Drupal Auth Client

1.0.2 · active · verified Wed Apr 22

The `drupal-auth-client` is a JavaScript/TypeScript library designed to facilitate OAuth 2.0 authentication against decoupled Drupal installations. Currently at version 1.0.2, it provides a streamlined interface for interacting with Drupal's `simple_oauth` module, which is a required prerequisite on the Drupal backend. The library primarily supports the `client_credentials` grant type for application-level authentication, making it suitable for server-side or secure client-side applications that need to interact with a Drupal API. While explicit release cadence for this specific package isn't provided, its ecosystem (`@octahedroid`) shows active development. Its key differentiator is its focused integration with Drupal's `simple_oauth` and its explicit support for common frontend frameworks like Next.js and Remix within the broader `@octahedroid` tooling.

Common errors

```
HTTP 400 Bad Request: Invalid grant_type supplied
```
cause The `simple_oauth` module is not enabled or properly configured on the Drupal site, or the provided credentials (client ID/secret) are incorrect.

fix Verify that `simple_oauth` is enabled, an OAuth client is created in Drupal, and the client ID and secret passed to `drupalAuthClient` match the Drupal configuration exactly.
```
Error: Client credentials not found or invalid
```
cause This error typically indicates that the `clientId` or `clientSecret` provided to the `drupalAuthClient` constructor do not match any configured OAuth client on your Drupal backend, or there's a typo.

fix Review your Drupal `simple_oauth` client configuration and ensure the `clientId` and `clientSecret` used in your JavaScript code are identical.

Warnings

gotcha This client requires the `simple_oauth` Drupal module to be installed and properly configured on your Drupal backend. Without it, authentication attempts will fail.
Fix: Ensure `simple_oauth` module is enabled and configured on your Drupal instance, including setting up an OAuth client with a client ID and secret matching those used in this client.
gotcha When using `client_credentials` grant type, ensure the `clientId` and `clientSecret` provided to the client constructor exactly match the values configured for your OAuth client in Drupal. Mismatched credentials will result in authentication failures.
Fix: Double-check your `clientId` and `clientSecret` against your Drupal `simple_oauth` client configuration. Consider using environment variables for sensitive credentials in production.
gotcha The `baseUrl` provided to `drupalAuthClient` must point to your Drupal site's root URL. The client will automatically append `/oauth/token` for token requests.
Fix: Verify that `https://your-drupal-site.com` (or similar) is the correct base URL for your Drupal instance. Do not include the `/oauth/token` path in the `baseUrl`.

Install

npm install drupal-auth-client npm
yarn add drupal-auth-client yarn
pnpm add drupal-auth-client pnpm

Imports

drupalAuthClient
wrong:
```
const drupalAuthClient = require('drupal-auth-client');
```
correct:
```
import { drupalAuthClient } from 'drupal-auth-client';
```
The library primarily uses named exports. Direct `require` will return an object containing the named exports.
DrupalAuthClientConfig
```
import type { DrupalAuthClientConfig } from 'drupal-auth-client';
```
Type import for configuration options, useful for TypeScript projects.

Quickstart

Demonstrates initializing the Drupal auth client with `client_credentials` and fetching an access token. Ensure `simple_oauth` is configured on your Drupal site.

import { drupalAuthClient } from 'drupal-auth-client';

const DRUPAL_BASE_URL = process.env.DRUPAL_BASE_URL ?? 'https://your-drupal-site.com';
const CLIENT_ID = process.env.DRUPAL_OAUTH_CLIENT_ID ?? 'your_client_id';
const CLIENT_SECRET = process.env.DRUPAL_OAUTH_CLIENT_SECRET ?? 'your_client_secret';

async function authenticateAndFetchToken() {
  try {
    const client = drupalAuthClient(DRUPAL_BASE_URL, {
      clientId: CLIENT_ID,
      clientSecret: CLIENT_SECRET,
    });

    const token = await client.getToken();
    console.log('Successfully obtained access token:', token.accessToken);
    console.log('Token expires in:', token.expiresIn, 'seconds');
    return token;
  } catch (error) {
    console.error('Authentication failed:', error);
    throw error;
  }
}

authenticateAndFetchToken();

view raw JSON →