Adds OAuth2 authorization to a Metro client. By default it first tries the request, then starts authorization if the response is 401 or 403. Set force_authorization: true to authorize before the request.
Important options: site, client, authorize_callback, force_authorization, state, tokens, and oauth2_configuration.
oauth2_configuration may include access_token, authorization_code, authorization_endpoint, client_id, client_secret, code_verifier, grant_type, redirect_uri, refresh_token, scope, token_endpoint, and token_endpoint_auth_method.
Also exported: base64url_encode(buffer), createState(length), getExpires(duration), and isExpired(token).
Token and state checks
if (isRedirected()) {
// The current URL looks like an OAuth2 redirect callback.
}
if (isAuthorized(tokens)) {
// Stored tokens contain a usable access token.
}
Adds DPoP support for requests that carry OAuth tokens. OIDC uses this by default because Solid identity and storage servers commonly require sender-constrained tokens.