/mod.ts | oauth4webapi@v2.17.0

import * as oauth4webapi from "https://deno.land/x/oauth4webapi@v2.17.0/mod.ts";

Classes

c OperationProcessingError
c UnsupportedOperationError

Variables

v clockSkew	Use to adjust the assumed current time. Positive and negative finite values representing seconds are allowed. Default is `0` (Date.now() + 0 seconds is used).
v clockTolerance	Use to set allowed clock tolerance when checking DateTime JWT Claims. Only positive finite values representing seconds are allowed. Default is `30` (30 seconds).
v customFetch	When configured on an interface that extends HttpRequestOptions, this applies to `options` parameter for functions that may trigger HTTP requests, this replaces the use of global fetch. As a fetch replacement the arguments and expected return are the same as fetch.
v expectNoNonce	Use this as a value to processAuthorizationCodeOpenIDResponse `expectedNonce` parameter to indicate no `nonce` ID Token claim value is expected, i.e. no `nonce` parameter value was sent with the authorization request.
v expectNoState	Use this as a value to validateAuthResponse `expectedState` parameter to indicate no `state` parameter value is expected, i.e. no `state` parameter value was sent with the authorization request.
v jweDecrypt	Use to add support for decrypting JWEs the client encounters, namely
v jwksCache	DANGER ZONE - This option has security implications that must be understood, assessed for applicability, and accepted before use. It is critical that the JSON Web Key Set cache only be writable by your own code.
v modifyAssertion	Use to mutate JWT header and payload before they are signed. Its intended use is working around non-conform server behaviours, such as modifying JWT "aud" (audience) claims, or otherwise changing fixed claims used by this library.
v skipAuthTimeCheck	Use this as a value to processAuthorizationCodeOpenIDResponse `maxAge` parameter to indicate no `auth_time` ID Token claim value check should be performed.
v skipStateCheck	DANGER ZONE - This option has security implications that must be understood, assessed for applicability, and accepted before use.
v skipSubjectCheck	DANGER ZONE - This option has security implications that must be understood, assessed for applicability, and accepted before use.

