experimental_useMtlsAlias | /mod.ts | oauth4webapi@v2.7.0

Module

x/oauth4webapi/mod.ts>experimental_useMtlsAlias

OAuth 2 / OpenID Connect for JavaScript Runtimes

panva/oauth4webapi

Go to Latest

build conformance docs examples src tap

mod.ts (default module)

OperationProcessingError

UnsupportedOperationError

AuthenticatedRequestOptions

AuthorizationServer

Client

ClientCredentialsGrantRequestOptions

ClientCredentialsGrantResponse

DeviceAuthorizationRequestOptions

DeviceAuthorizationResponse

DiscoveryRequestOptions

DPoPOptions

DPoPRequestOptions

ExperimentalUseMTLSAliasOptions

GenerateKeyPairOptions

HttpRequestOptions

IDToken

IntrospectionConfirmationClaims

IntrospectionRequestOptions

IntrospectionResponse

MTLSEndpointAliases

OAuth2Error

OAuth2TokenEndpointResponse

OpenIDTokenEndpointResponse

PrivateKey

ProtectedResourceRequestOptions

PushedAuthorizationRequestOptions

PushedAuthorizationResponse

RevocationRequestOptions

TokenEndpointRequestOptions

TokenEndpointResponse

UserInfoAddress

UserInfoRequestOptions

UserInfoResponse

WWWAuthenticateChallenge

WWWAuthenticateChallengeParameters

ClientAuthenticationMethod

experimental_customFetch

experimental_useMtlsAlias

skipAuthTimeCheck

skipStateCheck

skipSubjectCheck

authorizationCodeGrantRequest

calculatePKCECodeChallenge

clientCredentialsGrantRequest

deviceAuthorizationRequest

deviceCodeGrantRequest

discoveryRequest

experimental_validateDetachedSignatureResponse

generateKeyPair

generateRandomCodeVerifier

generateRandomNonce

generateRandomState

getValidatedIdTokenClaims

introspectionRequest

isOAuth2Error

issueRequestObject

parseWwwAuthenticateChallenges

processAuthorizationCodeOAuth2Response

processAuthorizationCodeOpenIDResponse

processClientCredentialsResponse

processDeviceAuthorizationResponse

processDeviceCodeResponse

processDiscoveryResponse

processIntrospectionResponse

processPushedAuthorizationResponse

processRefreshTokenResponse

processRevocationResponse

processUserInfoResponse

protectedResourceRequest

pushedAuthorizationRequest

refreshTokenGrantRequest

revocationRequest

userInfoRequest

validateAuthResponse

validateJwtAuthResponse

ava.config.mjs

default

variable experimental_useMtlsAlias

import { experimental_useMtlsAlias } from "https://deno.land/x/oauth4webapi@v2.7.0/mod.ts";

This is an experimental feature, it is not subject to semantic versioning rules. Non-backward compatible changes or removal may occur in any future release.

When combined with experimental_customFetch (to use a Fetch API implementation that supports client certificates) this can be used to target FAPI 2.0 profiles that utilize Mutual-TLS for either client authentication or sender constraining. FAPI 1.0 Advanced profiles that use PAR and JARM can also be targetted.

When configured on an interface that extends ExperimentalUseMTLSAliasOptions this makes the client prioritize an endpoint URL present in AuthorizationServer.mtls_endpoint_aliases | as.mtls_endpoint_aliases.

Examples

(Node.js) Using nodejs/undici for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support.

import * as undici from 'undici'
import * as oauth from 'oauth4webapi'

const response = await oauth.pushedAuthorizationRequest(as, client, params, {
  [oauth.experimental_useMtlsAlias]: true,
  [oauth.experimental_customFetch]: (...args) => {
    return undici.fetch(args[0], {
      ...args[1],
      dispatcher: new undici.Agent({
        connect: {
          key: clientKey,
          cert: clientCertificate,
        },
      }),
    })
  },
})

(Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication and Certificate-Bound Access Tokens support. This is currently (Jan 2023) locked behind the --unstable command line flag.

import * as oauth from 'oauth4webapi'

const agent = Deno.createHttpClient({
  certChain: clientCertificate,
  privateKey: clientKey,
})

const response = await oauth.pushedAuthorizationRequest(as, client, params, {
  [oauth.experimental_useMtlsAlias]: true,
  [oauth.experimental_customFetch]: (...args) => {
    return fetch(args[0], {
      ...args[1],
      client: agent,
    })
  },
})

type

symbol