{"id":21158377,"url":"https://github.com/toilal/auth-toolbox","last_synced_at":"2025-07-05T14:36:42.333Z","repository":{"id":33234061,"uuid":"151637924","full_name":"Toilal/auth-toolbox","owner":"Toilal","description":"The developer toolbox for HTTP Client Authentication.","archived":false,"fork":false,"pushed_at":"2023-02-04T21:07:41.000Z","size":2711,"stargazers_count":4,"open_issues_count":4,"forks_count":1,"subscribers_count":2,"default_branch":"develop","last_synced_at":"2025-06-21T21:19:56.857Z","etag":null,"topics":["adapters","authentication","axios","client","http","interceptors","jwt","oauth2","openid"],"latest_commit_sha":null,"homepage":"https://toilal.github.io/auth-toolbox/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Toilal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-04T21:26:38.000Z","updated_at":"2023-04-28T16:29:30.000Z","dependencies_parsed_at":"2023-02-18T19:31:30.324Z","dependency_job_id":null,"html_url":"https://github.com/Toilal/auth-toolbox","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/Toilal/auth-toolbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Toilal%2Fauth-toolbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Toilal%2Fauth-toolbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Toilal%2Fauth-toolbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Toilal%2Fauth-toolbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Toilal","download_url":"https://codeload.github.com/Toilal/auth-toolbox/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Toilal%2Fauth-toolbox/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263755975,"owners_count":23506475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adapters","authentication","axios","client","http","interceptors","jwt","oauth2","openid"],"created_at":"2024-11-20T12:22:08.407Z","updated_at":"2025-07-05T14:36:42.313Z","avatar_url":"https://github.com/Toilal.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auth Toolbox\n\n[![NPM Package](https://img.shields.io/npm/v/auth-toolbox.svg)](https://www.npmjs.com/package/auth-toolbox)\n![npm type definitions](https://img.shields.io/npm/types/auth-toolbox.svg)\n[![Build Status](https://img.shields.io/github/workflow/status/Toilal/auth-toolbox/ci)](https://github.com/Toilal/auth-toolbox/actions?query=workflow%3Aci)\n[![Coverage Status](https://coveralls.io/repos/github/Toilal/auth-toolbox/badge.svg?branch=master)](https://coveralls.io/github/Toilal/auth-toolbox?branch=master)\n[![devDependencies Status](https://david-dm.org/Toilal/auth-toolbox/dev-status.svg)](https://david-dm.org/Toilal/auth-toolbox?type=dev)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n[![GitHub stars](https://img.shields.io/github/stars/Toilal/auth-toolbox.svg?style=social\u0026label=Stars)](https://github.com/Toilal/auth-toolbox)\n\n*The developer toolbox for HTTP Client Authentication.*\n\nAuth Toolbox is a set of JavaScript modules that can be used to add HTTP Client Authentication \nto your web application.\n\nIt's designed to support any HTTP Client, and any Authorization Server supporting OpenID Connect \n/ OAuth 2.0 *Resource Owner Password Credentials Grant*. Any custom similar workflows with \nusername/password credentials authentication providing an Access Token may be supported \n(like PHP Symfony's [lexik/LexikJWTAuthenticationBundle](https://github.com/lexik/LexikJWTAuthenticationBundle) + \n[gesdinet/jwt-refresh-token-bundle](https://github.com/gesdinet/JWTRefreshTokenBundle)).\n\n### Disclaimer\n\nThis kind of authentication method is commonly discouraged for web applications, but it may be \nacceptable for simple applications where Authentication Server and Resource Owner is implemented in\nthe same service, or if the Authentication Server is dedicated to the application.\n\nYou should read this [excellent post by Scott Brady](https://www.scottbrady91.com/OAuth/Why-the-Resource-Owner-Password-Credentials-Grant-Type-is-not-Authentication-nor-Suitable-for-Modern-Applications)\nabout why you should not use Password Grant authentication. As a more secure alternative, you could \nuse [oidc-client](https://github.com/IdentityModel/oidc-client-js), but if you really need to avoid \nany redirect to the Authorization Server, you should stick with Auth Toolbox.\n\n### Install\n\n```\nnpm install auth-toolbox\n```\n\n### Examples\n\n#### OpenID Connect Password Grant / OAuth 2.0 Password Grant\n\n - *Resource Owner Password Credentials Grant (`grant_type=password`)*\n - *Client authentication with id/secret (Basic Auth)*\n - *OpenID Auto configuration throw OpenID Discovery*\n - *Axios adapter*\n\n```typescript\nimport Auth, { UsernamePasswordCredentials } from 'auth-toolbox/dist/lib/auth-toolbox'\nimport OpenidConnectAdapter, { openidConnectDiscovery } from 'auth-toolbox/dist/lib/server-adapter/openid-connect-adapter'\nimport JwtTokenDecoder from 'auth-toolbox/dist/lib/token-decoder/jwt-token-decoder'\nimport AxiosAdapter from 'auth-toolbox/dist/lib/client-adapter/axios-adapter'\n\nimport axios, { AxiosResponse } from 'axios'\n\n// Keycloak is a great opensource Authentication Server\nconst openIdIssuerUrl = 'https://keycloak.pragmasphere.com/realms/planireza'\nconst openIdClientId = 'clientId'\nconst openIdClientSecret = 'ThisIsSecret!'\n\nconst client = axios.create()\n\nconst axiosAdapter = new AxiosAdapter(\n  client,\n  { auth: { username: openIdClientId, password: openIdClientSecret } }\n)\n\nconst auth = new Auth\u003cUsernamePasswordCredentials, AxiosResponse\u003e(\n  openidConnectDiscovery(axiosAdapter, openIdIssuerUrl),\n  new OpenidConnectAdapter(),\n  axiosAdapter,\n  { accessTokenDecoder: new JwtTokenDecoder() }\n)\n\nauth.login('myUsername', 'myPassword').then(() =\u003e {\n  // Read the payload from decoded access token\n  const payload = auth.decodeAccessToken()\n  console.log(payload) // Decoded user payload\n  \n  // This resource requires user to be authenticated.\n  // Axios interceptors have been automatically registered to handle all the authentication stuff.\n  return client.get('/restricted')\n}).then((r: AxiosResponse) =\u003e {\n  // We are in !\n  console.log(r.data)\n})\n```\n\n### Docs\n\n[API Documentation is available](https://toilal.github.io/auth-toolbox/)\n\n### Supported HTTP Clients\n\nAuth Toolbox supports the following HTTP Clients:\n  \n - axios\n - request (Todo)\n - JQuery (Todo)\n - Angular (Todo)\n - XMLHttpRequest (Todo)\n \nAny other client may be implemented.\n \n### Supported HTTP Servers protocols\n\nAuth Toolbox supports the following protocols out of the box:\n\n - OpenID Connect *Resource Owner Password Credentials Grant* (Access Token + Optional Refresh token)\n - OpenID Discovery (`.well-known/openid-configuration` endpoint)\n\nAny custom implementation matching more or less *OAuth 2.0 Password Grant* flow may be implemented.\n\n### Credits\n\n - TypeScript library template generated from [alexjoverm/typescript-library-starter](https://github.com/alexjoverm/typescript-library-starter).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoilal%2Fauth-toolbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoilal%2Fauth-toolbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoilal%2Fauth-toolbox/lists"}