A zero dependency OAuth 2.0 client supporting only the authorization code grant (RFC 6749 § 4.1) with PKCE (RFC 7636) for client side protection.
Currently the only Type/JavaScript implementation in public existence.
1 file implementation for easy auditing.
npm install @bity/oauth2-auth-code-pkce
See the source code of tests/panel.html. It's commented with helpful
information.
Run npm run serve:tests and navigate to
http://localhost:8080/tests/panel.html
This page acts as a test panel for various scenarios. Play around! :)
Modify the example to use the correct configuration.
Some OAuth servers will return additional parameters to the requester. In order to access these they must be explicitly asked for:
config.explicitlyExposedTokens = ['open_id'];
Then this will be available as a property:
accessContext.explicitlyExposedTokens.open_id.
It is probable you will encounter an OAuth server which requires some additional parameters. In order to pass extra parameters, add the following to the configuration:
config.extraAuthorizationParams = { 'some_query_string_param': 'value', ... };
If you have values which need to be computed at run-time and then passed, you can pass them like so:
oauth2.fetchAuthorizationCode({ 'another_query_string_param': computedValue });
| Module system | File |
|---|---|
| Browser (window) | index.umd.js |
| CommonJS (require e.g. nodejs) | index.js |
| TypeScript | index.ts |
Grab the NPM-generated bity-oauth2-auth-code-pkce-*.tgz tarball from CI and
then use npm publish $tarball to publish it to NPM.