@unireq/oauth 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +83 -0
- package/package.json +3 -3
package/README.md
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# @unireq/oauth
|
|
2
|
+
|
|
3
|
+
[](https://www.npmjs.com/package/@unireq/oauth)
|
|
4
|
+
[](https://opensource.org/licenses/MIT)
|
|
5
|
+
|
|
6
|
+
OAuth 2.0 Bearer authentication with JWT verification, proactive expiry checks, and automatic refresh on `401`.
|
|
7
|
+
|
|
8
|
+
## Installation
|
|
9
|
+
|
|
10
|
+
```bash
|
|
11
|
+
pnpm add @unireq/oauth
|
|
12
|
+
```
|
|
13
|
+
|
|
14
|
+
## Quick Start
|
|
15
|
+
|
|
16
|
+
```typescript
|
|
17
|
+
import { client, retry } from '@unireq/core';
|
|
18
|
+
import { http, parse, httpRetryPredicate, rateLimitDelay } from '@unireq/http';
|
|
19
|
+
import { oauthBearer } from '@unireq/oauth';
|
|
20
|
+
|
|
21
|
+
const api = client(
|
|
22
|
+
http('https://api.example.com'),
|
|
23
|
+
retry(httpRetryPredicate(), [rateLimitDelay({ maxWait: 60_000 })]),
|
|
24
|
+
oauthBearer({
|
|
25
|
+
tokenSupplier: async () => getAccessTokenFromVault(),
|
|
26
|
+
jwks: { type: 'url', url: 'https://accounts.example.com/jwks.json' },
|
|
27
|
+
skew: 60,
|
|
28
|
+
onRefresh: () => trace('refreshing token'),
|
|
29
|
+
}),
|
|
30
|
+
parse.json(),
|
|
31
|
+
);
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Features
|
|
35
|
+
|
|
36
|
+
| Symbol | Description |
|
|
37
|
+
| --- | --- |
|
|
38
|
+
| `oauthBearer(options)` | Injects `Authorization: Bearer` and handles refresh |
|
|
39
|
+
| `OAuthBearerOptions` | Token supplier, JWKS, skew, autoRefresh, hooks |
|
|
40
|
+
| `TokenSupplier` | `() => string \| Promise<string>` |
|
|
41
|
+
| `JWKSSource` | URL or static key for JWT verification |
|
|
42
|
+
|
|
43
|
+
## JWT Verification
|
|
44
|
+
|
|
45
|
+
```typescript
|
|
46
|
+
// JWKS URL (recommended)
|
|
47
|
+
oauthBearer({
|
|
48
|
+
tokenSupplier: getToken,
|
|
49
|
+
jwks: { type: 'url', url: 'https://idp.example.com/.well-known/jwks.json' },
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
// Static public key
|
|
53
|
+
oauthBearer({
|
|
54
|
+
tokenSupplier: getToken,
|
|
55
|
+
jwks: { type: 'key', key: process.env.OAUTH_PUBLIC_KEY },
|
|
56
|
+
});
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Auto-Refresh
|
|
60
|
+
|
|
61
|
+
- Inspects `WWW-Authenticate` on `401` responses
|
|
62
|
+
- Invokes `tokenSupplier` (single-flight) and replays the request
|
|
63
|
+
- Concurrent requests share a single refresh lock
|
|
64
|
+
|
|
65
|
+
## Policy Ordering
|
|
66
|
+
|
|
67
|
+
```typescript
|
|
68
|
+
// Correct - retry outside auth
|
|
69
|
+
const api = client(
|
|
70
|
+
http('...'),
|
|
71
|
+
retry(httpRetryPredicate(), [backoff()]), // outer
|
|
72
|
+
oauthBearer({ tokenSupplier }), // inner
|
|
73
|
+
parse.json(),
|
|
74
|
+
);
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
## Documentation
|
|
78
|
+
|
|
79
|
+
Full documentation available at [unireq.dev](https://oorabona.github.io/unireq/)
|
|
80
|
+
|
|
81
|
+
## License
|
|
82
|
+
|
|
83
|
+
MIT
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@unireq/oauth",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "OAuth Bearer authentication with JWT validation and auto-refresh for unireq",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -24,8 +24,8 @@
|
|
|
24
24
|
"author": "Olivier Orabona",
|
|
25
25
|
"license": "MIT",
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"@unireq/core": "1.0.
|
|
28
|
-
"@unireq/config": "1.0.
|
|
27
|
+
"@unireq/core": "1.0.1",
|
|
28
|
+
"@unireq/config": "1.0.1"
|
|
29
29
|
},
|
|
30
30
|
"peerDependencies": {
|
|
31
31
|
"openid-client": "^6.1.3",
|