npm - @webex/plugin-authorization - Versions diffs - 3.8.1 → 3.9.0-webinar5k.1 - Mend

@webex/plugin-authorization 3.8.1 → 3.9.0-webinar5k.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/OAUTH-FLOW-GUIDE.md ADDED Viewed

@@ -0,0 +1,121 @@
+# Webex OAuth Authorization Flow - Overview Guide
+This document provides an overview of how the Webex SDK handles OAuth authorization across different environments. For detailed environment-specific information, see the dedicated guides below.
+## Environment-Specific Guides
+### Browser OAuth Flow
+For browser-based applications using the Webex SDK in web environments:
+**📖 [BROWSER-OAUTH-FLOW-GUIDE.md](../plugin-authorization-browser/BROWSER-OAUTH-FLOW-GUIDE.md)**
+Covers:
+- Browser initialization and setup
+- Implicit Grant vs Authorization Code Grant flows
+- Browser-specific CSRF protection
+- URL parsing and token extraction
+- Browser storage and events
+### Node.js OAuth Flow
+For server-side applications using the Webex SDK in Node.js environments:
+**📖 [NODE-OAUTH-FLOW-GUIDE.md](../plugin-authorization-node/NODE-OAUTH-FLOW-GUIDE.md)**
+Covers:
+- Server-side initialization and configuration
+- Authorization Code Grant flow
+- JWT authentication for server-to-server
+- Secure token storage and management
+- Server-side token refresh handling
+## Quick Environment Detection
+The Webex SDK automatically detects your environment and loads the appropriate authorization plugin:
+### Browser Environment
+- **Detects**: `window` object presence
+- **Loads**: `@webex/plugin-authorization-browser`
+- **Features**: URL parsing, browser storage, popup/redirect handling
+- **Flows**: Implicit Grant (default), Authorization Code Grant
+### Node.js Environment
+- **Detects**: Node.js runtime
+- **Loads**: `@webex/plugin-authorization-node`
+- **Features**: Server-side token exchange, secure credential storage
+- **Flows**: Authorization Code Grant (primary), JWT authentication
+## Common OAuth Flow Steps
+Regardless of environment, the OAuth flow follows these general steps:
+1. **Initialization**: Configure SDK with client credentials and scopes
+2. **Authorization**: Redirect user to Webex identity broker for authentication
+3. **Code/Token Reception**: Receive authorization code or access token
+4. **Token Exchange**: Exchange code for tokens (Authorization Code Grant)
+5. **Token Storage**: Store and manage tokens securely
+6. **Token Refresh**: Automatically refresh expired tokens
+7. **API Access**: Make authenticated requests to Webex APIs
+## Flow Type Comparison
+| Aspect             | Implicit Grant        | Authorization Code Grant           |
+| ------------------ | --------------------- | ---------------------------------- |
+| **Client Type**    | Public                | Confidential                       |
+| **Client Secret**  | Not required          | Required                           |
+| **Security**       | Less secure           | More secure                        |
+| **Token Location** | URL hash              | Server exchange                    |
+| **Best For**       | SPAs, mobile apps     | Server apps, web apps with backend |
+| **Supertoken**     | Basic token structure | Enhanced token with metadata       |
+## Key Differences by Environment
+### Browser-Specific Features
+- **URL hash parsing** for token extraction
+- **sessionStorage** for CSRF token storage
+- **Popup window** support for authentication
+- **Browser storage adapters** for token persistence
+- **CORS handling** for API requests
+### Node.js-Specific Features
+- **Client secret** handling for secure authentication
+- **Server-side token exchange** for Authorization Code Grant
+- **Database/file storage** for token persistence
+- **JWT creation and exchange** for guest authentication
+- **Server-to-server** authentication flows
+## Getting Started
+1. **Choose your environment guide** based on where you're running the Webex SDK
+2. **Follow the initialization steps** for your specific environment
+3. **Implement the OAuth flow** appropriate for your application type
+4. **Handle token management** according to your security requirements
+For detailed implementation examples and code references, see the environment-specific guides linked above.
+## Code References
+- **Main Authorization Plugin**: `packages/@webex/plugin-authorization/`
+- **Browser Plugin**: `packages/@webex/plugin-authorization-browser/`
+- **Node.js Plugin**: `packages/@webex/plugin-authorization-node/`
+- **WebexCore**: `packages/@webex/webex-core/src/webex-core.js`
+- **Browser Sample**: `docs/samples/browser-auth/app.js`
+## Maintainers
+This package is maintained by [Cisco Webex for Developers](https://developer.webex.com/).
