UNPKG

@badgateway/oauth2-client

Version:

OAuth2 client for browsers and Node.js. Tiny footprint, PKCE support

github.com/badgateway/oauth2-client

badgateway/oauth2-client

95 lines (94 loc) 3.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import { OAuth2Client } from '../client.ts'; import type { OAuth2Token } from '../token.ts'; type GetAuthorizeUrlParams = { /** * Where to redirect the user back to after authentication. */ redirectUri: string; /** * The 'state' is a string that can be sent to the authentication server, * and back to the redirectUri. */ state?: string; /** * Code verifier for PKCE support. If you used this in the redirect * to the authorization endpoint, you also need to use this again * when getting the access_token on the token endpoint. */ codeVerifier?: string; /** * List of scopes. */ scope?: string[]; /** * The resource the client intends to access. * * This is defined in RFC 8707. */ resource?: string[] | string; /** * Any parameters listed here will be added to the query string for the authorization server endpoint. */ extraParams?: Record<string, string>; /** * By default response parameters for the authorization_flow will be added * to the query string. * * Some servers let you put this in the fragment instead. This may be * benefical if your client is a browser, as embedding the authorization * code in the fragment part of the URI prevents it from being sent back * to the server. * * See: https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html */ responseMode?: 'query' | 'fragment'; }; type ValidateResponseResult = { /** * The authorization code. This code should be used to obtain an access token. */ code: string; /** * List of scopes that the client requested. */ scope?: string[]; }; type GetTokenParams = { code: string; redirectUri: string; state?: string; codeVerifier?: string; /** * The resource the client intends to access. * * @see https://datatracker.ietf.org/doc/html/rfc8707 */ resource?: string[] | string; }; export declare class OAuth2AuthorizationCodeClient { client: OAuth2Client; constructor(client: OAuth2Client); /** * Returns the URi that the user should open in a browser to initiate the * authorization_code flow. */ getAuthorizeUri(params: GetAuthorizeUrlParams): Promise<string>; getTokenFromCodeRedirect(url: string | URL, params: Omit<GetTokenParams, 'code'>): Promise<OAuth2Token>; /** * After the user redirected back from the authorization endpoint, the * url will contain a 'code' and other information. * * This function takes the url and validate the response. If the user * redirected back with an error, an error will be thrown. */ validateResponse(url: string | URL, params: { state?: string; }): ValidateResponseResult; /** * Receives an OAuth2 token using 'authorization_code' grant */ getToken(params: GetTokenParams): Promise<OAuth2Token>; } export declare function generateCodeVerifier(): Promise<string>; export declare function getCodeChallenge(codeVerifier: string): Promise<['plain' | 'S256', string]>; export {};