npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@bedrock/oauth2-client

v7.2.0

Published

Bedrock OAuth2 Client

Downloads

674

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mspornymspornydlongleydlongleydavidlehndavidlehngannangannan

Keywords

bedrock

Readme

Bedrock OAuth 2.0 Client (@bedrock/oauth2-client)

Build Status NPM Version

A bedrock module that creates and manages an OAuth2 client, that will make it easy to make http-client API calls to OAuth2-protected endpoints.

Table of Contents

Background

A Bedrock helper library intended to work with OAuth 2.0 bearer token protected API endpoints (see for example authorize-access-token-middleware). For use with client_credentials grant types only, for Server-to-Server use cases.

Security

TBD

Install

  • Node.js 14+ is required.

NPM

To install via NPM:

npm install --save @bedrock/oauth2-client

Development

To install locally (for development):

git clone https://github.com/digitalbazaar/bedrock-oauth2-client.git
cd bedrock-oauth2-client
npm install

Usage

Configuration

Create a configs/authorization.js config file. For example:

import * as bedrock from '@bedrock/core';
const {config} = bedrock;

config['your-bedrock-project'].authorization = [{
  issuer: config['your-bedrock-project'].services.issuerUrl,
  protocol: 'oauth2_client_grant',
  // Pre-registered CLIENT_ID and CLIENT_SECRET
  client_id: '...',
  client_secret: '...',
  // API endpoint to make a Client Credentials grant POST request to
  token_endpoint: `${config['your-bedrock-project'].services.issuerUrl}/token`,
  pkce: false,
  grant_type: 'client_credentials',
  scope: ['your.custom.scope']
}];

And add the corresponding entry to lib/config.js:

await import(path.join(config.paths.config, 'authorization.js'));

Requesting an Access Token on startup

On the bedrock.start event, for example in lib/config.js, request the access token from the required issuer.

if(!process.env.CI) {
  bedrock.events.on('bedrock.start', async () => {
    const issuer = config['bedrock-oauth2-client'].services.issuerUrl;
    config['bedrock-oauth2-client'].exampleIssuerOAuth2Access.accessToken =
      await refreshAccessToken({issuer});
  });
}

On Access Token Expiration/Revocation

Fetching a new access token on server startup (and re-authorizing another access token when the LRU Cache expires) should prevent tokens from expiring. However, there are other events beyond the client control -- issuer keys being rotated, scopes being changed or revoked, etc. For these cases, you also need automated logic that tries to refresh an access token if it encounters an appropriate error.

When to Retry

If error is invalid_token AND name is ConstraintError (this covers Expired, Revoked, and Issuer Key Rotated cases), check to see if max number of retries is exceeded (for that issuer). If not, retry the authorization flow and fetch another access token.

If name is DataError or on any other error encountered during authorization flow -- do not retry. Continue throwing a 503 Service Unavailable error any time an access token is required for this issuer.

Expanded Errors

Example OAuth 2 error response (the error, error_description and error_uri fields are dictated by the OAuth 2.0 spec, and the name property is Bedrock-specific):

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer error="invalid_token"
  error_description="The access token expired"
Content-type: application/json

{
  "error": "invalid_token",
  "error_description": "The access token expired",
  "name": "ConstraintError"
}

Bedrock-specific invalid_token conditions:

  • Expired - ConstraintError
  • Not found - NotFoundError
  • Malformed JSON - DataError
  • Malformed JWT (access token) - DataError
  • Invalid signature (issuer key rotated, for example) - ConstraintError (was: DataError)
  • Revoked - ConstraintError

Contribute

See the contribute file!

PRs accepted.

If editing the Readme, please conform to the standard-readme specification.

Commercial Support

Commercial support for this library is available upon request from Digital Bazaar: [email protected]

License

Apache-2.0 © Digital Bazaar