oauth4webapi 2.10.2 → 2.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +21 -11
  2. package/build/index.d.ts +6 -2
  3. package/build/index.js +1 -1
  4. package/package.json +15 -15
package/README.md CHANGED
@@ -44,19 +44,29 @@ import * as oauth2 from 'oauth4webapi'
44
44
  **`example`** Deno import
45
45
 
46
46
  ```js
47
- import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.10.2/mod.ts'
47
+ import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.10.4/mod.ts'
48
48
  ```
49
49
 
50
- - Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
51
- - Public Client Authorization Code Flow - [source](examples/public.ts) | [diff from code flow](examples/public.diff)
52
- - Private Key JWT Client Authentication - [source](examples/private_key_jwt.ts) | [diff from code flow](examples/private_key_jwt.diff)
53
- - DPoP - [source](examples/dpop.ts) | [diff from code flow](examples/dpop.diff)
54
- - Pushed Authorization Request (PAR) - [source](examples/par.ts) | [diff from code flow](examples/par.diff)
55
- - Client Credentials Grant - [source](examples/client_credentials.ts)
56
- - Device Authorization Grant - [source](examples/device_authorization_grant.ts)
57
- - FAPI 1.0 Advanced (Private Key JWT, MTLS, JAR) - [source](examples/fapi1-advanced.ts)
58
- - FAPI 2.0 Security Profile (Private Key JWT, PAR, DPoP) - [source](examples/fapi2.ts)
59
- - FAPI 2.0 Message Signing (Private Key JWT, PAR, DPoP, JAR, JARM) - [source](examples/fapi2-message-signing.ts) | [diff](examples/fapi2-message-signing.diff)
50
+ - Authorization Code Flow (OAuth 2.0) - [source](examples/oauth.ts)
51
+ - Authorization Code Flow (OpenID Connect) - [source](examples/oidc.ts) | [diff](examples/oidc.diff)
52
+ - Extensions
53
+ - DPoP - [source](examples/dpop.ts) | [diff](examples/dpop.diff)
54
+ - JWT Secured Authorization Request (JAR) - [source](examples/jar.ts) | [diff](examples/jar.diff)
55
+ - JWT Secured Authorization Response Mode (JARM) - [source](examples/jarm.ts) | [diff](examples/jarm.diff)
56
+ - Pushed Authorization Request (PAR) - [source](examples/par.ts) | [diff](examples/par.diff)
57
+ - Client Authentication
58
+ - Client Secret in HTTP Authorization Header - [source](examples/oauth.ts)
59
+ - Client Secret in HTTP Body - [source](examples/client_secret_post.ts) | [diff](examples/client_secret_post.diff)
60
+ - Private Key JWT Client Authentication - [source](examples/private_key_jwt.ts) | [diff](examples/private_key_jwt.diff)
61
+ - Public Client - [source](examples/public.ts) | [diff](examples/public.diff)
62
+ - Other Grants
63
+ - Client Credentials Grant - [source](examples/client_credentials.ts)
64
+ - Device Authorization Grant - [source](examples/device_authorization_grant.ts)
65
+ - Refresh Token Grant - [source](examples/refresh_token.ts) | [diff](examples/refresh_token.diff)
66
+ - FAPI
67
+ - FAPI 1.0 Advanced (Private Key JWT, MTLS, JAR) - [source](examples/fapi1-advanced.ts) | [diff](examples/fapi1-advanced.diff)
68
+ - FAPI 2.0 Security Profile (Private Key JWT, PAR, DPoP) - [source](examples/fapi2.ts) | [diff](examples/fapi2.diff)
69
+
60
70
 
