oauth4webapi 2.0.3 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/index.d.ts +7 -7
- package/build/index.js +14 -11
- package/package.json +8 -9
package/README.md
CHANGED
|
@@ -39,7 +39,7 @@ import * as oauth2 from 'oauth4webapi'
|
|
|
39
39
|
**`example`** Deno import
|
|
40
40
|
|
|
41
41
|
```js
|
|
42
|
-
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.0.
|
|
42
|
+
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.0.4/mod.ts'
|
|
43
43
|
```
|
|
44
44
|
|
|
45
45
|
- Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
|
package/build/index.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
type JsonObject = {
|
|
2
2
|
[Key in string]?: JsonValue;
|
|
3
3
|
};
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
type JsonArray = JsonValue[];
|
|
5
|
+
type JsonPrimitive = string | number | boolean | null;
|
|
6
|
+
type JsonValue = JsonPrimitive | JsonObject | JsonArray;
|
|
7
7
|
/**
|
|
8
8
|
* Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be
|
|
9
9
|
* added as a `kid` JOSE Header Parameter.
|
|
@@ -41,7 +41,7 @@ export interface PrivateKey {
|
|
|
41
41
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
|
|
42
42
|
* @see [OAuth Token Endpoint Authentication Methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method)
|
|
43
43
|
*/
|
|
44
|
-
export
|
|
44
|
+
export type ClientAuthenticationMethod = 'client_secret_basic' | 'client_secret_post' | 'private_key_jwt' | 'none';
|
|
45
45
|
/**
|
|
46
46
|
* Supported JWS `alg` Algorithm identifiers.
|
|
47
47
|
*
|
|
@@ -84,7 +84,7 @@ export declare type ClientAuthenticationMethod = 'client_secret_basic' | 'client
|
|
|
84
84
|
* }
|
|
85
85
|
* ```
|
|
86
86
|
*/
|
|
87
|
-
export
|
|
87
|
+
export type JWSAlgorithm = 'PS256' | 'ES256' | 'RS256' | 'EdDSA';
|
|
88
88
|
/**
|
|
89
89
|
* Authorization Server Metadata
|
|
90
90
|
*
|
|
@@ -1014,7 +1014,7 @@ declare class CallbackParameters extends URLSearchParams {
|
|
|
1014
1014
|
* @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
|
|
1015
1015
|
*/
|
|
1016
1016
|
export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): CallbackParameters | OAuth2Error;
|
|
1017
|
-
|
|
1017
|
+
type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
|
|
1018
1018
|
export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
|
|
1019
1019
|
}
|
|
1020
1020
|
/**
|
package/build/index.js
CHANGED
|
@@ -481,13 +481,15 @@ async function dpopProofJwt(headers, options, url, htm, accessToken) {
|
|
|
481
481
|
}, privateKey);
|
|
482
482
|
headers.set('dpop', proof);
|
|
483
483
|
}
|
|
484
|
-
|
|
484
|
+
let jwkCache;
|
|
485
485
|
async function publicJwk(key) {
|
|
486
|
-
|
|
487
|
-
|
|
486
|
+
jwkCache || (jwkCache = new WeakMap());
|
|
487
|
+
if (jwkCache.has(key)) {
|
|
488
|
+
return jwkCache.get(key);
|
|
488
489
|
}
|
|
489
490
|
const { kty, e, n, x, y, crv } = await crypto.subtle.exportKey('jwk', key);
|
|
490
|
-
const jwk =
|
|
491
|
+
const jwk = { kty, e, n, x, y, crv };
|
|
492
|
+
jwkCache.set(key, jwk);
|
|
491
493
|
return jwk;
|
|
492
494
|
}
|
|
493
495
|
export async function pushedAuthorizationRequest(as, client, parameters, options) {
|
|
@@ -646,30 +648,31 @@ export async function userInfoRequest(as, client, accessToken, options) {
|
|
|
646
