Package: auth

The auth package defines generic authentication abstractions that are usable across multiple protocols.

---

Interfaces

AuthRequest

Object used to perform authenticated HTTP requests. In languages where such constructs are already provided (e.g. python, see [1]), they should be used instead of this object to take advantage of the existing ecosystem.

This can be created from the OAuth2ClientCredentials Object by using oauth2AuthRequest.

[1] https://requests.readthedocs.io/en/latest/user/authentication/

Methods

• configureRequest (request : Request)

  Configures the HTTP request as needed to use a specific authorization type. This method allows adopters to implement a specific authorization type depending their environment.

  request : Request

  Request or equivalent object used in the language.

Classes

OAuth2ClientCredentials

Credentials class implementing the OAuth 2.0 Client Credentials grant. Retrieves and refreshes access tokens from a direct OAuth 2.0 token endpoint (token_url) using the Client Credentials grant.

Constructors

• OAuth2ClientCredentials (clientId : string, clientSecret : string, tokenEndpoint : string)

  Initialize the credential helper.

  clientId : string

  OAuth 2.0 client identifier

  clientSecret : string

  OAuth 2.0 client secret

  tokenEndpoint : string

  OAuth 2.0 token endpoint URL

Methods

• getToken (forceRefresh? : boolean) : RefreshTokenResponse

  Obtains a valid token for the client. If forceRefresh is set to true, a new token is fetched and cached regardless of the current token’s expiry. The cached token is returned when it does not expire in the next 5 minutes (300 seconds). Otherwise, a new one is fetched and cached.

  Implementations must be thread-safe.

  forceRefresh? : boolean

  Set to true to bypass the cache and fetch a new token (default: false). NOT RECOMMENDED. Force with caution!

RefreshTokenResponse

Parsed token data

Properties

• accessToken: string

  OAuth 2.0 token

• expiresAt: Datetime

  Token's expiration time.

OIDCDiscoveryMetadata

Parsed OIDC discovery document exposing useful endpoints.

Properties

• tokenEndpoint: string

  OAuth 2.0 token endpoint URL advertised by the provider

Functions

• fetchOIDCDiscovery (issuerUrl : string) : OIDCDiscoveryMetadata

  Retrieve and parse the OIDC discovery document for the given issuer. See: https://openid.net/specs/openid-connect-discovery-1_0.html

  issuerUrl : string

  Base URL of the OIDC issuer

• oAuth2AuthRequest (oAuth2ClientCredentials : OAuth2ClientCredentials) : AuthRequest

  Wraps an OAuth2ClientCredentials object into an AuthRequest (or the specific construct used in the language) to allow injecting the token provided by the OAuth2ClientCredentials into the request.

  oAuth2ClientCredentials : OAuth2ClientCredentials

  OAuth token provider used to authenticate the requests.