import { useMtlsAlias } from "https://deno.land/x/oauth4webapi@v2.11.1/src/index.ts";
When combined with customFetch (to use a Fetch API implementation that supports client certificates) this can be used to target FAPI 2.0 profiles that utilize Mutual-TLS for either client authentication or sender constraining. FAPI 1.0 Advanced profiles that use PAR and JARM can also be targetted.
When configured on an interface that extends UseMTLSAliasOptions this makes the client
prioritize an endpoint URL present in
AuthorizationServer.mtls_endpoint_aliases | as.mtls_endpoint_aliases
.
Examples
(Node.js) Using nodejs/undici for Mutual-TLS Client
Authentication and Certificate-Bound Access Tokens support.
(Node.js) Using nodejs/undici for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support.
import * as undici from 'undici'
import * as oauth from 'oauth4webapi'
const response = await oauth.pushedAuthorizationRequest(as, client, params, {
[oauth.useMtlsAlias]: true,
[oauth.customFetch]: (...args) => {
return undici.fetch(args[0], {
...args[1],
dispatcher: new undici.Agent({
connect: {
key: clientKey,
cert: clientCertificate,
},
}),
})
},
})
(Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication and Certificate-Bound
Access Tokens support. This is currently (Jan 2023) locked behind the --unstable command line
flag.
(Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support. This is currently (Jan 2023) locked behind the --unstable command line flag.
import * as oauth from 'oauth4webapi'
const agent = Deno.createHttpClient({
certChain: clientCertificate,
privateKey: clientKey,
})
const response = await oauth.pushedAuthorizationRequest(as, client, params, {
[oauth.useMtlsAlias]: true,
[oauth.customFetch]: (...args) => {
return fetch(args[0], {
...args[1],
client: agent,
})
},
})