• Stars
    star
    273
  • Rank 150,780 (Top 3 %)
  • Language
    TypeScript
  • License
    MIT License
  • Created almost 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OAuth 2 / OpenID Connect for JavaScript Runtimes

OAuth 2 / OpenID Connect for JavaScript Runtimes

This software provides a collection of routines that can be used to build client modules for OAuth 2.1, OAuth 2.0 with the latest Security Best Current Practices (BCP), and FAPI 2.0, as well as OpenID Connect where applicable. The primary goal of this software is to promote secure and up-to-date best practices while using only the capabilities common to both browser and non-browser JavaScript runtimes.

Features

The following features are currently in scope and implemented in this software:

  • Authorization Server Metadata discovery
  • Authorization Code Flow (profiled under OpenID Connect 1.0, OAuth 2.0, OAuth 2.1, and FAPI 2.0), with PKCE
  • Refresh Token, Device Authorization, and Client Credentials Grants
  • Demonstrating Proof-of-Possession at the Application Layer (DPoP)
  • Token Introspection and Revocation
  • Pushed Authorization Requests (PAR)
  • UserInfo and Protected Resource Requests
  • Authorization Server Issuer Identification
  • JWT Secured Introspection, Response Mode (JARM), Authorization Request (JAR), and UserInfo

Certification

OpenID Certification

Filip Skokan has certified that this software conforms to the Basic RP Conformance Profile of the OpenID Connectâ„¢ protocol.

💗 Help the project

Dependencies: 0

oauth4webapi has no dependencies and it exports tree-shakeable ESM.

Documentation

Examples

example ESM import

import * as oauth2 from 'oauth4webapi'

example Deno import

import * as oauth2 from 'https://deno.land/x/[email protected]/mod.ts'

Supported Runtimes

The supported JavaScript runtimes include those that support the utilized Web API globals and standard built-in objects. These are (but are not limited to):

Out of scope

The following features are currently out of scope:

  • CommonJS
  • Implicit, Hybrid, and Resource Owner Password Credentials Flows
  • Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
  • JSON Web Encryption (JWE)
  • Automatic polyfills of any kind

More Repositories

1

jose

"JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
TypeScript
3,506
star
2

node-oidc-provider

OpenID Certifiedâ„¢ OAuth 2.0 Authorization Server implementation for Node.js
JavaScript
2,852
star
3

node-openid-client

OpenID Certifiedâ„¢ Relying Party (OpenID Connect/OAuth 2.0 Client) implementation for Node.js.
JavaScript
1,589
star
4

paseto

PASETO (Platform-Agnostic SEcurity TOkens) for Node.js with no dependencies
JavaScript
304
star
5

node-oidc-provider-example

A step-by-step approach to getting an OpenID Connect Provider instance up and running using oidc-provider
JavaScript
130
star
6

dpop

DPoP for Web Platform API JavaScript runtimes
TypeScript
24
star
7

oidc-token-hash

Create and validate hashes pushed by OpenID Connect providers to ID Tokens.
JavaScript
19
star
8

hkdf

HKDF with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno.
JavaScript
19
star
9

jwterminal

a quick script pulled together to get jwt.io-like JWT debugging in your terminal
JavaScript
7
star
10

personalausweis

German ID Card Validation in node.js
JavaScript
7
star
11

openid-client-cli

CLI for managing dynamic OpenID Connect client registrations.
JavaScript
5
star
12

oidc-provider-conformance-tests

OpenID Connect Provider conformance test suite for oidc-provider library
JavaScript
5
star
13

it-should-just-work

TypeScript
1
star
14

jose-x25519-ecdh

!DEPRECATED! ECDH-ES implementation for X25519 keys extension for the jose module.
JavaScript
1
star
15

fetch-node-release

Fetch latest Node.js release version by keyword such as "stable", "lts/carbon" or "lts/*".
JavaScript
1
star
16

panva

1
star
17

openid-client-conformance-tests

OpenID Connect Relying Party conformance test suite for openid-client library
JavaScript
1
star
18

jose-chacha

!DEPRECATED! ChaCha derived AEAD algorithms extension for the `jose` (v2.x) Node.js package
JavaScript
1
star
19

keyobject-to-cryptokey

Converts KeyObject instances to CryptoKey for use with a given JSON Web Algorithm
TypeScript
1
star