oauth4webapi 2.4.2 → 2.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/index.d.ts +2 -3
- package/build/index.js +10 -23
- package/package.json +12 -5
package/README.md
CHANGED
|
@@ -43,7 +43,7 @@ import * as oauth2 from 'oauth4webapi'
|
|
|
43
43
|
**`example`** Deno import
|
|
44
44
|
|
|
45
45
|
```js
|
|
46
|
-
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.
|
|
46
|
+
import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.4/mod.ts'
|
|
47
47
|
```
|
|
48
48
|
|
|
49
49
|
- Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
|
package/build/index.d.ts
CHANGED
|
@@ -689,7 +689,7 @@ export interface OAuth2Error {
|
|
|
689
689
|
* @group Refreshing an Access Token
|
|
690
690
|
* @group Pushed Authorization Requests (PAR)
|
|
691
691
|
*/
|
|
692
|
-
export declare function isOAuth2Error(input?:
|
|
692
|
+
export declare function isOAuth2Error(input?: TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse): input is OAuth2Error;
|
|
693
693
|
export interface WWWAuthenticateChallengeParameters {
|
|
694
694
|
readonly realm?: string;
|
|
695
695
|
readonly error?: string;
|
|
@@ -768,7 +768,7 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
|
|
|
768
768
|
* @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
|
|
769
769
|
* @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access)
|
|
770
770
|
*/
|
|
771
|
-
export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body
|
|
771
|
+
export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body?: ReadableStream | Blob | ArrayBufferView | ArrayBuffer | FormData | URLSearchParams | string | null, options?: ProtectedResourceRequestOptions): Promise<Response>;
|
|
772
772
|
export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestOptions {
|
|
773
773
|
}
|
|
774
774
|
/**
|
|
@@ -1222,7 +1222,6 @@ export declare const expectNoState: unique symbol;
|
|
|
1222
1222
|
* @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
|
|
1223
1223
|
*/
|
|
1224
1224
|
export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): URLSearchParams | OAuth2Error;
|
|
1225
|
-
type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
|
|
1226
1225
|
export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
|
|
1227
1226
|
}
|
|
1228
1227
|
/**
|
package/build/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
let USER_AGENT;
|
|
2
2
|
if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
|
|
3
3
|
const NAME = 'oauth4webapi';
|
|
4
|
-
const VERSION = 'v2.4.
|
|
4
|
+
const VERSION = 'v2.4.4';
|
|
5
5
|
USER_AGENT = `${NAME}/${VERSION}`;
|
|
6
6
|
}
|
|
7
7
|
export const clockSkew = Symbol();
|
|
@@ -128,11 +128,15 @@ const SUPPORTED_JWS_ALGS = [
|
|
|
128
128
|
'EdDSA',
|
|
129
129
|
];
|
|
130
130
|
function processDpopNonce(response) {
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
131
|
+
try {
|
|
132
|
+
if (response.headers.has('dpop-nonce')) {
|
|
133
|
+
const url = new URL(response.url);
|
|
134
|
+
dpopNonces.set(url.origin, response.headers.get('dpop-nonce'));
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
finally {
|
|
138
|
+
return response;
|
|
134
139
|
}
|
|
135
|
-
return response;
|
|
136
140
|
}
|
|
137
141
|
function normalizeTyp(value) {
|
|
138
142
|
return value.toLowerCase().replace(/^application\//, '');
|
|
@@ -265,24 +269,7 @@ function getKeyAndKid(input) {
|
|
|
265
269
|
return { key: input.key, kid: input.kid };
|
|
266
270
|
}
|
|
267
271
|
function formUrlEncode(token) {
|
|
268
|
-
return encodeURIComponent(token).replace(
|
|
269
|
-
switch (substring) {
|
|
270
|
-
case '-':
|
|
271
|
-
case '_':
|
|
272
|
-
case '.':
|
|
273
|
-
case '!':
|
|
274
|
-
case '~':
|
|
275
|
-
case '*':
|
|
276
|
-
case "'":
|
|
277
|
-
case '(':
|
|
278
|
-
case ')':
|
|
279
|
-
return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;
|
|
280
|
-
case '%20':
|
|
281
|
-
return '+';
|
|
282
|
-
default:
|
|
283
|
-
throw new Error();
|
|
284
|
-
}
|
|
285
|
-
});
|
|
272
|
+
return encodeURIComponent(token).replace(/%20/g, '+');
|
|
286
273
|
}
|
|
287
274
|
function clientSecretBasic(clientId, clientSecret) {
|
|
288
275
|
const username = formUrlEncode(clientId);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oauth4webapi",
|
|
3
|
-
"version": "2.4.
|
|
3
|
+
"version": "2.4.4",
|
|
4
4
|
"description": "OAuth 2 / OpenID Connect for JavaScript Runtimes",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"build/index.d.ts"
|
|
48
48
|
],
|
|
49
49
|
"scripts": {
|
|
50
|
-
"_format": "find src test tap examples conformance -type f -name '*.ts' -o -name '*.mjs' -name '*.cjs' | xargs prettier",
|
|
50
|
+
"_format": "find src test tap examples conformance -type f -name '*.ts' -o -name '*.mjs' -o -name '*.cjs' | xargs prettier",
|
|
51
51
|
"build": "rm -rf build && tsc && tsc --declaration true --emitDeclarationOnly true --removeComments false && tsc -p test && tsc -p examples && tsc -p conformance && tsc -p tap",
|
|
52
52
|
"conformance": "bash -c 'source .node_flags.sh && ava --config conformance/ava.config.ts'",
|
|
53
53
|
"docs": "patch-package && typedoc",
|
|
@@ -63,21 +63,28 @@
|
|
|
63
63
|
"test": "bash -c 'source .node_flags.sh && ava'"
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
|
-
"@
|
|
66
|
+
"@koa/cors": "^5.0.0",
|
|
67
|
+
"@types/koa__cors": "^5.0.0",
|
|
68
|
+
"@types/node": "^20.10.8",
|
|
69
|
+
"@types/oidc-provider": "^8.4.3",
|
|
67
70
|
"@types/qunit": "^2.19.9",
|
|
68
71
|
"ava": "^5.3.1",
|
|
72
|
+
"chrome-launcher": "^1.1.0",
|
|
69
73
|
"edge-runtime": "^2.5.7",
|
|
70
74
|
"esbuild": "^0.19.11",
|
|
71
75
|
"jose": "^5.2.0",
|
|
76
|
+
"oidc-provider": "^8.4.4",
|
|
72
77
|
"patch-package": "^8.0.0",
|
|
73
78
|
"prettier": "^3.1.1",
|
|
74
79
|
"prettier-plugin-jsdoc": "^1.3.0",
|
|
80
|
+
"puppeteer-core": "^21.7.0",
|
|
75
81
|
"qunit": "^2.20.0",
|
|
82
|
+
"raw-body": "^2.5.2",
|
|
76
83
|
"timekeeper": "^2.3.1",
|
|
77
84
|
"tsx": "^4.7.0",
|
|
78
|
-
"typedoc": "^0.25.
|
|
85
|
+
"typedoc": "^0.25.7",
|
|
79
86
|
"typedoc-plugin-markdown": "^3.17.1",
|
|
80
|
-
"typedoc-plugin-mdn-links": "^3.1.
|
|
87
|
+
"typedoc-plugin-mdn-links": "^3.1.11",
|
|
81
88
|
"typescript": "^5.3.3",
|
|
82
89
|
"undici": "^5.28.2"
|
|
83
90
|
}
|