@agentuity/core 1.0.55 → 1.0.56
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/services/oauth/flow.d.ts +31 -0
- package/dist/services/oauth/flow.d.ts.map +1 -1
- package/dist/services/oauth/flow.js +138 -13
- package/dist/services/oauth/flow.js.map +1 -1
- package/dist/services/oauth/index.d.ts +1 -0
- package/dist/services/oauth/index.d.ts.map +1 -1
- package/dist/services/oauth/index.js +1 -0
- package/dist/services/oauth/index.js.map +1 -1
- package/dist/services/oauth/token-storage.d.ts +109 -0
- package/dist/services/oauth/token-storage.d.ts.map +1 -0
- package/dist/services/oauth/token-storage.js +140 -0
- package/dist/services/oauth/token-storage.js.map +1 -0
- package/dist/services/oauth/types.d.ts +11 -0
- package/dist/services/oauth/types.d.ts.map +1 -1
- package/dist/services/oauth/types.js +19 -0
- package/dist/services/oauth/types.js.map +1 -1
- package/dist/services/sandbox/execute.d.ts.map +1 -1
- package/dist/services/sandbox/execute.js +22 -11
- package/dist/services/sandbox/execute.js.map +1 -1
- package/dist/services/sandbox/run.d.ts.map +1 -1
- package/dist/services/sandbox/run.js +64 -25
- package/dist/services/sandbox/run.js.map +1 -1
- package/dist/services/sandbox/types.d.ts +8 -0
- package/dist/services/sandbox/types.d.ts.map +1 -1
- package/dist/services/sandbox/types.js +14 -0
- package/dist/services/sandbox/types.js.map +1 -1
- package/package.json +2 -2
- package/src/services/oauth/flow.ts +156 -15
- package/src/services/oauth/index.ts +1 -0
- package/src/services/oauth/token-storage.ts +220 -0
- package/src/services/oauth/types.ts +26 -0
- package/src/services/sandbox/execute.ts +26 -12
- package/src/services/sandbox/run.ts +105 -29
- package/src/services/sandbox/types.ts +14 -0
|
@@ -34,6 +34,37 @@ export declare function buildAuthorizeUrl(redirectUri: string, config?: OAuthFlo
|
|
|
34
34
|
* ```
|
|
35
35
|
*/
|
|
36
36
|
export declare function exchangeToken(code: string, redirectUri: string, config?: OAuthFlowConfig): Promise<OAuthTokenResponse>;
|
|
37
|
+
/**
|
|
38
|
+
* Refresh an access token using a refresh token.
|
|
39
|
+
*
|
|
40
|
+
* @param refreshTokenValue - The refresh token obtained from a previous token exchange
|
|
41
|
+
* @param config - Optional OAuth configuration. Falls back to environment variables.
|
|
42
|
+
* @returns The token response including a new access_token, and optionally a new refresh_token
|
|
43
|
+
*
|
|
44
|
+
* @example
|
|
45
|
+
* ```typescript
|
|
46
|
+
* const newToken = await refreshToken(previousToken.refresh_token!);
|
|
47
|
+
* console.log(newToken.access_token);
|
|
48
|
+
* ```
|
|
49
|
+
*/
|
|
50
|
+
export declare function refreshToken(refreshTokenValue: string, config?: OAuthFlowConfig): Promise<OAuthTokenResponse>;
|
|
51
|
+
/**
|
|
52
|
+
* Revoke an OAuth token (access token or refresh token) to log the user out.
|
|
53
|
+
*
|
|
54
|
+
* Calls the token revocation endpoint (RFC 7009). The server will invalidate
|
|
55
|
+
* the token so it can no longer be used. Per the spec, the endpoint returns
|
|
56
|
+
* a success response even if the token was already invalid.
|
|
57
|
+
*
|
|
58
|
+
* @param token - The access token or refresh token to revoke
|
|
59
|
+
* @param config - Optional OAuth configuration. Falls back to environment variables.
|
|
60
|
+
*
|
|
61
|
+
* @example
|
|
62
|
+
* ```typescript
|
|
63
|
+
* // Revoke the refresh token to fully log out
|
|
64
|
+
* await logout(token.refresh_token!);
|
|
65
|
+
* ```
|
|
66
|
+
*/
|
|
67
|
+
export declare function logout(token: string, config?: OAuthFlowConfig): Promise<void>;
|
|
37
68
|
/**
|
|
38
69
|
* Fetch user information from the OIDC userinfo endpoint using an access token.
|
|
39
70
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/flow.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/flow.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAgDrF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,eAAe,GAAG,MAAM,CA2BvF;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CAClC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,eAAe,GACtB,OAAO,CAAC,kBAAkB,CAAC,CAoD7B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,YAAY,CACjC,iBAAiB,EAAE,MAAM,EACzB,MAAM,CAAC,EAAE,eAAe,GACtB,OAAO,CAAC,kBAAkB,CAAC,CAmD7B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA+CnF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CAClC,WAAW,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,eAAe,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB"}
|
|
@@ -19,9 +19,24 @@ function resolveConfig(config) {
|
|
|
19
19
|
const userinfoUrl = config?.userinfoUrl ??
|
|
20
20
|
getEnv('OAUTH_USERINFO_URL') ??
|
|
21
21
|
(issuer ? `${issuer}/userinfo` : undefined);
|
|
22
|
+
const revokeUrl = config?.revokeUrl ?? getEnv('OAUTH_REVOKE_URL') ?? (issuer ? `${issuer}/revoke` : undefined);
|
|
23
|
+
const endSessionUrl = config?.endSessionUrl ??
