIn) {
return addSeconds(new Date(), Number.parseInt(expiresIn, 10));
return new Date(Date.now() + Number.parseInt(expiresIn, 10) * 1000);
}
function parseExpirationDate(expirationDate) {
if (isDate(expirationDate)) {
if (expirationDate instanceof Date) {
return expirationDate;

@@ -25,3 +24,3 @@ }

// ISO 8601 string
return parseISO(expirationDate);
return new Date(expirationDate);
}

@@ -28,0 +27,0 @@

@@ -52,4 +52,14 @@ 'use strict';

return new AccessToken(this.#config, this.#client, response);
return this.createToken(response);
}
/**
* Creates a new access token instance from a plain object
*
* @param {Object} token Plain object representation of an access token
* @returns {AccessToken}
*/
createToken(token) {
return new AccessToken(this.#config, this.#client, token);
}
};

@@ -27,4 +27,14 @@ 'use strict';

return new AccessToken(this.#config, this.#client, response);
return this.createToken(response);
}
/**
* Creates a new access token instance from a plain object
*
* @param {Object} token Plain object representation of an access token
* @returns {AccessToken}
*/
createToken(token) {
return new AccessToken(this.#config, this.#client, token);
}
};

@@ -29,4 +29,14 @@ 'use strict';

return new AccessToken(this.#config, this.#client, response);
return this.createToken(response);
}
/**
* Creates a new access token instance from a plain object
*
* @param {Object} token Plain object representation of an access token
* @returns {AccessToken}
*/
createToken(token) {
return new AccessToken(this.#config, this.#client, token);
}
};
{
"name": "simple-oauth2",
"version": "4.0.0",
"version": "4.1.0",
"description": "Node.js client for OAuth2",

@@ -51,3 +51,2 @@ "author": "Andrea Reginato <andrea.reginato@gmail.com>",

"@hapi/wreck": "^17.0.0",
"date-fns": "^2.14.0",
"debug": "^4.1.1"

@@ -61,2 +60,3 @@ },

"chance-access-token": "^2.0.0",
"date-fns": "^2.14.0",
"doctoc": "^1.4.0",

@@ -68,3 +68,6 @@ "eslint": "^6.8.0",

"nyc": "^15.0.1"
},
"volta": {
"node": "12.18.0"
}
}

@@ -162,6 +162,31 @@ # Simple OAuth2

When a token expires we need a mechanism to obtain a new access token. The [AccessToken](./API.md#accesstoken) methods can be used to perform the token refresh process.
On long lived applications, it is often necessary to refresh access tokens. In such scenarios the access token is usually persisted in an external database by first serializing it.
```javascript
async function run() {
const accessTokenJSONString = JSON.stringify(accessToken);
await persistAccessTokenJSON(accessTokenJSONString);
}
run();
```
By the time we need to refresh the persistent access token, we can get back an [AccessToken](./API.md#accesstoken) instance by using the client's [.createToken](./API.md#createtokentoken--accesstoken) method.
```javascript
async function run() {
const accessTokenJSONString = await getPersistedAccessTokenJSON();
let accessToken = client.createToken(JSON.parse(accessTokenJSONString));
}
run();
```
Once we have determined the access token needs refreshing with the [.expired()](./API.md##expiredexpirationwindowseconds--boolean) method, we can finally refresh it with a [.refresh()](#refreshparams--promiseaccesstoken) method call.
```javascript
async function run() {
if (accessToken.expired()) {

@@ -183,3 +208,3 @@ try {

The `expired` helper is useful for knowing when a token has definitively expired. However, there is a common race condition when tokens are near expiring. If an OAuth 2.0 token is issued with a `expires_in` property (as opposed to an `expires_at` property), there can be discrepancies between the time the OAuth 2.0 server issues the access token and when it is received.
The [.expired()](./API.md##expiredexpirationwindowseconds--boolean) helper is useful for knowing when a token has definitively expired. However, there is a common race condition when tokens are near expiring. If an OAuth 2.0 token is issued with a `expires_in` property (as opposed to an `expires_at` property), there can be discrepancies between the time the OAuth 2.0 server issues the access token and when it is received.

@@ -186,0 +211,0 @@ These come down to factors such as network and processing latency and can be worked around by preemptively refreshing the access token:

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc