@_mustachio/openauth 0.6.0

package/dist/esm/util.js

@@ -0,0 +1,54 @@
+// src/util.ts
+function getRelativeUrl(ctx, path) {
+  const result = new URL(path, ctx.req.url);
+  result.host = ctx.req.header("x-forwarded-host") || result.host;
+  result.protocol = ctx.req.header("x-forwarded-proto") || result.protocol;
+  result.port = ctx.req.header("x-forwarded-port") || result.port;
+  return result.toString();
+}
+var twoPartTlds = [
+  "co.uk",
+  "co.jp",
+  "co.kr",
+  "co.nz",
+  "co.za",
+  "co.in",
+  "com.au",
+  "com.br",
+  "com.cn",
+  "com.mx",
+  "com.tw",
+  "net.au",
+  "org.uk",
+  "ne.jp",
+  "ac.uk",
+  "gov.uk",
+  "edu.au",
+  "gov.au"
+];
+function isDomainMatch(a, b) {
+  if (a === b)
+    return true;
+  const partsA = a.split(".");
+  const partsB = b.split(".");
+  const hasTwoPartTld = twoPartTlds.some((tld) => a.endsWith("." + tld) || b.endsWith("." + tld));
+  const numParts = hasTwoPartTld ? -3 : -2;
+  const min = Math.min(partsA.length, partsB.length, numParts);
+  const tailA = partsA.slice(min).join(".");
+  const tailB = partsB.slice(min).join(".");
+  return tailA === tailB;
+}
+function lazy(fn) {
+  let value;
+  return () => {
+    if (value === undefined) {
+      value = fn();
+    }
+    return value;
+  };
+}
+export {
+  lazy,
+  isDomainMatch,
+  getRelativeUrl
+};

