npmpackage.info

Gathering detailed insights and metrics for @panva/oauth4webapi

@panva/oauth4webapi - 1.2.0 | npmpackage.info

@panva/oauth4webapi

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

1.2.0

684

MIT

TypeScript

122.27 kB

130,840

Installations

npm install @panva/oauth4webapi

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Node Version

18.9.0

NPM Version

8.19.1 Score

78.4

Supply Chain

100

Quality

75.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

47

Closed

18

Merged

29

Issues

Open

0

Total

29

Closed

29

Releases

v3.8.1

Updated on Aug 29, 2025

v3.8.0

Updated on Aug 27, 2025

v3.7.0

Updated on Aug 12, 2025

v3.6.2

Updated on Aug 08, 2025

v3.6.1

Updated on Aug 01, 2025

v3.6.0

Updated on Jul 16, 2025

View All 82 releases

Languages

TypeScript

JavaScript

Shell

TypeScript (96.49%)

JavaScript (2.32%)

Shell (1.19%)

🚀 npmpackage.info for sale

Built with Next.js • Fully responsive • SEO optimized • Open source ready

Developer

panva

Download Statistics

Total Downloads

130,840

Last Day

111

Last Week

1,803

Last Month

5,148

Last Year

30,327

GitHub Statistics

MIT License

684 Stars

1,142 Commits

65 Forks

8 Watchers

3 Branches

3 Contributors

Updated on Aug 29, 2025

Sponsor this package

https://github.com/sponsors/panva

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

1.2.0

Package Id

@panva/oauth4webapi@1.2.0

Unpacked Size

122.27 kB

Size

22.27 kB

File Count

NPM Version

8.19.1

Node Version

18.9.0

Total Downloads

Cumulative downloads

Total Downloads

130,840

Last Day

362.5%

111

Compared to previous day

Last Week

54.6%

1,803

Compared to previous week

Last Month

22.4%

5,148

Compared to previous month

Last Year

17.3%

30,327

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@esbuild-kit/esm-loader @types/node @types/qunit ava c8 edge-runtime jose patch-package prettier prettier-plugin-jsdoc qunit timekeeper typedoc typedoc-plugin-markdown typescript undici

OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes

This software is a collection of routines upon which framework-specific client modules may be written. Its objective is to support and, where possible, enforce secure and current best practices using only capabilities common to Browser and Non-Browser JavaScript-based runtime environments.

Target profiles of this software are OAuth 2.1, OAuth 2.0 complemented by the latest Security BCP, and FAPI 2.0. Where applicable OpenID Connect is also supported.

In Scope & Implemented

Authorization Server Metadata discovery
Authorization Code Flow (profiled under OpenID Connect 1.0, OAuth 2.0, OAuth 2.1, and FAPI 2.0), PKCE
Refresh Token, Device Authorization, and Client Credentials Grants
Demonstrating Proof-of-Possession at the Application Layer (DPoP)
Token Introspection and Revocation
Pushed Authorization Requests (PAR)
UserInfo and Protected Resource Requests
Authorization Server Issuer Identification
JWT Secured Introspection, Response Mode (JARM), Authorization Request (JAR), and UserInfo

Certification

Filip Skokan has certified that this software conforms to the Basic RP Conformance Profile of the OpenID Connect™ protocol.

💗 Help the project

Dependencies: 0

Documentation

Examples

example ESM import

1import * as oauth2 from '@panva/oauth4webapi'

example Deno import

1import * as oauth2 from 'https://deno.land/x/doauth/src/index.ts'

Authorization Code Flow - OpenID Connect source, or plain OAuth 2 source
Public Client Authorization Code Flow - source | diff from code flow
Private Key JWT Client Authentication - source | diff from code flow
DPoP - source | diff from code flow
Pushed Authorization Request (PAR) - source | diff from code flow
Client Credentials Grant - source
Device Authorization Grant - source
FAPI 2.0 (Private Key JWT, PAR, DPoP) - source
FAPI 2.0 Message Signing (Private Key JWT, PAR, DPoP, JAR, JARM) - source | diff

Runtime requirements

The supported JavaScript runtimes include ones that

are reasonably up to date ECMAScript (targets ES2020, but may be further transpiled for compatibility)
support required Web API globals and standard built-in objects
- Fetch API and its related globals fetch, Response, Headers
- Web Crypto API and its related globals crypto, CryptoKey
- Encoding API and its related globals TextEncoder, TextDecoder
- URL API and its related globals URL, URLSearchParams
- atob and btoa
- Uint8Array
These are (not an exhaustive list):
- Browsers
- Cloudflare Workers
- Deno (^1.21.0)
- Electron
- Next.js Middlewares
- Node.js (runtime flags may be needed)
- Vercel Edge Functions

Out of scope

CommonJS
Implicit, Hybrid, and Resource Owner Password Credentials Flows
Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
JSON Web Encryption (JWE)
JSON Web Signature (JWS) rarely used algorithms and HMAC
Automatic polyfills of any kind

No vulnerabilities found.