npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@advanced-rest-client/api-authorization-method

v0.1.5

Published

An element to render an UI for various authorization methods with support of AMF data model for web APIs

Downloads

18

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

carowrightcarowrightjarrodekjarrodektwoplustwoonetwoplustwoonelbauretlbauret

Keywords

web-componentsauthorization-formshttpoauth1oauth2basicntlmapiamf

Readme

api-authorization-method

A web component that extends @advanced-rest-client/authorization-method to add ability to process API security configuration. The component works with the AML model generated by AMF parser. After applying amf and security properties to the element it, if possible, determines what are the authorization settings for the method, and applies default values.

For example, OAuth 2 can be configured in a number of different ways. When the security model is applied to the element it renders only those properties that the server requires to authenticate the user.

This element adds support for the following security description:

  • OAuth 2
  • OAuth 2 with annotation (see RAML's docs)
  • OAuth 1
  • RAML's custom scheme
  • Pass Through
  • Api Key (OAS)
  • Bearer (OAS)

This component fully support OAS security schemes.

Usage

The component extends @advanced-rest-client/authorization-method package to add API model support. The base component renders basic authorization methods. The element requires to apply AML's JSON+LD model to the amf property and scheme definition to the security property.

Installation

npm install --save @advanced-rest-client/api-authorization-method

In an html file

<html>
  <head>
    <script type="module">
      import '@advanced-rest-client/api-authorization-method/api-authorization-method.js';
    </script>
  </head>
  <body>
    <api-authorization-method type="OAuth 2" redirecturi="..."></api-authorization-method>
    <script>
    (async () => {
      const model = await getAmfModel();
      const oauthSecurity = getSecurity(model, '/endpoint', 'get');
      const element = document.querySelector('api-authorization-method');
      element.amf = model;
      element.security = oauthSecurity;
      element.onchange = (e) => {
        console.log(e.target.validate(), e.target.serialize());
      };
    })();
    </script>
  </body>
</html>

In a LitElement

import { LitElement, html } from 'lit-element';
import '@advanced-rest-client/api-authorization-method/api-authorization-method.js';

class SampleElement extends LitElement {
  static get properties() {
    return {
      amfModel: { type: Array },
      endpoint: { type: String },
      method: { type: String },
    };
  }

  get security() {
    const { amfModel, endpoint, method } = this;
    return this.readSecurityFor(amfModel, endpoint, method);
  }

  readSecurityFor(amf, endpoint, method) {
    // implement me
  }

  render() {
    const { amfModel, security } = this;
    return html`
    <api-authorization-method
      type="OAuth 2"
      .amf="${amfModel}"
      .security="${security}"
      @change="${this._securityChangeHandler}"></api-authorization-method>
    `;
  }

  _securityChangeHandler(e) {
    console.log('current authorization settings', e.target.serialize());
  }
}
customElements.define('sample-element', SampleElement);

Applying AMF model

First step is to pass the whole generated AMF model to the amf property. It is required to properly resolve internal model dependencies and to properly read keys in JSON+LD compact model.

Second step is to extract the correct security definition for a method. It is added to a http://a.ml/vocabularies/apiContract#supportedOperation object. The security setting that should be applied to the security property has type of http://a.ml/vocabularies/security#ParametrizedSecurityScheme.

An example script that applies the values can look like the following.

<api-authorization-method type="OAuth 2" id="auth"></api-authorization-method>
<script>
(async () => {
  const model = await getAmfModelSomehow();
  const security = readSecurityFor(model, '/endpoint', 'GET');
  const method = document.getElementById('auth');
  method.amf = model;
  method.security = security;
})();
</script>

The getAmfModelSomehow() function can download pre-generated model or run AMF parser directly from RAML or OAS specification. Then the readSecurityFor() function looks for security definition in /endpoint endpoint, inside GET method. When ready the values are applied to the element.

The order of setting type, amf, and security parameters doesn't matter as the data processing starts asynchronously. However, if the type does not match passed security the security settings is ignored.

A note on clearing settings property. When an undefined or any incompatible value is set to the settings property, the view won't change. Incompatible value is just ignored. Remove the element from the DOM if no longer applicable, change type property to something else, or apply new settings with the new values.

Exception

OAS' Api Key method support logical AND operation. This means that in this case the security parameter should receive the array of defined for the operation security schemes. That is, the array of items that is under security.scheme property when accessing security definition in the AMF model.

See demo/index.js for an example of how this is handled (setData() function).

Development

git clone https://github.com/advanced-rest-client/api-authorization-method
cd api-authorization-method
npm install

Running the demo locally

npm start

Running the tests

npm test

API components

This components is a part of API components ecosystem