Merge pull request #296 from pilcrowonpaper/next

pilcrowonpaper · web-flow · commit 022180a14f7e · 2025-03-27T10:42:57.000+09:00
Release v3.6.0
diff --git a/.RELEASE.md b/.RELEASE.md
@@ -0,0 +1,3 @@
+- Add Mastodon client ([#288](https://github.com/pilcrowonpaper/arctic/pull/288)).
+- Add Autodesk Platform Services client ([#292](https://github.com/pilcrowonpaper/arctic/pull/292)).
+- Strava: Add `refreshAccessToken()` method ([#295](https://github.com/pilcrowonpaper/arctic/pull/295)).
diff --git a/README.md b/README.md
@@ -38,6 +38,7 @@ Arctic does not strictly follow semantic versioning. While we aim to only introd
 - Atlassian
 - Auth0
 - Authentik
+- Autodesk Platform Services
 - Battle.net
 - Bitbucket
 - Box
@@ -63,6 +64,7 @@ Arctic does not strictly follow semantic versioning. While we aim to only introd
 - Line
 - Linear
 - LinkedIn
+- Mastodon
 - MercadoLibre
 - MercadoPago
 - Microsoft Entra ID
diff --git a/docs/malta.config.json b/docs/malta.config.json
@@ -24,6 +24,7 @@
 				["Atlassian", "/providers/atlassian"],
 				["Auth0", "/providers/auth0"],
 				["Authentik", "/providers/authentik"],
+				["Autodesk Platform Services", "/providers/autodesk"],
 				["Battle.net", "/providers/battlenet"],
 				["Bitbucket", "/providers/bitbucket"],
 				["Box", "/providers/box"],
@@ -49,6 +50,7 @@
 				["Line", "/providers/line"],
 				["Linear", "/providers/linear"],
 				["LinkedIn", "/providers/linkedin"],
+				["Mastodon", "/providers/mastodon"],
 				["MercadoLibre", "/providers/mercadolibre"],
 				["MercadoPago", "/providers/mercadopago"],
 				["Microsoft Entra ID", "/providers/microsoft-entra-id"],
diff --git a/docs/pages/providers/autodesk.md b/docs/pages/providers/autodesk.md
@@ -0,0 +1,129 @@
+---
+title: "Autodesk Platform Services"
+---
+
+# Autodesk Platform Services
+
+OAuth 2.0 provider for [Autodesk Platform Services](https://aps.autodesk.com/en/docs/oauth/v2/developers_guide/overview/).
+
+Also see the [OAuth 2.0 with PKCE](/guides/oauth2-pkce) guide.
+
+## Initialization
+
+Pass the client secret for confidential clients.
+
+```ts
+import * as arctic from "arctic";
+
+const autodesk = new arctic.Autodesk(clientId, clientSecret, redirectURI);
+const autodesk = new arctic.Autodesk(clientId, null, redirectURI);
+```
+
+## Create authorization URL
+
+```ts
+import * as arctic from "arctic";
+
+const state = arctic.generateState();
+const codeVerifier = arctic.generateCodeVerifier();
+const scopes = ["openid", "user:read", "data:read"];
+const url = autodesk.createAuthorizationURL(state, codeVerifier, scopes);
+```
+
+The list of scopes Autodesk Platform Services supports can be found at the [Developer's Guide/Scopes](https://aps.autodesk.com/en/docs/oauth/v2/developers_guide/scopes/) page.
+
+## Validate authorization code
+
+`validateAuthorizationCode()` will either return an [`OAuth2Tokens`](/reference/main/OAuth2Tokens), or throw one of [`OAuth2RequestError`](/reference/main/OAuth2RequestError), [`ArcticFetchError`](/reference/main/ArcticFetchError), [`UnexpectedResponseError`](/reference/main/UnexpectedResponseError), or [`UnexpectedErrorResponseBodyError`](/reference/main/UnexpectedErrorResponseBodyError). Autodesk Platform Services returns an access token, the access token expiration, and a refresh token.
