pkce-x
v1.0.6
Published
PKCE is a security extension to OAuth 2.0 for public clients on mobile devices, designed to prevent interception of the authorisation code by a malicious application that has sneaked into the same device.
Downloads
24
Maintainers
Readme
PKCE-X
Easily Implement PKCE Authentication in Your JavaScript Application
PKCE is a security extension to OAuth 2.0 for public clients on mobile devices, designed to prevent malicious applications from intercepting the authorization code.
Installation
PKCE-X requires Node.js v12+ to run.
Install the dependencies and start the server.
npm install pkce-x
For production environments...
npm install pkce-x --production
NODE_ENV=production
Usage
Open your favorite Terminal and run these commands.
First invoke the auth service form the package:
import AuthService from "pkce-x";
const service = new AuthService({
client_id: 'XYZ',
client_secret: 'XYZ', // Optional. Use this if you want to send basic credentials with a base64 header.
redirect_uri: 'http://localhost:3000/pkce-demo',
authorization_endpoint: 'https://example.com/oauth2/authorize',
token_endpoint: 'https://example.com/oauth2/token',
requested_scopes: '*',
storage: localStorage, // Optioanl. By default it set to session storage.
organization: "PKCE-X" // Optioanl.
});
Authorize the application:
service.authorize();
Exchange the metadata with authentication server and browser:
service.exchange();
Get the access token:
service.getToken();
Get the expire in time:
service.getExpiresIn();
Get the scopes:
service.getScope();
License
MIT