import { AuthorizationCodeGrant } from "https://deno.land/x/oauth2_server@0.12.0/authorization_server.ts";
The authorization code grant type. https://datatracker.ietf.org/doc/html/rfc6749.html#section-4.1 This grant supports PKCE. https://datatracker.ietf.org/doc/html/rfc7636#page-9 Clients must use PKCE in order to detect and prevent attempts to inject (replay) authorization codes in the authorization response. https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-2.1.1
Constructors
new
AuthorizationCodeGrant(options: AuthorizationCodeGrantOptions<Client, User, Scope>)Properties
challengeMethods: ChallengeMethods
services: AuthorizationCodeGrantServices<Client, User, Scope>
Methods
generateAuthorizationCode(options: Omit<AuthorizationCode<Client, User, Scope>, "code" | "expiresAt">): Promise<AuthorizationCode<Client, User, Scope>>
Generates and saves an authorization code.
getAuthenticatedClient(request: OAuth2Request<Client, User, Scope>): Promise<Client>
getChallengeMethod(challengeMethod?: string | null): ChallengeMethod | undefined
Gets the challenge method if it is allowed.
getClientCredentials(request: OAuth2Request<Client, User, Scope>): Promise<PKCEClientCredentials>
token(request: OAuth2Request<Client, User, Scope>, client: Client): Promise<Token<Client, User, Scope>>
Generates and saves a token.
validateChallengeMethod(challengeMethod?: string | null): boolean
Checks that the challenge method is allowed.
verifyCode(code: AuthorizationCode<Client, User, Scope>, verifier: string): Promise<boolean>
Checks if the verifier matches the authorization code. https://datatracker.ietf.org/doc/html/rfc7636#section-4.6