+
+```ts
+import * as arctic from "arctic";
+
+try {
+	const tokens = await autodesk.validateAuthorizationCode(code, codeVerifier);
+	const accessToken = tokens.accessToken();
+	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
+	const refreshToken = tokens.refreshToken();
+} catch (e) {
+	if (e instanceof arctic.OAuth2RequestError) {
+		// Invalid authorization code, credentials, or redirect URI
+		const code = e.code;
+		// ...
+	}
+	if (e instanceof arctic.ArcticFetchError) {
+		// Failed to call `fetch()`
+		const cause = e.cause;
+		// ...
+	}
+	// Parse error
+}
+```
+
+## Refresh access tokens
+
+Use `refreshAccessToken()` to get a new access token using a refresh token. Autodesk Platform Services returns the same values as during the authorization code validation. This method also returns `OAuth2Tokens` and throws the same errors as `validateAuthorizationCode()`
+
+```ts
+import * as arctic from "arctic";
+
+try {
+	// Pass an empty `scopes` array to keep using the same scopes.
+	const tokens = await autodesk.refreshAccessToken(refreshToken, scopes);
+	const accessToken = tokens.accessToken();
+	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
+} catch (e) {
+	if (e instanceof arctic.OAuth2RequestError) {
+		// Invalid authorization code, credentials, or redirect URI
+	}
+	if (e instanceof arctic.ArcticFetchError) {
+		// Failed to call `fetch()`
+	}
+	// Parse error
+}
+```
+
+## Revoke tokens
+
+Use `revokeToken()` to revoke a token. You need to specify wether the token is an `access_token` or a `refresh_token`. This can throw the same errors as `validateAuthorizationCode()`.
+
+```ts
+try {
+	await autodesk.revokeToken(token, token_type);
+} catch (e) {
+	if (e instanceof arctic.OAuth2RequestError) {
+		// Invalid authorization code, credentials, or redirect URI
+	}
+	if (e instanceof arctic.ArcticFetchError) {
+		// Failed to call `fetch()`
+	}
+	// Parse error
+}
+```
+
+## OpenID Connect
+
+Use OpenID Connect with the `openid` scope to get the user's profile with an ID token or the [`userinfo` endpoint](https://aps.autodesk.com/en/docs/profile/v1/reference/profile/oidcuserinfo/). Arctic provides [`decodeIdToken()`](/reference/main/decodeIdToken) for decoding the token's payload.
+
+See the endpoint documentation for the token claims.
+
+```ts
+const scopes = ["openid"];
+const url = autodesk.createAuthorizationURL(state, codeVerifier, scopes);
+```
+
+```ts
+import * as arctic from "arctic";
+
+const tokens = await autodesk.validateAuthorizationCode(code, codeVerifier);
+const idToken = tokens.idToken();
+const claims = arctic.decodeIdToken(idToken);
+```
+
+```ts
+const response = await fetch("https://api.userprofile.autodesk.com/userinfo", {
+	headers: {
+		Authorization: `Bearer ${accessToken}`
+	}
+});
+const user = await response.json();
+```
diff --git a/docs/pages/providers/mastodon.md b/docs/pages/providers/mastodon.md
@@ -0,0 +1,74 @@
+---
+title: "Mastodon"
+---
+
+# Mastodon
+
+OAuth 2.0 provider for Mastodon.
+
+Also see the [OAuth 2.0 with PKCE](/guides/oauth2-pkce) guide.
+
+## Initialization
+
+The `baseURL` parameter is the full URL where the Mastodon instance is hosted.
+
+```ts
+import * as arctic from "arctic";
+
+const baseURL = "https://mastodon.social";
+const mastodon = new arctic.Mastodon(baseURL, clientId, clientSecret, redirectURI);
+```
+
+## Create authorization URL
+
+```ts
+import * as arctic from "arctic";
+
+const state = arctic.generateState();
+const codeVerifier = arctic.generateCodeVerifier();
+const scopes = ["read", "write"];
+const url = mastodon.createAuthorizationURL(state, codeVerifier, scopes);
+```
+
+## Validate authorization code
+
+`validateAuthorizationCode()` will either return an [`OAuth2Tokens`](/reference/main/OAuth2Tokens), or throw one of [`OAuth2RequestError`](/reference/main/OAuth2RequestError), [`ArcticFetchError`](/reference/main/ArcticFetchError), [`UnexpectedResponseError`](/reference/main/UnexpectedResponseError), or [`UnexpectedErrorResponseBodyError`](/reference/main/UnexpectedErrorResponseBodyError). Mastodon will only return an access token (no expiration).
