node package manager

authwith

Authwith

NPM version NPM downloads Build status Test coverage

Re-usable authentication library.

Installation

npm install authwith --save

Usage

Available classes (implementations):

  • OAuth2
  • OpenIDConnect

OAuth 2.0

import { OAuth2 } from 'authwith'
 
const auth = new OAuth2(options)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • profileUri The URL to request user information
  • profileMap A schema using map-pointer from profile response into standard profile info

Parameters

These are passed as the final option to each method:

  • clientId The client id issued by the OAuth 2.0 server
  • clientSecret The client secret issued by the OAuth 2.0 server
  • redirectUri A URL on your server to receive callbacks from the OAuth 2.0 server
  • scope The requested scope string
  • state? An optional state to be verified on callback

Flow

  1. Redirect user to the URL returned from the auth.getRedirectUri(params) method
  • P.S. Save the state into the users session for verification on redirect
  1. When the callback (redirect) URL is invoked, call auth.getToken(uri, params) - this will make a request and return the access token
  2. With the access token from the response, call auth.getProfile(token, params) - this will retrieve the users profile information
  3. Refresh the token later with auth.refreshToken(refreshToken, params)

Open ID Connect

import { OpenIDConnect } from 'authwith'
 
const auth = new OpenIDConnect(options)
  • authorizationUri The URL to redirect the user for authorization
  • accessTokenUri The URL to retrieve the access token
  • issuer The issuer string for the ID token
  • profileMap? The same schema as OAuth 2.0 - uses the OIDC default map when not specified

Parameters

Extends OAuth2 parameters:

  • nonce? Verifies the nonce when reading the profile information
  • maxAge? Verifies the max age when reading the profile information
  • timestamp? Used in conjunction with maxAge to verify auth_time claim

Flow

OpenID Connect is identical to OAuth 2.0. Internally, it will use the id_token instead of making a separate request for profile information.

TypeScript

This project is written using TypeScript and publishes the definitions directly to NPM.

License

Apache 2.0