|
|
24
|
+
getEnv('OAUTH_END_SESSION_URL') ??
|
|
25
|
+
(issuer ? `${issuer}/end_session` : undefined);
|
|
22
26
|
const scopes = config?.scopes ?? getEnv('OAUTH_SCOPES') ?? 'openid profile email';
|
|
23
27
|
const prompt = config?.prompt;
|
|
24
|
-
return {
|
|
28
|
+
return {
|
|
29
|
+
clientId,
|
|
30
|
+
clientSecret,
|
|
31
|
+
issuer,
|
|
32
|
+
authorizeUrl,
|
|
33
|
+
tokenUrl,
|
|
34
|
+
userinfoUrl,
|
|
35
|
+
revokeUrl,
|
|
36
|
+
endSessionUrl,
|
|
37
|
+
scopes,
|
|
38
|
+
prompt,
|
|
39
|
+
};
|
|
25
40
|
}
|
|
26
41
|
/**
|
|
27
42
|
* Build an OAuth 2.0 authorization URL for redirecting the user to the OIDC provider.
|
|
@@ -96,8 +111,6 @@ export async function exchangeToken(code, redirectUri, config) {
|
|
|
96
111
|
message: 'No client secret configured. Set OAUTH_CLIENT_SECRET environment variable.',
|
|
97
112
|
});
|
|
98
113
|
}
|
|
99
|
-
const controller = new AbortController();
|
|
100
|
-
const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
|
|
101
114
|
let response;
|
|
102
115
|
try {
|
|
103
116
|
response = await fetch(resolved.tokenUrl, {
|
|
@@ -110,19 +123,17 @@ export async function exchangeToken(code, redirectUri, config) {
|
|
|
110
123
|
client_id: resolved.clientId,
|
|
111
124
|
client_secret: resolved.clientSecret,
|
|
112
125
|
}),
|
|
113
|
-
signal:
|
|
126
|
+
signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
|
|
114
127
|
});
|
|
115
128
|
}
|
|
116
129
|
catch (err) {
|
|
117
|
-
|
|
118
|
-
if (err instanceof DOMException && err.name === 'AbortError') {
|
|
130
|
+
if (err instanceof DOMException && err.name === 'TimeoutError') {
|
|
119
131
|
throw new OAuthResponseError({
|
|
120
132
|
message: `Token exchange timed out after ${DEFAULT_TIMEOUT_MS}ms`,
|
|
121
133
|
});
|
|
122
134
|
}
|
|
123
135
|
throw err;
|
|
124
136
|
}
|
|
125
|
-
clearTimeout(timer);
|
|
126
137
|
if (!response.ok) {
|
|
127
138
|
const error = await response.text();
|
|
128
139
|
throw new OAuthResponseError({
|
|
@@ -132,6 +143,124 @@ export async function exchangeToken(code, redirectUri, config) {
|
|
|
132
143
|
const data = await response.json();
|
|
133
144
|
return OAuthTokenResponseSchema.parse(data);
|
|
134
145
|
}
|
|
146
|
+
/**
|
|
147
|
+
* Refresh an access token using a refresh token.
|
|
148
|
+
*
|
|
149
|
+
* @param refreshTokenValue - The refresh token obtained from a previous token exchange
|
|
150
|
+
* @param config - Optional OAuth configuration. Falls back to environment variables.
|
|
151
|
+
* @returns The token response including a new access_token, and optionally a new refresh_token
|
|
152
|
+
*
|
|
153
|
+
* @example
|
|
154
|
+
* ```typescript
|
|
155
|
+
* const newToken = await refreshToken(previousToken.refresh_token!);
|
|
156
|
+
* console.log(newToken.access_token);
|
|
157
|
+
* ```
|
|
158
|
+
*/
|
|
159
|
+
export async function refreshToken(refreshTokenValue, config) {
|
|
160
|
+
const resolved = resolveConfig(config);
|
|
161
|
+
if (!resolved.tokenUrl) {
|
|
162
|
+
throw new OAuthResponseError({
|
|
163
|
+
message: 'No token URL configured. Set OAUTH_TOKEN_URL or OAUTH_ISSUER environment variable.',
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
if (!resolved.clientId) {
|
|
167
|
+
throw new OAuthResponseError({
|
|
168
|
+
message: 'No client ID configured. Set OAUTH_CLIENT_ID environment variable.',
|
|
169
|
+
});
|
|
170
|
+
}
|
|
171
|
+
const params = new URLSearchParams({
|
|
172
|
+
grant_type: 'refresh_token',
|
|
173
|
+
refresh_token: refreshTokenValue,
|
|
174
|
+
client_id: resolved.clientId,
|
|
175
|
+
});
|
|
176
|
+
if (resolved.clientSecret) {
|
|
177
|
+
params.set('client_secret', resolved.clientSecret);
|
|
178
|
+
}
|
|
179
|
+
let response;
|
|
180
|
+
try {
|
|
181
|
+
response = await fetch(resolved.tokenUrl, {
|
|
182
|
+
method: 'POST',
|
|
183
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
184
|
+
body: params,
|
|
185
|
+
signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
catch (err) {
|
|
189
|
+
if (err instanceof DOMException && err.name === 'TimeoutError') {
|
|
190
|
+
throw new OAuthResponseError({
|
|
191
|
+
message: `Token refresh timed out after ${DEFAULT_TIMEOUT_MS}ms`,
|
|
192
|
+
});
|
|
193
|
+
}
|
|
194
|
+
throw err;
|
|
195
|
+
}
|
|
196
|
+
if (!response.ok) {
|
|
197
|
+
const error = await response.text();
|
|
198
|
+
throw new OAuthResponseError({
|
|
199
|
+
message: `Token refresh failed (${response.status}): ${error}`,
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
const data = await response.json();
|
|
203
|
+
return OAuthTokenResponseSchema.parse(data);
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Revoke an OAuth token (access token or refresh token) to log the user out.
