oauth4webapi 2.2.3 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/build/index.d.ts +10 -12
  3. package/build/index.js +9 -6
  4. package/package.json +5 -5
package/README.md CHANGED
@@ -39,7 +39,7 @@ import * as oauth2 from 'oauth4webapi'
39
39
  **`example`** Deno import
40
40
 
41
41
  ```js
42
- import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.2.3/mod.ts'
42
+ import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.2.4/mod.ts'
43
43
  ```
44
44
 
45
45
  - Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
package/build/index.d.ts CHANGED
@@ -623,7 +623,7 @@ export declare function issueRequestObject(as: AuthorizationServer, client: Clie
623
623
  * @param parameters Authorization Request parameters.
624
624
  *
625
625
  * @see [RFC 9126 - OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html#name-pushed-authorization-reques)
626
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-with-pushed-authorizat)
626
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-with-pushed-authorizat)
627
627
  */
628
628
  export declare function pushedAuthorizationRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: PushedAuthorizationRequestOptions): Promise<Response>;
629
629
  export interface PushedAuthorizationResponse {
@@ -701,7 +701,7 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
701
701
  * @param body Request body compatible with the Fetch API and the request's method.
702
702
  *
703
703
  * @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
704
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-protected-resource-access)
704
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-protected-resource-access)
705
705
  */
706
706
  export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body: RequestInit['body'], options?: ProtectedResourceRequestOptions): Promise<Response>;
707
707
  export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestOptions {
@@ -717,7 +717,7 @@ export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestO
717
717
  * @param accessToken Access Token value.
718
718
  *
719
719
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
720
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-protected-resource-access)
720
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-protected-resource-access)
721
721
  */
722
722
  export declare function userInfoRequest(as: AuthorizationServer, client: Client, accessToken: string, options?: UserInfoRequestOptions): Promise<Response>;
723
723
  export interface UserInfoAddress {
@@ -791,7 +791,7 @@ export interface TokenEndpointRequestOptions extends HttpRequestOptions, Authent
791
791
  *
792
792
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-6)
793
793
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens)
794
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
794
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
795
795
  */
796
796
  export declare function refreshTokenGrantRequest(as: AuthorizationServer, client: Client, refreshToken: string, options?: TokenEndpointRequestOptions): Promise<Response>;
797
797
  /**
@@ -841,9 +841,9 @@ export declare function processRefreshTokenResponse(as: AuthorizationServer, cli
841
841
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1)
842
842
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
843
843
  * @see [RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients (PKCE)](https://www.rfc-editor.org/rfc/rfc7636.html#section-4)
844
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
844
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
845
845
  */
846
- export declare function authorizationCodeGrantRequest(as: AuthorizationServer, client: Client, callbackParameters: CallbackParameters, redirectUri: string, codeVerifier: string, options?: TokenEndpointRequestOptions): Promise<Response>;
846
+ export declare function authorizationCodeGrantRequest(as: AuthorizationServer, client: Client, callbackParameters: URLSearchParams, redirectUri: string, codeVerifier: string, options?: TokenEndpointRequestOptions): Promise<Response>;
847
847
  interface JWTPayload {
848
848
  readonly iss?: string;
849
849
  readonly sub?: string;
@@ -958,7 +958,7 @@ export interface ClientCredentialsGrantRequestOptions extends HttpRequestOptions
958
958
  * @param client Client Metadata.
959
959
  *
960
960
  * @see [RFC 6749 - The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)
961
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
961
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
962
962
  */
963
963
  export declare function clientCredentialsGrantRequest(as: AuthorizationServer, client: Client, parameters: URLSearchParams, options?: ClientCredentialsGrantRequestOptions): Promise<Response>;
964
964
  /**
@@ -1076,7 +1076,7 @@ export declare function processIntrospectionResponse(as: AuthorizationServer, cl
1076
1076
  *
1077
1077
  * @see [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/openid-financial-api-jarm.html)
1078
1078
  */
1079
- export declare function validateJwtAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck, options?: HttpRequestOptions): Promise<CallbackParameters | OAuth2Error>;
1079
+ export declare function validateJwtAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck, options?: HttpRequestOptions): Promise<URLSearchParams | OAuth2Error>;
1080
1080
  /**
1081
1081
  * DANGER ZONE
1082
1082
  *
@@ -1093,8 +1093,6 @@ export declare const skipStateCheck: unique symbol;
1093
1093
  * authorization request.
1094
1094
  */
1095
1095
  export declare const expectNoState: unique symbol;
1096
- declare class CallbackParameters extends URLSearchParams {
1097
- }
1098
1096
  /**
1099
1097
  * Validates an OAuth 2.0 Authorization Response or Authorization Error Response message returned
1100
1098
  * from the authorization server's
@@ -1111,7 +1109,7 @@ declare class CallbackParameters extends URLSearchParams {
1111
1109
  * @see [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
1112
1110
  * @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
1113
1111
  */
1114
- export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): CallbackParameters | OAuth2Error;
1112
+ export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): URLSearchParams | OAuth2Error;
1115
1113
  type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
1116
1114
  export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
1117
1115
  }
@@ -1158,7 +1156,7 @@ export declare function processDeviceAuthorizationResponse(as: AuthorizationServ
1158
1156
  * @param deviceCode Device Code.
1159
1157
  *
1160
1158
  * @see [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html#section-3.4)
1161
- * @see [draft-ietf-oauth-dpop-11 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-11.html#name-dpop-access-token-request)
1159
+ * @see [draft-ietf-oauth-dpop-16 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-16.html#name-dpop-access-token-request)
1162
1160
  */
1163
1161
  export declare function deviceCodeGrantRequest(as: AuthorizationServer, client: Client, deviceCode: string, options?: TokenEndpointRequestOptions): Promise<Response>;
1164
1162
  /**
package/build/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  let USER_AGENT;
2
2
  if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
3
3
  const NAME = 'oauth4webapi';
4
- const VERSION = 'v2.2.3';
4
+ const VERSION = 'v2.2.4';
5
5
  USER_AGENT = `${NAME}/${VERSION}`;
6
6
  }
7
7
  export const clockSkew = Symbol();
@@ -968,11 +968,16 @@ function validateIssuer(expected, result) {
968
968
  }
969
969
  return result;
970
970
  }
971
+ const branded = new WeakSet();
972
+ function brand(searchParams) {
973
+ branded.add(searchParams);
974
+ return searchParams;
975
+ }
971
976
  export async function authorizationCodeGrantRequest(as, client, callbackParameters, redirectUri, codeVerifier, options) {
972
977
  assertAs(as);
973
978
  assertClient(client);
974
- if (!(callbackParameters instanceof CallbackParameters)) {
975
- throw new TypeError('"callbackParameters" must be an instance of CallbackParameters obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
979
+ if (!branded.has(callbackParameters)) {
980
+ throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
976
981
  }
977
982
  if (!validateString(redirectUri)) {
978
983
  throw new TypeError('"redirectUri" must be a non-empty string');
@@ -1430,8 +1435,6 @@ function getURLSearchParameter(parameters, name) {
1430
1435
  }
1431
1436
  export const skipStateCheck = Symbol();
1432
1437
  export const expectNoState = Symbol();
1433
- class CallbackParameters extends URLSearchParams {
1434
- }
1435
1438
  export function validateAuthResponse(as, client, parameters, expectedState) {
1436
1439
  assertAs(as);
1437
1440
  assertClient(client);
@@ -1485,7 +1488,7 @@ export function validateAuthResponse(as, client, parameters, expectedState) {
1485
1488
  if (id_token !== undefined || token !== undefined) {
1486
1489
  throw new UnsupportedOperationError('implicit and hybrid flows are not supported');
1487
1490
  }
1488
- return new CallbackParameters(parameters);
1491
+ return brand(new URLSearchParams(parameters));
1489
1492
  }
1490
1493
  function algToSubtle(alg, crv) {
1491
1494
  switch (alg) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oauth4webapi",
3
- "version": "2.2.3",
3
+ "version": "2.2.4",
4
4
  "description": "OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes",
5
5
  "keywords": [
6
6
  "auth",
@@ -63,18 +63,18 @@
63
63
  },
64
64
  "devDependencies": {
65
65
  "@esbuild-kit/esm-loader": "^2.5.5",
66
- "@types/node": "^18.15.13",
66
+ "@types/node": "^18.16.0",
67
67
  "@types/qunit": "^2.19.4",
68
68
  "ava": "^5.2.0",
69
69
  "edge-runtime": "^2.1.4",
70
- "esbuild": "^0.17.17",
70
+ "esbuild": "^0.17.18",
71
71
  "jose": "^4.14.1",
72
72
  "patch-package": "^6.5.1",
73
- "prettier": "^2.8.7",
73
+ "prettier": "^2.8.8",
74
74
  "prettier-plugin-jsdoc": "^0.4.2",
75
75
  "qunit": "^2.19.4",
76
76
  "timekeeper": "^2.2.0",
77
- "typedoc": "^0.24.4",
77
+ "typedoc": "^0.24.6",
78
78
  "typedoc-plugin-markdown": "^3.15.2",
79
79
  "typedoc-plugin-mdn-links": "^3.0.3",
80
80
  "typescript": "^5.0.4",