Gathering detailed insights and metrics for @openid/appauth
Installations
npm install @openid/appauthDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
20.12.2
NPM Version
10.5.0
Score
94.6
Supply Chain
99.2
Quality
80.4
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
18
Unable to fetch Contributors
Languages
3
TypeScript
HTML
CSS
TypeScript (96.09%)
HTML (3.83%)
CSS (0.08%)
Developer
openid
Download Statistics
Total Downloads
9,710,647
Last Day
3,789
Last Week
18,683
Last Month
216,199
Last Year
2,420,917
GitHub Statistics
995 Stars
90 Commits
161 Forks
35 Watching
1 Branches
18 Contributors
Bundle Size
19.58 kB
Minified
5.58 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
1.3.2
Package Id
@openid/appauth@1.3.2
Unpacked Size
524.25 kB
Size
122.25 kB
File Count
115
NPM Version
10.5.0
Node Version
20.12.2
Publised On
15 Apr 2024
Total Downloads
Cumulative downloads
Total Downloads
9,710,647
Last day
-3.3%
3,789
Compared to previous day
Last week
-63.4%
18,683
Compared to previous week
Last month
-1.2%
216,199
Compared to previous month
Last year
4.3%
2,420,917
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
AppAuth for JavaScript is a client SDK for public clients
for communicating with OAuth 2.0
and OpenID Connect providers
following the best practice
RFC 8252 - OAuth 2.0 for Native Apps.
The library is designed for use in Web Apps, Node.js CLI applications,
Chrome Apps and applications that use Electron or similar frameworks.
It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language.
The library also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.
Examples
An example application using the library is included in the src/node_app folder and at https://github.com/googlesamples/appauth-js-electron-sample.
Auth Flow
AppAuth supports manual interaction with the Authorization Server where you need to perform your own token exchanges. This example performs a manual exchange.
Fetch Service Configuration
1AuthorizationServiceConfiguration.fetchFromIssuer(openIdConnectUrl) 2 .then(response => { 3 log('Fetched service configuration', response); 4 this.configuration = response; 5 this.showMessage('Completed fetching configuration'); 6 }) 7 .catch(error => { 8 log('Something bad happened', error); 9 this.showMessage(`Something bad happened ${error}`) 10 });
Make Authorization Requests
1this.notifier = new AuthorizationNotifier(); 2// uses a redirect flow 3this.authorizationHandler = new RedirectRequestHandler(); 4// set notifier to deliver responses 5this.authorizationHandler.setAuthorizationNotifier(this.notifier); 6// set a listener to listen for authorization responses 7this.notifier.setAuthorizationListener((request, response, error) => { 8 log('Authorization request complete ', request, response, error); 9 if (response) { 10 this.code = response.code; 11 this.showMessage(`Authorization Code ${response.code}`); 12 } 13}); 14 15// create a request 16let request = new AuthorizationRequest({ 17 client_id: clientId, 18 redirect_uri: redirectUri, 19 scope: scope, 20 response_type: AuthorizationRequest.RESPONSE_TYPE_CODE, 21 state: undefined, 22 extras: {'prompt': 'consent', 'access_type': 'offline'} 23 }); 24 25// make the authorization request 26this.authorizationHandler.performAuthorizationRequest(this.configuration, request);
Making Token Requests
1this.tokenHandler = new BaseTokenRequestHandler(); 2 3let request: TokenRequest|null = null; 4 5if (this.code) { 6 let extras: StringMap|undefined = undefined; 7 if (this.request && this.request.internal) { 8 extras = {}; 9 extras['code_verifier'] = this.request.internal['code_verifier']; 10 } 11 // use the code to make the token request. 12 request = new TokenRequest({ 13 client_id: clientId, 14 redirect_uri: redirectUri, 15 grant_type: GRANT_TYPE_AUTHORIZATION_CODE, 16 code: this.code, 17 refresh_token: undefined, 18 extras: extras 19 }); 20} else if (this.tokenResponse) { 21 // use the token response to make a request for an access token 22 request = new TokenRequest({ 23 client_id: clientId, 24 redirect_uri: redirectUri, 25 grant_type: GRANT_TYPE_REFRESH_TOKEN, 26 code: undefined, 27 refresh_token: this.tokenResponse.refreshToken, 28 extras: undefined 29 }); 30} 31 32this.tokenHandler.performTokenRequest(this.configuration, request) 33 .then(response => { 34 // ... do something with token response 35 });
Development
Preamble
This client has been written with TypeScript.
Setup
-
Install the latest version of Node. NVM (Node Version Manager is highly recommended).
-
Use
nvm installto install the recommended Node.js version. -
Download the latest version of Visual Studio Code from here.
Provision Dependencies
This app uses npm to provision it dependencies.
git clonetheAppAuthJSlibrary and go to the root folder of the project containingpackage.jsonfile.npm installto install all the dev and project dependencies.
Thats it! You are now ready to start working on AppAuthJS.
Development Workflow
The project uses npm scripts to automate development workflows.
These scripts are made available via the package.json file.
The following scripts are included:
-
npm run-script compileortscwill compile all your TypeScript files. All compiled files go into thebuilt/folder. -
npm run-script watchortsc --watchwill compile your TypeScript files inwatchmode. Recommended if you want to get continuous feedback. -
npm run-script build-appgenerates the outputbundle.jsfile in thebuilt/directory. This includes the fullAppAuthJSlibrary including all its dependencies. -
npm testprovisions theKarmatest runner to run all unit tests. All tests are written using Jasmine. To DEBUG your tests, click on theDebugbutton in the Karma test runner to look at the actual source of the tests. You can attach break points here. -
npm run-script appbuilds the test app on a local web server. This is an end-to-end app which uses AppAuthJS and is a demonstration on how to use the library. -
npm run-script node-appbuilds a Node.js CLI sample app. This is an end-to-end app which uses AppAuthJS in a Node.js context.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
Found 6/29 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
18 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2
/10
Last Scanned on 2024-12-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More