|
|
207
|
+
*
|
|
208
|
+
* Calls the token revocation endpoint (RFC 7009). The server will invalidate
|
|
209
|
+
* the token so it can no longer be used. Per the spec, the endpoint returns
|
|
210
|
+
* a success response even if the token was already invalid.
|
|
211
|
+
*
|
|
212
|
+
* @param token - The access token or refresh token to revoke
|
|
213
|
+
* @param config - Optional OAuth configuration. Falls back to environment variables.
|
|
214
|
+
*
|
|
215
|
+
* @example
|
|
216
|
+
* ```typescript
|
|
217
|
+
* // Revoke the refresh token to fully log out
|
|
218
|
+
* await logout(token.refresh_token!);
|
|
219
|
+
* ```
|
|
220
|
+
*/
|
|
221
|
+
export async function logout(token, config) {
|
|
222
|
+
const resolved = resolveConfig(config);
|
|
223
|
+
if (!resolved.revokeUrl) {
|
|
224
|
+
throw new OAuthResponseError({
|
|
225
|
+
message: 'No revoke URL configured. Set OAUTH_REVOKE_URL or OAUTH_ISSUER environment variable.',
|
|
226
|
+
});
|
|
227
|
+
}
|
|
228
|
+
if (!resolved.clientId) {
|
|
229
|
+
throw new OAuthResponseError({
|
|
230
|
+
message: 'No client ID configured. Set OAUTH_CLIENT_ID environment variable.',
|
|
231
|
+
});
|
|
232
|
+
}
|
|
233
|
+
const params = new URLSearchParams({
|
|
234
|
+
token,
|
|
235
|
+
client_id: resolved.clientId,
|
|
236
|
+
});
|
|
237
|
+
if (resolved.clientSecret) {
|
|
238
|
+
params.set('client_secret', resolved.clientSecret);
|
|
239
|
+
}
|
|
240
|
+
let response;
|
|
241
|
+
try {
|
|
242
|
+
response = await fetch(resolved.revokeUrl, {
|
|
243
|
+
method: 'POST',
|
|
244
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
245
|
+
body: params,
|
|
246
|
+
signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
|
|
247
|
+
});
|
|
248
|
+
}
|
|
249
|
+
catch (err) {
|
|
250
|
+
if (err instanceof DOMException && err.name === 'TimeoutError') {
|
|
251
|
+
throw new OAuthResponseError({
|
|
252
|
+
message: `Token revocation timed out after ${DEFAULT_TIMEOUT_MS}ms`,
|
|
253
|
+
});
|
|
254
|
+
}
|
|
255
|
+
throw err;
|
|
256
|
+
}
|
|
257
|
+
if (!response.ok) {
|
|
258
|
+
const error = await response.text();
|
|
259
|
+
throw new OAuthResponseError({
|
|
260
|
+
message: `Token revocation failed (${response.status}): ${error}`,
|
|
261
|
+
});
|
|
262
|
+
}
|
|
263
|
+
}
|
|
135
264
|
/**
|
|
136
265
|
* Fetch user information from the OIDC userinfo endpoint using an access token.
|
|
137
266
|
*
|
|
@@ -152,25 +281,21 @@ export async function fetchUserInfo(accessToken, config) {
|
|
|
152
281
|
message: 'No userinfo URL configured. Set OAUTH_USERINFO_URL or OAUTH_ISSUER environment variable.',
|
|
153
282
|
});
|
|
154
283
|
}
|
|
155
|
-
const controller = new AbortController();
|
|
156
|
-
const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
|
|
157
284
|
let response;
|
|
158
285
|
try {
|
|
159
286
|
response = await fetch(resolved.userinfoUrl, {
|
|
160
287
|
headers: { Authorization: `Bearer ${accessToken}` },
|
|
161
|
-
signal:
|
|
288
|
+
signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
|
|
162
289
|
});
|
|
163
290
|
}
|
|
164
291
|
catch (err) {
|
|
165
|
-
|
|
166
|
-
if (err instanceof DOMException && err.name === 'AbortError') {
|
|
292
|
+
if (err instanceof DOMException && err.name === 'TimeoutError') {
|
|
167
293
|
throw new OAuthResponseError({
|
|
168
294
|
message: `Userinfo request timed out after ${DEFAULT_TIMEOUT_MS}ms`,
|
|
169
295
|
});
|
|
170
296
|
}
|
|
171
297
|
throw err;
|
|
172
298
|
}
|
|
173
|
-
clearTimeout(timer);
|
|
174
299
|
if (!response.ok) {
|
|
175
300
|
const error = await response.text();
|
|
176
301
|
throw new OAuthResponseError({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../../../src/services/oauth/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAG3E,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;GAGG;AACH,SAAS,aAAa,CAAC,MAAwB;IAC9C,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ,IAAI,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,cAAc,CAAC,CAAC;IACxD,MAAM,YAAY,GACjB,MAAM,EAAE,YAAY;QACpB,MAAM,CAAC,qBAAqB,CAAC;QAC7B,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,QAAQ,GACb,MAAM,EAAE,QAAQ;QAChB,MAAM,CAAC,iBAAiB,CAAC;QACzB,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAChB,MAAM,EAAE,WAAW;QACnB,MAAM,CAAC,oBAAoB,CAAC;QAC5B,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,cAAc,CAAC,IAAI,sBAAsB,CAAC;IAElF,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC;IAE9B,OAAO,
|
|
1
|
+
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../../../src/services/oauth/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAG3E,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;GAGG;AACH,SAAS,aAAa,CAAC,MAAwB;IAC9C,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ,IAAI,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,cAAc,CAAC,CAAC;IACxD,MAAM,YAAY,GACjB,MAAM,EAAE,YAAY;QACpB,MAAM,CAAC,qBAAqB,CAAC;QAC7B,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,QAAQ,GACb,MAAM,EAAE,QAAQ;QAChB,MAAM,CAAC,iBAAiB,CAAC;QACzB,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAChB,MAAM,EAAE,WAAW;QACnB,MAAM,CAAC,oBAAoB,CAAC;QAC5B,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,SAAS,GACd,MAAM,EAAE,SAAS,IAAI,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC9F,MAAM,aAAa,GAClB,MAAM,EAAE,aAAa;QACrB,MAAM,CAAC,uBAAuB,CAAC;QAC/B,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,cAAc,CAAC,IAAI,sBAAsB,CAAC;IAElF,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC;IAE9B,OAAO;QACN,QAAQ;QACR,YAAY;QACZ,MAAM;QACN,YAAY;QACZ,QAAQ;QACR,WAAW;QACX,SAAS;QACT,aAAa;QACb,MAAM;QACN,MAAM;KACN,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB,EAAE,MAAwB;IAC9E,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC5B,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EACN,4FAA4F;SAC7F,CAAC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,oEAAoE;SAC7E,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QAClC,SAAS,EAAE,QAAQ,CAAC,QAAQ;QAC5B,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,QAAQ,CAAC,MAAM;KACtB,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,QAAQ,CAAC,YAAY,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AACxD,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,IAAY,EACZ,WAAmB,EACnB,MAAwB;IAExB,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EACN,oFAAoF;SACrF,CAAC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,oEAAoE;SAC7E,CAAC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC5B,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,4EAA4E;SACrF,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACJ,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE;YACzC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACzB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,aAAa,EAAE,QAAQ,CAAC,YAAY;aACpC,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAChE,MAAM,IAAI,kBAAkB,CAAC;gBAC5B,OAAO,EAAE,kCAAkC,kBAAkB,IAAI;aACjE,CAAC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,0BAA0B,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE;SAC/D,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,OAAO,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,iBAAyB,EACzB,MAAwB;IAExB,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EACN,oFAAoF;SACrF,CAAC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,oEAAoE;SAC7E,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QAClC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,iBAAiB;QAChC,SAAS,EAAE,QAAQ,CAAC,QAAQ;KAC5B,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACJ,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE;YACzC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAChE,MAAM,IAAI,kBAAkB,CAAC;gBAC5B,OAAO,EAAE,iCAAiC,kBAAkB,IAAI;aAChE,CAAC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,yBAAyB,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE;SAC9D,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,OAAO,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,KAAa,EAAE,MAAwB;IACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EACN,sFAAsF;SACvF,CAAC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,oEAAoE;SAC7E,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QAClC,KAAK;QACL,SAAS,EAAE,QAAQ,CAAC,QAAQ;KAC5B,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACJ,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,SAAS,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAChE,MAAM,IAAI,kBAAkB,CAAC;gBAC5B,OAAO,EAAE,oCAAoC,kBAAkB,IAAI;aACnE,CAAC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,4BAA4B,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE;SACjE,CAAC,CAAC;IACJ,CAAC;AACF,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,WAAmB,EACnB,MAAwB;IAExB,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EACN,0FAA0F;SAC3F,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACJ,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE;YAC5C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;YACnD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAChE,MAAM,IAAI,kBAAkB,CAAC;gBAC5B,OAAO,EAAE,oCAAoC,kBAAkB,IAAI;aACnE,CAAC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,kBAAkB,CAAC;YAC5B,OAAO,EAAE,8BAA8B,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE;SACnE,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,OAAO,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,oBAAoB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/oauth/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/oauth/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,oBAAoB,CAAC"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
import type { KeyValueStorage } from '../keyvalue/service.ts';
|
|
2
|
+
import type { OAuthFlowConfig, OAuthTokenResponse, StoredToken } from './types.ts';
|
|
3
|
+
/**
|
|
4
|
+
* Check whether a stored token's access token has expired.
|
|
5
|
+
*
|
|
6
|
+
* @param token - The stored token to check
|
|
7
|
+
* @returns true if the token has an expires_at timestamp that is in the past
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```typescript
|
|
11
|
+
* const token = await storage.get('user:123');
|
|
12
|
+
* if (token && isTokenExpired(token)) {
|
|
13
|
+
* // Token is expired and auto-refresh wasn't available
|
|
14
|
+
* }
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
export declare function isTokenExpired(token: StoredToken): boolean;
|
|
18
|
+
/**
|
|
19
|
+
* Options for configuring a TokenStorage instance.
|
|
20
|
+
*/
|
|
21
|
+
export interface TokenStorageOptions {
|
|
22
|
+
/**
|
|
23
|
+
* OAuth configuration for auto-refresh and token revocation.
|
|
24
|
+
* If not provided, auto-refresh on get() and server-side revocation on invalidate() are disabled.
|
|
25
|
+
*/
|
|
26
|
+
config?: OAuthFlowConfig;
|
|
27
|
+
/**
|
|
28
|
+
* KV namespace for storing tokens. Defaults to 'oauth-tokens'.
