@unireq/oauth 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +83 -0
  2. package/package.json +7 -7
package/README.md ADDED
@@ -0,0 +1,83 @@
1
+ # @unireq/oauth
2
+
3
+ [![npm version](https://img.shields.io/npm/v/@unireq/oauth.svg)](https://www.npmjs.com/package/@unireq/oauth)
4
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
5
+
6
+ OAuth 2.0 Bearer authentication with JWT verification, proactive expiry checks, and automatic refresh on `401`.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ pnpm add @unireq/oauth
12
+ ```
13
+
14
+ ## Quick Start
15
+
16
+ ```typescript
17
+ import { client, retry } from '@unireq/core';
18
+ import { http, parse, httpRetryPredicate, rateLimitDelay } from '@unireq/http';
19
+ import { oauthBearer } from '@unireq/oauth';
20
+
21
+ const api = client(
22
+ http('https://api.example.com'),
23
+ retry(httpRetryPredicate(), [rateLimitDelay({ maxWait: 60_000 })]),
24
+ oauthBearer({
25
+ tokenSupplier: async () => getAccessTokenFromVault(),
26
+ jwks: { type: 'url', url: 'https://accounts.example.com/jwks.json' },
27
+ skew: 60,
28
+ onRefresh: () => trace('refreshing token'),
29
+ }),
30
+ parse.json(),
31
+ );
32
+ ```
33
+
34
+ ## Features
35
+
36
+ | Symbol | Description |
37
+ | --- | --- |
38
+ | `oauthBearer(options)` | Injects `Authorization: Bearer` and handles refresh |
39
+ | `OAuthBearerOptions` | Token supplier, JWKS, skew, autoRefresh, hooks |
40
+ | `TokenSupplier` | `() => string \| Promise<string>` |
41
+ | `JWKSSource` | URL or static key for JWT verification |
42
+
43
+ ## JWT Verification
44
+
45
+ ```typescript
46
+ // JWKS URL (recommended)
47
+ oauthBearer({
48
+ tokenSupplier: getToken,
49
+ jwks: { type: 'url', url: 'https://idp.example.com/.well-known/jwks.json' },
50
+ });
51
+
52
+ // Static public key
53
+ oauthBearer({
54
+ tokenSupplier: getToken,
55
+ jwks: { type: 'key', key: process.env.OAUTH_PUBLIC_KEY },
56
+ });
57
+ ```
58
+
59
+ ## Auto-Refresh
60
+
61
+ - Inspects `WWW-Authenticate` on `401` responses
62
+ - Invokes `tokenSupplier` (single-flight) and replays the request
63
+ - Concurrent requests share a single refresh lock
64
+
65
+ ## Policy Ordering
66
+
67
+ ```typescript
68
+ // Correct - retry outside auth
69
+ const api = client(
70
+ http('...'),
71
+ retry(httpRetryPredicate(), [backoff()]), // outer
72
+ oauthBearer({ tokenSupplier }), // inner
73
+ parse.json(),
74
+ );
75
+ ```
76
+
77
+ ## Documentation
78
+
79
+ Full documentation available at [unireq.dev](https://oorabona.github.io/unireq/)
80
+
81
+ ## License
82
+
83
+ MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@unireq/oauth",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "OAuth Bearer authentication with JWT validation and auto-refresh for unireq",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -24,12 +24,12 @@
24
24
  "author": "Olivier Orabona",
25
25
  "license": "MIT",
26
26
  "dependencies": {
27
- "@unireq/core": "1.0.0",
28
- "@unireq/config": "1.0.0"
27
+ "@unireq/core": "1.0.2",
28
+ "@unireq/config": "1.0.1"
29
29
  },
30
30
  "peerDependencies": {
31
- "openid-client": "^6.1.3",
32
- "jose": "^5.9.6"
31
+ "openid-client": "^6.8.2",
32
+ "jose": "^5.10.0"
33
33
  },
34
34
  "peerDependenciesMeta": {
35
35
  "openid-client": {
@@ -42,8 +42,8 @@
42
42
  "devDependencies": {
43
43
  "typescript": "^5.9.3",
44
44
  "tsup": "^8.5.1",
45
- "vitest": "^4.0.16",
46
- "jose": "^5.9.6"
45
+ "vitest": "^4.0.18",
46
+ "jose": "^5.10.0"
47
47
  },
48
48
  "engines": {
49
49
  "node": ">=18.0.0"