<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>@muze-nl/metro-oauth2 :: MetroJS</title><link>https://metro.muze.nl/packages/metro-oauth2/index.html</link><description>@muze-nl/metro-oauth2 npm install @muze-nl/metro-core @muze-nl/metro-oauth2 import { client } from '@muze-nl/metro-core' import oauth2 from '@muze-nl/metro-oauth2' const api = client('https://resource.example/') .with(oauth2.oauth2mw({ site: 'https://issuer.example/', oauth2_configuration: { client_id: 'my-client-id', token_endpoint_auth_method: 'none', authorization_endpoint: 'https://issuer.example/authorize', token_endpoint: 'https://issuer.example/token', redirect_uri: location.href, scope: 'profile' } })) const result = api.get('foo') Use this package for OAuth2-protected resources. The examples here are structural; a real application needs provider-specific endpoints, registered redirect URIs, and client configuration.
Once added to a client, you can use the normal client get/post/put/delete/etc. methods and all OAuth2 shenanigans will be taken care of. Do remember that if the user needs to authenticate, the default is that the page will redirect to the issuer. If you are building an SPA, that is typically not wanted behaviour. For that case take a look at the popup flow</description><generator>Hugo</generator><language>en-us</language><atom:link href="https://metro.muze.nl/packages/metro-oauth2/index.xml" rel="self" type="application/rss+xml"/><item><title>@muze-nl/metro-oauth2</title><link>https://metro.muze.nl/packages/metro-oauth2/readme/index.html</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://metro.muze.nl/packages/metro-oauth2/readme/index.html</guid><description>@muze-nl/metro-oauth2 npm install @muze-nl/metro-core @muze-nl/metro-oauth2 import { client } from '@muze-nl/metro-core' import oauth2 from '@muze-nl/metro-oauth2' const api = client('https://resource.example/') .with(oauth2.oauth2mw({ site: 'https://issuer.example/', oauth2_configuration: { client_id: 'my-client-id', token_endpoint_auth_method: 'none', authorization_endpoint: 'https://issuer.example/authorize', token_endpoint: 'https://issuer.example/token', redirect_uri: location.href, scope: 'profile' } })) const result = api.get('foo') Use this package for OAuth2-protected resources. The examples here are structural; a real application needs provider-specific endpoints, registered redirect URIs, and client configuration.
Once added to a client, you can use the normal client get/post/put/delete/etc. methods and all OAuth2 shenanigans will be taken care of. Do remember that if the user needs to authenticate, the default is that the page will redirect to the issuer. If you are building an SPA, that is typically not wanted behaviour. For that case take a look at the popup flow</description></item><item><title>Reference</title><link>https://metro.muze.nl/packages/metro-oauth2/reference/index.html</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://metro.muze.nl/packages/metro-oauth2/reference/index.html</guid><description>@muze-nl/metro-oauth2 reference import oauth2, { oauth2mw, dpopmw, discover, authorizePopup, popupHandleRedirect, tokenStore, keysStore, isRedirected, isAuthorized, parseBearerChallenge } from '@muze-nl/metro-oauth2' oauth2mw(options) const api = client('https://resource.example/') .with(oauth2mw({ site: 'https://issuer.example/', oauth2_configuration: { client_id: 'my-client-id', token_endpoint_auth_method: 'none', grant_type: 'authorization_code', response_type: 'code', authorization_endpoint: 'https://issuer.example/authorize', token_endpoint: 'https://issuer.example/token', redirect_uri: location.href, scope: 'profile' } })) Adds OAuth2 authorization to a Metro client. By default it first tries the request, then starts authorization if the response is 401 or 403. Set force_authorization: true to authorize before the request.</description></item></channel></rss>