Gathering detailed insights and metrics for zihan-oauth4webapi
Gathering detailed insights and metrics for zihan-oauth4webapi
Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
Installations
npm install zihan-oauth4webapiDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
18.12.1
NPM Version
8.19.2
Score
74.9
Supply Chain
92.2
Quality
75.2
Maintenance
100
Vulnerability
100
License
Releases
73
Languages
3
TypeScript
JavaScript
Shell
TypeScript (96.67%)
JavaScript (2.1%)
Shell (1.22%)
Developer
panva
Download Statistics
Total Downloads
438
Last Day
3
Last Week
3
Last Month
11
Last Year
96
GitHub Statistics
MIT License
649 Stars
1,097 Commits
60 Forks
8 Watchers
4 Branches
2 Contributors
Updated on Jun 12, 2025
Bundle Size
33.11 kB
Minified
8.20 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
2.0.8
Package Id
zihan-oauth4webapi@2.0.8
Unpacked Size
116.32 kB
Size
21.08 kB
File Count
5
NPM Version
8.19.2
Node Version
18.12.1
Published on
Jan 27, 2023
Total Downloads
Cumulative downloads
Total Downloads
438
Last Day
0%
3
Compared to previous day
Last Week
200%
3
Compared to previous week
Last Month
-35.3%
11
Compared to previous month
Last Year
7.9%
96
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
OAuth 2 / OpenID Connect for Web Platform API JavaScript runtimes
This software is a collection of routines upon which framework-specific client modules may be written. Its objective is to support and, where possible, enforce secure and current best practices using only capabilities common to Browser and Non-Browser JavaScript-based runtime environments.
Target profiles of this software are OAuth 2.1, OAuth 2.0 complemented by the latest Security BCP, and FAPI 2.0. Where applicable OpenID Connect is also supported.
In Scope & Implemented
- Authorization Server Metadata discovery
- Authorization Code Flow (profiled under OpenID Connect 1.0, OAuth 2.0, OAuth 2.1, and FAPI 2.0), PKCE
- Refresh Token, Device Authorization, and Client Credentials Grants
- Demonstrating Proof-of-Possession at the Application Layer (DPoP)
- Token Introspection and Revocation
- Pushed Authorization Requests (PAR)
- UserInfo and Protected Resource Requests
- Authorization Server Issuer Identification
- JWT Secured Introspection, Response Mode (JARM), Authorization Request (JAR), and UserInfo
Certification
Filip Skokan has certified that this software conforms to the Basic RP Conformance Profile of the OpenID Connect™ protocol.
💗 Help the project
Dependencies: 0
Documentation
Examples
example ESM import
1import * as oauth2 from 'oauth4webapi'
example Deno import
1import * as oauth2 from 'https://deno.land/x/oauth4webapi@v2.0.6/mod.ts'
- Authorization Code Flow - OpenID Connect source, or plain OAuth 2 source
- Public Client Authorization Code Flow - source | diff from code flow
- Private Key JWT Client Authentication - source | diff from code flow
- DPoP - source | diff from code flow
- Pushed Authorization Request (PAR) - source | diff from code flow
- Client Credentials Grant - source
- Device Authorization Grant - source
- FAPI 2.0 (Private Key JWT, PAR, DPoP) - source
- FAPI 2.0 Message Signing (Private Key JWT, PAR, DPoP, JAR, JARM) - source | diff
Supported Runtimes
The supported JavaScript runtimes include ones that support the utilized Web API globals and standard built-in objects
These are (this is not an exhaustive list):
- Browsers
- Bun
- Cloudflare Workers
- Deno
- Electron
- Node.js (runtime flags may be needed)
- Vercel's Edge Runtime
Out of scope
- CommonJS
- Implicit, Hybrid, and Resource Owner Password Credentials Flows
- Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
- JSON Web Encryption (JWE)
- Automatic polyfills of any kind
No vulnerabilities found.
No security vulnerabilities found.