An NPM package for implementing RFC 8693 for Ory Hydra 🚀

Welcome to hydra-rfc8693! This powerful package enables you to supercharge your OAuth 2.0 and OpenID Connect server with seamless implementation of RFC 8693 for Ory Hydra. Empower your applications with advanced token exchange, flexible authentication and token transformation capabilities. Boost your security and scalability while adhering to industry standards. 💪

hydra-rfc8693 empowers you to enhance your OAuth 2.0 and OpenID Connect server without the burden of additional dependencies. It seamlessly integrates with Ory Hydra, providing a runtime-agnostic solution that fits into any JavaScript project effortlessly.

• Token Exchange Supercharged: Effortlessly handle token exchange with powerful capabilities at your fingertips.
• Transform Tokens on the Fly: Seamlessly transform token types to adapt to various scenarios and requirements.
• OAuth 2.0 and OpenID Connect Compliant: Ensure interoperability and compatibility with industry-standard protocols.
• Deep Integration with Ory Hydra: Maximise the potential of Ory Hydra by leveraging the full capabilities of RFC 8693.
• Scalable and Highly Available: Built to scale and designed for high availability to meet the demands of your applications.
• Flexible Authentication: Support a wide range of authentication mechanisms to suit your specific needs.
• No Dependencies: The package has no external dependencies, keeping your project lightweight and hassle-free.
• Runtime Agnostic: Utilises standard JavaScript only, making it compatible with any runtime environment.

Getting started with hydra-rfc8693 is as easy as running a simple command:

npm install "@exact-realty/hydra-rfc8693"

Integrating hydra-rfc8693 into your project is a breeze. Here's a quick example to get you started:

import server, { listeners } from '@exact-realty/routemate';
import exchangeTokenEndpoint from '@exact-realty/hydra-rfc8693';

const exchangeTokenEndpointHandler = exchangeTokenEndpoint(
  'deadbeef-abba-cafe-affe-123456789012', // hydraClientId
  undefined, // hydraClientSecret
  'none', // hydraTokenAuthMethod
  'about:invalid', // hydraClientRedirectUri
  'http://localhost:4444', // hydraPublicUri
  'http://localhost:4445', // hydraAdminUri
  { ['clientAuthMethod']: 'none' }, // hydraPublicAuthParams
  // NB! Remember to use authentication in production
  { ['clientAuthMethod']: 'none' }, // hydraAdminAuthParams
  (body) => ({
    subject: '[email protected]',
    access_token: {
      // Example of a claim in the access token
      original_request: String(body),
    },
    id_token: {
      name: 'Alice',
    }
  }),
  [], // scope. Optional list of scopes
  [], // audience. Optional list of audiences
  [], // subjectTokenType. Optional list of acceptable token types;
      // null or undefined defaults to access tokens
  [], // actorTokenType. Optional list of acceptable token types
      // null or undefined defaults to none
);

server(listeners.node)
  .listen(5678, '127.0.0.1')
  .then((r) => {
    r.post('/token', exchangeTokenEndpointHandler);
  });

🎉 We appreciate contributions from the community! If you have any ideas, suggestions or find any issues, feel free to open an issue or submit a pull request on our GitHub repository.

⚠️ IMPORTANT: This software assumes a secure setup and should only be used for token exchange when the token issuer is trusted. It is essential to exercise caution and ensure the security of your setup when utilising token exchange capabilities.

This software is not affiliated with or endorsed by Ory or the developers of Ory Hydra. It is an independent implementation of RFC 8693 for Ory Hydra and is provided as-is, without any warranties or guarantees of fitness for a particular purpose.

This project is licensed under the Apache 2.0 License with the LLVM exception. You are free to use this package in compliance with the terms of the license. For more information, see the LICENSE file.