OAuth2
Defined in: src/oauth/index.ts:63
Constructors
Section titled “Constructors”Constructor
Section titled “Constructor”new OAuth2(
metadata,context):OAuth2
Defined in: src/oauth/index.ts:136
Parameters
Section titled “Parameters”metadata
Section titled “metadata”context
Section titled “context”Context
Returns
Section titled “Returns”OAuth2
Properties
Section titled “Properties”context
Section titled “context”
readonlycontext:Required<Context>
Defined in: src/oauth/index.ts:134
metadata
Section titled “metadata”
readonlymetadata:ValidatedAuthMetadata
Defined in: src/oauth/index.ts:137
Methods
Section titled “Methods”completeAuthorizationCodeGrant()
Section titled “completeAuthorizationCodeGrant()”completeAuthorizationCodeGrant(
code):Promise<BearerTokenResponse>
Defined in: src/oauth/index.ts:195
Attempt to exchange authorization code for bearer token.
Takes the authorization code returned by the OAuth2 Provider via the authorization URL, and makes a request to the Token Endpoint, to obtain the access token, refresh token, etc.
Parameters
Section titled “Parameters”string
authorization code as returned by IdP during authorization
Returns
Section titled “Returns”Promise<BearerTokenResponse>
a validated bearer token response
Throws
Section titled “Throws”An Error with message set to an entry in OAuth2Error,
when the request fails, or the returned token response is invalid.
generateAuthorizationCodeGrantUrl()
Section titled “generateAuthorizationCodeGrantUrl()”generateAuthorizationCodeGrantUrl(
state,responseMode?,prompt?,scope?):Promise<string>
Defined in: src/oauth/index.ts:159
Generate a URL to attempt authorization with the OP See https://spec.matrix.org/v1.18/client-server-api/#authorization-code-flow
Parameters
Section titled “Parameters”string
A unique opaque identifier, like a transaction ID, that will allow the client to maintain state between the authorization request and the callback. The app should use this to key the storage for where the rest of the auth context is saved.
responseMode?
Section titled “responseMode?”"query" | "fragment"
The manner in which the IdP should send the secrets back to the app. Defaults to fragment for privacy.
prompt?
Section titled “prompt?”string
Optional prompt parameter to pass to the IdP to signal intent, e.g. create for User registration.
scope?
Section titled “scope?”string
The OAuth2 scope to request, will be generated based on the device ID if omitted.
Returns
Section titled “Returns”Promise<string>
a Promise with the url as a string
performRefreshTokenGrant()
Section titled “performRefreshTokenGrant()”performRefreshTokenGrant(
refreshToken):Promise<BearerTokenResponse>
Defined in: src/oauth/index.ts:214
Refresh the access token using the given refresh token and the refresh token grant
Parameters
Section titled “Parameters”refreshToken
Section titled “refreshToken”string
the token to use to refresh the access token
Returns
Section titled “Returns”Promise<BearerTokenResponse>
revokeToken()
Section titled “revokeToken()”revokeToken(
token,type?):Promise<void>
Defined in: src/oauth/index.ts:232
Revokes the given token
Parameters
Section titled “Parameters”string
the token to remove
"access_token" | "refresh_token"
the type of token, acts as a hint to the IdP
Returns
Section titled “Returns”Promise<void>
startDeviceAuthorizationGrant()
Section titled “startDeviceAuthorizationGrant()”startDeviceAuthorizationGrant(
scope?):Promise<DeviceAuthorizationResponse>
Defined in: src/oauth/index.ts:252
Begin OAuth2 device authorization flow.
Parameters
Section titled “Parameters”scope?
Section titled “scope?”string
the scope to request for authorization.
Returns
Section titled “Returns”Promise<DeviceAuthorizationResponse>
a promise that resolves to a device access token response, or an error response if the user denies authorization or the device code expires.
waitForDeviceAuthorizationGrant()
Section titled “waitForDeviceAuthorizationGrant()”waitForDeviceAuthorizationGrant(
session):Promise<DeviceAccessTokenResponse|DeviceAccessTokenError>
Defined in: src/oauth/index.ts:266
Polls the OAuth2 token endpoint until we get a device access token response, or encounter an unrecoverable error.
Parameters
Section titled “Parameters”session
Section titled “session”The session returned from a previous call to OAuth2.startDeviceAuthorizationGrant.
Returns
Section titled “Returns”Promise<DeviceAccessTokenResponse | DeviceAccessTokenError>
a promise that resolves to a device access token response, or an error response if the user denies authorization or the device code expires.
registerClient()
Section titled “registerClient()”
staticregisterClient(authMetadata,clientMetadata):Promise<string>
Defined in: src/oauth/index.ts:73
Attempts dynamic registration against the configured registration endpoint. Will ignore any URIs that do not use client_uri as a common base as per the spec.
Parameters
Section titled “Parameters”authMetadata
Section titled “authMetadata”Auth config from DigitalWorldClient.getAuthMetadata
clientMetadata
Section titled “clientMetadata”The metadata for the client which to register, grant_types & response_types & token_endpoint_auth_method will be sanely calculated if omitted.
Returns
Section titled “Returns”Promise<string>
Promise
Throws
Section titled “Throws”when registration is not supported, on failed request or invalid response