Skip to content

OAuth2

Defined in: src/oauth/index.ts:63

new OAuth2(metadata, context): OAuth2

Defined in: src/oauth/index.ts:136

ValidatedAuthMetadata

Context

OAuth2

readonly context: Required<Context>

Defined in: src/oauth/index.ts:134


readonly metadata: ValidatedAuthMetadata

Defined in: src/oauth/index.ts:137

completeAuthorizationCodeGrant(code): Promise<BearerTokenResponse>

Defined in: src/oauth/index.ts:195

Attempt to exchange authorization code for bearer token.

Takes the authorization code returned by the OAuth2 Provider via the authorization URL, and makes a request to the Token Endpoint, to obtain the access token, refresh token, etc.

string

authorization code as returned by IdP during authorization

Promise<BearerTokenResponse>

a validated bearer token response

An Error with message set to an entry in OAuth2Error, when the request fails, or the returned token response is invalid.


generateAuthorizationCodeGrantUrl(state, responseMode?, prompt?, scope?): Promise<string>

Defined in: src/oauth/index.ts:159

Generate a URL to attempt authorization with the OP See https://spec.matrix.org/v1.18/client-server-api/#authorization-code-flow

string

A unique opaque identifier, like a transaction ID, that will allow the client to maintain state between the authorization request and the callback. The app should use this to key the storage for where the rest of the auth context is saved.

"query" | "fragment"

The manner in which the IdP should send the secrets back to the app. Defaults to fragment for privacy.

string

Optional prompt parameter to pass to the IdP to signal intent, e.g. create for User registration.

string

The OAuth2 scope to request, will be generated based on the device ID if omitted.

Promise<string>

a Promise with the url as a string


performRefreshTokenGrant(refreshToken): Promise<BearerTokenResponse>

Defined in: src/oauth/index.ts:214

Refresh the access token using the given refresh token and the refresh token grant

string

the token to use to refresh the access token

Promise<BearerTokenResponse>


revokeToken(token, type?): Promise<void>

Defined in: src/oauth/index.ts:232

Revokes the given token

string

the token to remove

"access_token" | "refresh_token"

the type of token, acts as a hint to the IdP

Promise<void>


startDeviceAuthorizationGrant(scope?): Promise<DeviceAuthorizationResponse>

Defined in: src/oauth/index.ts:252

Begin OAuth2 device authorization flow.

string

the scope to request for authorization.

Promise<DeviceAuthorizationResponse>

a promise that resolves to a device access token response, or an error response if the user denies authorization or the device code expires.


waitForDeviceAuthorizationGrant(session): Promise<DeviceAccessTokenResponse | DeviceAccessTokenError>

Defined in: src/oauth/index.ts:266

Polls the OAuth2 token endpoint until we get a device access token response, or encounter an unrecoverable error.

DeviceAuthorizationResponse

The session returned from a previous call to OAuth2.startDeviceAuthorizationGrant.

Promise<DeviceAccessTokenResponse | DeviceAccessTokenError>

a promise that resolves to a device access token response, or an error response if the user denies authorization or the device code expires.


static registerClient(authMetadata, clientMetadata): Promise<string>

Defined in: src/oauth/index.ts:73

Attempts dynamic registration against the configured registration endpoint. Will ignore any URIs that do not use client_uri as a common base as per the spec.

ValidatedAuthMetadata

Auth config from DigitalWorldClient.getAuthMetadata

OAuthRegistrationRequest

The metadata for the client which to register, grant_types & response_types & token_endpoint_auth_method will be sanely calculated if omitted.

Promise<string>

Promise resolved with registered clientId

when registration is not supported, on failed request or invalid response