package/dist/types/client.d.ts

@@ -0,0 +1,466 @@
+import { SubjectSchema } from "./subject.js";
+import type { v1 } from "@standard-schema/spec";
+import { InvalidAccessTokenError, InvalidAuthorizationCodeError, InvalidRefreshTokenError } from "./error.js";
+/**
+ * The well-known information for an OAuth 2.0 authorization server.
+ * @internal
+ */
+export interface WellKnown {
+    /**
+     * The URI to the JWKS endpoint.
+     */
+    jwks_uri: string;
+    /**
+     * The URI to the token endpoint.
+     */
+    token_endpoint: string;
+    /**
+     * The URI to the authorization endpoint.
+     */
+    authorization_endpoint: string;
+}
+/**
+ * The tokens returned by the auth server.
+ */
+export interface Tokens {
+    /**
+     * The access token.
+     */
+    access: string;
+    /**
+     * The refresh token.
+     */
+    refresh: string;
+    /**
+     * The number of seconds until the access token expires.
+     */
+    expiresIn: number;
+}
+interface ResponseLike {
+    json(): Promise<unknown>;
+    ok: Response["ok"];
+}
+type FetchLike = (...args: any[]) => Promise<ResponseLike>;
+/**
+ * The challenge that you can use to verify the code.
+ */
+export type Challenge = {
+    /**
+     * The state that was sent to the redirect URI.
+     */
+    state: string;
+    /**
+     * The verifier that was sent to the redirect URI.
+     */
+    verifier?: string;
+};
+/**
+ * Configure the client.
+ */
+export interface ClientInput {
+    /**
+     * The client ID. This is just a string to identify your app.
+     *
+     * If you have a web app and a mobile app, you want to use different client IDs both.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "my-client"
+     * }
+     * ```
+     */
+    clientID: string;
+    /**
+     * The URL of your OpenAuth server.
+     *
+     * @example
+     * ```ts
+     * {
+     *   issuer: "https://auth.myserver.com"
+     * }
+     * ```
+     */
+    issuer?: string;
+    /**
+     * Optionally, override the internally used fetch function.
+     *
+     * This is useful if you are using a polyfilled fetch function in your application and you
+     * want the client to use it too.
+     */
+    fetch?: FetchLike;
+}
+export interface AuthorizeOptions {
+    /**
+     * Enable the PKCE flow. This is for SPA apps.
+     *
+     * ```ts
+     * {
+     *   pkce: true
+     * }
+     * ```
+     *
+     * @default false
+     */
+    pkce?: boolean;
+    /**
+     * The provider you want to use for the OAuth flow.
+     *
+     * ```ts
+     * {
+     *   provider: "google"
+     * }
+     * ```
+     *
+     * If no provider is specified, the user is directed to a page where they can select from the
+     * list of configured providers.
+     *
+     * If there's only one provider configured, the user will be redirected to that.
+     */
+    provider?: string;
+}
+export interface AuthorizeResult {
+    /**
+     * The challenge that you can use to verify the code. This is for the PKCE flow for SPA apps.
+     *
+     * This is an object that you _stringify_ and store it in session storage.
+     *
+     * ```ts
+     * sessionStorage.setItem("challenge", JSON.stringify(challenge))
+     * ```
+     */
+    challenge: Challenge;
+    /**
+     * The URL to redirect the user to. This starts the OAuth flow.
+     *
+     * For example, for SPA apps.
+     *
+     * ```ts
+     * location.href = url
+     * ```
+     */
+    url: string;
+}
+/**
+ * Returned when the exchange is successful.
+ */
+export interface ExchangeSuccess {
+    /**
+     * This is always `false` when the exchange is successful.
+     */
+    err: false;
+    /**
+     * The access and refresh tokens.
+     */
+    tokens: Tokens;
+}
+/**
+ * Returned when the exchange fails.
+ */
+export interface ExchangeError {
+    /**
+     * The type of error that occurred. You can handle this by checking the type.
+     *
+     * @example
+     * ```ts
+     * import { InvalidAuthorizationCodeError } from "@openauthjs/openauth/error"
+     *
+     * console.log(err instanceof InvalidAuthorizationCodeError)
+     *```
+     */
+    err: InvalidAuthorizationCodeError;
+}
+export interface RefreshOptions {
+    /**
+     * Optionally, pass in the access token.
+     */
+    access?: string;
+}
+/**
+ * Returned when the refresh is successful.
+ */
+export interface RefreshSuccess {
+    /**
+     * This is always `false` when the refresh is successful.
+     */
+    err: false;
+    /**
+     * Returns the refreshed tokens only if they've been refreshed.
+     *
+     * If they are still valid, this will be `undefined`.
+     */
+    tokens?: Tokens;
+}
+/**
+ * Returned when the refresh fails.
+ */
+export interface RefreshError {
+    /**
+     * The type of error that occurred. You can handle this by checking the type.
+     *
+     * @example
+     * ```ts
+     * import { InvalidRefreshTokenError } from "@openauthjs/openauth/error"
+     *
+     * console.log(err instanceof InvalidRefreshTokenError)
+     *```
+     */
+    err: InvalidRefreshTokenError | InvalidAccessTokenError;
+}
+export interface VerifyOptions {
+    /**
+     * Optionally, pass in the refresh token.
+     *
