npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

simple-oauth2-ts-client

v1.0.8

Published

A TypeScript OAuth 2.0 client library

Downloads

605

Readme

OAuth 2.0 Client Library Implementation

So for the Implementation of the Library, i have followed the specs proposed by IETF OAuth Working Group.

So Basic flow of the protocol:

OAuth2.0 Abstract Flow

Diagram

Features

It is a light weight package only has axios as its dependencies, uses web crypto which are built-in since Node 18 (but it works with Polyfills on Node 14 and 16).

It is platform agnostic which can be used in both client and server javascript environment .

Following OAuth Grant, it Supports

  • Authorization Code
  • PKCE
  • Client Credentials
  • Refresh Token
  • Legacy: Implicit Flow

Installation

Install simple-oauth2-ts-client with npm

  npm i simple-oauth2-ts-client

Usage/Examples

To get started with initialize the client with the following attributes

 const client =new OAuthClient({
      auth_server: string; //authorisation  server domain endpoint 
      client_id: string;  // provided by auth server for public client 
      client_secret?: string; // provided by auth server for confidential client 
      redirect_uri: string; // redirection uri for Authorization Code && implicit grant type
      authorization_endpoint?: string; // @default /authorize
      token_endpoint?: string; // @default /token
      authenticationMethod?: "client_secret_basic" | "client_secret_post" | "none";
 })

This client Object has following method to use for various purposes

// This will return redirection uri -->

  await client.startAuthFlow(
    params: OAuthStartAuthFlow
  ): Promise<OAuthStartAuthFlowResponse> // can be used for Authorization Code or implicit grants

// to handle successful redirection uri 

    await client.handleCallback(params: {
    uri: string;  // redirection back uri
    grant_type: OAuth2GrantType;  // use authorization_code for Authorization Code grant type
    state?: string; //   // Optional string that can be sent along to the auth server. This value will
  // be sent along with the redirect back to the app verbatim.
    code_verifier?: string; // to support PKCE 
    }): Promise<OAuth2Token> 
  
// to handle refresh token 

await client.refreshToken(
    refreshToken: string,
    params?: RefreshParams
  ): Promise<OAuth2Token> 

To generate code verifier and codeChallenge , it exports uility function to do This

await generateCodeVerifier(): Promise<string>

Challenges ?

During Impplementations of specs of OAuth 2.0

I have no idea about the clear picture of inner working of the OAuth 2.0, so going though https://oauth.net/2/ specs helps me a lot to clear things out. I was intiially using webpack build, but not able debug properly the errors, and test the lib in real application, so i have to use npm link, and local implementation to clear thing out .

During PKCE implementations ?

To suppor crypo lib in both client, and server runtime, i have to explore how can i achieve it , then i have came across the stack overflow ans about the various implementions in various environments

 async function getWebCrypto(): Promise<typeof window.crypto> {
  // Browsers
  if (typeof window !== "undefined" && window.crypto) {
    if (!window.crypto.subtle?.digest) {
      throw new Error(
        "The context/environment is not secure, and does not support the 'crypto.subtle' module. See: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle for details"
      );
    }
    return window.crypto;
  }
  // Web workers possibly
  if (typeof self !== "undefined" && self.crypto) {
    return self.crypto;
  }
  // Node
  // eslint-disable-next-line @typescript-eslint/no-var-requires
  const crypto = await import("crypto");
  return crypto.webcrypto as typeof window.crypto;
}

This helps me to generate code verifier and code challenge without using any third party library.

Demo

Client side implementation, used Auth0 Provider for the auth server

Live Demo: https://oauth-client.vercel.app/

Dummy Credentials

User Email : [email protected]

Password: xzH@$ubp25744Y9

Server Side Implementions ( used Next Js SSR)

Live Demo: https://oauth-client-gt7y.vercel.app/

Dummy Credentials

User Email : [email protected]

Password: xzH@$ubp25744Y9