+
+```ts
+import * as arctic from "arctic";
+
+try {
+	const tokens = await mastodon.validateAuthorizationCode(code, codeVerifier);
+	const accessToken = tokens.accessToken();
+} catch (e) {
+	if (e instanceof arctic.OAuth2RequestError) {
+		// Invalid authorization code, credentials, or redirect URI
+		const code = e.code;
+		// ...
+	}
+	if (e instanceof arctic.ArcticFetchError) {
+		// Failed to call `fetch()`
+		const cause = e.cause;
+		// ...
+	}
+	// Parse error
+}
+```
+
+## Revoke tokens
+
+Use `revokeToken()` to revoke a token. This can throw the same errors as `validateAuthorizationCode()`.
+
+```ts
+try {
+	await mastodon.revokeToken(token);
+} catch (e) {
+	if (e instanceof arctic.OAuth2RequestError) {
+		// Invalid authorization code, credentials, or redirect URI
+	}
+	if (e instanceof arctic.ArcticFetchError) {
+		// Failed to call `fetch()`
+	}
+	// Parse error
+}
+```
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "arctic",
 	"type": "module",
-	"version": "3.5.0",
+	"version": "3.6.0",
 	"description": "OAuth 2.0 clients for popular providers",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
diff --git a/src/index.ts b/src/index.ts
@@ -4,6 +4,7 @@ export { Apple } from "./providers/apple.js";
 export { Atlassian } from "./providers/atlassian.js";
 export { Auth0 } from "./providers/auth0.js";
 export { Authentik } from "./providers/authentik.js";
+export { Autodesk } from "./providers/autodesk.js";
 export { BattleNet } from "./providers/battlenet.js";
 export { Bitbucket } from "./providers/bitbucket.js";
 export { Box } from "./providers/box.js";
@@ -29,6 +30,7 @@ export { Lichess } from "./providers/lichess.js";
 export { Line } from "./providers/line.js";
 export { Linear } from "./providers/linear.js";
 export { LinkedIn } from "./providers/linkedin.js";
+export { Mastodon } from "./providers/mastodon.js";
 export { MercadoLibre } from "./providers/mercadolibre.js";
 export { MercadoPago } from "./providers/mercadopago.js";
 export { MicrosoftEntraId } from "./providers/microsoft-entra-id.js";
diff --git a/src/providers/autodesk.ts b/src/providers/autodesk.ts
@@ -0,0 +1,43 @@
+import { CodeChallengeMethod, OAuth2Client } from "../client.js";
+
+import type { OAuth2Tokens } from "../oauth2.js";
+
+const authorizationEndpoint = "https://developer.api.autodesk.com/authentication/v2/authorize";
+const tokenEndpoint = "https://developer.api.autodesk.com/authentication/v2/token";
+const tokenRevocationEndpoint = "https://developer.api.autodesk.com/authentication/v2/revoke";
+
+export class Autodesk {
+	private client: OAuth2Client;
+
+	constructor(clientId: string, clientSecret: string | null, redirectURI: string) {
+		this.client = new OAuth2Client(clientId, clientSecret, redirectURI);
+	}
+
+	public createAuthorizationURL(state: string, codeVerifier: string, scopes: string[]): URL {
+		const url = this.client.createAuthorizationURLWithPKCE(
+			authorizationEndpoint,
+			state,
+			CodeChallengeMethod.S256,
+			codeVerifier,
+			scopes
+		);
+		return url;
+	}
+
+	public async validateAuthorizationCode(
+		code: string,
+		codeVerifier: string
+	): Promise<OAuth2Tokens> {
+		const tokens = await this.client.validateAuthorizationCode(tokenEndpoint, code, codeVerifier);
+		return tokens;
+	}
+
+	public async refreshAccessToken(refreshToken: string): Promise<OAuth2Tokens> {
