npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@keycardai/oauth

v0.2.0

Published

Pure OAuth 2.0 primitives for Keycard — JWKS key management, JWT signing/verification, and authorization server discovery

Downloads

238

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

losakwelosakwejelmer-kcjelmer-kcmattenoble-kcmattenoble-kcjaredhansonjaredhanson

Keywords

Readme

@keycardai/oauth

Pure OAuth 2.0 primitives for Keycard — JWKS key management, JWT signing/verification, authorization server discovery, and token exchange. Zero MCP dependencies.

This is the foundational layer of the Keycard TypeScript SDK. If you're building an MCP server, you probably want @keycardai/mcp instead, which includes this package as a dependency.

Installation

npm install @keycardai/oauth

Quick Start

Sign and Verify JWTs

import { JWTSigner } from "@keycardai/oauth/jwt/signer";
import { JWTVerifier } from "@keycardai/oauth/jwt/verifier";
import { JWKSOAuthKeyring } from "@keycardai/oauth/keyring";

// Sign a JWT
const keyring = new JWKSOAuthKeyring();
const signer = new JWTSigner(keyring);
const token = await signer.sign({
  sub: "user-123",
  aud: "https://api.example.com",
  scope: "read write",
});

// Verify a JWT
const verifier = new JWTVerifier(keyring);
const claims = await verifier.verify(token);

Discover Authorization Server Metadata

import { fetchAuthorizationServerMetadata } from "@keycardai/oauth/discovery";

const metadata = await fetchAuthorizationServerMetadata(
  "https://your-zone.keycard.cloud",
);
console.log(metadata.token_endpoint);
console.log(metadata.jwks_uri);

Token Exchange (RFC 8693)

import { TokenExchangeClient } from "@keycardai/oauth/tokenExchange";

const client = new TokenExchangeClient("https://your-zone.keycard.cloud", {
  clientId: "your-client-id",
  clientSecret: "your-client-secret",
});

const response = await client.exchangeToken({
  subjectToken: userBearerToken,
  resource: "https://api.github.com",
});

console.log(response.accessToken);

API Overview

JWKS Key Management

| Export | Import Path | Description | |---|---|---| | JWKSOAuthKeyring | @keycardai/oauth/keyring | Fetches and caches JWKS public keys from an authorization server | | OAuthKeyring (type) | @keycardai/oauth/keyring | Interface for public key lookup by issuer and key ID | | PrivateKeyring (type) | @keycardai/oauth/keyring | Interface for private key access (signing) |

JWT Signing & Verification

| Export | Import Path | Description | |---|---|---| | JWTSigner | @keycardai/oauth/jwt/signer | Signs JWTs with RS256 using a private keyring | | JWTVerifier | @keycardai/oauth/jwt/verifier | Verifies JWT signatures against JWKS public keys | | JWTClaims (type) | @keycardai/oauth/jwt/signer | Standard JWT claims (iss, sub, aud, exp, etc.) |

Discovery & Token Exchange

| Export | Import Path | Description | |---|---|---| | fetchAuthorizationServerMetadata | @keycardai/oauth/discovery | Fetches .well-known/oauth-authorization-server metadata | | TokenExchangeClient | @keycardai/oauth/tokenExchange | RFC 8693 token exchange client with auto-discovery |

Errors

| Export | Import Path | Description | |---|---|---| | HTTPError | @keycardai/oauth/errors | Base HTTP error | | BadRequestError | @keycardai/oauth/errors | 400 Bad Request | | UnauthorizedError | @keycardai/oauth/errors | 401 Unauthorized | | OAuthError | @keycardai/oauth/errors | OAuth error with error code and URI | | InvalidTokenError | @keycardai/oauth/errors | Token validation failure | | InsufficientScopeError | @keycardai/oauth/errors | Missing required scopes |

Utilities

| Export | Import Path | Description | |---|---|---| | base64url | @keycardai/oauth/base64url | Base64url encode/decode utilities |

Related Packages

  • @keycardai/mcp — MCP-specific OAuth integration with Express middleware, bearer auth, and delegated access
  • @keycardai/sdk — Aggregate package re-exporting from both oauth and mcp
  • Keycard TypeScript SDK — Root documentation with full quick start guide