+     * If passed in, this will automatically refresh the access token if it has expired.
+     */
+    refresh?: string;
+    /**
+     * @internal
+     */
+    issuer?: string;
+    /**
+     * @internal
+     */
+    audience?: string;
+    /**
+     * Optionally, override the internally used fetch function.
+     *
+     * This is useful if you are using a polyfilled fetch function in your application and you
+     * want the client to use it too.
+     */
+    fetch?: FetchLike;
+}
+export interface VerifyResult<T extends SubjectSchema> {
+    /**
+     * This is always `undefined` when the verify is successful.
+     */
+    err?: undefined;
+    /**
+     * Returns the refreshed tokens only if they’ve been refreshed.
+     *
+     * If they are still valid, this will be undefined.
+     */
+    tokens?: Tokens;
+    /**
+     * @internal
+     */
+    aud: string;
+    /**
+     * The decoded subjects from the access token.
+     *
+     * Has the same shape as the subjects you defined when creating the issuer.
+     */
+    subject: {
+        [type in keyof T]: {
+            type: type;
+            properties: v1.InferOutput<T[type]>;
+        };
+    }[keyof T];
+}
+/**
+ * Returned when the verify call fails.
+ */
+export interface VerifyError {
+    /**
+     * The type of error that occurred. You can handle this by checking the type.
+     *
+     * @example
+     * ```ts
+     * import { InvalidRefreshTokenError } from "@openauthjs/openauth/error"
+     *
+     * console.log(err instanceof InvalidRefreshTokenError)
+     *```
+     */
+    err: InvalidRefreshTokenError | InvalidAccessTokenError;
+}
+/**
+ * An instance of the OpenAuth client contains the following methods.
+ */
+export interface Client {
+    /**
+     * Start the autorization flow. For example, in SSR sites.
+     *
+     * ```ts
+     * const { url } = await client.authorize(<redirect_uri>, "code")
+     * ```
+     *
+     * This takes a redirect URI and the type of flow you want to use. The redirect URI is the
+     * location where the user will be redirected to after the flow is complete.
+     *
+     * Supports both the _code_ and _token_ flows. We recommend using the _code_ flow as it's more
+     * secure.
+     *
+     * :::tip
+     * This returns a URL to redirect the user to. This starts the OAuth flow.
+     * :::
+     *
+     * This returns a URL to the auth server. You can redirect the user to the URL to start the
+     * OAuth flow.
+     *
+     * For SPA apps, we recommend using the PKCE flow.
+     *
+     * ```ts {4}
+     * const { challenge, url } = await client.authorize(
+     *   <redirect_uri>,
+     *   "code",
+     *   { pkce: true }
+     * )
+     * ```
+     *
+     * This returns a redirect URL and a challenge that you need to use later to verify the code.
+     */
+    authorize(redirectURI: string, response: "code" | "token", opts?: AuthorizeOptions): Promise<AuthorizeResult>;
+    /**
+     * Exchange the code for access and refresh tokens.
+     *
+     * ```ts
+     * const exchanged = await client.exchange(<code>, <redirect_uri>)
+     * ```
+     *
+     * You call this after the user has been redirected back to your app after the OAuth flow.
+     *
+     * :::tip
+     * For SSR sites, the code is returned in the query parameter.
+     * :::
+     *
+     * So the code comes from the query parameter in the redirect URI. The redirect URI here is
+     * the one that you passed in to the `authorize` call when starting the flow.
+     *
+     * :::tip
+     * For SPA sites, the code is returned through the URL hash.
+     * :::
+     *
+     * If you used the PKCE flow for an SPA app, the code is returned as a part of the redirect URL
+     * hash.
+     *
+     * ```ts {4}
+     * const exchanged = await client.exchange(
+     *   <code>,
+     *   <redirect_uri>,
+     *   <challenge.verifier>
+     * )
+     * ```
+     *
+     * You also need to pass in the previously stored challenge verifier.
+     *
+     * This method returns the access and refresh tokens. Or if it fails, it returns an error that
+     * you can handle depending on the error.
+     *
+     * ```ts
+     * import { InvalidAuthorizationCodeError } from "@openauthjs/openauth/error"
+     *
+     * if (exchanged.err) {
+     *   if (exchanged.err instanceof InvalidAuthorizationCodeError) {
+     *     // handle invalid code error
+     *   }
+     *   else {
+     *     // handle other errors
+     *   }
+     * }
+     *
+     * const { access, refresh } = exchanged.tokens
+     * ```
+     */
+    exchange(code: string, redirectURI: string, verifier?: string): Promise<ExchangeSuccess | ExchangeError>;
+    /**
+     * Refreshes the tokens if they have expired. This is used in an SPA app to maintain the
+     * session, without logging the user out.
+     *
+     * ```ts
+     * const next = await client.refresh(<refresh_token>)
+     * ```
+     *
+     * Can optionally take the access token as well. If passed in, this will skip the refresh
+     * if the access token is still valid.
+     *
+     * ```ts
+     * const next = await client.refresh(<refresh_token>, { access: <access_token> })
+     * ```
+     *
