Comments (3)
cmd-johnson
commented on June 15, 2024
Hi there!
Looks to me like the Linear API doesn't properly follow the OAuth2 specification.
For one, Linear expects the scope parameter to contain comma-separated scopes, when the OAuth2 spec asks for space-separated scopes. That means that you'll probably run into issues when using the authorization code grant like getAuthorizationUri({ scope: ['scopeA', 'scopeB'], as oauth2_client will follow the spec and join those scopes with a space character. This part is easily circumvented by joining the scopes yourself using , before passing them to getAuthorizationUri.
The OAuth2 spec also expects the access token response's scope value to follow the same space-separated format as above.
Right now this module doesn't support any other formats and to keep things simple (and spec-compliant) I'd rather keep it that way by default. What would be possible is to allow users of the module to customize/override these checks in cases like these where the authorization server doesn't follow the spec.
Do you think that would be a good solution for this issue?
from deno-oauth2-client.
nZac
commented on June 15, 2024
Yea, that would be a reasonable outcome. Someway to customize the behavior for misbehaving servers.
from deno-oauth2-client.
cmd-johnson
commented on June 15, 2024
I'm now working on extending this module to also support OpenID Connect out of the box. The proposed changes also open up the OAuth2 Grant classes for extension, making it possible to override the validation behaviour of the default AuthorizationCodeGrant to account for things like non-spec conformant scope values.
If you want to try it out, you can import the WIP version from https://raw.githubusercontent.com/cmd-johnson/deno-oauth2-client/feature/oidc/mod.ts!
You'd probably have to create a new class like this, extending the AuthorizationCodeGrant:
class LinearAuthorizationCodeGrant extends AuthorizationCodeGrant {
protected async parseTokenResponse(
response: Response,
): Promise<
{ tokens: Tokens; body: AccessTokenResponse & Record<string, unknown> }
> {
// copy the validation logic from https://github.com/cmd-johnson/deno-oauth2-client/blob/feature/oidc/src/authorization_code_grant.ts#L156-L211 and modify the scope validation logic
}
}After that you should be able to use it like this:
const linearAuthorizationCodeGrant = new LinearAuthorizationCodeGrant({
/* the same config as when calling new OAuth2Client() /*
});
// now use the linearAuthorizationCodeGrant instance like you use oauith2Client.codefrom deno-oauth2-client.
Related Issues (20)
- CI: run deno lint
- Implement Refresh Token Grant
- Deno.HttpClient HOT 3
- How do I check whether user is authorized to access protected page? HOT 7
- Examples broken - the JSON entry 'name' changed to 'login' HOT 3
- Fail with better error message when the access token cannot be retrieved HOT 3
- id_token support (OpenID) HOT 3
- suggestion: `getUserInfo()` HOT 15
- suggestion: support token revocation HOT 1
- question: how to handle expired refresh token? HOT 5
- Using this with Auth0 HOT 3
- OAuth2Strategy requires a clientID option HOT 2
- Add support for Cheetah framework
- Question: what if `token_type` is not always available HOT 4
- suggestion: Move OAuth2ClientConfig interface into src/types.ts HOT 3
- Token expires_in returned from auth server as string
- suggestion: remove `OAuth2ClientConfig.defaults`
- suggestion: use code coverage tool
- suggestion: publish to JSR
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deno-oauth2-client.