Add option to provide client creds on token request

[markbradley27]

Context

• node version: 18.12.1
• module version: 5.0.0
• environment (e.g. node, browser, native): node
• any other relevant information:

What problem are you trying to solve?

Some Oauth2 providers require the client id and secret to be provided along with the authorization code when requesting tokens; namely the Strava API. As far as I can tell, there's currently no way to get simple-oauth2 to include those.

Do you have a new or modified API suggestion to solve the problem?

A flag could be added to the config that tells it to include client creds when requesting a token. I have a commit here that adds the flag. If you like it, I'd be happy to add tests and docs and send over a pull request.

The current flag name includeClientCredsInTokenRequests is a bit verbose; open to suggestions there.

[andrew-sol]

Instagram also requires this. And Twitter. I think we also need the ability to pass custom request body params in getToken(). Twitter also requires the code_verifier param.

[jonathansamines]

When a token is requested through the authorization code grant type, credentials are sent with that request along with the authorization code. You can control how those credentials get included via options:

• authorizationMethod - Method used to send the client.id/client.secret authorization params at the token request. Valid options are header or body. If set to body, the bodyFormat option will be used to format the credentials. Defaults to header

If the OAuth2 server you are dealing with, requires those credentials to be included as part of the request body, you can use the option above to change how credentials get included. Furthermore, when credentials are included in the body, you can control how credentials are serialized:

• bodyFormat - Request's body data format. Valid options are form or json. Defaults to form

Finally, if completely arbitrary options need to be included as part of the token request, the getToken() method, allows you to pass arbitrary params, which will end up being serialized as part of the request body:

client.getToken({ someParam: 'some value' });

Hope that helps!

[andrew-sol]

@jonathansamines thanks, but I see two problems here:

1. The current TypeScript types do not allow custom options to be passed into the getToken() method.
2. README.md should include a section with examples of what you have written.

[jonathansamines]

Hey @andrew-sol. Thanks for sharing that.

1. The current TypeScript types do not allow custom options to be passed into the getToken() method.

I'd recommend you open a pull request against DefinitelyTyped repository, we do not currently own the type definitions for this package.

2. README.md should include a section with examples of what you have written.

Our documentation does indeed include some info about this:

• Usage example
• API docs

Feel free to submit additional changes to the documentation, if you feel like it could be improved.