Documentation: https://oauth2.oslojs.dev

A JavaScript client library for OAuth 2.0 by Oslo.

Supports authorization code grant type, PKCE extension, refresh token grant type, token revocation, and device code grant type as specified in RFC 6749, RFC 7009, RFC 7636, and RFC 8628.

• Runtime-agnostic
• No third-party dependencies
• Fully typed

import { AuthorizationCodeAccessTokenRequestContext, sendTokenRequest } from "@oslojs/oauth2";

const context = new AuthorizationCodeAccessTokenRequestContext(code);
context.authenticateWithHTTPBasicAuth(clientId, clientSecret);
context.setRedirectURI("https://my-app.com/login/callback");
const tokens = await sendTokenRequest(tokenEndpoint, context);
const accessToken = tokens.access_token;

Implicit grant type and resource owner password credentials grant type are not supported as they are no longer recommended.

npm i @oslojs/oauth2

This package requires the Web Crypto API. This is available in most modern runtimes, including Node.js 20+, Deno, Bun, and Cloudflare Workers. The major exception is Node.js 16 and 18. Make sure to polyfill it using webcrypto.

import { webcrypto } from "node:crypto";

globalThis.crypto = webcrypto;

Alternatively, add the --experimental-global-webcrypto flag when executing files.

node --experimental-global-webcrypto index.js