|
|
29
|
+
*/
|
|
30
|
+
namespace?: string;
|
|
31
|
+
/**
|
|
32
|
+
* Key prefix prepended to all storage keys.
|
|
33
|
+
* Useful for scoping tokens by application or tenant.
|
|
34
|
+
*/
|
|
35
|
+
prefix?: string;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Interface for storing, retrieving, and invalidating OAuth tokens.
|
|
39
|
+
*
|
|
40
|
+
* Implementations handle persistence and may support automatic token refresh
|
|
41
|
+
* on retrieval and server-side revocation on invalidation.
|
|
42
|
+
*/
|
|
43
|
+
export interface TokenStorage {
|
|
44
|
+
/**
|
|
45
|
+
* Retrieve a stored token by key.
|
|
46
|
+
*
|
|
47
|
+
* If the token is expired and a refresh_token is available (and config is provided),
|
|
48
|
+
* the token is automatically refreshed, stored, and the new token is returned.
|
|
49
|
+
* If auto-refresh fails, the expired token is returned so the caller can decide
|
|
50
|
+
* how to handle it (check with {@link isTokenExpired}).
|
|
51
|
+
*
|
|
52
|
+
* @param key - The storage key (e.g. a user ID or session ID)
|
|
53
|
+
* @returns The stored token, or null if no token exists for the key
|
|
54
|
+
*/
|
|
55
|
+
get(key: string): Promise<StoredToken | null>;
|
|
56
|
+
/**
|
|
57
|
+
* Store a token response from a token exchange or refresh.
|
|
58
|
+
*
|
|
59
|
+
* Automatically computes `expires_at` from `expires_in` if present.
|
|
60
|
+
*
|
|
61
|
+
* @param key - The storage key (e.g. a user ID or session ID)
|
|
62
|
+
* @param token - The OAuth token response to store
|
|
63
|
+
*/
|
|
64
|
+
set(key: string, token: OAuthTokenResponse): Promise<void>;
|
|
65
|
+
/**
|
|
66
|
+
* Invalidate a stored token: revoke it server-side and remove from storage.
|
|
67
|
+
*
|
|
68
|
+
* If config is provided, the refresh token (or access token as fallback)
|
|
69
|
+
* is revoked via the token revocation endpoint. Revocation is best-effort —
|
|
70
|
+
* the token is removed from storage regardless of whether revocation succeeds.
|
|
71
|
+
*
|
|
72
|
+
* @param key - The storage key to invalidate
|
|
73
|
+
* @returns The token that was removed, or null if no token existed
|
|
74
|
+
*/
|
|
75
|
+
invalidate(key: string): Promise<StoredToken | null>;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Token storage backed by Agentuity's Key-Value storage service.
|
|
79
|
+
*
|
|
80
|
+
* Stores tokens as JSON in a KV namespace. Supports automatic token refresh
|
|
81
|
+
* on retrieval when tokens expire (if OAuth config is provided).
|
|
82
|
+
*
|
|
83
|
+
* @example
|
|
84
|
+
* ```typescript
|
|
85
|
+
* import { KeyValueTokenStorage } from '@agentuity/core/oauth';
|
|
86
|
+
*
|
|
87
|
+
* // Create storage with auto-refresh enabled
|
|
88
|
+
* const storage = new KeyValueTokenStorage(ctx.kv, {
|
|
89
|
+
* config: { issuer: 'https://auth.example.com' },
|
|
90
|
+
* });
|
|
91
|
+
*
|
|
92
|
+
* // Store a token after initial exchange
|
|
93
|
+
* await storage.set('user:123', tokenResponse);
|
|
94
|
+
*
|
|
95
|
+
* // Retrieve — auto-refreshes if expired
|
|
96
|
+
* const token = await storage.get('user:123');
|
|
97
|
+
*
|
|
98
|
+
* // Logout — revokes server-side and removes from storage
|
|
99
|
+
* await storage.invalidate('user:123');
|
|
100
|
+
* ```
|
|
101
|
+
*/
|
|
102
|
+
export declare class KeyValueTokenStorage implements TokenStorage {
|
|
103
|
+
#private;
|
|
104
|
+
constructor(kv: KeyValueStorage, options?: TokenStorageOptions);
|
|
105
|
+
get(key: string): Promise<StoredToken | null>;
|
|
106
|
+
set(key: string, token: OAuthTokenResponse): Promise<void>;
|
|
107
|
+
invalidate(key: string): Promise<StoredToken | null>;
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=token-storage.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-storage.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/token-storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAMnF;;;;;;;;;;;;;GAaG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAG1D;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;OAGG;IACH,MAAM,CAAC,EAAE,eAAe,CAAC;IAEzB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC5B;;;;;;;;;;OAUG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAE9C;;;;;;;OAOG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3D;;;;;;;;;OASG;IACH,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CACrD;AAgBD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,oBAAqB,YAAW,YAAY;;gBAM5C,EAAE,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,mBAAmB;IAOxD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAyB7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAK1D,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CA8C1D"}
|
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
import { StoredTokenSchema } from "./types.js";
|
|
2
|
+
import { refreshToken, logout } from "./flow.js";
|
|
3
|
+
const DEFAULT_NAMESPACE = 'oauth-tokens';
|
|
4
|
+
/**
|
|
5
|
+
* Check whether a stored token's access token has expired.