Functions

f authorizationCodeGrantRequest	Performs an Authorization Code grant request at the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f calculatePKCECodeChallenge	Calculates the PKCE `code_challenge` value to send with an authorization request using the S256 PKCE Code Challenge Method transformation.
f clientCredentialsGrantRequest	Performs a Client Credentials Grant request at the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f deviceAuthorizationRequest	Performs a Device Authorization Request at the AuthorizationServer.device_authorization_endpoint \| `as.device_authorization_endpoint`.
f deviceCodeGrantRequest	Performs a Device Authorization Grant request at the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f discoveryRequest	Performs an authorization server metadata discovery using one of two DiscoveryRequestOptions.algorithm \| transformation algorithms applied to the `issuerIdentifier` argument.
f generateKeyPair	Generates a !CryptoKeyPair for a given JWS `alg` Algorithm identifier.
f generateRandomCodeVerifier	Generate random `code_verifier` value.
f generateRandomNonce	Generate random `nonce` value.
f generateRandomState	Generate random `state` value.
f genericTokenEndpointRequest	Performs any Grant request at the AuthorizationServer.token_endpoint \| `as.token_endpoint`. The purpose is to be able to execute grant requests such as Token Exchange Grant Type, JWT Bearer Token Grant Type, or SAML 2.0 Bearer Assertion Grant Type.
f getValidatedIdTokenClaims	Returns ID Token claims validated during processAuthorizationCodeOpenIDResponse.
f introspectionRequest	Performs an Introspection Request at the AuthorizationServer.introspection_endpoint \| `as.introspection_endpoint`.
f isOAuth2Error	A helper function used to determine if a response processing function returned an OAuth2Error.
f issueRequestObject	Generates a signed JWT-Secured Authorization Request (JAR).
f parseWwwAuthenticateChallenges	Parses the `WWW-Authenticate` HTTP Header from a !Response instance.
f processAuthorizationCodeOAuth2Response	(OAuth 2.0 without OpenID Connect only) Validates Authorization Code Grant !Response instance to be one coming from the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f processAuthorizationCodeOpenIDResponse	(OpenID Connect only) Validates Authorization Code Grant !Response instance to be one coming from the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f processClientCredentialsResponse	Validates Client Credentials Grant !Response instance to be one coming from the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f processDeviceAuthorizationResponse	Validates !Response instance to be one coming from the AuthorizationServer.device_authorization_endpoint \| `as.device_authorization_endpoint`.
f processDeviceCodeResponse	Validates Device Authorization Grant !Response instance to be one coming from the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f processDiscoveryResponse	Validates !Response instance to be one coming from the authorization server's well-known discovery endpoint.
f processIntrospectionResponse	Validates !Response instance to be one coming from the AuthorizationServer.introspection_endpoint \| `as.introspection_endpoint`.
f processPushedAuthorizationResponse	Validates !Response instance to be one coming from the AuthorizationServer.pushed_authorization_request_endpoint \| `as.pushed_authorization_request_endpoint`.
f processRefreshTokenResponse	Validates Refresh Token Grant !Response instance to be one coming from the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f processRevocationResponse	Validates !Response instance to be one coming from the AuthorizationServer.revocation_endpoint \| `as.revocation_endpoint`.
f processUserInfoResponse	Validates !Response instance to be one coming from the AuthorizationServer.userinfo_endpoint \| `as.userinfo_endpoint`.
f protectedResourceRequest	Performs a protected resource request at an arbitrary URL.
f pushedAuthorizationRequest	Performs a Pushed Authorization Request at the AuthorizationServer.pushed_authorization_request_endpoint \| `as.pushed_authorization_request_endpoint`.
f refreshTokenGrantRequest	Performs a Refresh Token Grant request at the AuthorizationServer.token_endpoint \| `as.token_endpoint`.
f revocationRequest	Performs a Revocation Request at the AuthorizationServer.revocation_endpoint \| `as.revocation_endpoint`.
f userInfoRequest	Performs a UserInfo Request at the AuthorizationServer.userinfo_endpoint \| `as.userinfo_endpoint`.
f validateAuthResponse	Validates an OAuth 2.0 Authorization Response or Authorization Error Response message returned from the authorization server's AuthorizationServer.authorization_endpoint \| `as.authorization_endpoint`.
f validateDetachedSignatureResponse	Same as validateAuthResponse but for FAPI 1.0 Advanced Detached Signature authorization responses.
f validateIdTokenSignature	Validates the JWS Signature of an ID Token included in results previously resolved from processAuthorizationCodeOpenIDResponse, processRefreshTokenResponse, or processDeviceCodeResponse for non-repudiation purposes.
f validateJwtAccessToken	Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given !Request as per RFC 6750, RFC 9068, and RFC 9449.
f validateJwtAuthResponse	Same as validateAuthResponse but for signed JARM responses.
f validateJwtIntrospectionSignature	Validates the JWS Signature of an JWT !Response body of responses previously processed by processIntrospectionResponse for non-repudiation purposes.
f validateJwtUserInfoSignature	Validates the JWS Signature of a JWT !Response body of response previously processed by processUserInfoResponse for non-repudiation purposes.

Interfaces

I AuthenticatedRequestOptions
I AuthorizationDetails
I AuthorizationServer	Authorization Server Metadata
I Client	Recognized Client Metadata that have an effect on the exposed functionality.
I ClientCredentialsGrantRequestOptions
I ClientCredentialsGrantResponse
I ConfirmationClaims
I DeviceAuthorizationRequestOptions
I DeviceAuthorizationResponse
I DiscoveryRequestOptions
I DPoPOptions
I DPoPRequestOptions
I ExportedJWKSCache
I GenerateKeyPairOptions
I HttpRequestOptions
I IDToken
I IntrospectionRequestOptions
I IntrospectionResponse
I JweDecryptFunction
I JWK
I JWKS
I JWKSCacheOptions
I JWTAccessTokenClaims
I ModifyAssertionFunction
I MTLSEndpointAliases
I OAuth2Error
I OAuth2TokenEndpointResponse
I OpenIDTokenEndpointResponse
I PrivateKey	Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be added as a `kid` JOSE Header Parameter.
I ProtectedResourceRequestOptions
I PushedAuthorizationRequestOptions
I PushedAuthorizationResponse
I RevocationRequestOptions
I TokenEndpointRequestOptions
I TokenEndpointResponse
I UserInfoAddress
I UserInfoRequestOptions
I UserInfoResponse
I ValidateJWTAccessTokenOptions
I ValidateSignatureOptions
I WWWAuthenticateChallenge
I WWWAuthenticateChallengeParameters

Type Aliases

T ClientAuthenticationMethod	Supported Client Authentication Methods.
T JsonArray	JSON Array
T JsonObject	JSON Object
T JsonPrimitive	JSON Primitives
T JsonValue	JSON Values
T JWKSCacheInput
T JWSAlgorithm	Supported JWS `alg` Algorithm identifiers.