+## Contribute
+Pull requests welcome. Please see [CONTRIBUTING.md](https://github.com/webex/webex-js-sdk/blob/master/CONTRIBUTING.md) for more details.
+## License
+© 2016-2025 Cisco and/or its affiliates. All Rights Reserved.

package/README.md CHANGED Viewed

@@ -1,14 +1,6 @@
 # @webex/plugin-authorization
-[![standard-readme compliant](https://img.shields.io/badge/readme%20style-standard-brightgreen.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme)
-> Loads @webex/plugin-authorization-browser or @webex/plugin-authorization-node as appropriate.
-- [Install](#install)
-- [Usage](#usage)
-- [Contribute](#contribute)
-- [Maintainers](#maintainers)
-- [License](#license)
+This package automatically loads the appropriate environment-specific authorization plugin for the Webex SDK.
 ## Install
@@ -16,27 +8,136 @@
 npm install --save @webex/plugin-authorization
 ```
-## Usage
+## What it Does
-This is a plugin for the Cisco Webex JS SDK . Please see our [developer portal](https://developer.webex.com/) and the [API docs](https://webex.github.io/webex-js-sdk/api/) for full details.
+The `@webex/plugin-authorization` package serves as a universal entry point that automatically selects and loads the correct authorization implementation based on your environment:
-## Install
+- **Browser environments**: Loads `@webex/plugin-authorization-browser` for client-side applications
+- **Node.js environments**: Loads `@webex/plugin-authorization-node` for server-side applications
-```bash
-npm install --save @webex/plugin-authorization
-```
+This allows you to use a single import while getting the optimal authorization implementation for your runtime environment.
 ## Usage
+This is a plugin for the Cisco Webex JS SDK. Please see our developer portal and the API docs for full details.
 ```js
 const Webex = require('webex');
-const webex = Webex.init();
-webex.authorization.get(id).then((authorization) => {
-  console.log(authorization);
+const webex = Webex.init({
+  credentials: {
+    client_id: 'your-client-id',
+    client_secret: 'your-client-secret', // Only for Node.js environments
+    redirect_uri: 'https://your-app.com/callback' // Only for browser environments
+  }
+});
+// The authorization methods available depend on your environment:
+// In Node.js environments:
+webex.authorization.requestAuthorizationCodeGrant({
+  code: 'authorization-code'
 });
+webex.authorization.requestAccessTokenFromJwt({
+  jwt: 'your-jwt-token'
+});
+// In browser environments:
+webex.authorization.initiateLogin();
+webex.authorization.initiateImplicitGrant();
 ```
+## Environment Detection
+The package uses the following logic to determine which implementation to load:
+1. **Browser environments**: When running in a browser context, it loads the browser-specific plugin with support for redirects, popups, and client-side flows
+2. **Node.js environments**: When running in Node.js, it loads the server-specific plugin with support for server-to-server authentication flows
+## Client Types and OAuth Flows
+The Webex SDK supports different OAuth flows based on the `clientType` you configure. This determines how your application authenticates with Webex:
+### `clientType: 'confidential'` (Authorization Code Grant)
+- **Flow:** Authorization Code Grant
+- **How:** User is redirected to Webex login, receives an authorization code, and your backend exchanges it for tokens.
+- **Requires:** Client secret (must be kept secure, so only for server-side or backend apps)
+- **Use Case:** Web applications with a backend, integrations, bots, or any app that can securely store a client secret.
+- **SDK Behavior:** Calls `initiateAuthorizationCodeGrant()` and uses `response_type=code`.
+### `clientType: 'public'` (Implicit Grant)
+- **Flow:** Implicit Grant
+- **How:** User is redirected to Webex login, and receives an access token directly in the browser.
+- **Requires:** No client secret (safe for browser-only apps)
+- **Use Case:** Single-page applications (SPAs), mobile apps, or any app that cannot securely store a client secret.
+- **SDK Behavior:** Calls `initiateImplicitGrant()` and uses `response_type=token`.
+### `client_credentials` (Client Credentials Grant)
+- **Flow:** Client Credentials Grant
+- **How:** Application authenticates as itself (no user context), directly exchanges client ID and secret for a token.
+- **Requires:** Client secret (must be kept secure, so only for server-side or backend apps)
+- **Use Case:** Server-to-server integrations, bots, or background services.
+- **SDK Behavior:** Only available in Node.js SDK via `getClientToken()`.
+> **Note:** Only `'confidential'` and `'public'` are meaningful for browser SDK. `client_credentials` is only supported in Node.js/server SDKs.
