oauth4webapi 2.2.2 → 2.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/index.d.ts +10 -12
- package/build/index.js +9 -6
- package/package.json +5 -5
package/README.md
CHANGED
|
@@ -39,7 +39,7 @@ import * as oauth2 from 'oauth4webapi'
|
|
|
39
39
|
**`example`** Deno import
|
|
40
40
|
|
|
41
41
|
```js
|
|
42
|
-
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.2.
|
|
42
|
+
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.2.4/mod.ts'
|
|
43
43
|
```
|
|
44
44
|
|
|
45
45
|
- Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
|
package/build/index.d.ts
CHANGED
|
@@ -623,7 +623,7 @@ export declare function issueRequestObject(as: AuthorizationServer, client: Clie
|
|
|
623
623
|
* @param parameters Authorization Request parameters.
|
|
624
624
|
*
|
|
625
625
|
* @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
|
|
626
|
-
* @see [draft-ietf-oauth-dpop-
|
|
626
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-with-pushed-authorizat)
|
|
627
627
|
*/
|
|
628
628
|
export declare function pushedAuthorizationRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: PushedAuthorizationRequestOptions): Promise<Response>;
|
|
629
629
|
export interface PushedAuthorizationResponse {
|
|
@@ -701,7 +701,7 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
|
|
|
701
701
|
* @param body Request body compatible with the Fetch API and the request's method.
|
|
702
702
|
*
|
|
703
703
|
* @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
|
|
704
|
-
* @see [draft-ietf-oauth-dpop-
|
|
704
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-protected-resource-access)
|
|
705
705
|
*/
|
|
706
706
|
export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body: RequestInit['body'], options?: ProtectedResourceRequestOptions): Promise<Response>;
|
|
707
707
|
export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestOptions {
|
|
@@ -717,7 +717,7 @@ export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestO
|
|
|
717
717
|
* @param accessToken Access Token value.
|
|
718
718
|
*
|
|
719
719
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
|
|
720
|
-
* @see [draft-ietf-oauth-dpop-
|
|
720
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-protected-resource-access)
|
|
721
721
|
*/
|
|
722
722
|
export declare function userInfoRequest(as: AuthorizationServer, client: Client, accessToken: string, options?: UserInfoRequestOptions): Promise<Response>;
|
|
723
723
|
export interface UserInfoAddress {
|
|
@@ -791,7 +791,7 @@ export interface TokenEndpointRequestOptions extends HttpRequestOptions, Authent
|
|
|
791
791
|
*
|
|
792
792
|
* @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-6)
|
|
793
793
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens)
|
|
794
|
-
* @see [draft-ietf-oauth-dpop-
|
|
794
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
|
|
795
795
|
*/
|
|
796
796
|
export declare function refreshTokenGrantRequest(as: AuthorizationServer, client: Client, refreshToken: string, options?: TokenEndpointRequestOptions): Promise<Response>;
|
|
797
797
|
/**
|
|
@@ -841,9 +841,9 @@ export declare function processRefreshTokenResponse(as: AuthorizationServer, cli
|
|
|
841
841
|
* @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1)
|
|
842
842
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
|
|
843
843
|
* @see [RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4)
|
|
844
|
-
* @see [draft-ietf-oauth-dpop-
|
|
844
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
|
|
845
845
|
*/
|
|
846
|
-
export declare function authorizationCodeGrantRequest(as: AuthorizationServer, client: Client, callbackParameters:
|
|
846
|
+
export declare function authorizationCodeGrantRequest(as: AuthorizationServer, client: Client, callbackParameters: URLSearchParams, redirectUri: string, codeVerifier: string, options?: TokenEndpointRequestOptions): Promise<Response>;
|
|
847
847
|
interface JWTPayload {
|
|
848
848
|
readonly iss?: string;
|
|
849
849
|
readonly sub?: string;
|
|
@@ -958,7 +958,7 @@ export interface ClientCredentialsGrantRequestOptions extends HttpRequestOptions
|
|
|
958
958
|
* @param client Client Metadata.
|
|
959
959
|
*
|
|
960
960
|
* @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)
|
|
961
|
-
* @see [draft-ietf-oauth-dpop-
|
|
961
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
|
|
962
962
|
*/
|
|
963
963
|
export declare function clientCredentialsGrantRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: ClientCredentialsGrantRequestOptions): Promise<Response>;
|
|
964
964
|
/**
|
|
@@ -1076,7 +1076,7 @@ export declare function processIntrospectionResponse(as: AuthorizationServer, cl
|
|
|
1076
1076
|
*
|
|
1077
1077
|
* @see [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/openid-financial-api-jarm.html)
|
|
1078
1078
|
*/
|
|
1079
|
-
export declare function validateJwtAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck, options?: HttpRequestOptions): Promise<
|
|
1079
|
+
export declare function validateJwtAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck, options?: HttpRequestOptions): Promise<URLSearchParams | OAuth2Error>;
|
|
1080
1080
|
/**
|
|
1081
1081
|
* DANGER ZONE
|
|
1082
1082
|
*
|
|
@@ -1093,8 +1093,6 @@ export declare const skipStateCheck: unique symbol;
|
|
|
1093
1093
|
* authorization request.