|
|
6
|
+
*
|
|
7
|
+
* @param token - The stored token to check
|
|
8
|
+
* @returns true if the token has an expires_at timestamp that is in the past
|
|
9
|
+
*
|
|
10
|
+
* @example
|
|
11
|
+
* ```typescript
|
|
12
|
+
* const token = await storage.get('user:123');
|
|
13
|
+
* if (token && isTokenExpired(token)) {
|
|
14
|
+
* // Token is expired and auto-refresh wasn't available
|
|
15
|
+
* }
|
|
16
|
+
* ```
|
|
17
|
+
*/
|
|
18
|
+
export function isTokenExpired(token) {
|
|
19
|
+
if (!token.expires_at)
|
|
20
|
+
return false;
|
|
21
|
+
return Math.floor(Date.now() / 1000) >= token.expires_at;
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Convert an OAuth token response to a StoredToken with computed expires_at.
|
|
25
|
+
*/
|
|
26
|
+
function toStoredToken(token) {
|
|
27
|
+
return {
|
|
28
|
+
access_token: token.access_token,
|
|
29
|
+
token_type: token.token_type,
|
|
30
|
+
refresh_token: token.refresh_token,
|
|
31
|
+
scope: token.scope,
|
|
32
|
+
id_token: token.id_token,
|
|
33
|
+
expires_at: token.expires_in ? Math.floor(Date.now() / 1000) + token.expires_in : undefined,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Token storage backed by Agentuity's Key-Value storage service.
|
|
38
|
+
*
|
|
39
|
+
* Stores tokens as JSON in a KV namespace. Supports automatic token refresh
|
|
40
|
+
* on retrieval when tokens expire (if OAuth config is provided).
|
|
41
|
+
*
|
|
42
|
+
* @example
|
|
43
|
+
* ```typescript
|
|
44
|
+
* import { KeyValueTokenStorage } from '@agentuity/core/oauth';
|
|
45
|
+
*
|
|
46
|
+
* // Create storage with auto-refresh enabled
|
|
47
|
+
* const storage = new KeyValueTokenStorage(ctx.kv, {
|
|
48
|
+
* config: { issuer: 'https://auth.example.com' },
|
|
49
|
+
* });
|
|
50
|
+
*
|
|
51
|
+
* // Store a token after initial exchange
|
|
52
|
+
* await storage.set('user:123', tokenResponse);
|
|
53
|
+
*
|
|
54
|
+
* // Retrieve — auto-refreshes if expired
|
|
55
|
+
* const token = await storage.get('user:123');
|
|
56
|
+
*
|
|
57
|
+
* // Logout — revokes server-side and removes from storage
|
|
58
|
+
* await storage.invalidate('user:123');
|
|
59
|
+
* ```
|
|
60
|
+
*/
|
|
61
|
+
export class KeyValueTokenStorage {
|
|
62
|
+
#kv;
|
|
63
|
+
#namespace;
|
|
64
|
+
#prefix;
|
|
65
|
+
#config;
|
|
66
|
+
constructor(kv, options) {
|
|
67
|
+
this.#kv = kv;
|
|
68
|
+
this.#namespace = options?.namespace ?? DEFAULT_NAMESPACE;
|
|
69
|
+
this.#prefix = options?.prefix ?? '';
|
|
70
|
+
this.#config = options?.config;
|
|
71
|
+
}
|
|
72
|
+
async get(key) {
|
|
73
|
+
const result = await this.#kv.get(this.#namespace, this.#resolveKey(key));
|
|
74
|
+
if (!result.exists)
|
|
75
|
+
return null;
|
|
76
|
+
const parsed = StoredTokenSchema.safeParse(result.data);
|
|
77
|
+
if (!parsed.success)
|
|
78
|
+
return null;
|
|
79
|
+
const token = parsed.data;
|
|
80
|
+
// Auto-refresh if expired and refresh_token + config are available
|
|
81
|
+
if (isTokenExpired(token) && token.refresh_token && this.#config) {
|
|
82
|
+
try {
|
|
83
|
+
const newTokenResponse = await refreshToken(token.refresh_token, this.#config);
|
|
84
|
+
const newStored = toStoredToken(newTokenResponse);
|
|
85
|
+
await this.#store(key, newStored);
|
|
86
|
+
return newStored;
|
|
87
|
+
}
|
|
88
|
+
catch {
|
|
89
|
+
// Refresh failed — return the expired token, caller can check isTokenExpired()
|
|
90
|
+
return token;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return token;
|
|
94
|
+
}
|
|
95
|
+
async set(key, token) {
|
|
96
|
+
const stored = toStoredToken(token);
|
|
97
|
+
await this.#store(key, stored);
|
|
98
|
+
}
|
|
99
|
+
async invalidate(key) {
|
|
100
|
+
const resolvedKey = this.#resolveKey(key);
|
|
101
|
+
const result = await this.#kv.get(this.#namespace, resolvedKey);
|
|
102
|
+
if (!result.exists)
|
|
103
|
+
return null;
|
|
104
|
+
const parsed = StoredTokenSchema.safeParse(result.data);
|
|
105
|
+
const token = parsed.success ? parsed.data : null;
|
|
106
|
+
// Revoke server-side (best effort)
|
|
107
|
+
if (token && this.#config) {
|
|
108
|
+
const tokenToRevoke = token.refresh_token ?? token.access_token;
|
|
109
|
+
try {
|
|
110
|
+
await logout(tokenToRevoke, this.#config);
|
|
111
|
+
}
|
|
112
|
+
catch {
|
|
113
|
+
// Best effort — continue with storage cleanup
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// Remove from storage regardless of revocation result
|
|
117
|
+
await this.#kv.delete(this.#namespace, resolvedKey);
|
|
118
|
+
return token;
|
|
119
|
+
}
|
|
120
|
+
async #store(key, token) {
|
|
121
|
+
// Only set explicit TTL for tokens without a refresh_token.
