npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@corepass/auth

v1.3.1

Published

CorePass OAuth client.

Downloads

5

Readme

CorePass Auth

CorePass Auth

CorePass Auth for JavaScript is a client SDK for public clients for communicating with OAuth 2.0 and OpenID Connect providers following the best practice RFC 8252 - OAuth 2.0 for Native Apps. The library is designed for use in Web Apps, Node.js CLI applications, Chrome Apps and applications that use Electron or similar frameworks.

It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language.

The library also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.

Examples

An example application using the library is included in the src/node_app folder and at https://github.com/googlesamples/appauth-js-electron-sample.

Auth Flow

CorePass Auth supports manual interaction with the Authorization Server where you need to perform your own token exchanges. This example performs a manual exchange.

Fetch Service Configuration

AuthorizationServiceConfiguration.fetchFromIssuer(openIdConnectUrl)
  .then(response => {
    log('Fetched service configuration', response);
    this.configuration = response;
    this.showMessage('Completed fetching configuration');
  })
  .catch(error => {
    log('Something bad happened', error);
    this.showMessage(`Something bad happened ${error}`)
  });

Make Authorization Requests

this.notifier = new AuthorizationNotifier();
// uses a redirect flow
this.authorizationHandler = new RedirectRequestHandler();
// set notifier to deliver responses
this.authorizationHandler.setAuthorizationNotifier(this.notifier);
// set a listener to listen for authorization responses
this.notifier.setAuthorizationListener((request, response, error) => {
  log('Authorization request complete ', request, response, error);
  if (response) {
    this.code = response.code;
    this.showMessage(`Authorization Code ${response.code}`);
  }
});

// create a request
let request = new AuthorizationRequest({
    client_id: clientId,
    redirect_uri: redirectUri,
    scope: scope,
    response_type: AuthorizationRequest.RESPONSE_TYPE_CODE,
    state: undefined,
    extras: {'prompt': 'consent', 'access_type': 'offline'}
  });

// make the authorization request
this.authorizationHandler.performAuthorizationRequest(this.configuration, request);

Making Token Requests

this.tokenHandler = new BaseTokenRequestHandler();

let request: TokenRequest|null = null;

if (this.code) {
  let extras: StringMap|undefined = undefined;
  if (this.request && this.request.internal) {
    extras = {};
    extras['code_verifier'] = this.request.internal['code_verifier'];
  }
  // use the code to make the token request.
  request = new TokenRequest({
      client_id: clientId,
      redirect_uri: redirectUri,
      grant_type: GRANT_TYPE_AUTHORIZATION_CODE,
      code: this.code,
      refresh_token: undefined,
      extras: extras
    });
} else if (this.tokenResponse) {
  // use the token response to make a request for an access token
  request = new TokenRequest({
      client_id: clientId,
      redirect_uri: redirectUri,
      grant_type: GRANT_TYPE_REFRESH_TOKEN,
      code: undefined,
      refresh_token: this.tokenResponse.refreshToken,
      extras: undefined
    });
}

this.tokenHandler.performTokenRequest(this.configuration, request)
  .then(response => {
    // ... do something with token response
  });

Make End Session Requests

this.notifier = new AuthorizationNotifier();
// uses a redirect flow
this.authorizationHandler = new RedirectRequestHandler();
// set notifier to deliver responses
this.authorizationHandler.setAuthorizationNotifier(this.notifier);
// set a listener to listen for authorization responses
this.notifier.setAuthorizationListener((request, response, error) => {
  log('End Session request complete ', request, response, error);
  if (response && response instanceof EndSessionResponse) {
    //do clean up
  }
});

// create a request
const request = new EndSessionRequest({
    id_token_hint: idToken,
    post_logout_redirect_uri: post_logout_redirect_uri,
    state: undefined,
  })

// make the end Session request
this.authorizationHandler.performEndSessionRequest(this.configuration, request);

Development

Preamble

This client has been written with TypeScript.

Setup

  • Install the latest version of Node. NVM (Node Version Manager is highly recommended).

  • Use nvm install to install the recommended Node.js version.

  • Download the latest version of Visual Studio Code from here.

Provision Dependencies

This app uses npm to provision its dependencies.

  • git clone the CorePass JS library and go to the root folder of the project containing package.json file.
  • npm install to install all the dev and project dependencies.

Thats it! You are now ready to start working on CorePass JS.

Development Workflow

The project uses npm scripts to automate development workflows. These scripts are made available via the package.json file.

The following scripts are included:

  • npm run compile or tsc will compile all your TypeScript files. All compiled files go into the built/ folder.

  • npm run watch or tsc --watch will compile your TypeScript files in watch mode. Recommended if you want to get continuous feedback.

  • npm run build-app generates the output bundle.js file in the built/ directory. This includes the full CorePass JS library including all its dependencies.

  • npm test provisions the Karma test runner to run all unit tests. All tests are written using Jasmine. To DEBUG your tests, click on the Debug button in the Karma test runner to look at the actual source of the tests. You can attach break points here.

  • npm run app builds the test app on a local web server. This is an end-to-end app which uses CorePass JS and is a demonstration on how to use the library.

  • npm run node-app builds a Node.js CLI sample app. This is an end-to-end app which uses CorePass JS in a Node.js context.

Epigram

「Cryptoni Confidimus」

License

Licensed under the Apache License 2.0.