@atcute/oauth-browser-client 1.0.1

package/dist/agents/user-agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAA0B,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAExF,MAAM,OAAO,cAAc;IAIP;IAHnB,MAAM,CAAe;IACrB,kBAAkB,CAA+B;IAEjD,YAAmB,OAAgB;QAAhB,YAAO,GAAP,OAAO,CAAS;QAClC,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,GAAG;QACN,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,OAA2B;QACrC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE3D,OAAO;aACL,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACxB,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACb,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;QACrC,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACZ,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAElC,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAE1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACV,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAkB;QAChD,MAAM,IAAI,CAAC,kBAAkB,CAAC;QAE9B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE3C,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC3B,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACJ,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACP,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC1C,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACrD,CAAC;CACD;AAED,MAAM,sBAAsB,GAAG,CAAC,QAAkB,EAAE,EAAE;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAEtD,OAAO,CACN,IAAI,IAAI,IAAI;QACZ,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CACtC,CAAC;AACH,CAAC,CAAC"}

package/dist/constants.d.ts

@@ -0,0 +1 @@
+export declare const DEFAULT_APPVIEW_URL = "https://public.api.bsky.app";

package/dist/constants.js

@@ -0,0 +1,2 @@
+export const DEFAULT_APPVIEW_URL = 'https://public.api.bsky.app';
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../lib/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,mBAAmB,GAAG,6BAA6B,CAAC"}

package/dist/dpop.d.ts

@@ -0,0 +1,4 @@
+import type { DPoPKey } from './types/dpop.js';
+export declare const createES256Key: () => Promise<DPoPKey>;
+export declare const createDPoPSignage: (issuer: string, dpopKey: DPoPKey) => (method: string, url: string, nonce: string | undefined, ath: string | undefined) => Promise<string>;
+export declare const createDPoPFetch: (issuer: string, dpopKey: DPoPKey, isAuthServer?: boolean) => typeof fetch;

