npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

oauth-token-automation

v1.4.0

Published

Zero-setup OAuth authorization code flow automation with browser automation

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

anvpxanvpx

Keywords

oauthautomationtokenauthorization-codeplaywrightbrowser-automationzero-setup

Readme

OAuth Token Generator

A minimal OAuth authorization code flow automation tool that handles the complete flow from user authentication to token retrieval in one click.

Features

  • Zero-setup deployment - Automatically installs Playwright and browser dependencies if missing
  • Automatic clipboard copy - Access token is automatically copied to clipboard for instant use
  • Environment-based configuration - Support multiple environments with JSON config files
  • Environment-specific selectors - Handles different login HTML structures per environment
  • Detailed logging - Step-by-step logging for debugging and monitoring
  • Browser automation - Automated login using Playwright
  • Direct URL parsing - Extracts authorization code directly from callback URL
  • One-click execution - Complete flow with a single command
  • Cross-platform compatibility - Works on Windows, macOS, and Linux
  • Robust error handling - Comprehensive error reporting and recovery

Quick Start

  1. Configure your environment:

    # Copy and edit the config file for your environment
cp config.dev.json config.myenv.json

  2. Update configuration in config.myenv.json:

    {
  "authentication_url": "https://your-auth-server.com/oauth/authorize",
  "username": "your-username",
  "password": "your-password",
  "client_id": "your-client-id",
  "scope": "read write",
  "state": "random-state-string",
  "response_type": "code",
  "redirect_uri": "http://localhost:3000/callback",
  "token_url": "https://your-auth-server.com/oauth/token",
  "client_secret": "your-client-secret",
  "timeout": 30000,
  "headless": true,
  "port": 3000
}

  3. Run the automation:

    # Using npx (automatically installs dependencies)
npx playwright install chromium
node oauth-automation.js --env=myenv

Installation & Dependencies

Zero-Setup Usage (Recommended)

The tool automatically handles all dependencies for you:

# Just run directly - it will auto-install everything needed
node oauth-standalone.js --env=myenv

The first run will:

  1. ✅ Detect if Playwright is installed
  2. ✅ Auto-install Playwright if missing
  3. ✅ Auto-install Chromium browser if missing
  4. ✅ Continue with OAuth automation

Manual Installation (Optional)

If you prefer to install dependencies manually:

# Install Playwright
npm install playwright

# Install browser (required for automation)
npx playwright install chromium

Usage

Basic Usage

# Run with default dev environment
node oauth-automation.js --env=dev

# Run with production environment
node oauth-automation.js --env=prod

# Run with custom environment
node oauth-automation.js --env=staging

Using npm scripts

# Install dependencies first
npm setup

# Run with predefined scripts
npm run dev    # Uses dev environment
npm run prod   # Uses prod environment

Configuration

Environment Files

Create config.{environment}.json files for each environment:

  • config.dev.json - Development environment
  • config.prod.json - Production environment
  • config.staging.json - Staging environment

Configuration Parameters

| Parameter | Description | Required | |-----------|-------------|----------| | authentication_url | OAuth authorization endpoint | ✅ | | username | User credentials for login | ✅ | | password | User credentials for login | ✅ | | client_id | OAuth client identifier | ✅ | | client_secret | OAuth client secret for token exchange | ✅ | | token_url | Token exchange endpoint | ✅ | | scope | Requested permissions | ✅ | | state | CSRF protection token | ✅ | | response_type | OAuth response type (usually "code") | ✅ | | redirect_uri | Callback URL for OAuth redirect | ✅ | | timeout | Browser timeout in milliseconds | ❌ | | headless | Run browser in headless mode | ❌ |

Configurable Selectors

Different OAuth providers may have different HTML structures for their login pages. You can configure custom selectors for each environment:

{
  // ...other config...
  "selectors": {
    "username": [
      "input[name=\"j_username\"]",
      "input[id=\"j_username\"]",
      "#username",
      "input[name=\"username\"]",
      "input[type=\"email\"]"
    ],
    "password": [
      "input[name=\"j_password\"]",
      "input[id=\"j_password\"]", 
      "#password",
      "input[name=\"password\"]",
      "input[type=\"password\"]"
    ],
    "submit": [
      "input[type=\"submit\"]",
      "button[type=\"submit\"]",
      "#submit",
      ".submit-btn",
      "button:has-text(\"Sign In\")",
      "button:has-text(\"Login\")"
    ]
  }
}

How it works:

  • The tool tries each selector in order until it finds a matching element
  • If no custom selectors are provided, it uses default common selectors
  • Logs show which selector was successfully used for debugging

Common selector patterns:

  • Standard OAuth: input[name="username"], input[type="password"]
  • JSF/Java: input[name="j_username"], input[name="j_password"]
  • Custom forms: Use specific IDs, classes, or text content

Output

The tool provides:

  1. Console logs - Detailed step-by-step progress
  2. Token response - Complete OAuth token response in JSON format
  3. File output - Tokens saved to tokens.{environment}.json

Example output:

{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "refresh_token": "def50200f3a5c8b7e...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "read write"
}

Troubleshooting

Common Issues

  1. Browser automation fails:

    • Check if login form selectors match your OAuth provider
    • Try running in non-headless mode ("headless": false)
    • Increase timeout value

  2. Callback not received:

    • Ensure redirect_uri matches exactly in OAuth app settings
    • Verify the redirect URL is accessible
    • Check OAuth provider documentation for correct redirect format

  3. Token exchange fails:

    • Verify client_secret is correct
    • Check token_url endpoint
    • Review OAuth provider documentation

Debug Mode

Set "headless": false in your config to see the browser automation in action.

Security Notes

  • Never commit real credentials to version control
  • Use environment variables for sensitive data in production
  • Rotate client secrets regularly
  • Consider using OAuth PKCE flow for enhanced security

Automatic Clipboard Integration

The tool automatically copies the access token to your system clipboard after successful OAuth completion:

  • Cross-platform compatibility - Works on Windows, macOS, and Linux
  • Instant availability - Token is ready to paste immediately after completion
  • Fallback handling - If clipboard fails, token is still displayed in output
  • Zero configuration - No additional setup required

After running the tool, you can immediately paste (Ctrl+V / Cmd+V) the access token into:

  • API testing tools (Postman, Insomnia)
  • Terminal commands (curl -H "Authorization: Bearer <paste-here>")
  • Browser dev tools for testing
  • Any application requiring the OAuth token

Dependencies

  • playwright - Browser automation for OAuth flow
  • Node.js - Runtime (requires Node.js 16+ for fetch API)

License

MIT