+     * This returns the refreshed tokens only if they've been refreshed.
+     *
+     * ```ts
+     * if (!next.err) {
+     *   // tokens are still valid
+     * }
+     * if (next.tokens) {
+     *   const { access, refresh } = next.tokens
+     * }
+     * ```
+     *
+     * Or if it fails, it returns an error that you can handle depending on the error.
+     *
+     * ```ts
+     * import { InvalidRefreshTokenError } from "@openauthjs/openauth/error"
+     *
+     * if (next.err) {
+     *   if (next.err instanceof InvalidRefreshTokenError) {
+     *     // handle invalid refresh token error
+     *   }
+     *   else {
+     *     // handle other errors
+     *   }
+     * }
+     * ```
+     */
+    refresh(refresh: string, opts?: RefreshOptions): Promise<RefreshSuccess | RefreshError>;
+    /**
+     * Verify the token in the incoming request.
+     *
+     * This is typically used for SSR sites where the token is stored in an HTTP only cookie. And
+     * is passed to the server on every request.
+     *
+     * ```ts
+     * const verified = await client.verify(<subjects>, <token>)
+     * ```
+     *
+     * This takes the subjects that you had previously defined when creating the issuer.
+     *
+     * :::tip
+     * If the refresh token is passed in, it'll automatically refresh the access token.
+     * :::
+     *
+     * This can optionally take the refresh token as well. If passed in, it'll automatically
+     * refresh the access token if it has expired.
+     *
+     * ```ts
+     * const verified = await client.verify(<subjects>, <token>, { refresh: <refresh_token> })
+     * ```
+     *
+     * This returns the decoded subjects from the access token. And the tokens if they've been
+     * refreshed.
+     *
+     * ```ts
+     * // based on the subjects you defined earlier
+     * console.log(verified.subject.properties.userID)
+     *
+     * if (verified.tokens) {
+     *   const { access, refresh } = verified.tokens
+     * }
+     * ```
+     *
+     * Or if it fails, it returns an error that you can handle depending on the error.
+     *
+     * ```ts
+     * import { InvalidRefreshTokenError } from "@openauthjs/openauth/error"
+     *
+     * if (verified.err) {
+     *   if (verified.err instanceof InvalidRefreshTokenError) {
+     *     // handle invalid refresh token error
+     *   }
+     *   else {
+     *     // handle other errors
+     *   }
+     * }
+     * ```
+     */
+    verify<T extends SubjectSchema>(subjects: T, token: string, options?: VerifyOptions): Promise<VerifyResult<T> | VerifyError>;
+}
+/**
+ * Create an OpenAuth client.
+ *
+ * @param input - Configure the client.
+ */
+export declare function createClient(input: ClientInput): Client;
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/types/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AA+CA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,uBAAuB,CAAA;AAC/C,OAAO,EACL,uBAAuB,EACvB,6BAA6B,EAC7B,wBAAwB,EAEzB,MAAM,YAAY,CAAA;AAGnB;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,cAAc,EAAE,MAAM,CAAA;IACtB;;OAEG;IACH,sBAAsB,EAAE,MAAM,CAAA;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,UAAU,YAAY;IACpB,IAAI,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACxB,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;CACnB;AACD,KAAK,SAAS,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,YAAY,CAAC,CAAA;AAE1D;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;;OAKG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,OAAO,CAAA;IACd;;;;;;;;;;;;;OAaG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;;;OAQG;IACH,SAAS,EAAE,SAAS,CAAA;IACpB;;;;;;;;OAQG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,GAAG,EAAE,KAAK,CAAA;IACV;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;;OASG;IACH,GAAG,EAAE,6BAA6B,CAAA;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,GAAG,EAAE,KAAK,CAAA;IACV;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;;;;OASG;IACH,GAAG,EAAE,wBAAwB,GAAG,uBAAuB,CAAA;CACxD;AAED,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;;OAKG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;CAClB;AAED,MAAM,WAAW,YAAY,CAAC,CAAC,SAAS,aAAa;IACnD;;OAEG;IACH,GAAG,CAAC,EAAE,SAAS,CAAA;IACf;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;;OAIG;IACH,OAAO,EAAE;SACN,IAAI,IAAI,MAAM,CAAC,GAAG;YAAE,IAAI,EAAE,IAAI,CAAC;YAAC,UAAU,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;SAAE;KACvE,CAAC,MAAM,CAAC,CAAC,CAAA;CACX;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;;;OASG;IACH,GAAG,EAAE,wBAAwB,GAAG,uBAAuB,CAAA;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GAAG,OAAO,EAC1B,IAAI,CAAC,EAAE,gBAAgB,GACtB,OAAO,CAAC,eAAe,CAAC,CAAA;IAC3B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkDG;IACH,QAAQ,CACN,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,GAAG,aAAa,CAAC,CAAA;IAC3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAwCG;IACH,OAAO,CACL,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,cAAc,GACpB,OAAO,CAAC,cAAc,GAAG,YAAY,CAAC,CAAA;IACzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiDG;IACH,MAAM,CAAC,CAAC,SAAS,aAAa,EAC5B,QAAQ,EAAE,CAAC,EACX,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAA;CAC1C;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CA0MvD"}

