zalando-stups / oauth2-client-js Goto Github PK
View Code? Open in Web Editor NEWA library to help you handle OAuth2 access and refresh tokens
License: Other
A library to help you handle OAuth2 access and refresh tokens
License: Other
At the moment, the distribution is built with eval
, making minification in userland impossible. devtool: 'eval'
should be removed, or enabled only for a development build
I am willing to attempt a PR. Also, do you think it is a good idea to update to Webpack 3 at the same time? I could do that also
If a request fails, like when the auth-endpoint is not available, the remembered request will stay in localstorage. Doesn't it make sense to clear of all remembered request if one succeeds?
I'm stepping down as a maintainer of this project, anyone wants to take over? It has around ~150 downloads/month and room for improvement (support for APIs not conforming to OAuth2 RFC, more grant flows).
node-uuid gives a warning nowadays
When I try and use this with linked I get an error in the response hash.
Decoded for readability.
error=unsupported_response_type
error_description=We only support a response_type of "code" but you passed "token"
LinkedIn only works with code
but the response type is hardcoded to token
in request.js
. If response types were configurable would this package work with the type code?
metadata
for instance.
Hello sir, i am using your package in vue cli 3 and trying to get data form github. But the problem is it returning response as html/text. How can i get the response as json?
Because it's just localStorage.clear()
.
Remembering a request will create an entry in localStorage with the key as the concatenation of provider ID and state (uuid)
Only when the user completes the login flow, the entry is cleaned automatically by the library. If the user drops out of the login process and comes back later, a new request will be remembered and the old entry remains, thus gradually fill up localStorage
Could you give a recommended solution for this?
The most recent version of this library published to npmjs.org is v0.0.15, which is from May 2015. Releases
v0.0.16 and v0.0.17 are tagged in the source repo, but they were never published.
Can we please get a new version published to npm? Thanks.
Please add the index.d.ts
at the root of the NPM package so TypeScript compilers can find it. Alternatively add the typings
property in package.json
and the .d.ts
with some other name.
This looks useful to the non-Zalando world -- can/should we promote?
For all of the config keys, the provided values should be used instead of the default ones, if they were present in the config.
This way, something like the 'state'
can be set to a specific value, instead of being "hardcoded".
Hello,
Im trying to get a quick oauth mock flow working and currently having issues with the response_type, here is the output of running oauth2-client-js:
Running on http://localhost:8282
expected Client ID: dummy-client-id
expected Client Secret: dummy-client-secret
authorization endpoint: /auth/request/path
access token endpoint: /access/token/request
redirect URLs: http://mysite.test/#!/user/login/callback
GET /auth/request/path?response_type=token&scope=&client_id=dummy-client-id&redirect_uri=http%3A%2F%2Fmysite.test%2Fuser%2Flogin%2Fcallback&state=7acfebb1-c2d7-42ff-9cc3-925fa77d3a9b 401 Authorization: - Debug info: Error: expected response_type: "code" but actual: "token" Redirect: -
The website ends up of course in a 401. And this is how I'm building the redirect uri:
const provider = new OAuth.Provider({
id: 'fake',
authorization_url: 'http://localhost:8282/auth/request/path'
});
const request = new OAuth.Request({
client_id: 'dummy-client-id',
redirect_uri: 'http://mysite.test/user/login'
, response_type: 'token'
})
const uri = provider.requestToken(request);
provider.remember(request);
window.location.href = uri;
Perhaps related to #28 but any clue on how to set this to code? or have the library accept token as its hardcoded in https://github.com/zalando-stups/oauth2-client-js/blob/master/src/request.js#L25
According to the rfc, the ROPC flow can also be used when there is a high degree of trust between the resource owner and the client, as it's the case with a first-party app, where the use of an implicit flow would hurt UX. OAuth2-client lacks this ROPC flow.
After retrieving the access token, the client should forget the state, stored in the localStorage. This doesn't seem to work always (open https://yourturn.stups.zalan.do/ and look into the localStorage in the Browser's console, I have 83 state objects stored). Could you implement some sort of cleanup? In one of our projects I use the following:
let localStorage = window.localStorage;
for (let [key] of Object.entries(localStorage)) {
if (key.startsWith(provider.id)) {
window.localStorage.removeItem(key);
}
}
we are getting window is not defined error as below.
ReferenceError: window is not defined at new Provider (webpack:///./src/provider.js?:42:86) at Object.<anonymous> (/home/Demo-App/demo/tmp/webpack:/src/routes/requireAuthentication.js:10:20) at webpack_require (/home/Demo-App/demo/tmp/webpack:/webpack/bootstrap 4f5669005e928a572010:19:1) at Object.exports.__esModule (/home/Demo-App/demo/tmp/webpack:/src/routes.js:15:1) at webpack_require (/home/Demo-App/demo/tmp/webpack:/webpack/bootstrap 4f5669005e928a572010:19:1) at Object.<anonymous> (/home/Demo-App/demo/tmp/webpack:/server.babel.js:9:1) at webpack_require (/home/Demo-App/demo/tmp/webpack:/webpack/bootstrap 4f5669005e928a572010:19:1) at Object.<anonymous> (/home/Demo-App/demo/tmp/bundle.js:50:19) at webpack_require (/home/Demo-App/demo/tmp/webpack:/webpack/bootstrap 4f5669005e928a572010:19:1) at /home/Demo-App/demo/tmp/webpack:/webpack/bootstrap 4f5669005e928a572010:39:1
I receive a window is not defined error at
var provider = new OAuth.Provider({
id: 'google', // required
authorization_url: 'https://google.com/auth' // required
});
our package json versions are as below.
"oauth2-client-js": "0.0.15",
"react": "^15.4.0",
"react-dom": "^15.4.0"
var response = google.parse(window.location.href);
Should use window.location.hash instead of window.location.href
Hi, the authorization endpoint I am working with need to set response_type as "id_token token".
However I found the request I sent only had "token". Then I find out that in your OAuthImplicitRequest constructor, the response_type is overwrote to be "config.response_type = 'token';". It doesn't set nonce either. Would you consider to change it?
As a user of TypeScript I would really like to be able to use this library with strong typing.
If it's okay with you guys I am willing to try and make the declaration files
Trying to use the Javascript library as client side javascript and using the example:
var OAuth = require('@zalando/oauth2-client-js');
var google = new OAuth.Provider({
id: 'google', // required
authorization_url: 'https://google.com/auth' // required
});
But you cannot use require on client side javascript - am I missing something?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.