|
|
122
|
+
// Tokens with refresh capability persist until explicitly invalidated
|
|
123
|
+
// (auto-refresh on get() will keep them fresh).
|
|
124
|
+
let ttl;
|
|
125
|
+
if (!token.refresh_token && token.expires_at) {
|
|
126
|
+
const remaining = token.expires_at - Math.floor(Date.now() / 1000);
|
|
127
|
+
if (remaining > 0) {
|
|
128
|
+
ttl = Math.max(remaining, 60); // KV minimum is 60 seconds
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
await this.#kv.set(this.#namespace, this.#resolveKey(key), token, {
|
|
132
|
+
ttl,
|
|
133
|
+
contentType: 'application/json',
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
#resolveKey(key) {
|
|
137
|
+
return this.#prefix ? `${this.#prefix}${key}` : key;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
//# sourceMappingURL=token-storage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-storage.js","sourceRoot":"","sources":["../../../src/services/oauth/token-storage.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEjD,MAAM,iBAAiB,GAAG,cAAc,CAAC;AAEzC;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,cAAc,CAAC,KAAkB;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC;AAC1D,CAAC;AAmED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAyB;IAC/C,OAAO;QACN,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;KAC3F,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,oBAAoB;IAChC,GAAG,CAAkB;IACrB,UAAU,CAAS;IACnB,OAAO,CAAS;IAChB,OAAO,CAAmB;IAE1B,YAAY,EAAmB,EAAE,OAA6B;QAC7D,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,SAAS,IAAI,iBAAiB,CAAC;QAC1D,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,MAAM,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAc,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEhC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC;QAE1B,mEAAmE;QACnE,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClE,IAAI,CAAC;gBACJ,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/E,MAAM,SAAS,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBAClC,OAAO,SAAS,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACR,+EAA+E;gBAC/E,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAyB;QAC/C,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW;QAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAc,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE7E,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEhC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAElD,mCAAmC;QACnC,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,YAAY,CAAC;YAChE,IAAI,CAAC;gBACJ,MAAM,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACR,8CAA8C;YAC/C,CAAC;QACF,CAAC;QAED,sDAAsD;QACtD,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAEpD,OAAO,KAAK,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW,EAAE,KAAkB;QAC3C,4DAA4D;QAC5D,sEAAsE;QACtE,gDAAgD;QAChD,IAAI,GAAuB,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACnE,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBACnB,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,2BAA2B;YAC3D,CAAC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE;YACjE,GAAG;YACH,WAAW,EAAE,kBAAkB;SAC/B,CAAC,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;IACrD,CAAC;CACD"}
|
|
@@ -599,6 +599,8 @@ export declare const OAuthFlowConfigSchema: z.ZodObject<{
|
|
|
599
599
|
authorizeUrl: z.ZodOptional<z.ZodString>;
|
|
600
600
|
tokenUrl: z.ZodOptional<z.ZodString>;
|
|
601
601
|
userinfoUrl: z.ZodOptional<z.ZodString>;
|
|
602
|
+
revokeUrl: z.ZodOptional<z.ZodString>;
|
|
603
|
+
endSessionUrl: z.ZodOptional<z.ZodString>;
|
|
602
604
|
scopes: z.ZodOptional<z.ZodString>;
|
|
603
605
|
prompt: z.ZodOptional<z.ZodEnum<{
|
|
604
606
|
none: "none";
|
|
@@ -626,4 +628,13 @@ export declare const OAuthUserInfoSchema: z.ZodObject<{
|
|
|
626
628
|
email_verified: z.ZodOptional<z.ZodBoolean>;
|
|
627
629
|
}, z.core.$catchall<z.ZodUnknown>>;
|
|
628
630
|
export type OAuthUserInfo = z.infer<typeof OAuthUserInfoSchema>;
|
|
631
|
+
export declare const StoredTokenSchema: z.ZodObject<{
|
|
632
|
+
access_token: z.ZodString;
|
|
633
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
634
|
+
refresh_token: z.ZodOptional<z.ZodString>;
|
|
635
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
636
|
+
id_token: z.ZodOptional<z.ZodString>;
|
|
637
|
+
expires_at: z.ZodOptional<z.ZodNumber>;
|
|
638
|
+
}, z.core.$strip>;
|
|
639
|
+
export type StoredToken = z.infer<typeof StoredTokenSchema>;
|
|
629
640
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;iBAqB5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAIpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;iBAgBzC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAEtF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;iBAgBzC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAEtF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,2BAA2B;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,eAAO,MAAM,6BAA6B;;;;iBAIxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,2BAA2B;;;;iBAItC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,uBAAuB;;;;;iBAKlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE,eAAO,MAAM,sBAAsB;;;;;;;;;iBASjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,eAAO,MAAM,gBAAgB;;;;;;;;iBAQ3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,eAAO,MAAM,0BAA0B;;;;iBAIrC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,0BAA0B;;;;;;;;;iBAKrC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;iBAIxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;iBAGhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,oBAAoB;;;;;;;iBAO/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE,eAAO,MAAM,yBAAyB;;iBAEpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAwD,CAAC;AACnG,