package/dist/types/error.d.ts

@@ -0,0 +1,77 @@
+/**
+ * A list of errors that can be thrown by OpenAuth.
+ *
+ * You can use these errors to check the type of error and handle it. For example.
+ *
+ * ```ts
+ * import { InvalidAuthorizationCodeError } from "@openauthjs/openauth/error"
+ *
+ * if (err instanceof InvalidAuthorizationCodeError) {
+ *   // handle invalid code error
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+/**
+ * The OAuth server returned an error.
+ */
+export declare class OauthError extends Error {
+    error: "invalid_request" | "invalid_grant" | "unauthorized_client" | "access_denied" | "unsupported_grant_type" | "server_error" | "temporarily_unavailable";
+    description: string;
+    constructor(error: "invalid_request" | "invalid_grant" | "unauthorized_client" | "access_denied" | "unsupported_grant_type" | "server_error" | "temporarily_unavailable", description: string);
+}
+/**
+ * The `provider` needs to be passed in.
+ */
+export declare class MissingProviderError extends OauthError {
+    constructor();
+}
+/**
+ * The given parameter is missing.
+ */
+export declare class MissingParameterError extends OauthError {
+    parameter: string;
+    constructor(parameter: string);
+}
+/**
+ * The given client is not authorized to use the redirect URI that was passed in.
+ */
+export declare class UnauthorizedClientError extends OauthError {
+    clientID: string;
+    constructor(clientID: string, redirectURI: string);
+}
+/**
+ * The browser was in an unknown state.
+ *
+ * This can happen when certain cookies have expired. Or the browser was switched in the middle
+ * of the authentication flow.
+ */
+export declare class UnknownStateError extends Error {
+    constructor();
+}
+/**
+ * The given subject is invalid.
+ */
+export declare class InvalidSubjectError extends Error {
+    constructor();
+}
+/**
+ * The given refresh token is invalid.
+ */
+export declare class InvalidRefreshTokenError extends Error {
+    constructor();
+}
+/**
+ * The given access token is invalid.
+ */
+export declare class InvalidAccessTokenError extends Error {
+    constructor();
+}
+/**
+ * The given authorization code is invalid.
+ */
+export declare class InvalidAuthorizationCodeError extends Error {
+    constructor();
+}
+//# sourceMappingURL=error.d.ts.map

package/dist/types/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/error.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;IAE1B,KAAK,EACR,iBAAiB,GACjB,eAAe,GACf,qBAAqB,GACrB,eAAe,GACf,wBAAwB,GACxB,cAAc,GACd,yBAAyB;IACtB,WAAW,EAAE,MAAM;gBARnB,KAAK,EACR,iBAAiB,GACjB,eAAe,GACf,qBAAqB,GACrB,eAAe,GACf,wBAAwB,GACxB,cAAc,GACd,yBAAyB,EACtB,WAAW,EAAE,MAAM;CAI7B;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,UAAU;;CAOnD;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;IAChC,SAAS,EAAE,MAAM;gBAAjB,SAAS,EAAE,MAAM;CAGrC;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IAE5C,QAAQ,EAAE,MAAM;gBAAhB,QAAQ,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM;CAOtB;AAED;;;;;GAKG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;;CAI7C;AAED;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;;CAIlD;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;;CAIjD;AAED;;GAEG;AACH,qBAAa,6BAA8B,SAAQ,KAAK;;CAIvD"}

package/dist/types/index.d.ts

@@ -0,0 +1,20 @@
+export { 
+/**
+ * @deprecated
+ * Use `import { createClient } from "@openauthjs/openauth/client"` instead - it will tree shake better
+ */
+createClient, } from "./client.js";
+export { 
+/**
+ * @deprecated
+ * Use `import { createSubjects } from "@openauthjs/openauth/subject"` instead - it will tree shake better
+ */
+createSubjects, } from "./subject.js";
+import { issuer } from "./issuer.js";
+export { 
+/**
+ * @deprecated
+ * Use `import { issuer } from "@openauthjs/openauth"` instead, it was renamed
+ */
+issuer as authorizer, issuer, };
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO;AACL;;;GAGG;AACH,YAAY,GACb,MAAM,aAAa,CAAA;AAEpB,OAAO;AACL;;;GAGG;AACH,cAAc,GACf,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO;AACL;;;GAGG;AACH,MAAM,IAAI,UAAU,EACpB,MAAM,GACP,CAAA"}