cmd-johnson / deno-oauth2-client Goto Github PK

I am unsur3 why I am getting the following error. This is occuring in the callback. The clientId is being set hardcoded and passes the initial signin so unsure why. I am using Auth0

[uncaught application error]: Error - OAuth2Strategy requires a clientID option

request: {
  url: "http://localhost:8000/callback?error=server_error&error_description=OAuth2Strategy%20requires%20a%20"... 17 more characters,
  method: "GET",
  hasBody: false
}
response: { status: 404, type: undefined, hasBody: false, writable: true }

    at Function.fromURLSearchParams (https://deno.land/x/[email protected]/src/errors.ts:55:12)
    at AuthorizationCodeGrant.validateAuthorizationResponse (https://deno.land/x/[email protected]/src/authorization_code_grant.ts:181:33)
    at AuthorizationCodeGrant.getToken (https://deno.land/x/[email protected]/src/authorization_code_grant.ts:139:34)
    at file:///home/adoublef/github.com/adoublef-js/oak-auth0/main.ts:42:44
    at dispatch (https://deno.land/x/[email protected]/middleware.ts:41:13)
    at https://deno.land/x/[email protected]/router.ts:1232:20
    at dispatch (https://deno.land/x/[email protected]/middleware.ts:41:13)
    at composedMiddleware (https://deno.land/x/[email protected]/middleware.ts:44:12)
    at dispatch (https://deno.land/x/[email protected]/router.ts:1238:22)
    at dispatch (https://deno.land/x/[email protected]/middleware.ts:41:13)

To allow a consuming project to utilitize the config type without pulling in the full dependency of the OAuth2Client.

This could be completely backwards compatible by re-exporting the type from the oauth2_client.ts

Happy to submit PR if you are open to this.

When trying to work with Linear OAuth I found this check. Linear returns a list back, not a string and thus the parse fails.

I'm not clear on need to check for scope at this stage, but maybe consider supporting a list of strings?

A module with 100% test coverage isn't worth much if nobody understands how to actually use it.

Add Doc-Comments to all public methods and classes so people can understand how the module is used outside the basic examples requested in #6.

Is there a particular reason for this library not to return the id_token when present aside the access and refresh token?

E.g. LinkedIn OAuth doesn't send the token_type in the response.
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?tabs=HTTPS1#response

Thus the getToken flow is erroring out.
https://github.com/cmd-johnson/deno-oauth2-client/blob/master/src/grant_base.ts#L99-L104

I am looking to use this alongside auth0 and I wanted to know how I would go about including the audience when crafting the url? I can see that there are additional options here

// extracted from my application
    return new OAuth2Client({
        defaults: {
            requestOptions: {
                urlParams: {
                    audience: Deno.env.get("AUTH0_AUDIENCE")!,
                },
            },

However this doesn't seem to be used within the code.getAuthorizationUri method and wondering what is the recommended way of setting this up. The audience is required to get a valid JWT back from their services (without the audience the payload is missing)

I have an issue open on their page already, but I wanted to to add here too as I am trying to figure how what may be causing the callback to fail. seems that its when the getToken method is called (authorization_code_grant.ts#L135).

The author states that the context.req.raw object is a Request object so it should work but having issues

Hello. I just wanted to post an update regarding the Deno.HttpClient. Is it possible you can use this instead of OAK?

It would be nice to have a 100% deno solution.

Or, more specifically, something like OAuth2Client.getUserInfo(accessToken: string): Promise<unknown>. This would require adding a userInfoUri?: string property to OAuth2ClientConfig. I'd be happy to submit a PR.

P.S. We use this module for the official Deno KV OAuth module. Thank you for this great module. If you have any ideas on improving this module (deno-oauth2-client) or ours (deno_kv_oauth), I'd be happy to help!

I had some of our tokens misconfigured and GitHub was answering 200 from https://github.com/login/oauth/access_token with the following body:

{                                                                                                                                             
  error: "incorrect_client_credentials",                                                                                                      
  error_description: "The client_id and/or client_secret passed are incorrect.",                                                              
  error_uri: "https://docs.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-erro"... 32 more characters     
} 

Instead, I received Invalid token response: missing access_token and it took me a while to debug as I had to inject the library to find the root issue. Indeed GitHub implementation is far from ideal, yet I believe this corner case should become more visible when it happens (e.g. showing the body without sensitive fields or checking whether there is an error field).

This would require an OAuth2ClientConfig.tokenRevokeUri?: string (or similar) property.

Examples would help people in learning how to use the module.

For now, at least add the basic usage using Deno's built in http module and oak.

When using oauth2Client.refreshToken.refresh(), how do I handle when the refresh token has expired? AFAIK an error is thrown, but I'm not sure which error. My thoughts are it'd be handled like this:

try {
  await oauth2Client.refreshToken.refresh(refreshToken);
} catch (error) {
  if (isRefreshTokenExpired(error) {
    return null;
  }
  throw error;
}

Implement https://tools.ietf.org/html/rfc6749#section-6

Working with a NetDocuments OAuth server it returns the client credentials token with expires_in formatted as a string and not a number.

Would it be possible to modify grant_base.ts parseTokenResponse method to support expires_in as both number and string and convert to number if needed prior to assignment to tokens.expires_in?

Example Concept...

if (
  ! ['number', 'string'].includes(typeof body.expires_in)
) {
  throw new TokenResponseError(
    "expires_in is not a string or number",
    response,
  );
}

....

if (body.expires_in) {
  if (typeof body.expires_in == 'string') {
    body.expires_in = parseInt(body.expires_in);
  }
  tokens.expiresIn = body.expires_in;
}

I want to add middleware to check user and how to do it?

Add tests for all included classes and their methods.

Currently, the OAuth2ClientConfig interface has a defaults property containing requestOptions, scope and stateValidator.

I think the interface would be a little easier to work with if these properties didn't lie within the defaults property and instead just lived alongside the other properties in the interface, top-level. E.g. having these flat would allow us to use Required<OAuth2ClientConfig, "scope" | "redirectUri">.

If this were done, usability or understandability would not be lost. I'd be happy to submit a PR.

Related denoland/deno_kv_oauth#193

The JSON entry 'name' has changed to 'login'. This breaks the examples and nothing is shown in the login page. After changing it to 'login' the GitHub user name is shown.

https://github.com/cmd-johnson/deno-oauth2-client/blame/master/README.md#L54

https://github.com/cmd-johnson/deno-oauth2-client/blame/master/examples/oak.ts#L31

https://github.com/cmd-johnson/deno-oauth2-client/blob/master/examples/http.ts#L49

Here a working example for deno.dev hosting: https://dash.deno.com/projects/dry-pigeon-88

Having a test coverage badge instils confidence in developers using this module. It also highlights where test coverage can be improved, possibly attractive to contributors. It'd be great if this module had one. Codecov appears to work great. For configuration examples, see:

• https://github.com/denoland/deno_kv_oauth/blob/main/.github/workflows/ci.yml
• https://github.com/denoland/deno_kv_oauth/blob/main/.github/codecov.yml

The tests added in #1 should be run on every commit and PR.

JSR is Deno's new JavaScript registry. Publishing here will allow dependent modules to publish to JSR, too. Some work would be required, but it wouldn't be hard. I'd be happy to lend a hand.

References:

1. JSR's docs on publishing packages
2. Deno's tool for converting deno.land/x modules to JSR packages