• Stars
    star
    982
  • Rank 46,621 (Top 1.0 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.

AppAuth for JS

AppAuth for JavaScript is a client SDK for public clients for communicating with OAuth 2.0 and OpenID Connect providers following the best practice RFC 8252 - OAuth 2.0 for Native Apps. The library is designed for use in Web Apps, Node.js CLI applications, Chrome Apps and applications that use Electron or similar frameworks.

It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language.

The library also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.

Examples

An example application using the library is included in the src/node_app folder and at https://github.com/googlesamples/appauth-js-electron-sample.

Auth Flow

AppAuth supports manual interaction with the Authorization Server where you need to perform your own token exchanges. This example performs a manual exchange.

Fetch Service Configuration
AuthorizationServiceConfiguration.fetchFromIssuer(openIdConnectUrl)
  .then(response => {
    log('Fetched service configuration', response);
    this.configuration = response;
    this.showMessage('Completed fetching configuration');
  })
  .catch(error => {
    log('Something bad happened', error);
    this.showMessage(`Something bad happened ${error}`)
  });
Make Authorization Requests
this.notifier = new AuthorizationNotifier();
// uses a redirect flow
this.authorizationHandler = new RedirectRequestHandler();
// set notifier to deliver responses
this.authorizationHandler.setAuthorizationNotifier(this.notifier);
// set a listener to listen for authorization responses
this.notifier.setAuthorizationListener((request, response, error) => {
  log('Authorization request complete ', request, response, error);
  if (response) {
    this.code = response.code;
    this.showMessage(`Authorization Code ${response.code}`);
  }
});

// create a request
let request = new AuthorizationRequest({
    client_id: clientId,
    redirect_uri: redirectUri,
    scope: scope,
    response_type: AuthorizationRequest.RESPONSE_TYPE_CODE,
    state: undefined,
    extras: {'prompt': 'consent', 'access_type': 'offline'}
  });

// make the authorization request
this.authorizationHandler.performAuthorizationRequest(this.configuration, request);
Making Token Requests
this.tokenHandler = new BaseTokenRequestHandler();

let request: TokenRequest|null = null;

if (this.code) {
  let extras: StringMap|undefined = undefined;
  if (this.request && this.request.internal) {
    extras = {};
    extras['code_verifier'] = this.request.internal['code_verifier'];
  }
  // use the code to make the token request.
  request = new TokenRequest({
      client_id: clientId,
      redirect_uri: redirectUri,
      grant_type: GRANT_TYPE_AUTHORIZATION_CODE,
      code: this.code,
      refresh_token: undefined,
      extras: extras
    });
} else if (this.tokenResponse) {
  // use the token response to make a request for an access token
  request = new TokenRequest({
      client_id: clientId,
      redirect_uri: redirectUri,
      grant_type: GRANT_TYPE_REFRESH_TOKEN,
      code: undefined,
      refresh_token: this.tokenResponse.refreshToken,
      extras: undefined
    });
}

this.tokenHandler.performTokenRequest(this.configuration, request)
  .then(response => {
    // ... do something with token response
  });

Development

Preamble

This client has been written with TypeScript.

Setup

  • Install the latest version of Node. NVM (Node Version Manager is highly recommended).

  • Use nvm install to install the recommended Node.js version.

  • Download the latest version of Visual Studio Code from here.

Provision Dependencies

This app uses npm to provision it dependencies.

  • git clone the AppAuthJS library and go to the root folder of the project containing package.json file.
  • npm install to install all the dev and project dependencies.

Thats it! You are now ready to start working on AppAuthJS.

Development Workflow

The project uses npm scripts to automate development workflows. These scripts are made available via the package.json file.

The following scripts are included:

  • npm run-script compile or tsc will compile all your TypeScript files. All compiled files go into the built/ folder.

  • npm run-script watch or tsc --watch will compile your TypeScript files in watch mode. Recommended if you want to get continuous feedback.

  • npm run-script build-app generates the output bundle.js file in the built/ directory. This includes the full AppAuthJS library including all its dependencies.

  • npm test provisions the Karma test runner to run all unit tests. All tests are written using Jasmine. To DEBUG your tests, click on the Debug button in the Karma test runner to look at the actual source of the tests. You can attach break points here.

  • npm run-script app builds the test app on a local web server. This is an end-to-end app which uses AppAuthJS and is a demonstration on how to use the library.

  • npm run-script node-app builds a Node.js CLI sample app. This is an end-to-end app which uses AppAuthJS in a Node.js context.

More Repositories

1

AppAuth-Android

Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
Java
2,848
star
2

AppAuth-iOS

iOS and macOS SDK for communicating with OAuth 2.0 and OpenID Connect providers.
Objective-C
1,758
star
3

php-openid

OpenID library for PHP5
PHP
755
star
4

python-openid

OpenID library for Python
Python
439
star
5

ruby-openid

OpenID library for Ruby
Ruby
315
star
6

OpenYOLO-Android

Android protocol for credential exchange and update - "You Only Login Once"
Java
115
star
7

OpenYOLO-Web

Web protocol for credential exchange and update - "You Only Login Once"
TypeScript
100
star
8

OpenID4VCI

68
star
9

OpenID4VP

Python
53
star
10

sharedsignals

OpenID Shared Signals Working Group Repository
Makefile
50
star
11

authzen

Proposed standard for an Authorization API
TypeScript
36
star
12

oid4vc-haip-sd-jwt-vc

High Assurance Profile of OID4VP and OID4VCI using SD-JWT VC and mdocs that is privacy preserving, secure, and meets regulatory requirements
Makefile
29
star
13

accountchooser

Promotional website for Account Chooser.
22
star
14

connect-site

The OpenID Connect site.
PHP
13
star
15

openid.github.com

JavaScript
13
star
16

OpenYOLO-Spec

The markdown source of the OpenYOLO Specification
XSLT
11
star
17

SIOPv2

8
star
18

accountchooser.com

Source code for accountchooser.com, a project of the OIDF Account Chooser Working Group
JavaScript
8
star
19

federation

8
star
20

openid4vp_ble

HTML
7
star
21

php4-openid

OpenID library for PHP4
PHP
6
star
22

Contract-Exchange-Extension

The (draft) OpenID Contract Exchange Extension specification.
HTML
6
star
23

User-Experience-Extension

The (draft) OpenID User Experience Extension specification.
6
star
24

OpenID4VC_SecTrust

Makefile
5
star
25

jwtconnect.io

HTML
3
star
26

ipsie

OpenID IPSIE Working Group Repository
1
star