npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

oa2

v0.1.0

Published

OAuth 1/2 made simple

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

szybkisaszaszybkisasza

Keywords

oauthauthauthorizationopen

Readme

OA2 - OAuth made simple

PLEASE NOTE - until the 1.0.0 release, the library is not fully working!!! Please relate to GitHub to see the progress

Simple OAuth library supporting common OAuth scenarios and popular OAuth providers, with understandable API and fully supporting promises.

This library was created as an attempt to modernize existing popular OAuth libraries and simplify their config. What's more, support for retry scenarios (network failure, server reject) was added to make OAuth calls more resilient to failure.

OAuth support

The library will support OAuth 1.0 and OAuth 2.0 in the final version

Configuration

Library is initialized with the config specific for the particular OAuth version.

After initialization, second part of the config (call-specific, e.g. client credentials) should be passed with each call.

For the details, please refer to each OAuth version section.

Backoff

Each OAuth call is wrapped in backoff code, to prevent any timeouts or server restrictions from affecting the client. By default, calls default backoff config. However, backoff can be adjusted to a specific needs by providing backoff key in module config (next to other, version-specific keys) as follows:


const config = {
  accessTokenURL: 'https://oauth-something.com/at',
  // (...) rest of the config
  backoff: {
    retries: 5, // **DEFAULT: 10** Number of retries before throwing an error
    factor: 2 // ** DEFAULT: 2** Exponential backoff factor
    minTimeout: 300 // **DEFAULT: 1000** Minimum time before the next retry
    maxTimeout: 5000 // **DEFAULT: 10000** Maximum time before the next retry, has to be bigger than minimum
    randomize: // **DEFAULT: true** flag depicting whether next backoff time should be randomized or strictly follow exponential curve
  }
}

For more details about this config, please refer to the README of the library used for managing the backoff: https://github.com/tim-kos/node-retry

OAuth 1.0

OAuth 1.0 module fully supports one, two and three-legged authorization. For now, only HMAC-SHA1 signatures are supported.

Please create feature request, if any other signatures are needed

Configuration

Basic module configuration includes only two URLs. Config structure for the OAuth 1.0 is presented below:


const config = {
  accessTokenURL: 'https://oauth-service/at', // **REQUIRED**. URL used for obtaining access tokens.
  authURL: 'https://oauth-service/auth', // URL used in three-legged auth - redirectURL
  requestTokenURL: 'https://oauth-service/rt', // URL used in two and three-legged auth for obtaining request tokens
  signatureMethod: 'HMAC-SHA1', // **DEFAULT: 'HMAC-SHA1'**. Signature method used.
  version: '1.0' // **DEFAULT: '1.0'**. Protocol version.
}

Usage

OAuth 2.0

OAuth 2.0 module supports both refreshable (ones having refresh_token) and simple services.

Configuration

Basic configuration is a bit more complicated than for the OAuth 1.0. Apart from the URLs, information about the scope is required.

The scope is a set of permissions the app will have. For the details, please refer to a particular OAuth provider documentation.


const config = {
  authURL: 'https://oauth-service/auth', // **REQUIRED** URL used in three-legged auth - redirectURL
  tokenURL: 'https://oauth-service/token', // **REQUIRED** URL used to obtain tokens (access, refresh)
  isrefreshable: true, // **DEFAULT: false** Flag depicting whether the OAuth client should be able to refresh tokens
  responseType: 'code', // **DEFAULT: 'code'** Response type for the auth call, usually set to 'code'
  scope: ['all'], // **REQUIRED** List of scopes to auth against
  custom: { // Custom properties to be attached to every OAuth 2.0 request
    my: 'property'
  }
}

Usage

Tests

Tests are run using jest framework. To run the tests, type in the CLI:

npm t