deno_kv_oauth

High-level OAuth 2.0 powered by Deno KV.

MIT License

Stars
246
Committers
21
View Code on GitHub Visit Website View on X
Ecosystems: Deno

Bot releases are hidden (Show)

deno_kv_oauth - v0.10.0 Latest Release

Published by iuioiua almost 1 year ago

Notes

Cookie Options and createHelpers() for Shared Configurations

You can now overwrite Deno KV OAuth's cookie properties. This functionality is handy in setups that require greater customization. E.g. A website that has a separate auth sub-domain like auth.exmaple.com. These options can be set in the new createHelpers() function. This will ensure consistent behaviour across your website by generating the full suite of helpers with a single, shared configuration. To get started, see the Get Started with Cookie Options README section.

Removal of the Fresh Plugin

The Fresh plugin was removed and replaced by the new Get Started with Fresh README section. The example uses the new createHelpers() and clarifies how a self-implemented plugin would work and aims to shed light on extending it.

Server-Side Session Storage

Previously, the session ID was only stored in a cookie sent to the client. This meant that the session ID could be imitated, posing a security risk. Now, the session ID is stored in the server's database. Checking the session ID database entry validates whether the session ID originated on the server. To migrate, await getSessionId() and signOut(), which are now async:

// server.ts
import {
  createGitHubOAuthConfig,
  getSessionId,
  handleCallback,
  signIn,
  signOut,
} from "https://deno.land/x/deno_kv_oauth@$VERSION/mod.ts";

const oauthConfig = createGitHubOAuthConfig();

async function handler(request: Request) {
  const { pathname } = new URL(request.url);
  switch (pathname) {
    case "/oauth/signin":
      return await signIn(request, oauthConfig);
    case "/oauth/callback":
      const { response } = await handleCallback(request, oauthConfig);
      return response;
    case "/oauth/signout":
-     return signOut(request);
+     return await signOut(request);
    case "/protected-route":
-     return getSessionId(request) === undefined
+     return await getSessionId(request) === undefined
        ? new Response("Unauthorized", { status: 401 })
        : new Response("You are allowed");
    default:
      return new Response(null, { status: 404 });
  }
}

Deno.serve(handler);

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.9.1...v0.10.0

deno_kv_oauth - v0.9.1

Published by iuioiua about 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.9.0...v0.9.1

deno_kv_oauth - v0.9.0

Published by iuioiua about 1 year ago

Notes

Removal of clearOAuthSessionsAndTokens()

Since tokens are no longer stored in the database and OAuth session data expires, the clearOAuthSessionsAndTokens() has been removed from Deno KV OAuth's API. In other words, the database will be kept clean automatically. We recommend running this function one last time before upgrading to this version.

Export of the OAuth2ClientConfig Interface

Previously, if needed, you had to import the OAuth2ClientConfig interface from x/oauth2_client. Now, that interface is re-exported as part of Deno KV OAuth. This keeps the version of x/oauth2_client that Deno KV OAuth uses in alignment for free.

- import type { OAuth2ClientConfig } from "https://deno.land/x/oauth2_client/mod.ts";
  import {
+   type OAuth2ClientConfig,
    signIn,
    handleCallback,
    signOut,
  } from "https://deno.land/x/deno_kv_oauth@$VERSION/mod.ts";

Documentation Re-Write

The documentation has been re-written to be clearer and more concise, with the aim of increasing the understandability of the module and how to use it.

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.8.0...v0.9.0

deno_kv_oauth - v0.8.0

Published by iuioiua about 1 year ago

Notable changes

Removal of Token Storage

Previously, OAuth tokens were stored in the database in handleCallback() and accessible through getSessionAccessToken(). In most cases, access tokens are only ever used within the callback handler, so the storage and retrieval of OAuth tokens have been removed. OAuth tokens are still available in the tokens property of the return object of handleCallback(). In the edge case requiring storage of the OAuth tokens, one can still implement their solution within the callback handler.

This has significantly simplified the codebase and slightly increased the performance now that a database write is no longer happening in handleCallback(). This has also opened up opportunities for further simplifications in the future.

To migrate, do the following: remove getSessionAccessToken() and instead use accessToken from handleCallback().

DENO_KV_PATH Environment Variable

Previously, the path of the Deno KV instance could be controlled using the KV_PATH environment variable. This environment variable has been renamed to DENO_KV_PATH to align it with Deno Deploy's DENO_KV_ACCESS_TOKEN.

To migrate, change use of the KV_PATH environment variable to DENO_KV_PATH:

- KV_PATH=:memory: deno run --unstable -A my_scipt.ts
+ DENO_KV_PATH=:memory: deno run --unstable -A my_scipt.ts

OAuth Session Expiry

Deno KV now supports key expirations. After 10 minutes, an OAuth session entry in the database will be automatically deleted. With this and token storage being dropped, Deno KV OAuth will have a self-cleaning database without needing further action.

We recommend clearing the database after upgrading to this version of Deno KV OAuth:

import { clearOAuthSessionsAndTokens } from "https://deno.land/x/[email protected]/lib/clear_oauth_sessions_and_tokens.ts";
await clearOAuthSessionsAndTokens();

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.7.0...v0.8.0

deno_kv_oauth - v0.7.0

Published by iuioiua about 1 year ago

Notable Changes

Bug Fixes and Performance Improvements

This release contains important bug fixes that previously caused extraneous refresh token requests to be sent to the provider and token expiry miscalculations. These fixes also improve performance. Thank you to @mitchwadair for fixing these.