|
|
1094
1094
|
*/
|
|
1095
1095
|
export declare const expectNoState: unique symbol;
|
|
1096
|
-
declare class CallbackParameters extends URLSearchParams {
|
|
1097
|
-
}
|
|
1098
1096
|
/**
|
|
1099
1097
|
* Validates an OAuth 2.0 Authorization Response or Authorization Error Response message returned
|
|
1100
1098
|
* from the authorization server's
|
|
@@ -1111,7 +1109,7 @@ declare class CallbackParameters extends URLSearchParams {
|
|
|
1111
1109
|
* @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
|
|
1112
1110
|
* @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
|
|
1113
1111
|
*/
|
|
1114
|
-
export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck):
|
|
1112
|
+
export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): URLSearchParams | OAuth2Error;
|
|
1115
1113
|
type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
|
|
1116
1114
|
export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
|
|
1117
1115
|
}
|
|
@@ -1158,7 +1156,7 @@ export declare function processDeviceAuthorizationResponse(as: AuthorizationServ
|
|
|
1158
1156
|
* @param deviceCode Device Code.
|
|
1159
1157
|
*
|
|
1160
1158
|
* @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.4)
|
|
1161
|
-
* @see [draft-ietf-oauth-dpop-
|
|
1159
|
+
* @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
|
|
1162
1160
|
*/
|
|
1163
1161
|
export declare function deviceCodeGrantRequest(as: AuthorizationServer, client: Client, deviceCode: string, options?: TokenEndpointRequestOptions): Promise<Response>;
|
|
1164
1162
|
/**
|
package/build/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
let USER_AGENT;
|
|
2
2
|
if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
|
|
3
3
|
const NAME = 'oauth4webapi';
|
|
4
|
-
const VERSION = 'v2.2.
|
|
4
|
+
const VERSION = 'v2.2.4';
|
|
5
5
|
USER_AGENT = `${NAME}/${VERSION}`;
|
|
6
6
|
}
|
|
7
7
|
export const clockSkew = Symbol();
|
|
@@ -968,11 +968,16 @@ function validateIssuer(expected, result) {
|
|
|
968
968
|
}
|
|
969
969
|
return result;
|
|
970
970
|
}
|
|
971
|
+
const branded = new WeakSet();
|
|
972
|
+
function brand(searchParams) {
|
|
973
|
+
branded.add(searchParams);
|
|
974
|
+
return searchParams;
|
|
975
|
+
}
|
|
971
976
|
export async function authorizationCodeGrantRequest(as, client, callbackParameters, redirectUri, codeVerifier, options) {
|
|
972
977
|
assertAs(as);
|
|
973
978
|
assertClient(client);
|
|
974
|
-
if (!(callbackParameters
|
|
975
|
-
throw new TypeError('"callbackParameters" must be an instance of
|
|
979
|
+
if (!branded.has(callbackParameters)) {
|
|
980
|
+
throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
|
|
976
981
|
}
|
|
977
982
|
if (!validateString(redirectUri)) {
|
|
978
983
|
throw new TypeError('"redirectUri" must be a non-empty string');
|
|
@@ -1430,8 +1435,6 @@ function getURLSearchParameter(parameters, name) {
|
|
|
1430
1435
|
}
|
|
1431
1436
|
export const skipStateCheck = Symbol();
|
|
1432
1437
|
export const expectNoState = Symbol();
|
|
1433
|
-
class CallbackParameters extends URLSearchParams {
|
|
1434
|
-
}
|
|
1435
1438
|
export function validateAuthResponse(as, client, parameters, expectedState) {
|
|
1436
1439
|
assertAs(as);
|
|
1437
1440
|
assertClient(client);
|
|
@@ -1485,7 +1488,7 @@ export function validateAuthResponse(as, client, parameters, expectedState) {
|
|
|
1485
1488
|
if (id_token !== undefined || token !== undefined) {
|
|
1486
1489
|
throw new UnsupportedOperationError('implicit and hybrid flows are not supported');
|
|
1487
1490
|
}
|
|
1488
|
-
return new
|
|
1491
|
+
return brand(new URLSearchParams(parameters));
|
|
1489
1492
|
}
|
|
1490
1493
|
function algToSubtle(alg, crv) {
|
|
1491
1494
|
switch (alg) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oauth4webapi",
|
|
3
|
-
"version": "2.2.
|
|
3
|
+
"version": "2.2.4",
|
|
4
4
|
"description": "OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -63,18 +63,18 @@
|
|
|
63
63
|
},
|
|
64
64
|
"devDependencies": {
|
|
65
65
|
"@esbuild-kit/esm-loader": "^2.5.5",
|
|
66
|
-
"@types/node": "^18.
|
|
66
|
+
"@types/node": "^18.16.0",
|
|
67
67
|
"@types/qunit": "^2.19.4",
|
|
68
68
|
"ava": "^5.2.0",
|
|
69
69
|
"edge-runtime": "^2.1.4",
|
|
70
|
-
"esbuild": "^0.17.
|
|
70
|
+
"esbuild": "^0.17.18",
|
|
71
71
|
"jose": "^4.14.1",
|
|
72
72
|
"patch-package": "^6.5.1",
|
|
73
|
-
"prettier": "^2.8.
|
|
73
|
+
"prettier": "^2.8.8",
|
|
74
74
|
"prettier-plugin-jsdoc": "^0.4.2",
|
|
75
75
|
"qunit": "^2.19.4",
|
|
76
76
|
"timekeeper": "^2.2.0",
|
|
77
|
-
"typedoc": "^0.24.
|
|
77
|
+
"typedoc": "^0.24.6",
|
|
78
78
|
"typedoc-plugin-markdown": "^3.15.2",
|
|
79
79
|
"typedoc-plugin-mdn-links": "^3.0.3",
|
|
80
80
|
"typescript": "^5.0.4",
|