Skip to content

Latest commit

 

History

History
94 lines (71 loc) · 2.95 KB

README.md

File metadata and controls

94 lines (71 loc) · 2.95 KB

OAuth 2.0 Javascript Errors Library (@interop/oauth2-errors)

Build status NPM Version

Error classes and handler for Oauth 2.0 spec errors, patterned after the well-known http-errors lib.

Getting Started

Install the module with: npm install @interop/oauth2-errors

import {InvalidClient} from '@interop/oauth2-errors';
// or
const OauthErrors = require('@interop/oauth2-errors');

Errors

Follows the Oauth 2.0 Spec for errors, see here. All errors have HTTP response status code of 400, except as noted.

  • InvalidClient - invalid_client (HTTP 401)
  • InvalidGrant - invalid_grant
  • InvalidRequest - invalid_request
  • InvalidScope - invalid_scope
  • UnauthorizedClient - unauthorized_client
  • UnauthorizedGrantType - unauthorized_grant_type

And Authorization Errors:

  • AccessDenied - access_denied (HTTP 403)
  • UnsupportedResponseType - unsupported_response_type
  • ServerError - server_error (HTTP 500)
  • TemporarilyUnavailable - temporarily_unavailable (HTTP 503)

Extension errors from (RFC6750) OAuth 2.0 Bearer Token Usage

  • InvalidToken - invalid_token (HTTP 401)
  • InsufficientScope - insufficient_scope (HTTP 403)

Usage

Each error is a class, so can be instantiated by calling new.

const invalidGrantError = new OauthErrors.InvalidGrant()

Each class can optionally take a params argument with 2 optional properties:

  • description - error_description
  • uri - error_uri
const invalidRequestError = new OauthErrors.InvalidRequest({
  description: 'more description this bad request', 
  uri: 'https://mydomain.com/invalid_request'
})

Methods

  • toString

    • Creates a JSON string with the following properties:
      • error
      • error_description - [optional]
      • error_uri - [optional]
  • respond

    • ExpressJS convenience response handler
    • Takes the ExpressJS response as the sole argument

Examples

const OauthErrors = require('@interop/oauth2-errors');
...

// Using the respond convenience fn
function authorize(req, res, next) {

  if (invalidClient()) {
    const invalidClientErr = new OauthErrors.InvalidClient()
    return invalidClientErr.respond(res)
  }
}

Release History

  • v2.0.0 - Expand statusCode of various errors beyond 400 - Sep 23, 2020
  • v1.0.0 - Initial Release - April 13, 2018
  • v1.0.1 - Update compilation - April 13, 2018
  • v1.0.2 - Improve tests - April 13, 2018
  • v1.0.3 - Add authorization errors - April 14, 2018

License

Copyright (c) 2018 Richard Lucas. Licensed under the MIT license.