oauth4webapi 2.4.3 → 2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/build/index.d.ts +10 -13
  3. package/build/index.js +11 -7
  4. package/package.json +12 -5
package/README.md CHANGED
@@ -43,7 +43,7 @@ import * as oauth2 from 'oauth4webapi'
43
43
  **`example`** Deno import
44
44
 
45
45
  ```js
46
- import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.3/mod.ts'
46
+ import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.4.5/mod.ts'
47
47
  ```
48
48
 
49
49
  - Authorization Code Flow - OpenID Connect [source](examples/code.ts), or plain OAuth 2 [source](examples/oauth.ts)
package/build/index.d.ts CHANGED
@@ -127,9 +127,7 @@ export type ClientAuthenticationMethod = 'client_secret_basic' | 'client_secret_
127
127
  * ```
128
128
  */
129
129
  export type JWSAlgorithm = 'PS256' | 'ES256' | 'RS256' | 'EdDSA' | 'ES384' | 'PS384' | 'RS384' | 'ES512' | 'PS512' | 'RS512';
130
- /** @ignore during Documentation generation but part of the public API */
131
130
  export declare const clockSkew: unique symbol;
132
- /** @ignore during Documentation generation but part of the public API */
133
131
  export declare const clockTolerance: unique symbol;
134
132
  /**
135
133
  * Authorization Server Metadata
@@ -456,9 +454,9 @@ export interface Client {
456
454
  * Use to adjust the client's assumed current time. Positive and negative finite values
457
455
  * representing seconds are allowed. Default is `0` (Date.now() + 0 seconds is used).
458
456
  *
459
- * @ignore during Documentation generation but part of the public API
457
+ * @example
460
458
  *
461
- * @example Client's local clock is mistakenly 1 hour in the past
459
+ * When the client's local clock is mistakenly 1 hour in the past
462
460
  *
463
461
  * ```ts
464
462
  * const client: oauth.Client = {
@@ -468,7 +466,9 @@ export interface Client {
468
466
  * }
469
467
  * ```
470
468
  *
471
- * @example Client's local clock is mistakenly 1 hour in the future
469
+ * @example
470
+ *
471
+ * When the client's local clock is mistakenly 1 hour in the future
472
472
  *
473
473
  * ```ts
474
474
  * const client: oauth.Client = {
@@ -483,9 +483,9 @@ export interface Client {
483
483
  * Use to set allowed client's clock tolerance when checking DateTime JWT Claims. Only positive
484
484
  * finite values representing seconds are allowed. Default is `30` (30 seconds).
485
485
  *
486
- * @ignore during Documentation generation but part of the public API
486
+ * @example
487
487
  *
488
- * @example Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf.
488
+ * Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf.
489
489
  *
490
490
  * ```ts
491
491
  * const client: oauth.Client = {
@@ -689,7 +689,7 @@ export interface OAuth2Error {
689
689
  * @group Refreshing an Access Token
690
690
  * @group Pushed Authorization Requests (PAR)
691
691
  */
692
- export declare function isOAuth2Error(input?: ReturnTypes): input is OAuth2Error;
692
+ export declare function isOAuth2Error(input?: TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse): input is OAuth2Error;
693
693
  export interface WWWAuthenticateChallengeParameters {
694
694
  readonly realm?: string;
695
695
  readonly error?: string;
@@ -747,10 +747,8 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
747
747
  *
748
748
  * This option only affects the request if the {@link ProtectedResourceRequestOptions.DPoP DPoP}
749
749
  * option is also used.
750
- *
751
- * @ignore during Documentation generation but part of the public API
752
750
  */
753
- clockSkew?: number;
751
+ [clockSkew]?: number;
754
752
  }
755
753
  /**
756
754
  * Performs a protected resource request at an arbitrary URL.