+		const tokens = await this.client.refreshAccessToken(tokenEndpoint, refreshToken, []);
+		return tokens;
+	}
+
+	public async revokeToken(token: string): Promise<void> {
+		await this.client.revokeToken(tokenRevocationEndpoint, token);
+	}
+}
diff --git a/src/providers/mastodon.ts b/src/providers/mastodon.ts
@@ -0,0 +1,46 @@
+import { OAuth2Client, CodeChallengeMethod } from "../client.js";
+import { joinURIAndPath } from "../request.js";
+
+import type { OAuth2Tokens } from "../oauth2.js";
+
+export class Mastodon {
+	private authorizationEndpoint: string;
+	private tokenEndpoint: string;
+	private tokenRevocationEndpoint: string;
+
+	private client: OAuth2Client;
+
+	constructor(baseURL: string, clientId: string, clientSecret: string, redirectURI: string) {
+		this.authorizationEndpoint = joinURIAndPath(baseURL, "/api/v1/oauth/authorize");
+		this.tokenEndpoint = joinURIAndPath(baseURL, "/api/v1/oauth/token");
+		this.tokenRevocationEndpoint = joinURIAndPath(baseURL, "/api/v1/oauth/revoke");
+		this.client = new OAuth2Client(clientId, clientSecret, redirectURI);
+	}
+
+	public createAuthorizationURL(state: string, codeVerifier: string, scopes: string[]): URL {
+		const url = this.client.createAuthorizationURLWithPKCE(
+			this.authorizationEndpoint,
+			state,
+			CodeChallengeMethod.S256,
+			codeVerifier,
+			scopes
+		);
+		return url;
+	}
+
+	public async validateAuthorizationCode(
+		code: string,
+		codeVerifier: string
+	): Promise<OAuth2Tokens> {
+		const tokens = await this.client.validateAuthorizationCode(
+			this.tokenEndpoint,
+			code,
+			codeVerifier
+		);
+		return tokens;
+	}
+
+	public async revokeToken(token: string): Promise<void> {
+		await this.client.revokeToken(this.tokenRevocationEndpoint, token);
+	}
+}
diff --git a/src/providers/strava.ts b/src/providers/strava.ts
@@ -3,7 +3,7 @@ import { createOAuth2Request, sendTokenRequest } from "../request.js";
 import type { OAuth2Tokens } from "../oauth2.js";
 
 const authorizationEndpoint = "https://www.strava.com/oauth/authorize";
-const tokenEndpoint = "https://www.strava.com/oauth/token";
+const tokenEndpoint = "https://www.strava.com/api/v3/oauth/token";
 
 export class Strava {
 	private clientId: string;
@@ -40,4 +40,15 @@ export class Strava {
 		const tokens = await sendTokenRequest(request);
 		return tokens;
 	}
+
+	public async refreshAccessToken(refreshToken: string): Promise<OAuth2Tokens> {
+		const body = new URLSearchParams();
+		body.set("grant_type", "refresh_token");
+		body.set("refresh_token", refreshToken);
+		body.set("client_id", this.clientId);
+		body.set("client_secret", this.clientSecret);
+		const request = createOAuth2Request(tokenEndpoint, body);
+		const tokens = await sendTokenRequest(request);
+		return tokens;
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+- Add Mastodon client ([#288](https://github.com/pilcrowonpaper/arctic/pull/288)).`
	`2`	`+- Add Autodesk Platform Services client ([#292](https://github.com/pilcrowonpaper/arctic/pull/292)).`
	`3`	+- Strava: Add `refreshAccessToken()` method ([#295](https://github.com/pilcrowonpaper/arctic/pull/295)).
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "arctic",`
`3`	`3`	`"type": "module",`
`4`		`- "version": "3.5.0",`
	`4`	`+ "version": "3.6.0",`
`5`	`5`	`"description": "OAuth 2.0 clients for popular providers",`
`6`	`6`	`"main": "dist/index.js",`
`7`	`7`	`"types": "dist/index.d.ts",`