Change of the Main Argument Type

Previously, functions across the library created and consumed the OAuth2Client class. Now, the library uses the simpler OAuth2ClientConfig interface and OAuth2Client instances are created internally when needed. This includes provider-related functions. To migrate your codebase:

// Sign-in, callback and sign-out handlers
import {
- createGitHubOAuth2Client,
+ createGitHubOAuthConfig,
  handleCallback,
  signIn,
  signOut,
} from "https://deno.land/x/deno_kv_oauth@$VERSION/mod.ts";

- const oauth2Client = createGitHubOAuth2Client();
+ const oauthConfig = createGitHubOAuthConfig();

async function handleSignIn(request: Request) {
- return await signIn(request, oauth2Client);
+ return await signIn(request, oauthConfig);
}

async function handleOAuth2Callback(request: Request) {
- return await handleCallback(request, oauth2Client);
+ return await handleCallback(request, oauthConfig);
}

async function handleSignOut(request: Request) {
  return await signOut(request);
}

Thank you to @jollytoad for the suggestion and initial PR.

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.6.1...v0.7.0

deno_kv_oauth - v0.6.1

Published by iuioiua about 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.6.0...v0.6.1

deno_kv_oauth - v0.6.0

Published by iuioiua about 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.5.0...v0.6.0

deno_kv_oauth - v0.5.0

Published by iuioiua about 1 year ago

What's Changed

BREAKING CHANGE: the redirectUrl parameter for handleCallback() and signOut() have been removed. Please see the "Redirect URL after Sign-In or Sign-Out" section in the README on how the new success URL feature works.

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.4.0...v0.5.0

deno_kv_oauth - v0.4.0

Published by iuioiua about 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.3.0...v0.4.0

deno_kv_oauth - v0.3.0

Published by iuioiua about 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.8...v0.3.0

deno_kv_oauth - v0.2.8

Published by iuioiua about 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.7...v0.2.8

deno_kv_oauth - v0.2.7

Published by iuioiua over 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.6...v0.2.7

deno_kv_oauth - v0.2.6

Published by iuioiua over 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.5...v0.2.6

deno_kv_oauth - v0.2.5

Published by iuioiua over 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.4...v0.2.5

deno_kv_oauth - v0.2.4

Published by iuioiua over 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.3...v0.2.4

deno_kv_oauth - v0.2.3

Published by iuioiua over 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.2...v0.2.3

deno_kv_oauth - v0.2.2

Published by iuioiua over 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.1...v0.2.2

deno_kv_oauth - v0.2.1

Published by iuioiua over 1 year ago

The -beta suffix and pre-release status are being dropped in this release. This module is still in beta but moving towards a stable release.

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.2.0-beta...v0.2.1

deno_kv_oauth - v0.2.0-beta

Published by iuioiua over 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.1.8-beta...v0.2.0-beta

deno_kv_oauth - v0.1.8-beta

Published by iuioiua over 1 year ago

What's Changed

Full Changelog: https://github.com/denoland/deno_kv_oauth/compare/v0.1.7-beta...v0.1.8-beta

Package Rankings
Top 14.14% on Deno.land
Badges
Extracted from project README
JSR CI codecov Built with the Deno Standard Library
Related Projects
deno-tutorial

长期更新的《Deno 钻研之术》!循序渐进学 Deno & 先易后难补 Node & 面向未来的 Deno Web 应用开发

12 May 2020 806
slack-oauth

Setup the OAuth flow for Slack apps easily. Deno port of @slack/oauth

10 Feb 2021 3
task-paf-technical-trainee

CRUD with admin panel. Deno + Hono + Eta + Vue3 based. OAuth2 authentication for Google and X/Twi...

05 Aug 2024 0
superdeno

Super-agent driven library for testing Deno HTTP servers.

29 May 2020 122
web-auth-library

Authentication library for the browser environment using Web Crypto API

30 May 2022 89
deno

A modern runtime for JavaScript and TypeScript.

15 May 2018 93,349
jike-sdk

Ⓙ Jike SDK for Node.js / Deno / browser

14 Dec 2021 55
deno-oauth2-client

Minimalistic OAuth 2.0 client for Deno.

02 Oct 2020 46
reproxy

🚚 Deliver any files in the GitHub repository

04 Jun 2024 0
eta

Embedded JS template engine for Node, Deno, and the browser. Lighweight, fast, and pluggable. Wri...

26 Mar 2020 1,301
saaskit

A modern SaaS template built on Fresh.

09 Mar 2023 1,060
oak

A middleware framework for handling HTTP with Deno, Node, Bun and Cloudflare Workers 🐿️ 🦕

12 Dec 2018 4,988
hono

Web framework built on Web Standards

14 Dec 2021 19,047
superoak

HTTP assertions for Oak made easy via SuperDeno. 🐿 🦕

31 May 2020 121
oauth4webapi

OAuth 2 / OpenID Connect for JavaScript Runtimes

02 Mar 2022 509