@@ -768,7 +766,7 @@ export interface ProtectedResourceRequestOptions extends Omit<HttpRequestOptions
768
766
  * @see [RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1)
769
767
  * @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access)
770
768
  */
771
- export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body: RequestInit['body'], options?: ProtectedResourceRequestOptions): Promise<Response>;
769
+ export declare function protectedResourceRequest(accessToken: string, method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | string, url: URL, headers: Headers, body?: ReadableStream | Blob | ArrayBufferView | ArrayBuffer | FormData | URLSearchParams | string | null, options?: ProtectedResourceRequestOptions): Promise<Response>;
772
770
  export interface UserInfoRequestOptions extends HttpRequestOptions, DPoPRequestOptions {
773
771
  }
774
772
  /**
@@ -1222,7 +1220,6 @@ export declare const expectNoState: unique symbol;
1222
1220
  * @see [RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
1223
1221
  */
1224
1222
  export declare function validateAuthResponse(as: AuthorizationServer, client: Client, parameters: URLSearchParams | URL, expectedState?: string | typeof expectNoState | typeof skipStateCheck): URLSearchParams | OAuth2Error;
1225
- type ReturnTypes = TokenEndpointResponse | OAuth2TokenEndpointResponse | OpenIDTokenEndpointResponse | ClientCredentialsGrantResponse | DeviceAuthorizationResponse | IntrospectionResponse | OAuth2Error | PushedAuthorizationResponse | URLSearchParams | UserInfoResponse;
1226
1223
  export interface DeviceAuthorizationRequestOptions extends HttpRequestOptions, AuthenticatedRequestOptions {
1227
1224
  }
1228
1225
  /**
package/build/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  let USER_AGENT;
2
2
  if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
3
3
  const NAME = 'oauth4webapi';
4
- const VERSION = 'v2.4.3';
4
+ const VERSION = 'v2.4.5';
5
5
  USER_AGENT = `${NAME}/${VERSION}`;
6
6
  }
7
7
  export const clockSkew = Symbol();
@@ -128,11 +128,15 @@ const SUPPORTED_JWS_ALGS = [
128
128
  'EdDSA',
129
129
  ];
130
130
  function processDpopNonce(response) {
131
- const url = new URL(response.url);
132
- if (response.headers.has('dpop-nonce')) {
133
- dpopNonces.set(url.origin, response.headers.get('dpop-nonce'));
131
+ try {
132
+ if (response.headers.has('dpop-nonce')) {
133
+ const url = new URL(response.url);
134
+ dpopNonces.set(url.origin, response.headers.get('dpop-nonce'));
135
+ }
136
+ }
137
+ finally {
138
+ return response;
134
139
  }
135
- return response;
136
140
  }
137
141
  function normalizeTyp(value) {
138
142
  return value.toLowerCase().replace(/^application\//, '');
@@ -652,7 +656,7 @@ export async function protectedResourceRequest(accessToken, method, url, headers
652
656
  headers.set('authorization', `Bearer ${accessToken}`);
653
657
  }
654
658
  else {
655
- await dpopProofJwt(headers, options.DPoP, url, 'GET', getClockSkew({ [clockSkew]: options?.clockSkew }), accessToken);
659
+ await dpopProofJwt(headers, options.DPoP, url, 'GET', getClockSkew({ [clockSkew]: options?.[clockSkew] }), accessToken);
656
660
  headers.set('authorization', `DPoP ${accessToken}`);
657
661
  }
658
662
  const request = new Request(url.href, {
@@ -681,7 +685,7 @@ export async function userInfoRequest(as, client, accessToken, options) {
681
685
  }
682
686
  return protectedResourceRequest(accessToken, 'GET', url, headers, null, {
683
687
  ...options,
684
- clockSkew: getClockSkew(client),
688
+ [clockSkew]: getClockSkew(client),
685
689
  });
686
690
  }
687
691
  let jwksCache;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oauth4webapi",
3
- "version": "2.4.3",
3
+ "version": "2.4.5",
4
4
  "description": "OAuth 2 / OpenID Connect for JavaScript Runtimes",
5
5
  "keywords": [
6
6
  "auth",
@@ -47,7 +47,7 @@
47
47
  "build/index.d.ts"
48
48
  ],
49
49
  "scripts": {
50
- "_format": "find src test tap examples conformance -type f -name '*.ts' -o -name '*.mjs' -name '*.cjs' | xargs prettier",
50
+ "_format": "find src test tap examples conformance -type f -name '*.ts' -o -name '*.mjs' -o -name '*.cjs' | xargs prettier",
51
51
  "build": "rm -rf build && tsc && tsc --declaration true --emitDeclarationOnly true --removeComments false && tsc -p test && tsc -p examples && tsc -p conformance && tsc -p tap",
52
52
  "conformance": "bash -c 'source .node_flags.sh && ava --config conformance/ava.config.ts'",
53
53
  "docs": "patch-package && typedoc",
@@ -63,21 +63,28 @@
63
63
  "test": "bash -c 'source .node_flags.sh && ava'"
64
64
  },
65
65
  "devDependencies": {
66
- "@types/node": "^20.10.6",
66
+ "@koa/cors": "^5.0.0",
67
+ "@types/koa__cors": "^5.0.0",
68
+ "@types/node": "^20.10.8",
69
+ "@types/oidc-provider": "^8.4.3",
67
70
  "@types/qunit": "^2.19.9",
68
71
  "ava": "^5.3.1",
72
+ "chrome-launcher": "^1.1.0",
69
73
  "edge-runtime": "^2.5.7",
70
74
  "esbuild": "^0.19.11",
71
75
  "jose": "^5.2.0",
76
+ "oidc-provider": "^8.4.4",
72
77
  "patch-package": "^8.0.0",
73
78
  "prettier": "^3.1.1",
74
79
  "prettier-plugin-jsdoc": "^1.3.0",
80
+ "puppeteer-core": "^21.7.0",
75
81
  "qunit": "^2.20.0",
82
+ "raw-body": "^2.5.2",
76
83
  "timekeeper": "^2.3.1",
77
84
  "tsx": "^4.7.0",
78
- "typedoc": "^0.25.6",
85
+ "typedoc": "^0.25.7",
79
86
  "typedoc-plugin-markdown": "^3.17.1",
80
- "typedoc-plugin-mdn-links": "^3.1.10",
87
+ "typedoc-plugin-mdn-links": "^3.1.11",
81
88
  "typescript": "^5.3.3",
82
89
  "undici": "^5.28.2"
83
90
  }