oauth4webapi 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -2
- package/build/index.d.ts +7 -7
- package/build/index.js +22 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -39,7 +39,7 @@ import * as oauth2 from 'oauth4webapi'
|
|
|
39
39
|
**`example`** Deno import
|
|
40
40
|
|
|
41
41
|
```js
|
|
42
|
-
import * as oauth2 from 'https://deno.land/x/oauth4webapi/mod.ts'
|
|
42
|
+
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.0.2/mod.ts'
|
|
43
43
|
```
|
|
44
44
|
|
|
45
45
|
- Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
|
|
@@ -71,5 +71,4 @@ These are _(this is not an exhaustive list)_:
|
|
|
71
71
|
- Implicit, Hybrid, and Resource Owner Password Credentials Flows
|
|
72
72
|
- Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
|
|
73
73
|
- JSON Web Encryption (JWE)
|
|
74
|
-
- JSON Web Signature (JWS) rarely used algorithms and HMAC
|
|
75
74
|
- Automatic polyfills of any kind
|
package/build/index.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
type JsonObject = {
|
|
2
2
|
[Key in string]?: JsonValue;
|
|
3
3
|
};
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
type JsonArray = JsonValue[];
|
|
5
|
+
type JsonPrimitive = string | number | boolean | null;
|
|
6
|
+
type JsonValue = JsonPrimitive | JsonObject | JsonArray;
|
|
7
7
|
/**
|
|
8
8
|
* Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be
|
|
9
9
|
* added as a `kid` JOSE Header Parameter.
|
|
@@ -41,7 +41,7 @@ export interface PrivateKey {
|
|
|
41
41
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
|
|
42
42
|
* @see [OAuth Token Endpoint Authentication Methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method)
|
|
43
43
|
*/
|
|
44
|
-
export
|
|
44
|
+
export type ClientAuthenticationMethod = 'client_secret_basic' | 'client_secret_post' | 'private_key_jwt' | 'none';
|
|
45
45
|
/**
|
|
46
46
|
* Supported JWS `alg` Algorithm identifiers.
|
|
47
47
|
*
|
|
@@ -84,7 +84,7 @@ export declare type ClientAuthenticationMethod = 'client_secret_basic' | 'client
|
|
|
84
84
|
* }
|
|
85
85
|
* ```
|
|
86
86
|
*/
|
|
87
|
-
export
|
|
87
|
+
export type JWSAlgorithm = 'PS256' | 'ES256' | 'RS256' | 'EdDSA';
|
|
88
88
|
/**
|
|
89
89
|
* Authorization Server Metadata
|
|
90
90
|
*
|
|
@@ -1014,7 +1014,7 @@ declare class CallbackParameters extends URLSearchParams {
|
|
|
1014
1014
|
* @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
|
|
1015
1015
|
*/
|
|
1016
1016
|
export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): CallbackParameters | OAuth2Error;
|
|
1017
|
-
|
|
1017
|
+
type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
|
|
1018
1018
|
export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
|
|
1019
1019
|
}
|
|
1020
1020
|
/**
|
package/build/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
let USER_AGENT;
|
|
2
2
|
if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
|
|
3
3
|
const NAME = 'oauth4webapi';
|
|
4
|
-
const VERSION = 'v2.0.
|
|
4
|
+
const VERSION = 'v2.0.1';
|
|
5
5
|
USER_AGENT = `${NAME}/${VERSION}`;
|
|
6
6
|
}
|
|
7
7
|
const encoder = new TextEncoder();
|
|
@@ -432,6 +432,21 @@ export async function issueRequestObject(as, client, parameters, privateKey) {
|
|
|
432
432
|
resource.length > 1) {
|
|
433
433
|
claims.resource = resource;
|
|
434
434
|
}
|
|
435
|
+
if (parameters.has('claims')) {
|
|
436
|
+
const value = parameters.get('claims');
|
|
437
|
+
if (value === '[object Object]') {
|
|
438
|
+
throw new OPE('"claims" parameter must be passed as a UTF-8 encoded JSON');
|
|
439
|
+
}
|
|
440
|
+
try {
|
|
441
|
+
claims.claims = JSON.parse(value);
|
|
442
|
+
}
|
|
443
|
+
catch {
|
|
444
|
+
throw new OPE('failed to parse the "claims" parameter as JSON');
|
|
445
|
+
}
|
|
446
|
+
if (!isJsonObject(claims.claims)) {
|
|
447
|
+
throw new OPE('"claims" parameter must be a top level object');
|
|
448
|
+
}
|
|
449
|
+
}
|
|
435
450
|
return jwt({
|
|
436
451
|
alg: determineJWSAlgorithm(key),
|
|
437
452
|
typ: 'oauth-authz-req+jwt',
|
|
@@ -469,9 +484,14 @@ async function dpopProofJwt(headers, options, url, htm, accessToken) {
|
|
|
469
484
|
}, privateKey);
|
|
470
485
|
headers.set('dpop', proof);
|
|
471
486
|
}
|
|
487
|
+
const jwkCache = Symbol();
|
|
472
488
|
async function publicJwk(key) {
|
|
489
|
+
if (key[jwkCache]) {
|
|
490
|
+
return key[jwkCache];
|
|
491
|
+
}
|
|
473
492
|
const { kty, e, n, x, y, crv } = await crypto.subtle.exportKey('jwk', key);
|
|
474
|
-
|
|
493
|
+
const jwk = (key[jwkCache] = { kty, e, n, x, y, crv });
|
|
494
|
+
return jwk;
|
|
475
495
|
}
|
|
476
496
|
export async function pushedAuthorizationRequest(as, client, parameters, options) {
|
|
477
497
|
assertAs(as);
|