61
71
  ## Supported Runtimes
62
72
 
package/build/index.d.ts CHANGED
@@ -1002,7 +1002,7 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
1002
1002
  * @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
1003
1003
  * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access)
1004
1004
  */
1005
- export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body?: ReadableStream | Blob | ArrayBufferView | ArrayBuffer | FormData | URLSearchParams | string | null, options?: ProtectedResourceRequestOptions): Promise<Response>;
1005
+ export declare function protectedResourceRequest(accessToken: string, method: string, url: URL, headers?: Headers, body?: ReadableStream | Blob | ArrayBufferView | ArrayBuffer | FormData | URLSearchParams | string | null, options?: ProtectedResourceRequestOptions): Promise<Response>;
1006
1006
  export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestOptions, UseMTLSAliasOptions {
1007
1007
  }
1008
1008
  /**
@@ -1631,7 +1631,10 @@ export interface ValidateJWTAccessTokenOptions extends HttpRequestOptions {
1631
1631
  }
1632
1632
  /**
1633
1633
  * Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given {@link Request} as per
1634
- * RFC 9068 and optionally also RFC 9449.
1634
+ * RFC 6750, RFC 9068, and RFC 9449.
1635
+ *
1636
+ * The only support means of sending access tokens is via the Authorization Request Header Field
1637
+ * method.
1635
1638
  *
1636
1639
  * This does validate the presence and type of all required claims as well as the values of the
1637
1640
  * {@link JWTAccessTokenClaims.iss `iss`}, {@link JWTAccessTokenClaims.exp `exp`},
@@ -1655,6 +1658,7 @@ export interface ValidateJWTAccessTokenOptions extends HttpRequestOptions {
1655
1658
  *
1656
1659
  * @group JWT Access Tokens
1657
1660
  *
1661
+ * @see [RFC 6750 - OAuth 2.0 Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html)
1658
1662
  * @see [RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://www.rfc-editor.org/rfc/rfc9068.html)
1659
1663
  * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html)
1660
1664
  */
package/build/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  let USER_AGENT;
2
2
  if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
3
3
  const NAME = 'oauth4webapi';
4
- const VERSION = 'v2.10.2';
4
+ const VERSION = 'v2.10.4';
5
5
  USER_AGENT = `${NAME}/${VERSION}`;
6
6
  }
7
7
  function looseInstanceOf(input, expected) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oauth4webapi",
3
- "version": "2.10.2",
3
+ "version": "2.10.4",
4
4
  "description": "OAuth 2 / OpenID Connect for JavaScript Runtimes",
5
5
  "keywords": [
6
6
  "access token",
@@ -67,29 +67,29 @@
67
67
  "devDependencies": {
68
68
  "@koa/cors": "^5.0.0",
69
69
  "@types/koa__cors": "^5.0.0",
70
- "@types/node": "^20.11.16",
71
- "@types/oidc-provider": "^8.4.3",
70
+ "@types/node": "^20.11.30",
71
+ "@types/oidc-provider": "^8.4.4",
72
72
  "@types/qunit": "^2.19.10",
73
- "archiver": "^6.0.1",
73
+ "archiver": "^6.0.2",
74
74
  "ava": "^5.3.1",
75
- "chrome-launcher": "^1.1.0",
76
- "edge-runtime": "^2.5.8",
77
- "esbuild": "^0.20.0",
78
- "jose": "^5.2.1",
75
+ "chrome-launcher": "^1.1.1",
76
+ "edge-runtime": "^2.5.9",
77
+ "esbuild": "^0.20.2",
78
+ "jose": "^5.2.3",
79
79
  "oidc-provider": "^8.4.5",
80
80
  "patch-package": "^8.0.0",
81
81
  "prettier": "^3.2.5",
82
82
  "prettier-plugin-jsdoc": "^1.3.0",
83
- "puppeteer-core": "^21.11.0",
84
- "qunit": "^2.20.0",
83
+ "puppeteer-core": "^22.6.1",
84
+ "qunit": "^2.20.1",
85
85
  "raw-body": "^2.5.2",
86
86
  "selfsigned": "^2.4.1",
87
87
  "timekeeper": "^2.3.1",
88
- "tsx": "^4.7.0",
89
- "typedoc": "^0.25.7",
88
+ "tsx": "^4.7.1",
89
+ "typedoc": "^0.25.12",
90
90
  "typedoc-plugin-markdown": "^3.17.1",
91
- "typedoc-plugin-mdn-links": "^3.1.15",
92
- "typescript": "^5.3.3",
93
- "undici": "^5.28.2"
91
+ "typedoc-plugin-mdn-links": "^3.1.18",
92
+ "typescript": "~5.4.3",
93
+ "undici": "^5.28.3"
94
94
  }
95
95
  }