Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cmd-johnson/deno-oauth2-client
Minimalistic OAuth 2.0 client for Deno.
https://github.com/cmd-johnson/deno-oauth2-client
deno hacktoberfest oauth2 oauth2-client
Last synced: 2 months ago
JSON representation
Minimalistic OAuth 2.0 client for Deno.
- Host: GitHub
- URL: https://github.com/cmd-johnson/deno-oauth2-client
- Owner: cmd-johnson
- License: mit
- Created: 2020-10-02T08:24:58.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2023-10-08T10:17:44.000Z (about 1 year ago)
- Last Synced: 2024-04-14T13:35:27.099Z (9 months ago)
- Topics: deno, hacktoberfest, oauth2, oauth2-client
- Language: TypeScript
- Homepage:
- Size: 126 KB
- Stars: 46
- Watchers: 4
- Forks: 8
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OAuth2 Client for Deno
![Tests](https://github.com/cmd-johnson/deno-oauth2-client/workflows/Tests/badge.svg)
[![deno doc](https://doc.deno.land/badge.svg)](https://doc.deno.land/https/raw.githubusercontent.com/cmd-johnson/deno-oauth2-client/master/mod.ts)Minimalistic OAuth 2.0 client for Deno. Inspired by
[js-client-oauth2](https://github.com/mulesoft/js-client-oauth2/).This module tries not to make assumptions on your use-cases. As such, it
- has no external dependencies outside of Deno's standard library
- can be used with Deno's [http module](https://deno.land/[email protected]/http) or
any other library for handling http requests, like
[oak](https://deno.land/x/oak)
- only implements OAuth 2.0 grants, letting you take care of storing and
retrieving sessions, managing state parameters, etc.Currently supported OAuth 2.0 grants:
- [Authorization Code Grant (for clients with and without client secrets)](https://www.rfc-editor.org/rfc/rfc6749#section-4.1)
- Out of the box support for
[Proof Key for Code Exchange (PKCE)](https://www.rfc-editor.org/rfc/rfc7636)
- [Implicit Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.2)
- [Resource Owner Password Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.3)
- [Client Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.4)
- [Refresh Tokens](https://www.rfc-editor.org/rfc/rfc6749#section-6)## Usage
### GitHub API example using [oak](https://deno.land/x/oak)
```ts
import { Application, Router } from "https://deno.land/x/[email protected]/mod.ts";
import { Session } from "https://deno.land/x/[email protected]/mod.ts";
import { OAuth2Client } from "https://deno.land/x/oauth2_client/mod.ts";const oauth2Client = new OAuth2Client({
clientId: Deno.env.get("CLIENT_ID")!,
clientSecret: Deno.env.get("CLIENT_SECRET")!,
authorizationEndpointUri: "https://github.com/login/oauth/authorize",
tokenUri: "https://github.com/login/oauth/access_token",
redirectUri: "http://localhost:8000/oauth2/callback",
defaults: {
scope: "read:user",
},
});type AppState = {
session: Session;
};const router = new Router();
router.get("/login", async (ctx) => {
// Construct the URL for the authorization redirect and get a PKCE codeVerifier
const { uri, codeVerifier } = await oauth2Client.code.getAuthorizationUri();// Store both the state and codeVerifier in the user session
ctx.state.session.flash("codeVerifier", codeVerifier);// Redirect the user to the authorization endpoint
ctx.response.redirect(uri);
});
router.get("/oauth2/callback", async (ctx) => {
// Make sure the codeVerifier is present for the user's session
const codeVerifier = ctx.state.session.get("codeVerifier");
if (typeof codeVerifier !== "string") {
throw new Error("invalid codeVerifier");
}// Exchange the authorization code for an access token
const tokens = await oauth2Client.code.getToken(ctx.request.url, {
codeVerifier,
});// Use the access token to make an authenticated API request
const userResponse = await fetch("https://api.github.com/user", {
headers: {
Authorization: `Bearer ${tokens.accessToken}`,
},
});
const { login } = await userResponse.json();ctx.response.body = `Hello, ${login}!`;
});const app = new Application();
app.use(Session.initMiddleware());
app.use(router.allowedMethods(), router.routes());await app.listen({ port: 8000 });
```### More Examples
For more examples, check out the examples directory.
## Migration
### `v0.*.*` -> `v1.*.*`
With `v1.0.0`:
- we introduced PKCE by default for the Authorization Code Grant
- enabled `stateValidator` callbacks to return a Promise, to allow for e.g.
accessing a database
- cleaned up interface names to prevent name clashes between e.g. the
`AuthorizationCodeGrant` and `ImplicitGrant` option objects.#### `AuthorizationCodeGrant`
- The `GetUriOptions` interface was renamed to `AuthorizationUriOptions`
- `getAuthorizationUri(...)` now always returns a `Promise<{ uri: URL }>`
instead of a plain `URL`.
- when using PKCE (which is now the default), `getAuthorizationUri(...)`
returns an object containing both an URI and the `codeVerifier` that you'll
have to pass to the `getToken(...)` call inside the OAuth 2.0 redirection
URI handler. Check out the examples on how to achieve that by using session
cookies.
- while you should always use PKCE if possible, there are still OAuth 2.0
servers that don't support it. To opt out of PKCE, pass
`{ disablePkce: true }` to `getAuthorizationUri`.#### `ClientCredentialsGrant`
- The `GetClientCredentialsTokenOptions` interface was renamed to
`ClientCredentialsTokenOptions`#### `ImplicitGrant`
- The `GetUriOptions` interface was renamed to `ImplicitUriOptions`
- The `GetTokenOptions` interface was renamed to `ImplicitTokenOptions`#### `ResourceOwnerPasswordCredentialsGrant`
- The `GetROPCTokenOptions` interface was renamed to
`ResourceOwnerPasswordCredentialsTokenOptions`#### `RefreshTokenGrant`
- No changes necessary