package/dist/dpop.js

@@ -0,0 +1,118 @@
+import { nanoid } from 'nanoid/non-secure';
+import { database } from './environment.js';
+import { extractContentType } from './utils/response.js';
+import { encoder, fromBase64Url, toBase64Url, toSha256 } from './utils/runtime.js';
+const ES256_ALG = { name: 'ECDSA', namedCurve: 'P-256' };
+export const createES256Key = async () => {
+    const pair = await crypto.subtle.generateKey(ES256_ALG, true, ['sign', 'verify']);
+    const key = await crypto.subtle.exportKey('pkcs8', pair.privateKey);
+    const { ext: _ext, key_ops: _key_opts, ...jwk } = await crypto.subtle.exportKey('jwk', pair.publicKey);
+    return {
+        typ: 'ES256',
+        key: toBase64Url(new Uint8Array(key)),
+        jwt: toBase64Url(encoder.encode(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
+    };
+};
+export const createDPoPSignage = (issuer, dpopKey) => {
+    const headerString = dpopKey.jwt;
+    const keyPromise = crypto.subtle.importKey('pkcs8', fromBase64Url(dpopKey.key), ES256_ALG, true, ['sign']);
+    const constructPayload = (method, url, nonce, ath) => {
+        const now = (Date.now() / 1_000) | 0;
+        const payload = {
+            iss: issuer,
+            iat: now,
+            // This seems fine, we can remake the request if it fails.
+            jti: nanoid(12),
+            htm: method,
+            htu: url,
+            nonce: nonce,
+            ath: ath,
+        };
+        return toBase64Url(encoder.encode(JSON.stringify(payload)));
+    };
+    return async (method, url, nonce, ath) => {
+        const payloadString = constructPayload(method, url, nonce, ath);
+        const signed = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, await keyPromise, encoder.encode(headerString + '.' + payloadString));
+        const signatureString = toBase64Url(new Uint8Array(signed));
+        return headerString + '.' + payloadString + '.' + signatureString;
+    };
+};
+export const createDPoPFetch = (issuer, dpopKey, isAuthServer) => {
+    const nonces = database.dpopNonces;
+    const sign = createDPoPSignage(issuer, dpopKey);
+    return async (input, init) => {
+        const request = init == null && input instanceof Request ? input : new Request(input, init);
+        const authorizationHeader = request.headers.get('authorization');
+        const ath = authorizationHeader?.startsWith('DPoP ')
+            ? await toSha256(authorizationHeader.slice(5))
+            : undefined;
+        const { method, url } = request;
+        const { origin } = new URL(url);
+        let initNonce;
+        try {
+            initNonce = nonces.get(origin);
+        }
+        catch {
+            // Ignore get errors, we will just not send a nonce
+        }
+        const initProof = await sign(method, url, initNonce, ath);
+        request.headers.set('dpop', initProof);
+        const initResponse = await fetch(request);
+        const nextNonce = initResponse.headers.get('dpop-nonce');
+        if (!nextNonce || nextNonce === initNonce) {
+            // No nonce was returned or it is the same as the one we sent. No need to
+            // update the nonce store, or retry the request.
+            return initResponse;
+        }
+        // Store the fresh nonce for future requests
+        try {
+            nonces.set(origin, nextNonce);
+        }
+        catch {
+            // Ignore set errors
+        }
+        const shouldRetry = await isUseDpopNonceError(initResponse, isAuthServer);
+        if (!shouldRetry) {
+            // Not a "use_dpop_nonce" error, so there is no need to retry
+            return initResponse;
+        }
+        // If the input stream was already consumed, we cannot retry the request. A
+        // solution would be to clone() the request but that would bufferize the
+        // entire stream in memory which can lead to memory starvation. Instead, we
+        // will return the original response and let the calling code handle retries.
+        if (input === request || init?.body instanceof ReadableStream) {
+            return initResponse;
+        }
+        const nextProof = await sign(method, url, nextNonce, ath);
+        const nextRequest = new Request(input, init);
+        nextRequest.headers.set('dpop', nextProof);
+        return await fetch(nextRequest);
+    };
+};
+const isUseDpopNonceError = async (response, isAuthServer) => {
+    // https://datatracker.ietf.org/doc/html/rfc6750#section-3
+    // https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no
+    if (isAuthServer === undefined || isAuthServer === false) {
+        if (response.status === 401) {
+            const wwwAuth = response.headers.get('www-authenticate');
+            if (wwwAuth?.startsWith('DPoP')) {
+                return wwwAuth.includes('error="use_dpop_nonce"');
+            }
+        }
+    }
+    // https://datatracker.ietf.org/doc/html/rfc9449#name-authorization-server-provid
+    if (isAuthServer === undefined || isAuthServer === true) {
+        if (response.status === 400 && extractContentType(response.headers) === 'application/json') {
+            try {
+                const json = await response.clone().json();
+                return typeof json === 'object' && json?.['error'] === 'use_dpop_nonce';
+            }
+            catch {
+                // Response too big (to be "use_dpop_nonce" error) or invalid JSON
+                return false;
+            }
+        }
+    }
+    return false;
+};
+//# sourceMappingURL=dpop.js.map

package/dist/dpop.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAEnF,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;KAC7F,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,OAAgB,EAAE,EAAE;IACrE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAE3G,MAAM,gBAAgB,GAAG,CACxB,MAAc,EACd,GAAW,EACX,KAAyB,EACzB,GAAuB,EACtB,EAAE;QACH,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QAErC,MAAM,OAAO,GAAG;YACf,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,GAAG;YACR,0DAA0D;YAC1D,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC;YACf,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,GAAG;YACR,KAAK,EAAE,KAAK;YACZ,GAAG,EAAE,GAAG;SACR,CAAC;QAEF,OAAO,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC;IAEF,OAAO,KAAK,EAAE,MAAc,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QAChG,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACtC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,UAAU,EAChB,OAAO,CAAC,MAAM,CAAC,YAAY,GAAG,GAAG,GAAG,aAAa,CAAC,CAClD,CAAC;QAEF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,OAAO,YAAY,GAAG,GAAG,GAAG,aAAa,GAAG,GAAG,GAAG,eAAe,CAAC;IACnE,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAgB,EAAE,YAAsB,EAAgB,EAAE;IACzG,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,IAAI,GAAG,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEhD,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAY,IAAI,IAAI,IAAI,IAAI,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAErG,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YACnD,CAAC,CAAC,MAAM,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAEhC,IAAI,SAA6B,CAAC;QAClC,IAAI,CAAC;YACJ,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACR,mDAAmD;QACpD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEvC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;QAE1C,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,SAAS,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC3C,yEAAyE;YACzE,gDAAgD;YAChD,OAAO,YAAY,CAAC;QACrB,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC;YACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACR,oBAAoB;QACrB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;YAClB,6DAA6D;YAC7D,OAAO,YAAY,CAAC;QACrB,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,2EAA2E;QAC3E,6EAA6E;QAE7E,IAAI,KAAK,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC/D,OAAO,YAAY,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE3C,OAAO,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,QAAkB,EAAE,YAAsB,EAAoB,EAAE;IAClG,0DAA0D;IAC1D,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YACnD,CAAC;QACF,CAAC;IACF,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAC5F,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC3C,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACR,kEAAkE;gBAClE,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}

package/dist/environment.d.ts

@@ -0,0 +1,19 @@
+import { type OAuthDatabase } from './store/db.js';
+export declare let CLIENT_ID: string;
+export declare let REDIRECT_URI: string;
+export declare let database: OAuthDatabase;
+export interface ConfigureOAuthOptions {
+    /**
+     * Client metadata, necessary to drive the whole request
+     */
+    metadata: {
+        client_id: string;
+        redirect_uri: string;
+    };
+    /**
+     * Name that will be used as prefix for storage keys needed to persist authentication.
+     * @default "atcute-oauth"
+     */
+    storageName?: string;
+}
+export declare const configureOAuth: (options: ConfigureOAuthOptions) => void;

package/dist/environment.js

@@ -0,0 +1,9 @@
+import { createOAuthDatabase } from './store/db.js';
+export let CLIENT_ID;
+export let REDIRECT_URI;
+export let database;
+export const configureOAuth = (options) => {
+    ({ client_id: CLIENT_ID, redirect_uri: REDIRECT_URI } = options.metadata);
+    database = createOAuthDatabase({ name: options.storageName ?? 'atcute-oauth' });
+};
+//# sourceMappingURL=environment.js.map

package/dist/environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAExE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,QAAuB,CAAC;AAkBnC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAE,EAAE;IAChE,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC1E,QAAQ,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,cAAc,EAAE,CAAC,CAAC;AACjF,CAAC,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,31 @@
+import type { At } from '@atcute/client/lexicons';
+export declare class LoginError extends Error {
+    name: string;
+}
+export declare class AuthorizationError extends Error {
+    name: string;
+}
+export declare class ResolverError extends Error {
+    name: string;
+}
+export declare class TokenRefreshError extends Error {
+    readonly sub: At.DID;
+    name: string;
+    constructor(sub: At.DID, message: string, options?: ErrorOptions);
+}
+export declare class OAuthResponseError extends Error {
+    readonly response: Response;
+    readonly data: any;
+    name: string;
+    readonly error: string | undefined;
+    readonly description: string | undefined;
+    constructor(response: Response, data: any);
+    get status(): number;
+    get headers(): Headers;
+}
+export declare class FetchResponseError extends Error {
+    readonly response: Response;
+    status: number;
+    name: string;
+    constructor(response: Response, status: number, message: string);
+}

package/dist/errors.js

@@ -0,0 +1,59 @@
+export class LoginError extends Error {
+    name = 'LoginError';
+}
+export class AuthorizationError extends Error {
+    name = 'AuthorizationError';
+}
+export class ResolverError extends Error {
+    name = 'ResolverError';
+}
+export class TokenRefreshError extends Error {
+    sub;
+    name = 'TokenRefreshError';
+    constructor(sub, message, options) {
+        super(message, options);
+        this.sub = sub;
+    }
+}
+export class OAuthResponseError extends Error {
+    response;
+    data;
+    name = 'OAuthResponseError';
+    error;
+    description;
+    constructor(response, data) {
+        const error = ifString(ifObject(data)?.['error']);
+        const errorDescription = ifString(ifObject(data)?.['error_description']);
+        const messageError = error ? `"${error}"` : 'unknown';
+        const messageDesc = errorDescription ? `: ${errorDescription}` : '';
+        const message = `OAuth ${messageError} error${messageDesc}`;
+        super(message);
+        this.response = response;
+        this.data = data;
+        this.error = error;
+        this.description = errorDescription;
+    }
+    get status() {
+        return this.response.status;
+    }
+    get headers() {
+        return this.response.headers;
+    }
+}
+export class FetchResponseError extends Error {
+    response;
+    status;
+    name = 'FetchResponseError';
+    constructor(response, status, message) {
+        super(message);
+        this.response = response;
+        this.status = status;
+    }
+}
+const ifString = (v) => {
+    return typeof v === 'string' ? v : undefined;
+};
+const ifObject = (v) => {
+    return typeof v === 'object' && v !== null && !Array.isArray(v) ? v : undefined;
+};
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../lib/errors.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,UAAW,SAAQ,KAAK;IAC3B,IAAI,GAAG,YAAY,CAAC;CAC7B;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IACnC,IAAI,GAAG,oBAAoB,CAAC;CACrC;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC9B,IAAI,GAAG,eAAe,CAAC;CAChC;AAED,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAI1B;IAHR,IAAI,GAAG,mBAAmB,CAAC;IAEpC,YACiB,GAAW,EAC3B,OAAe,EACf,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAJR,QAAG,GAAH,GAAG,CAAQ;IAK5B,CAAC;CACD;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAO3B;IACA;IAPR,IAAI,GAAG,oBAAoB,CAAC;IAE5B,KAAK,CAAqB;IAC1B,WAAW,CAAqB;IAEzC,YACiB,QAAkB,EAClB,IAAS;QAEzB,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAEzE,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACtD,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,SAAS,YAAY,SAAS,WAAW,EAAE,CAAC;QAE5D,KAAK,CAAC,OAAO,CAAC,CAAC;QAVC,aAAQ,GAAR,QAAQ,CAAU;QAClB,SAAI,GAAJ,IAAI,CAAK;QAWzB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,gBAAgB,CAAC;IACrC,CAAC;IAED,IAAI,MAAM;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,IAAI,OAAO;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;CACD;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAI3B;IACT;IAJC,IAAI,GAAG,oBAAoB,CAAC;IAErC,YACiB,QAAkB,EAC3B,MAAc,EACrB,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAU;QAC3B,WAAM,GAAN,MAAM,CAAQ;IAItB,CAAC;CACD;AAED,MAAM,QAAQ,GAAG,CAAC,CAAU,EAAsB,EAAE;IACnD,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC,CAAC;AACF,MAAM,QAAQ,GAAG,CAAC,CAAU,EAAuC,EAAE;IACpE,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAE,CAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1F,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { configureOAuth, type ConfigureOAuthOptions } from './environment.js';
+export * from './errors.js';
+export * from './resolvers.js';
+export * from './agents/exchange.js';
+export * from './agents/server-agent.js';
+export * from './agents/sessions.js';
+export * from './agents/user-agent.js';
+export * from './types/client.js';
+export * from './types/dpop.js';
+export * from './types/identity.js';
+export * from './types/par.js';
+export * from './types/server.js';
+export * from './types/store.js';
+export * from './types/token.js';

package/dist/index.js

@@ -0,0 +1,15 @@
+export { configureOAuth } from './environment.js';
+export * from './errors.js';
+export * from './resolvers.js';
+export * from './agents/exchange.js';
+export * from './agents/server-agent.js';
+export * from './agents/sessions.js';
+export * from './agents/user-agent.js';
+export * from './types/client.js';
+export * from './types/dpop.js';
+export * from './types/identity.js';
+export * from './types/par.js';
+export * from './types/server.js';
+export * from './types/store.js';
+export * from './types/token.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAE/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC"}

package/dist/resolvers.d.ts

@@ -0,0 +1,52 @@
+import type { At } from '@atcute/client/lexicons';
+import { type DidDocument } from '@atcute/client/utils/did';
+import type { IdentityMetadata } from './types/identity.js';
+import type { AuthorizationServerMetadata, ProtectedResourceMetadata } from './types/server.js';
+/**
+ * Resolves domain handles into DID identifiers, by requesting Bluesky's AppView
+ * for identity resolution.
+ * @param handle Domain handle to resolve
+ * @returns DID identifier resolved from the domain handle
+ */
+export declare const resolveHandle: (handle: string) => Promise<At.DID>;
+/**
+ * Get DID documents of did:plc (via plc.directory) and did:web identifiers
+ * @param did DID identifier we're seeking DID doc from
+ * @returns Retrieved DID document
+ */
+export declare const getDidDocument: (did: At.DID) => Promise<DidDocument>;
+/**
+ * Get OAuth protected resource metadata from a host
+ * @param host URL of the host
+ * @returns Retrieved protected resource metadata
+ */
+export declare const getProtectedResourceMetadata: (host: string) => Promise<ProtectedResourceMetadata>;
+/**
+ * Get OAuth authorization server metadata from a host
+ * @param host URL of the host
+ * @returns Retrieved authorization server metadata
+ */
+export declare const getAuthorizationServerMetadata: (host: string) => Promise<AuthorizationServerMetadata>;
+/**
+ * Resolve handle domains or DID identifiers to get their PDS and its authorization server metadata
+ * @param ident Handle domain or DID identifier to resolve
+ * @returns Resolved PDS and authorization server metadata
+ */
+export declare const resolveFromIdentity: (ident: string) => Promise<{
+    identity: IdentityMetadata;
+    metadata: AuthorizationServerMetadata;
+}>;
+/**
+ * Request authorization server metadata from a PDS
+ * @param host URL of the host
+ * @returns Resolved authorization server metadata
+ */
+export declare const resolveFromService: (host: string) => Promise<{
+    metadata: AuthorizationServerMetadata;
+}>;
+/**
+ * Request authorization server metadata from its protected resource metadata
+ * @param input URL of the host whose authorization server is delegated
+ * @returns Resolved authorization server metadata
+ */
+export declare const getMetadataFromResourceServer: (input: string) => Promise<AuthorizationServerMetadata>;

package/dist/resolvers.js

@@ -0,0 +1,186 @@
+import { getPdsEndpoint } from '@atcute/client/utils/did';
+import { DEFAULT_APPVIEW_URL } from './constants.js';
+import { ResolverError } from './errors.js';
+import { extractContentType } from './utils/response.js';
+import { isDid } from './utils/strings.js';
+const DID_WEB_RE = /^([a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*(?:\.[a-zA-Z]{2,}))$/;
+/**
+ * Resolves domain handles into DID identifiers, by requesting Bluesky's AppView
+ * for identity resolution.
+ * @param handle Domain handle to resolve
+ * @returns DID identifier resolved from the domain handle
+ */
+export const resolveHandle = async (handle) => {
+    const url = DEFAULT_APPVIEW_URL + `/xrpc/com.atproto.identity.resolveHandle` + `?handle=${handle}`;
+    const response = await fetch(url);
+    if (response.status === 400) {
+        throw new ResolverError(`domain handle not found`);
+    }
+    else if (!response.ok) {
+        throw new ResolverError(`directory is unreachable`);
+    }
+    const json = (await response.json());
+    return json.did;
+};
+/**
+ * Get DID documents of did:plc (via plc.directory) and did:web identifiers
+ * @param did DID identifier we're seeking DID doc from
+ * @returns Retrieved DID document
+ */
+export const getDidDocument = async (did) => {
+    const colon_index = did.indexOf(':', 4);
+    const type = did.slice(4, colon_index);
+    const ident = did.slice(colon_index + 1);
+    // 2. retrieve their DID documents
+    let doc;
+    if (type === 'plc') {
+        const response = await fetch(`https://plc.directory/${did}`);
+        if (response.status === 404) {
+            throw new ResolverError(`did not found in directory`);
+        }
+        else if (!response.ok) {
+            throw new ResolverError(`directory is unreachable`);
+        }
+        const json = await response.json();
+        doc = json;
+    }
+    else if (type === 'web') {
+        if (!DID_WEB_RE.test(ident)) {
+            throw new ResolverError(`invalid identifier`);
+        }
+        const response = await fetch(`https://${ident}/.well-known/did.json`);
+        if (!response.ok) {
+            throw new ResolverError(`did document is unreachable`);
+        }
+        const json = await response.json();
+        doc = json;
+    }
+    else {
+        throw new ResolverError(`unsupported did method`);
+    }
+    return doc;
+};
+/**
+ * Get OAuth protected resource metadata from a host
+ * @param host URL of the host
+ * @returns Retrieved protected resource metadata
+ */
+export const getProtectedResourceMetadata = async (host) => {
+    const url = new URL(`/.well-known/oauth-protected-resource`, host);
+    const response = await fetch(url, {
+        redirect: 'manual',
+        headers: {
+            accept: 'application/json',
+        },
+    });
+    if (response.status !== 200 || extractContentType(response.headers) !== 'application/json') {
+        throw new ResolverError(`unexpected response`);
+    }
+    const metadata = (await response.json());
+    if (metadata.resource !== url.origin) {
+        throw new ResolverError(`unexpected issuer`);
+    }
+    return metadata;
+};
+/**
+ * Get OAuth authorization server metadata from a host
+ * @param host URL of the host
+ * @returns Retrieved authorization server metadata
+ */
+export const getAuthorizationServerMetadata = async (host) => {
+    const url = new URL(`/.well-known/oauth-authorization-server`, host);
+    const response = await fetch(url, {
+        redirect: 'manual',
+        headers: {
+            accept: 'application/json',
+        },
+    });
+    if (response.status !== 200 || extractContentType(response.headers) !== 'application/json') {
+        throw new ResolverError(`unexpected response`);
+    }
+    const metadata = (await response.json());
+    if (metadata.issuer !== url.origin) {
+        throw new ResolverError(`unexpected issuer`);
+    }
+    if (!metadata.client_id_metadata_document_supported) {
+        throw new ResolverError(`authorization server does not support 'client_id_metadata_document'`);
+    }
+    if (!metadata.pushed_authorization_request_endpoint) {
+        throw new ResolverError(`authorization server does not support 'pushed_authorization request'`);
+    }
+    if (metadata.response_types_supported) {
+        if (!metadata.response_types_supported.includes('code')) {
+            throw new ResolverError(`authorization server does not support 'code' response type`);
+        }
+    }
+    return metadata;
+};
+/**
+ * Resolve handle domains or DID identifiers to get their PDS and its authorization server metadata
+ * @param ident Handle domain or DID identifier to resolve
+ * @returns Resolved PDS and authorization server metadata
+ */
+export const resolveFromIdentity = async (ident) => {
+    let did;
+    if (isDid(ident)) {
+        did = ident;
+    }
+    else {
+        const resolved = await resolveHandle(ident);
+        did = resolved;
+    }
+    const doc = await getDidDocument(did);
+    const pds = getPdsEndpoint(doc);
+    if (!pds) {
+        throw new ResolverError(`missing pds endpoint`);
+    }
+    return {
+        identity: {
+            id: did,
+            raw: ident,
+            pds: new URL(pds),
+        },
+        metadata: await getMetadataFromResourceServer(pds),
+    };
+};
+/**
+ * Request authorization server metadata from a PDS
+ * @param host URL of the host
+ * @returns Resolved authorization server metadata
+ */
+export const resolveFromService = async (host) => {
+    try {
+        const metadata = await getMetadataFromResourceServer(host);
+        return { metadata };
+    }
+    catch (err) {
+        if (err instanceof ResolverError) {
+            try {
+                const metadata = await getAuthorizationServerMetadata(host);
+                return { metadata };
+            }
+            catch { }
+        }
+        throw err;
+    }
+};
+/**
+ * Request authorization server metadata from its protected resource metadata
+ * @param input URL of the host whose authorization server is delegated
+ * @returns Resolved authorization server metadata
+ */
+export const getMetadataFromResourceServer = async (input) => {
+    const rs_metadata = await getProtectedResourceMetadata(input);
+    if (rs_metadata.authorization_servers?.length !== 1) {
+        throw new ResolverError(`expected exactly one authorization server in the listing`);
+    }
+    const issuer = rs_metadata.authorization_servers[0];
+    const as_metadata = await getAuthorizationServerMetadata(issuer);
+    if (as_metadata.protected_resources) {
+        if (!as_metadata.protected_resources.includes(rs_metadata.resource)) {
+            throw new ResolverError(`server is not in authorization server's jurisdiction`);
+        }
+    }
+    return as_metadata;
+};
+//# sourceMappingURL=resolvers.js.map

package/dist/resolvers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,MAAM,UAAU,GAAG,yDAAyD,CAAC;AAE7E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,MAAc,EAAmB,EAAE;IACtE,MAAM,GAAG,GAAG,mBAAmB,GAAG,0CAA0C,GAAG,WAAW,MAAM,EAAE,CAAC;IAEnG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;SAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2C,CAAC;IAC/E,OAAO,IAAI,CAAC,GAAG,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,EAAE,GAAW,EAAwB,EAAE;IACzE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAEzC,kCAAkC;IAClC,IAAI,GAAgB,CAAC;IAErB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAE7D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,4BAA4B,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,KAAK,uBAAuB,CAAC,CAAC;QAEtE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,aAAa,CAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,GAAG,CAAC;AACZ,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,KAAK,EAAE,IAAY,EAAsC,EAAE;IACtG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,KAAK,EAAE,IAAY,EAAwC,EAAE;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACvC,KAAa,EACoE,EAAE;IACnF,IAAI,GAAW,CAAC;IAChB,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,GAAG,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,CAAC;QACP,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC5C,GAAG,GAAG,QAAQ,CAAC;IAChB,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEhC,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO;QACN,QAAQ,EAAE;YACT,EAAE,EAAE,GAAG;YACP,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC;SACjB;QACD,QAAQ,EAAE,MAAM,6BAA6B,CAAC,GAAG,CAAC;KAClD,CAAC;AACH,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EACyC,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;gBAC5D,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE;IACpE,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC"}

package/dist/store/db.d.ts

@@ -0,0 +1,18 @@
+import type { DPoPKey } from '../types/dpop.js';
+import type { AuthorizationServerMetadata } from '../types/server.js';
+import type { SimpleStore } from '../types/store.js';
+import type { Session } from '../types/token.js';
+export interface OAuthDatabaseOptions {
+    name: string;
+}
+export type OAuthDatabase = ReturnType<typeof createOAuthDatabase>;
+export declare const createOAuthDatabase: ({ name }: OAuthDatabaseOptions) => {
+    dispose: () => void;
+    sessions: SimpleStore<`did:${string}`, Session>;
+    states: SimpleStore<string, {
+        dpopKey: DPoPKey;
+        metadata: AuthorizationServerMetadata;
+        verifier?: string;
+    }>;
+    dpopNonces: SimpleStore<string, string>;
+};