648
|
}
|
|
647
649
|
return protectedResourceRequest(accessToken, 'GET', url, headers, null, options);
|
|
648
650
|
}
|
|
649
|
-
|
|
651
|
+
let jwksCache;
|
|
650
652
|
async function getPublicSigKeyFromIssuerJwksUri(as, options, header) {
|
|
651
653
|
const { alg, kid } = header;
|
|
652
654
|
checkSupportedJwsAlg(alg);
|
|
653
655
|
let jwks;
|
|
654
656
|
let age;
|
|
655
|
-
|
|
657
|
+
jwksCache || (jwksCache = new WeakMap());
|
|
658
|
+
if (jwksCache.has(as)) {
|
|
656
659
|
;
|
|
657
|
-
({ jwks, age } = as
|
|
660
|
+
({ jwks, age } = jwksCache.get(as));
|
|
658
661
|
if (age >= 300) {
|
|
659
|
-
as
|
|
662
|
+
jwksCache.delete(as);
|
|
660
663
|
return getPublicSigKeyFromIssuerJwksUri(as, options, header);
|
|
661
664
|
}
|
|
662
665
|
}
|
|
663
666
|
else {
|
|
664
667
|
jwks = await jwksRequest(as, options).then(processJwksResponse);
|
|
665
668
|
age = 0;
|
|
666
|
-
as
|
|
669
|
+
jwksCache.set(as, {
|
|
667
670
|
jwks,
|
|
668
671
|
iat: epochTime(),
|
|
669
672
|
get age() {
|
|
670
673
|
return epochTime() - this.iat;
|
|
671
674
|
},
|
|
672
|
-
};
|
|
675
|
+
});
|
|
673
676
|
}
|
|
674
677
|
let kty;
|
|
675
678
|
switch (alg.slice(0, 2)) {
|
|
@@ -712,7 +715,7 @@ async function getPublicSigKeyFromIssuerJwksUri(as, options, header) {
|
|
|
712
715
|
const { 0: jwk, length } = candidates;
|
|
713
716
|
if (!length) {
|
|
714
717
|
if (age >= 60) {
|
|
715
|
-
as
|
|
718
|
+
jwksCache.delete(as);
|
|
716
719
|
return getPublicSigKeyFromIssuerJwksUri(as, options, header);
|
|
717
720
|
}
|
|
718
721
|
throw new OPE('error when selecting a JWT verification key, no applicable keys found');
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oauth4webapi",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.4",
|
|
4
4
|
"description": "OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -52,7 +52,6 @@
|
|
|
52
52
|
"docs": "patch-package && typedoc",
|
|
53
53
|
"format": "npm run _format -- --write",
|
|
54
54
|
"format-check": "npm run _format -- --check",
|
|
55
|
-
"prepack": "npm run format && npm run docs && ./examples/.update-diffs.sh && git diff --quiet && npm run test && npm run build",
|
|
56
55
|
"tap:browsers": "./tap/.browsers.sh",
|
|
57
56
|
"tap:bun": "./tap/.bun.sh",
|
|
58
57
|
"tap:deno": "./tap/.deno.sh",
|
|
@@ -63,21 +62,21 @@
|
|
|
63
62
|
"test": "bash -c 'source .node_flags.sh && ava'"
|
|
64
63
|
},
|
|
65
64
|
"devDependencies": {
|
|
66
|
-
"@esbuild-kit/esm-loader": "^2.5.
|
|
65
|
+
"@esbuild-kit/esm-loader": "^2.5.1",
|
|
67
66
|
"@types/node": "^18.11.9",
|
|
68
67
|
"@types/qunit": "^2.19.3",
|
|
69
68
|
"ava": "^5.1.0",
|
|
70
69
|
"edge-runtime": "^2.0.2",
|
|
71
|
-
"esbuild": "^0.15.
|
|
72
|
-
"jose": "^4.11.
|
|
70
|
+
"esbuild": "^0.15.15",
|
|
71
|
+
"jose": "^4.11.1",
|
|
73
72
|
"patch-package": "^6.5.0",
|
|
74
|
-
"prettier": "^2.
|
|
73
|
+
"prettier": "^2.8.0",
|
|
75
74
|
"prettier-plugin-jsdoc": "^0.4.2",
|
|
76
75
|
"qunit": "^2.19.3",
|
|
77
76
|
"timekeeper": "^2.2.0",
|
|
78
|
-
"typedoc": "^0.23.
|
|
77
|
+
"typedoc": "^0.23.21",
|
|
79
78
|
"typedoc-plugin-markdown": "^3.13.6",
|
|
80
|
-
"typescript": "^4.
|
|
81
|
-
"undici": "^5.
|
|
79
|
+
"typescript": "^4.9.3",
|
|
80
|
+
"undici": "^5.13.0"
|
|
82
81
|
}
|
|
83
82
|
}
|