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA+C,CAAC;AACzF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAiD,CAAC;AAC9F,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAiD,CAAC;AAC9F,eAAO,MAAM,+BAA+B;;;;;;;;;8BAA4C,CAAC;AACzF,eAAO,MAAM,qCAAqC;;;;;;;;;;8BAAiD,CAAC;AACpG,eAAO,MAAM,8BAA8B;;;;;;;;;;;;8BAAsD,CAAC;AAClG,eAAO,MAAM,uCAAuC;;;;;;;;;8BAA4C,CAAC;AACjG,eAAO,MAAM,mCAAmC;;;;;;;;;8BAA4C,CAAC;AAC7F,eAAO,MAAM,iCAAiC;;;;;;;;;;;8BAE7C,CAAC;AACF,eAAO,MAAM,+BAA+B;;;;;;;;;;;8BAE3C,CAAC;AACF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;8BAAqD,CAAC;AACjG,eAAO,MAAM,oCAAoC;;;;;;;;;8BAA4C,CAAC;AAC9F,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA2C,CAAC;AAClF,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;8BAAmD,CAAC;AAC9F,eAAO,MAAM,6BAA6B;;;;;;;;;8BAA+C,CAAC;AAE1F,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AACpG,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AACtF,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CACtD,OAAO,uCAAuC,CAC9C,CAAC;AACF,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mCAAmC,CAAC,CAAC;AAChG,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAC5F,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AACtF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAClG,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAMpF,eAAO,MAAM,qBAAqB
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/services/oauth/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;iBAqB5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAIpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;iBAgBzC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAEtF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;iBAgBzC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAEtF,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,2BAA2B;;;iBAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,eAAO,MAAM,6BAA6B;;;;iBAIxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,2BAA2B;;;;iBAItC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF,eAAO,MAAM,uBAAuB;;;;;iBAKlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE,eAAO,MAAM,sBAAsB;;;;;;;;;iBASjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,eAAO,MAAM,gBAAgB;;;;;;;;iBAQ3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,eAAO,MAAM,0BAA0B;;;;iBAIrC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,0BAA0B;;;;;;;;;iBAKrC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;iBAIxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;iBAGhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,oBAAoB;;;;;;;iBAO/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE,eAAO,MAAM,yBAAyB;;iBAEpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAwD,CAAC;AACnG,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA+C,CAAC;AACzF,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAiD,CAAC;AAC9F,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAAiD,CAAC;AAC9F,eAAO,MAAM,+BAA+B;;;;;;;;;8BAA4C,CAAC;AACzF,eAAO,MAAM,qCAAqC;;;;;;;;;;8BAAiD,CAAC;AACpG,eAAO,MAAM,8BAA8B;;;;;;;;;;;;8BAAsD,CAAC;AAClG,eAAO,MAAM,uCAAuC;;;;;;;;;8BAA4C,CAAC;AACjG,eAAO,MAAM,mCAAmC;;;;;;;;;8BAA4C,CAAC;AAC7F,eAAO,MAAM,iCAAiC;;;;;;;;;;;8BAE7C,CAAC;AACF,eAAO,MAAM,+BAA+B;;;;;;;;;;;8BAE3C,CAAC;AACF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;8BAAqD,CAAC;AACjG,eAAO,MAAM,oCAAoC;;;;;;;;;8BAA4C,CAAC;AAC9F,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA2C,CAAC;AAClF,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;8BAAmD,CAAC;AAC9F,eAAO,MAAM,6BAA6B;;;;;;;;;8BAA+C,CAAC;AAE1F,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AACpG,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AACtF,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CACtD,OAAO,uCAAuC,CAC9C,CAAC;AACF,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mCAAmC,CAAC,CAAC;AAChG,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAC5F,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AACtF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAClG,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAMpF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;iBA8ChC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,wBAAwB;;;;;;;iBAOnC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E,eAAO,MAAM,mBAAmB;;;;;;;kCAST,CAAC;AAExB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,iBAAiB;;;;;;;iBAU5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC"}
|
|
@@ -183,6 +183,14 @@ export const OAuthFlowConfigSchema = z.object({
|
|
|
183
183
|
.string()
|
|
184
184
|
.optional()
|
|
185
185
|
.describe('UserInfo endpoint. Defaults to OAUTH_USERINFO_URL or {issuer}/userinfo'),
|
|
186
|
+
revokeUrl: z
|
|
187
|
+
.string()
|
|
188
|
+
.optional()
|
|
189
|
+
.describe('Token revocation endpoint (RFC 7009). Defaults to OAUTH_REVOKE_URL or {issuer}/revoke'),
|
|
190
|
+
endSessionUrl: z
|
|
191
|
+
.string()
|
|
192
|
+
.optional()
|
|
193
|
+
.describe('OIDC end session endpoint. Defaults to OAUTH_END_SESSION_URL or {issuer}/end_session'),
|
|
186
194
|
scopes: z
|
|
187
195
|
.string()
|
|
188
196
|
.optional()
|
|
@@ -210,4 +218,15 @@ export const OAuthUserInfoSchema = z
|
|
|
210
218
|
email_verified: z.boolean().optional(),
|
|
211
219
|
})
|
|
212
220
|
.catchall(z.unknown());
|
|
221
|
+
export const StoredTokenSchema = z.object({
|
|
222
|
+
access_token: z.string(),
|
|
223
|
+
token_type: z.string().optional(),
|
|
224
|
+
refresh_token: z.string().optional(),
|
|
225
|
+
scope: z.string().optional(),
|
|
226
|
+
id_token: z.string().optional(),
|
|
227
|
+
expires_at: z
|
|
228
|
+
.number()
|
|
229
|
+
.optional()
|
|
230
|
+
.describe('Unix timestamp (seconds) when the access token expires'),
|
|
231
|
+
});
|
|
213
232
|
//# sourceMappingURL=types.js.map
|