A new OAuth2 client for Javascript
source link: https://evertpot.com/oauth2-javascript-client/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
June 20, 2022
A new OAuth2 client for Javascript
Frustrated with the lack of well maintained, minimal OAuth2 libraries, I wrote
my own. This new OAuth2 library is only 3KB gzipped, mainly because it
has 0 dependencies and relies on modern APIs like fetch()
and
Web Crypto which are built in Node 18 (but it works with Polyfills on
Node 14 and 16).
It has support for key features such as:
authorization_code
with PKCE support.password
andclient_credentials
grants.- a
fetch()
wrapper that automatically adds Bearer tokens and refreshes them. - OAuth2 endpoint discovery via the Server metadata document (RFC8414).
- OAuth2 Token Introspection (RFC7662).
If your server does support the meta-data document, here’s how simple the process can be:
client_credentials example
const { OAuth2Client } from '@badgateway/oauth2';
const client = new Client({
clientId: '..',
clientSecret: '..',
server: 'https://my-auth-server.example'
});
const tokens = await client.clientCredentials();
Without the meta-data document, you will need to specify settings such as the
tokenEndpoint
and possibly the authorizationEndpoint
depending on which
flow you are using.
authorization_code example
The authorization_code
flow is a multi-step process, so a bit more involved.
The library gives you direct access to the primitives, allowing you to
integrate in your own frameworks and applications.
import { OAuth2Client, generateCodeVerifier } from 'client';
const client = new OAuth2Client({
server: 'https://authserver.example/',
clientId: '...',
});
// Part of PCKE
const codeVerifier = await generateCodeVerifier();
// In a browser this might work as follows:
document.location = await client.authorizationCode.getAuthorizeUri({
redirectUri: 'https://my-app.example/',
state: 'some-string',
codeVerifier,
scope: ['scope1', 'scope2'],
});
Handling the redirect back
const oauth2Token = await client.authorizationCode.getTokenFromCodeRedirect(
document.location,
{
redirectUri: 'https://my-app.example/',
state: 'some-string',
codeVerifier,
}
);
Docs and download
Recommend
-
90
ASP.NET没有魔法——ASP.NET MVC使用Oauth2.0实现身份验证 ...
-
79
OAuth 2.0 是目前比较流行的做法,它率先被Google, Yahoo, Microsoft, Facebook等使用。之所以标注为 2.0,是因为最初有一个1.0协议,但这个1.0协议被弄得太复杂,易用性差,所以没有得到普及。2.0是一个新的设计,协议简单清晰,但它并不兼容1.0,可以说与1.0没什...
-
63
介绍这是 OAuth 2.0 的用户指南。OAuth 1.0 与之大不相同,若有需求,请阅读
-
96
Spring Cloud OAuth2 优雅的集成短信验证码登录以及第三方登录
-
54
-
0
Announcing The New Exceptionless JavaScript Client We have had a JavaScript client for several...
-
2
Implementing OAuth2 Client credentials flow APP to APP security using Azure AD non interactive This article shows how to implement the OAuth client credentials flow using the Microsoft.Identity.Client Nuget pa...
-
0
How do I get an error message returned by DotNetOpenAuth.OAuth2 on the client side? advertisements I'm using ExchangeUserC...
-
18
Open Authorization 2.0 (OAuth2) is a protocol that lets an application or website use a resource that someone else controls. It enables secure delegated access to web resources by using access tokens to allow access rights. OAuth2...
-
1
Posted 3 years agoUpdated 2 years ago
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK