Merge pull request #287 from pilcrowonpaper/next

Release v3.5.0

Author: pilcrowonpaper

.RELEASE.md

@@ -0,0 +1,2 @@
+- Polar.sh: Fix client authentication ([#286](https://github.com/pilcrowonpaper/arctic/pull/286)).
+- Polar.sh: Support public clients ([#286](https://github.com/pilcrowonpaper/arctic/pull/286)).

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "arctic",
 	"type": "module",
-	"version": "3.4.0",
+	"version": "3.5.0",
 	"description": "OAuth 2.0 clients for popular providers",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",

src/providers/polar.ts

@@ -1,43 +1,74 @@
-import { OAuth2Client, CodeChallengeMethod } from "../client.js";
+import { createS256CodeChallenge } from "../oauth2.js";
+import { createOAuth2Request, sendTokenRequest, sendTokenRevocationRequest } from "../request.js";
 
 import type { OAuth2Tokens } from "../oauth2.js";
 
 const authorizationEndpoint = "https://polar.sh/oauth2/authorize";
 const tokenEndpoint = "https://api.polar.sh/v1/oauth2/token";
 const tokenRevocationEndpoint = "https://api.polar.sh/v1/oauth2/revoke";
 
+// Polar.sh supports HTTP Basic Auth but `client_secret` is set as the default authentication method.
 export class Polar {
-	private client: OAuth2Client;
+	private clientId: string;
+	private clientSecret: string | null;
+	private redirectURI: string;
 
-	constructor(clientId: string, clientSecret: string, redirectURI: string) {
-		this.client = new OAuth2Client(clientId, clientSecret, redirectURI);
+	constructor(clientId: string, clientSecret: string | null, redirectURI: string) {
+		this.clientId = clientId;
+		this.clientSecret = clientSecret;
+		this.redirectURI = redirectURI;
 	}
 
 	public createAuthorizationURL(state: string, codeVerifier: string, scopes: string[]): URL {
-		const url = this.client.createAuthorizationURLWithPKCE(
-			authorizationEndpoint,
-			state,
-			CodeChallengeMethod.S256,
-			codeVerifier,
-			scopes
-		);
+		const url = new URL(authorizationEndpoint);
+		url.searchParams.set("client_id", this.clientId);
+		url.searchParams.set("response_type", "code");
+		url.searchParams.set("redirect_uri", this.redirectURI);
+		url.searchParams.set("state", state);
+		if (scopes.length > 0) {
+			url.searchParams.set("scope", scopes.join(" "));
+		}
+		const codeChallenge = createS256CodeChallenge(codeVerifier);
+		url.searchParams.set("code_challenge", codeChallenge);
+		url.searchParams.set("code_challenge_method", "S256");
 		return url;
 	}
 
 	public async validateAuthorizationCode(
 		code: string,
 		codeVerifier: string
 	): Promise<OAuth2Tokens> {
-		const tokens = await this.client.validateAuthorizationCode(tokenEndpoint, code, codeVerifier);
+		const body = new URLSearchParams();
+		body.set("code", code);
+		body.set("client_id", this.clientId);
+		if (this.clientSecret !== null) {
+			body.set("client_secret", this.clientSecret);
+		}
+		body.set("redirect_uri", this.redirectURI);
+		body.set("grant_type", "authorization_code");
+		body.set("code_verifier", codeVerifier);
+		const request = createOAuth2Request(tokenEndpoint, body);
+		const tokens = await sendTokenRequest(request);
 		return tokens;
 	}
 
 	public async refreshAccessToken(refreshToken: string): Promise<OAuth2Tokens> {
-		const tokens = await this.client.refreshAccessToken(tokenEndpoint, refreshToken, []);
+		const body = new URLSearchParams();
+		body.set("refresh_token", refreshToken);
+		body.set("client_id", this.clientId);
+		if (this.clientSecret !== null) {
+			body.set("client_secret", this.clientSecret);
+		}
+		body.set("grant_type", "refresh_token");
+		const request = createOAuth2Request(tokenEndpoint, body);
+		const tokens = await sendTokenRequest(request);
 		return tokens;
 	}
 
 	public async revokeToken(token: string): Promise<void> {
-		await this.client.revokeToken(tokenRevocationEndpoint, token);
+		const body = new URLSearchParams();
+		body.set("token", token);
+		const request = createOAuth2Request(tokenRevocationEndpoint, body);
+		await sendTokenRevocationRequest(request);
 	}
 }