-
Hey! Quick question: I was just wondering how oauth4webapi differs from node-openid-client? And thank you @panva, I greatly appreciate everything you've done for the auth ecosystem. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Hello @alexnault thank you for a great question. I haven't made my mind up just yet but let's see if I can articulate my thoughts around this. I think the oauth4webapi api is even lower level than that of openid-client so they're quite different APIs. The intention was that modules such as openid-client, or similar that are framework-oriented, would use oauth4webapi under the covers while exposing framework convention affirming APIs. oauth4webapi is not a successor, never will be, but when Node.js v20.x is the oldest LTS available one day it might become a dependency of a new major revision of openid-client. Does that make sense? openid-client can hardly be a dependency of non-Node.js runtime client modules, oauth4webapi is meant to be that. I see client modules popping up for new frameworks every now and then and they're riddled with issues and bad client behaviours, so I wished new oauth client projects didn't have the need to implement the oauth basics themselves. |
Beta Was this translation helpful? Give feedback.
-
That makes a ton of sense, thank you! |
Beta Was this translation helpful? Give feedback.
Hello @alexnault
thank you for a great question. I haven't made my mind up just yet but let's see if I can articulate my thoughts around this. I think the oauth4webapi api is even lower level than that of openid-client so they're quite different APIs.
The intention was that modules such as openid-client, or similar that are framework-oriented, would use oauth4webapi under the covers while exposing framework convention affirming APIs.
oauth4webapi is not a successor, never will be, but when Node.js v20.x is the oldest LTS available one day it might become a dependency of a new major revision of openid-client. Does that make sense?
openid-client can hardly be a dependency of non-Node.js run…