npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@bitinflow/nuxt-oauth

v2.0.4

Published

Nuxt 3 OAuth Module

Downloads

213

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ghostzeroghostzero

Keywords

Readme

🔒 @bitinflow/nuxt-oauth

@bitinflow/nuxt-oauth is a Nuxt 3 Module that provides a simple OAuth 2 implementation for static site nuxt applications for which no backend code is required. It uses the recommended Authorization Code Grant with PKCE by default and supports Implicit Grant Tokens as well.

This package is intended to be used with Laravel Passport, allowing users to interact with their first-party API using their own OAuth provider. Currently, it does not support multiple OAuth providers. With @bitinflow/nuxt-oauth, developers can quickly and easily implement secure OAuth authentication in their Nuxt applications.

Features

  • 📦 Authorization Code Grant with PKCE (default)
  • 📦 Simple OAuth 2 Implicit Grant Token authentication (not recommended)
  • 📦 Intended to be used with laravel-passport
  • 📦 Single OAuth provider support (currently)

Quick Setup

Note: Starting with @bitinflow/nuxt-oauth v2.0.0, the default response type is code. If you want to use the token response type, you need to set it explicitly in the configuration.

  1. Add @bitinflow/nuxt-oauth dependency to your project
# Using pnpm
pnpm add -D @bitinflow/nuxt-oauth

# Using yarn
yarn add --dev @bitinflow/nuxt-oauth

# Using npm
npm install --save-dev @bitinflow/nuxt-oauth
  1. Add @bitinflow/nuxt-oauth to the modules section of nuxt.config.ts and disable ssr.

Or alternatively disable ssr via routeRules, only for pages where auth or guest middlewares are needed. Typically account section and login page.

export default defineNuxtConfig({
  modules: [
    '@bitinflow/nuxt-oauth'
  ],

  ssr: false,
  // or
  routeRules: {
    '/dashboard/**': {ssr: false},
    '/whatever/**': {ssr: false}
  },

  // example 1: using code response type (default)
  oauth: {
    endpoints: {
      authorization: 'https://example.com/oauth/authorize',
      token: 'https://example.com/oauth/token',
      userInfo: 'https://example.com/api/users/me',
      logout: 'https://example.com/oauth/logout'
    },
    clientId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
    scope: ['user:read']
  },

  // example 2: using token response type (not recommended)
  oauth: {
    endpoints: {
      authorization: 'https://example.com/oauth/authorize',
      userInfo: 'https://example.com/api/users/me',
      logout: 'https://example.com/oauth/logout'
    },
    clientId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
    responseType: 'token',
    scope: ['user:read']
  },
})

This will be your callback url (host is determined by window.location.origin):

  • Callback: http://localhost:3000/login

That's it! You can now use @bitinflow/nuxt-oauth in your Nuxt app ✨

Module Options

The module provides a set of customizable options to configure OAuth-based authentication for your application. Below is a detailed description of each option and its default values:

redirect

This option defines the URLs for redirection during the authentication process.

  • login (string): The URL to redirect to when a user needs to log in. Default: /login.
  • logout (string): The URL to redirect to after logging out. Default: /.
  • callback (string): The URL to handle the OAuth callback. Default: /login.
  • home (string): The URL to redirect to after successful authentication. Default: /.

endpoints

Configures the OAuth server endpoints for authorization, token exchange, and user information retrieval.

  • authorization (string): The OAuth authorization endpoint. Default: https://example.com/oauth/authorize.
  • token (string): The OAuth token endpoint. Default: https://example.com/oauth/token.
  • userInfo (string): The endpoint to retrieve user information. Default: https://example.com/api/users/me.
  • logout (string | null): The endpoint for logging out from the OAuth provider. Default: null.

refreshToken

Manages the refresh token settings.

  • maxAge (number): The maximum age (in seconds) for storing the refresh token in cookies. Default: 60 * 60 * 24 * 30 (30 days).

cookies

Configures cookie settings for storing OAuth tokens and related data.

  • prefix (string): A prefix for all cookie names. Default: none.
  • names: Specific names for different OAuth-related cookies.
    • oauth_user: The cookie name for storing the OAuth user. Default: oauth_user.
    • oauth_state: The cookie name for storing the OAuth state. Default: oauth_state.
    • oauth_code_verifier: The cookie name for storing the OAuth code verifier. Default: oauth_code_verifier.
    • oauth_access_token: The cookie name for storing the access token. Default: oauth_access_token.
    • oauth_refresh_token: The cookie name for storing the refresh token. Default: oauth_refresh_token.
  • options: Additional settings for cookie behavior.
    • path (string): The cookie path. Default: none.
    • maxAge (number): The cookie's maximum age (in seconds). Default: none.
    • secure (boolean): Whether the cookie should only be sent over HTTPS. Default: none.
    • sameSite (string): Sets the SameSite cookie attribute (lax, strict, or none). Default: none.
    • domain (string): Specifies the cookie's domain. Default: none.
    • httpOnly (boolean): Indicates if the cookie is inaccessible to JavaScript. Default: none.

clientId

  • (string): The client ID used for OAuth authentication. Default: please-set-client-id.

responseType

  • ('token' | 'code'): The type of OAuth response, either token-based or code-based flow. Default: code.

prompt

  • ('' | 'none' | 'login' | 'consent'): The prompt parameter to control the OAuth flow. Default: ''.

scope

  • (string[]): The OAuth scopes requested during authentication. Default: [] (empty array).

Development

# Install dependencies
npm install

# Generate type stubs
npm run dev:prepare

# Develop with the playground
npm run dev

# Build the playground
npm run dev:build

# Run ESLint
npm run lint

# Run Vitest
npm run test
npm run test:watch

# Release new version
npm run release