README.md

oauth4webapi API Reference

💗 Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.

Functions

• getValidatedIdTokenClaims

Accessing Protected Resources

• processUserInfoResponse
• protectedResourceRequest
• userInfoRequest

Authorization Code Grant

• authorizationCodeGrantRequest
• calculatePKCECodeChallenge
• generateRandomCodeVerifier
• issueRequestObject
• processAuthorizationCodeResponse
• validateAuthResponse
• validateJwtAuthResponse

Authorization Code Grant w/ OpenID Connect (OIDC)

• authorizationCodeGrantRequest
• calculatePKCECodeChallenge
• generateRandomCodeVerifier
• issueRequestObject
• processAuthorizationCodeResponse
• processUserInfoResponse
• userInfoRequest
• validateApplicationLevelSignature
• validateAuthResponse
• validateCodeIdTokenResponse
• validateJwtAuthResponse

Authorization Server Metadata

• discoveryRequest
• processDiscoveryResponse

Client Authentication

• ClientSecretBasic
• ClientSecretJwt
• ClientSecretPost
• None
• PrivateKeyJwt
• TlsClientAuth

Client Credentials Grant

• clientCredentialsGrantRequest
• processClientCredentialsResponse

DPoP

• DPoP
• isDPoPNonceError

Device Authorization Grant

• deviceAuthorizationRequest
• deviceCodeGrantRequest
• processDeviceAuthorizationResponse
• processDeviceCodeResponse

Error Codes

• AUTHORIZATION_RESPONSE_ERROR
• HTTP_REQUEST_FORBIDDEN
• INVALID_REQUEST
• INVALID_RESPONSE
• INVALID_SERVER_METADATA
• JSON_ATTRIBUTE_COMPARISON
• JWT_CLAIM_COMPARISON
• JWT_TIMESTAMP_CHECK
• JWT_USERINFO_EXPECTED
• KEY_SELECTION
• MISSING_SERVER_METADATA
• PARSE_ERROR
• REQUEST_PROTOCOL_FORBIDDEN
• RESPONSE_BODY_ERROR
• RESPONSE_IS_NOT_CONFORM
• RESPONSE_IS_NOT_JSON
• UNSUPPORTED_OPERATION
• WWW_AUTHENTICATE_CHALLENGE

Errors

• AuthorizationResponseError
• OperationProcessingError
• ResponseBodyError
• UnsupportedOperationError
• WWWAuthenticateChallengeError

FAPI 1.0 Advanced

• validateApplicationLevelSignature
• validateDetachedSignatureResponse
• validateJwtAuthResponse

FAPI 2.0 Message Signing

• validateApplicationLevelSignature
• validateJwtAuthResponse

JWT Access Tokens

• validateJwtAccessToken

JWT Bearer Token Grant Type

• genericTokenEndpointRequest
• processGenericTokenEndpointResponse

JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)

• validateJwtAuthResponse

JWT-Secured Authorization Request (JAR)

• issueRequestObject

OpenID Connect (OIDC) Discovery

• discoveryRequest
• processDiscoveryResponse

OpenID Connect (OIDC) UserInfo

• processUserInfoResponse
• userInfoRequest
• validateApplicationLevelSignature

Proof Key for Code Exchange (PKCE)

• calculatePKCECodeChallenge
• generateRandomCodeVerifier

Pushed Authorization Requests (PAR)

• processPushedAuthorizationResponse
• pushedAuthorizationRequest

Refreshing an Access Token

• processRefreshTokenResponse
• refreshTokenGrantRequest

SAML 2.0 Bearer Assertion Grant Type

• genericTokenEndpointRequest
• processGenericTokenEndpointResponse

Token Exchange Grant Type

• genericTokenEndpointRequest
• processGenericTokenEndpointResponse

Token Introspection

• introspectionRequest
• processIntrospectionResponse
• validateApplicationLevelSignature

Token Revocation

• processRevocationResponse
• revocationRequest

Utilities

• generateKeyPair
• generateRandomCodeVerifier
• generateRandomNonce
• generateRandomState

Interfaces

• AuthorizationDetails
• AuthorizationServer
• Client
• ClientCredentialsGrantRequestOptions
• ConfirmationClaims
• CryptoKeyPair
• CustomFetchOptions
• DeviceAuthorizationRequestOptions
• DeviceAuthorizationResponse
• DiscoveryRequestOptions
• DPoPHandle
• DPoPRequestOptions
• ExportedJWKSCache
• GenerateKeyPairOptions
• HttpRequestOptions
• IDToken
• IntrospectionRequestOptions
• IntrospectionResponse
• JWEDecryptOptions
• JWK
• JWKS
• JWKSCacheOptions
• JWTAccessTokenClaims
• ModifyAssertionFunction
• ModifyAssertionOptions
• MTLSEndpointAliases
• OAuth2Error
• PrivateKey
• ProcessAuthorizationCodeResponseOptions
• ProtectedResourceRequestOptions
• PushedAuthorizationRequestOptions
• PushedAuthorizationResponse
• RevocationRequestOptions
• TokenEndpointRequestOptions
• TokenEndpointResponse
• UserInfoAddress
• UserInfoRequestOptions
• UserInfoResponse
• ValidateJWTAccessTokenOptions
• ValidateSignatureOptions
• WWWAuthenticateChallenge
• WWWAuthenticateChallengeParameters

Type Aliases

• ClientAuth
• JsonArray
• JsonObject
• JsonPrimitive
• JsonValue
• JweDecryptFunction
• JWKSCacheInput
• JWSAlgorithm
• ProtectedResourceRequestBody

Variables

• allowInsecureRequests
• clockSkew
• clockTolerance
• customFetch
• expectNoNonce
• expectNoState
• jweDecrypt
• jwksCache
• modifyAssertion
• skipAuthTimeCheck
• skipStateCheck
• skipSubjectCheck