useMtlsAlias | /mod.ts | oauth4webapi@v2.11.1

Module

x/oauth4webapi/mod.ts>useMtlsAlias

OAuth 2 / OpenID Connect for JavaScript Runtimes

panva/oauth4webapi

Latest

build conformance docs examples src tap

mod.ts (default module)

OperationProcessingError

UnsupportedOperationError

AuthenticatedRequestOptions

AuthorizationDetails

AuthorizationServer

Client

ClientCredentialsGrantRequestOptions

ClientCredentialsGrantResponse

ConfirmationClaims

DeviceAuthorizationRequestOptions

DeviceAuthorizationResponse

DiscoveryRequestOptions

DPoPOptions

DPoPRequestOptions

ExportedJWKSCache

GenerateKeyPairOptions

HttpRequestOptions

IDToken

IntrospectionRequestOptions

IntrospectionResponse

JWK

OAuth2TokenEndpointResponse

OpenIDTokenEndpointResponse

PrivateKey

ProtectedResourceRequestOptions

PushedAuthorizationRequestOptions

PushedAuthorizationResponse

RevocationRequestOptions

TokenEndpointRequestOptions

TokenEndpointResponse

UseMTLSAliasOptions

UserInfoAddress

UserInfoRequestOptions

UserInfoResponse

ValidateDetachedSignatureResponseOptions

ValidateJWTAccessTokenOptions

ValidateJwtAuthResponseOptions

WWWAuthenticateChallenge

WWWAuthenticateChallengeParameters

ClientAuthenticationMethod

experimental_jwksCache

authorizationCodeGrantRequest

calculatePKCECodeChallenge

clientCredentialsGrantRequest

deviceAuthorizationRequest

deviceCodeGrantRequest

discoveryRequest

generateKeyPair

generateRandomCodeVerifier

generateRandomNonce

generateRandomState

getValidatedIdTokenClaims

introspectionRequest

isOAuth2Error

issueRequestObject

parseWwwAuthenticateChallenges

processAuthorizationCodeOAuth2Response

processAuthorizationCodeOpenIDResponse

processClientCredentialsResponse

processDeviceAuthorizationResponse

processDeviceCodeResponse

processDiscoveryResponse

processIntrospectionResponse

processPushedAuthorizationResponse

processRefreshTokenResponse

processRevocationResponse

processUserInfoResponse

protectedResourceRequest

pushedAuthorizationRequest

refreshTokenGrantRequest

revocationRequest

userInfoRequest

validateAuthResponse

validateDetachedSignatureResponse

validateJwtAccessToken

validateJwtAuthResponse

ava.config.mjs

default

variable useMtlsAlias

import { useMtlsAlias } from "https://deno.land/x/oauth4webapi@v2.11.1/mod.ts";

When combined with customFetch (to use a Fetch API implementation that supports client certificates) this can be used to target FAPI 2.0 profiles that utilize Mutual-TLS for either client authentication or sender constraining. FAPI 1.0 Advanced profiles that use PAR and JARM can also be targetted.

When configured on an interface that extends UseMTLSAliasOptions this makes the client prioritize an endpoint URL present in AuthorizationServer.mtls_endpoint_aliases | as.mtls_endpoint_aliases.

Examples

(Node.js) Using nodejs/undici for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support.

import * as undici from 'undici'
import * as oauth from 'oauth4webapi'

const response = await oauth.pushedAuthorizationRequest(as, client, params, {
  [oauth.useMtlsAlias]: true,
  [oauth.customFetch]: (...args) => {
    return undici.fetch(args[0], {
      ...args[1],
      dispatcher: new undici.Agent({
        connect: {
          key: clientKey,
          cert: clientCertificate,
        },
      }),
    })
  },
})

(Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support. This is currently (Jan 2023) locked behind the --unstable command line flag.

import * as oauth from 'oauth4webapi'

const agent = Deno.createHttpClient({
  certChain: clientCertificate,
  privateKey: clientKey,
})

const response = await oauth.pushedAuthorizationRequest(as, client, params, {
  [oauth.useMtlsAlias]: true,
  [oauth.customFetch]: (...args) => {
    return fetch(args[0], {
      ...args[1],
      client: agent,
    })
  },
})

type

unique symbol