+---
+## Available Methods
+The methods available through this plugin depend on your runtime environment:
+### Browser Environment Methods
+- `initiateLogin(options)` - Start the login process. Automatically chooses the correct flow based on `clientType`:
+  - If `clientType: 'confidential'`, uses Authorization Code Grant (`initiateAuthorizationCodeGrant`)
+  - Otherwise, uses Implicit Grant (`initiateImplicitGrant`)
+- `initiateImplicitGrant(options)` - Begin implicit grant flow (redirects with `response_type=token`)
+- `initiateAuthorizationCodeGrant(options)` - Begin authorization code flow (redirects with `response_type=code`)
+- `requestAccessTokenFromJwt({ jwt })` - Authenticate using JWT
+- `createJwt(options)` - Create JWT tokens
+- `logout(options)` - Log out the user
+#### Difference between `initiateAuthorizationCodeGrant` and `initiateImplicitGrant`
+| Method                           | OAuth Flow               | response_type | Token Delivery        | Requires Client Secret | Use Case                |
+| -------------------------------- | ------------------------ | ------------- | --------------------- | ---------------------- | ----------------------- |
+| `initiateAuthorizationCodeGrant` | Authorization Code Grant | `code`        | Code in URL, exchange | Yes                    | Backend web apps        |
+| `initiateImplicitGrant`          | Implicit Grant           | `token`       | Token in URL hash     | No                     | SPAs, browser-only apps |
+- **Authorization Code Grant**: More secure, requires backend to exchange code for tokens.
+- **Implicit Grant**: Less secure, tokens delivered directly to browser.
+See [Browser OAuth Flow Guide](../plugin-authorization-browser/BROWSER-OAUTH-FLOW-GUIDE.md) for more details.
+### Node.js Environment Methods
+- `requestAuthorizationCodeGrant(options)` - Exchange authorization code for token
+- `requestAccessTokenFromJwt({ jwt })` - Authenticate using JWT
+- `getClientToken(options)` - Obtain a client token using client_credentials grant
+- `createJwt(options)` - Create JWT tokens
+- `logout(options)` - Log out the user
+### Common Properties
+- `isAuthorizing` - Boolean indicating if authorization is in progress
+- `isAuthenticating` - Alias for isAuthorizing
+## Related Packages
+- `@webex/plugin-authorization-browser` - Browser-specific implementation
+- `@webex/plugin-authorization-node` - Node.js-specific implementation
+For detailed documentation on environment-specific features, please refer to the individual package documentation.
+See [Node OAuth Flow Guide](../plugin-authorization-node/NODE-OAUTH-FLOW-GUIDE.md) for Node.js-specific flows.
+See [Browser OAuth Flow Guide](../plugin-authorization-browser/BROWSER-OAUTH-FLOW-GUIDE.md) for browser-specific flows.
 ## Maintainers
 This package is maintained by [Cisco Webex for Developers](https://developer.webex.com/).
@@ -47,4 +148,4 @@ Pull requests welcome. Please see [CONTRIBUTING.md](https://github.com/webex/web
 ## License
-© 2016-2020 Cisco and/or its affiliates. All Rights Reserved.
+© 2016-2025 Cisco and/or its affiliates. All Rights Reserved.

package/package.json CHANGED Viewed

@@ -23,8 +23,8 @@
     ]
   },
   "dependencies": {
-    "@webex/plugin-authorization-browser": "3.8.1",
-    "@webex/plugin-authorization-node": "3.8.1"
+    "@webex/plugin-authorization-browser": "3.9.0-webinar5k.1",
+    "@webex/plugin-authorization-node": "3.9.0-webinar5k.1"
   },
   "scripts": {
     "build": "yarn build:src",
@@ -40,12 +40,12 @@
     "@webex/eslint-config-legacy": "0.0.0",
     "@webex/jest-config-legacy": "0.0.0",
     "@webex/legacy-tools": "0.0.0",
-    "@webex/test-helper-chai": "3.8.1",
-    "@webex/test-helper-mocha": "3.8.1",
-    "@webex/test-helper-mock-webex": "3.8.1",
-    "@webex/test-helper-test-users": "3.8.1",
+    "@webex/test-helper-chai": "3.9.0-webinar5k.1",
+    "@webex/test-helper-mocha": "3.9.0-webinar5k.1",
+    "@webex/test-helper-mock-webex": "3.9.0-webinar5k.1",
+    "@webex/test-helper-test-users": "3.9.0-webinar5k.1",
     "eslint": "^8.24.0",
     "prettier": "^2.7.1"
   },
-  "version": "3.8.1"
+  "version": "3.9.0-webinar5k.1"
 }