Low-Level OAuth 2 / OpenID Connect Client API

oauth4webapi is a low-level JavaScript client library for implementing OAuth 2.1, OAuth 2.0 (with Security BCPs), FAPI 2.0, and OpenID Connect protocols. It provides a comprehensive set of routines for authorization server metadata discovery, various grant flows (Authorization Code Flow with PKCE, Refresh Token, Device Authorization, CIBA, Client Credentials), DPoP, Token Introspection/Revocation, PAR, UserInfo requests, and JWT-secured mechanisms. The library emphasizes secure, up-to-date best practices and is designed to run consistently across browser and non-browser JavaScript runtimes, including Node.js, Deno, and Bun. Currently at version 3.8.5, it receives frequent patch and minor releases, indicated by the detailed changelog. A key differentiator is its zero-dependency footprint and OpenID Connect certification, promoting high-assurance security standards without external dependencies.