OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes

This software is a collection of routines upon which framework-specific client modules may be written. Its objective is to support and, where possible, enforce secure and current best practices using only capabilities common to Browser and Non-Browser JavaScript-based runtime environments.

Target profiles of this software are OAuth 2.1, OAuth 2.0 complemented by the latest Security BCP, and FAPI 2.0. Where applicable OpenID Connect is also supported.

In Scope & Implemented

Authorization Server Metadata discovery
Authorization Code Flow (profiled under OpenID Connect 1.0, OAuth 2.0, OAuth 2.1, and FAPI 2.0), PKCE
Refresh Token, Device Authorization, and Client Credentials Grants
Demonstrating Proof-of-Possession at the Application Layer (DPoP)
Token Introspection and Revocation
Pushed Authorization Requests (PAR)
UserInfo and Protected Resource Requests
Authorization Server Issuer Identification
JWT Secured Introspection, Response Mode (JARM), Authorization Request (JAR), and UserInfo

Certification

Filip Skokan has certified that this software conforms to the Basic RP Conformance Profile of the OpenID Connect™ protocol.

💗 Help the project

Dependencies: 0

Documentation

Examples

example ESM import

import * as oauth2 from 'oauth4webapi'

example Deno import

import * as oauth2 from 'https://deno.land/x/[email protected]/mod.ts'

Authorization Code Flow - OpenID Connect source, or plain OAuth 2 source
Public Client Authorization Code Flow - source | diff from code flow
Private Key JWT Client Authentication - source | diff from code flow
DPoP - source | diff from code flow
Pushed Authorization Request (PAR) - source | diff from code flow
Client Credentials Grant - source
Device Authorization Grant - source
FAPI 2.0 (Private Key JWT, PAR, DPoP) - source
FAPI 2.0 Message Signing (Private Key JWT, PAR, DPoP, JAR, JARM) - source | diff

Supported Runtimes

The supported JavaScript runtimes include ones that support the utilized Web API globals and standard built-in objects

These are (this is not an exhaustive list):

Browsers
Bun
Cloudflare Workers
Deno
Electron
Node.js (runtime flags may be needed)
Vercel's Edge Runtime

Out of scope

CommonJS
Implicit, Hybrid, and Resource Owner Password Credentials Flows
Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
JSON Web Encryption (JWE)
Automatic polyfills of any kind

Name		Name	Last commit message	Last commit date
Latest commit History 466 Commits
.github		.github
conformance		conformance
docs		docs
examples		examples
patches		patches
src		src
tap		tap
test		test
.electron_flags.sh		.electron_flags.sh
.gitignore		.gitignore
.mdn_links.cjs		.mdn_links.cjs
.node_flags.sh		.node_flags.sh
.postbump.cjs		.postbump.cjs
.prettierrc.json		.prettierrc.json
.versionrc.json		.versionrc.json
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.md		LICENSE.md
README.md		README.md
ava.config.mjs		ava.config.mjs
mod.ts		mod.ts
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json
typedoc.json		typedoc.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes

In Scope & Implemented

Certification

💗 Help the project

Dependencies: 0

Documentation

Examples

Supported Runtimes

Out of scope

About

Releases

Packages

Languages

License

csbok/oauth4webapi

Folders and files

Latest commit

History

Repository files navigation

OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes

In Scope & Implemented

Certification

💗 Help the project

Dependencies: 0

Documentation

Examples

Supported Runtimes

Out of scope

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages