@atcute/oauth-browser-client 1.0.1

package/dist/store/db.js

@@ -0,0 +1,106 @@
+import { locks } from '../utils/runtime.js';
+const parse = (raw) => {
+    if (raw != null) {
+        const parsed = JSON.parse(raw);
+        if (parsed != null) {
+            return parsed;
+        }
+    }
+    return {};
+};
+export const createOAuthDatabase = ({ name }) => {
+    const controller = new AbortController();
+    const signal = controller.signal;
+    const createStore = (subname, expiresAt) => {
+        let store;
+        const storageKey = `${name}:${subname}`;
+        const persist = () => store && localStorage.setItem(storageKey, JSON.stringify(store));
+        const read = () => {
+            if (signal.aborted) {
+                throw new Error(`store closed`);
+            }
+            return (store ??= parse(localStorage.getItem(storageKey)));
+        };
+        {
+            const listener = (ev) => {
+                if (ev.key === storageKey) {
+                    store = undefined;
+                }
+            };
+            window.addEventListener('storage', listener, { signal });
+        }
+        locks.request(`${storageKey}:cleanup`, { ifAvailable: true }, async (lock) => {
+            if (!lock || signal.aborted) {
+                return;
+            }
+            await new Promise((resolve) => setTimeout(resolve, 10_000));
+            if (signal.aborted) {
+                return;
+            }
+            let now = Date.now();
+            let changed = false;
+            read();
+            for (const key in store) {
+                const item = store[key];
+                const expiresAt = item.expiresAt;
+                if (expiresAt !== null && now > expiresAt) {
+                    changed = true;
+                    delete store[key];
+                }
+            }
+            if (changed) {
+                persist();
+            }
+        });
+        return {
+            get(key) {
+                read();
+                const item = store[key];
+                if (!item) {
+                    return;
+                }
+                const expiresAt = item.expiresAt;
+                if (expiresAt !== null && Date.now() > expiresAt) {
+                    delete store[key];
+                    persist();
+                    return;
+                }
+                return item.value;
+            },
+            set(key, value) {
+                read();
+                const item = {
+                    expiresAt: expiresAt(value),
+                    value: value,
+                };
+                store[key] = item;
+                persist();
+            },
+            delete(key) {
+                read();
+                if (store[key] !== undefined) {
+                    delete store[key];
+                    persist();
+                }
+            },
+            keys() {
+                read();
+                return Object.keys(store);
+            },
+        };
+    };
+    return {
+        dispose: () => {
+            controller.abort();
+        },
+        sessions: createStore('sessions', ({ token }) => {
+            if (token.refresh) {
+                return null;
+            }
+            return token.expires_at ?? null;
+        }),
+        states: createStore('states', (_item) => Date.now() + 10 * 60 * 1_000),
+        dpopNonces: createStore('dpopNonces', (_item) => Date.now() + 10 * 60 * 1_000),
+    };
+};
+//# sourceMappingURL=db.js.map

package/dist/store/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../../lib/store/db.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAkC5C,MAAM,KAAK,GAAG,CAAC,GAAkB,EAAE,EAAE;IACpC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC;QACf,CAAC;IACF,CAAC;IAED,OAAO,EAAE,CAAC;AACX,CAAC,CAAC;AAIF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,EAAE,IAAI,EAAwB,EAAE,EAAE;IACrE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAEjC,MAAM,WAAW,GAAG,CACnB,OAAU,EACV,SAAsD,EACF,EAAE;QACtD,IAAI,KAAU,CAAC;QAEf,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;QAExC,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACvF,MAAM,IAAI,GAAG,GAAG,EAAE;YACjB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;YACjC,CAAC;YAED,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC;QAEF,CAAC;YACA,MAAM,QAAQ,GAAG,CAAC,EAAgB,EAAE,EAAE;gBACrC,IAAI,EAAE,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC3B,KAAK,GAAG,SAAS,CAAC;gBACnB,CAAC;YACF,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAG,UAAU,UAAU,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YAC5E,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,OAAO;YACR,CAAC;YAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;YAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO;YACR,CAAC;YAED,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACrB,IAAI,OAAO,GAAG,KAAK,CAAC;YAEpB,IAAI,EAAE,CAAC;YAEP,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEjC,IAAI,SAAS,KAAK,IAAI,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;oBAC3C,OAAO,GAAG,IAAI,CAAC;oBACf,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,CAAC;YACF,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC;YACX,CAAC;QACF,CAAC,CAAC,CAAC;QAEH,OAAO;YACN,GAAG,CAAC,GAAG;gBACN,IAAI,EAAE,CAAC;gBAEP,MAAM,IAAI,GAAmC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACX,OAAO;gBACR,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBACjC,IAAI,SAAS,KAAK,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;oBAClD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,EAAE,CAAC;oBAEV,OAAO;gBACR,CAAC;gBAED,OAAO,IAAI,CAAC,KAAK,CAAC;YACnB,CAAC;YACD,GAAG,CAAC,GAAG,EAAE,KAAK;gBACb,IAAI,EAAE,CAAC;gBAEP,MAAM,IAAI,GAAmC;oBAC5C,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC;oBAC3B,KAAK,EAAE,KAAK;iBACZ,CAAC;gBAEF,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBAClB,OAAO,EAAE,CAAC;YACX,CAAC;YACD,MAAM,CAAC,GAAG;gBACT,IAAI,EAAE,CAAC;gBAEP,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,EAAE,CAAC;gBACX,CAAC;YACF,CAAC;YACD,IAAI;gBACH,IAAI,EAAE,CAAC;gBAEP,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;SACD,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACN,OAAO,EAAE,GAAG,EAAE;YACb,UAAU,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;QAED,QAAQ,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;YAC/C,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC;YACb,CAAC;YAED,OAAO,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC;QACjC,CAAC,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;QACtE,UAAU,EAAE,WAAW,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;KAC9E,CAAC;AACH,CAAC,CAAC"}

package/dist/types/client.d.ts

@@ -0,0 +1,37 @@
+export interface ClientMetadata {
+    redirect_uris: string[];
+    response_types: ('code' | 'token' | 'none' | 'code id_token token' | 'code id_token' | 'code token' | 'id_token token' | 'id_token')[];
+    grant_types: ('authorization_code' | 'implicit' | 'refresh_token' | 'password' | 'client_credentials' | 'urn:ietf:params:oauth:grant-type:jwt-bearer' | 'urn:ietf:params:oauth:grant-type:saml2-bearer')[];
+    scope?: string;
+    token_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
+    token_endpoint_auth_signing_alg?: string;
+    introspection_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
+    introspection_endpoint_auth_signing_alg?: string;
+    revocation_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
+    revocation_endpoint_auth_signing_alg?: string;
+    pushed_authorization_request_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
+    pushed_authorization_request_endpoint_auth_signing_alg?: string;
+    userinfo_signed_response_alg?: string;
+    userinfo_encrypted_response_alg?: string;
+    jwks_uri?: string;
+    jwks?: unknown;
+    application_type?: 'web' | 'native';
+    subject_type?: 'public' | 'pairwise';
+    request_object_signing_alg?: string;
+    id_token_signed_response_alg?: string;
+    authorization_signed_response_alg?: string;
+    authorization_encrypted_response_enc?: 'A128CBC-HS256';
+    authorization_encrypted_response_alg?: string;
+    client_id?: string;
+    client_name?: string;
+    client_uri?: string;
+    policy_uri?: string;
+    tos_uri?: string;
+    logo_uri?: string;
+    default_max_age?: number;
+    require_auth_time?: boolean;
+    contacts?: string[];
+    tls_client_certificate_bound_access_tokens?: boolean;
+    dpop_bound_access_tokens?: boolean;
+    authorization_details_types?: string[];
+}

package/dist/types/client.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=client.js.map

package/dist/types/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../lib/types/client.ts"],"names":[],"mappings":""}

package/dist/types/dpop.d.ts

@@ -0,0 +1,7 @@
+export interface DPoPKey {
+    typ: 'ES256';
+    /** private key in base64url-encoded pkcs #8 */
+    key: string;
+    /** base64url-encoded jwt token */
+    jwt: string;
+}

package/dist/types/dpop.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=dpop.js.map

package/dist/types/dpop.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../../lib/types/dpop.ts"],"names":[],"mappings":""}

package/dist/types/identity.d.ts

@@ -0,0 +1,6 @@
+import type { At } from '@atcute/client/lexicons';
+export interface IdentityMetadata {
+    id: At.DID;
+    raw: string;
+    pds: URL;
+}

package/dist/types/identity.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=identity.js.map

package/dist/types/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../lib/types/identity.ts"],"names":[],"mappings":""}

package/dist/types/par.d.ts

@@ -0,0 +1,4 @@
+export interface OAuthParResponse {
+    request_uri: string;
+    expires_in: number;
+}

package/dist/types/par.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=par.js.map

package/dist/types/par.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"par.js","sourceRoot":"","sources":["../../lib/types/par.ts"],"names":[],"mappings":""}

package/dist/types/server.d.ts

@@ -0,0 +1,57 @@
+export interface ProtectedResourceMetadata {
+    resource: string;
+    jwks_uri?: string;
+    authorization_servers?: string[];
+    scopes_supported?: string[];
+    bearer_methods_supported?: ('header' | 'body' | 'query')[];
+    resource_signing_alg_values_supported?: string[];
+    resource_documentation?: string;
+    resource_policy_uri?: string;
+    resource_tos_uri?: string;
+}
+export interface AuthorizationServerMetadata {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    jwks_uri?: string;
+    scopes_supported?: string[];
+    claims_supported?: string[];
+    claims_locales_supported?: string[];
+    claims_parameter_supported?: boolean;
+    request_parameter_supported?: boolean;
+    request_uri_parameter_supported?: boolean;
+    require_request_uri_registration?: boolean;
+    subject_types_supported?: string[];
+    response_types_supported?: string[];
+    response_modes_supported?: string[];
+    grant_types_supported?: string[];
+    code_challenge_methods_supported?: string[];
+    ui_locales_supported?: string[];
+    id_token_signing_alg_values_supported?: string[];
+    display_values_supported?: string[];
+    request_object_signing_alg_values_supported?: string[];
+    authorization_response_iss_parameter_supported?: boolean;
+    authorization_details_types_supported?: string[];
+    request_object_encryption_alg_values_supported?: string[];
+    request_object_encryption_enc_values_supported?: string[];
+    token_endpoint_auth_methods_supported?: string[];
+    token_endpoint_auth_signing_alg_values_supported?: string[];
+    revocation_endpoint?: string;
+    revocation_endpoint_auth_methods_supported?: string[];
+    revocation_endpoint_auth_signing_alg_values_supported?: string[];
+    introspection_endpoint?: string;
+    introspection_endpoint_auth_methods_supported?: string[];
+    introspection_endpoint_auth_signing_alg_values_supported?: string[];
+    pushed_authorization_request_endpoint?: string;
+    pushed_authorization_request_endpoint_auth_methods_supported?: string[];
+    pushed_authorization_request_endpoint_auth_signing_alg_values_supported?: string[];
+    require_pushed_authorization_requests?: boolean;
+    userinfo_endpoint?: string;
+    end_session_endpoint?: string;
+    registration_endpoint?: string;
+    dpop_signing_alg_values_supported?: string[];
+    protected_resources?: string[];
+    client_id_metadata_document_supported?: boolean;
+}
+export interface PersistedAuthorizationServerMetadata extends Pick<AuthorizationServerMetadata, 'issuer' | 'authorization_endpoint' | 'introspection_endpoint' | 'pushed_authorization_request_endpoint' | 'revocation_endpoint' | 'token_endpoint'> {
+}

package/dist/types/server.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=server.js.map

package/dist/types/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../lib/types/server.ts"],"names":[],"mappings":""}

package/dist/types/store.d.ts

@@ -0,0 +1,6 @@
+export interface SimpleStore<K extends string | number, V extends {} | null> {
+    get: (key: K) => undefined | V;
+    set: (key: K, value: V) => void;
+    delete: (key: K) => void;
+    keys: () => K[];
+}

package/dist/types/store.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=store.js.map

package/dist/types/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../lib/types/store.ts"],"names":[],"mappings":""}

package/dist/types/token.d.ts

@@ -0,0 +1,38 @@
+import type { At } from '@atcute/client/lexicons';
+import type { DPoPKey } from './dpop.js';
+import type { PersistedAuthorizationServerMetadata } from './server.js';
+export interface OAuthTokenResponse {
+    access_token: string;
+    token_type: string;
+    issuer?: string;
+    sub?: string;
+    scope?: string;
+    id_token?: `${string}.${string}.${string}`;
+    refresh_token?: string;
+    expires_in?: number;
+    authorization_details?: {
+        type: string;
+        locations?: string[];
+        actions?: string[];
+        datatypes?: string[];
+        identifier?: string;
+        privileges?: string[];
+    }[] | undefined;
+}
+export interface TokenInfo {
+    scope: string;
+    type: string;
+    expires_at?: number;
+    refresh?: string;
+    access: string;
+}
+export interface ExchangeInfo {
+    sub: At.DID;
+    aud: string;
+    server: PersistedAuthorizationServerMetadata;
+}
+export interface Session {
+    dpopKey: DPoPKey;
+    info: ExchangeInfo;
+    token: TokenInfo;
+}

package/dist/types/token.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token.js.map

package/dist/types/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../lib/types/token.ts"],"names":[],"mappings":""}

package/dist/utils/misc.d.ts

@@ -0,0 +1,3 @@
+type UnwrapArray<T> = T extends (infer V)[] ? V : never;
+export declare const pick: <T, K extends (keyof T)[]>(obj: T, keys: K) => Pick<T, UnwrapArray<K>>;
+export {};

package/dist/utils/misc.js

@@ -0,0 +1,10 @@
+export const pick = (obj, keys) => {
+    const cloned = {};
+    for (let idx = 0, len = keys.length; idx < len; idx++) {
+        const key = keys[idx];
+        // @ts-expect-error
+        cloned[key] = obj[key];
+    }
+    return cloned;
+};
+//# sourceMappingURL=misc.js.map

package/dist/utils/misc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"misc.js","sourceRoot":"","sources":["../../lib/utils/misc.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,IAAI,GAAG,CAA2B,GAAM,EAAE,IAAO,EAA2B,EAAE;IAC1F,MAAM,MAAM,GAAG,EAAE,CAAC;IAElB,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtB,mBAAmB;QACnB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,MAAiC,CAAC;AAC1C,CAAC,CAAC"}

package/dist/utils/response.d.ts

@@ -0,0 +1 @@
+export declare const extractContentType: (headers: Headers) => string | undefined;

package/dist/utils/response.js

@@ -0,0 +1,4 @@
+export const extractContentType = (headers) => {
+    return headers.get('content-type')?.split(';')[0];
+};
+//# sourceMappingURL=response.js.map

package/dist/utils/response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.js","sourceRoot":"","sources":["../../lib/utils/response.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,OAAgB,EAAsB,EAAE;IAC1E,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC,CAAC"}

package/dist/utils/runtime.d.ts

@@ -0,0 +1,12 @@
+export declare const encoder: TextEncoder;
+export declare const locks: LockManager;
+export declare const toBase64Url: (input: Uint8Array) => string;
+export declare const fromBase64Url: (input: string) => Uint8Array;
+export declare const toSha256: (input: string) => Promise<string>;
+export declare const randomBytes: (length: number) => string;
+export declare const generateState: () => string;
+export declare const generatePKCE: () => Promise<{
+    verifier: string;
+    challenge: string;
+    method: string;
+}>;

package/dist/utils/runtime.js

@@ -0,0 +1,44 @@
+export const encoder = new TextEncoder();
+export const locks = navigator.locks;
+export const toBase64Url = (input) => {
+    const CHUNK_SIZE = 0x8000;
+    const arr = [];
+    for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {
+        // @ts-expect-error
+        arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));
+    }
+    return btoa(arr.join('')).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+};
+export const fromBase64Url = (input) => {
+    try {
+        const binary = atob(input.replace(/-/g, '+').replace(/_/g, '/').replace(/\s/g, ''));
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    catch (err) {
+        throw new TypeError(`invalid base64url`, { cause: err });
+    }
+};
+export const toSha256 = async (input) => {
+    const bytes = encoder.encode(input);
+    const digest = await crypto.subtle.digest('SHA-256', bytes);
+    return toBase64Url(new Uint8Array(digest));
+};
+export const randomBytes = (length) => {
+    return toBase64Url(crypto.getRandomValues(new Uint8Array(length)));
+};
+export const generateState = () => {
+    return randomBytes(16);
+};
+export const generatePKCE = async () => {
+    const verifier = randomBytes(32);
+    return {
+        verifier: verifier,
+        challenge: await toSha256(verifier),
+        method: 'S256',
+    };
+};
+//# sourceMappingURL=runtime.js.map

package/dist/utils/runtime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../lib/utils/runtime.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAEzC,MAAM,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;AAErC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAiB,EAAU,EAAE;IACxD,MAAM,UAAU,GAAG,MAAM,CAAC;IAC1B,MAAM,GAAG,GAAG,EAAE,CAAC;IAEf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACvD,mBAAmB;QACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AACrF,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,KAAa,EAAc,EAAE;IAC1D,IAAI,CAAC;QACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAE5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1D,CAAC;AACF,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAa,EAAmB,EAAE;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAE5D,OAAO,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,MAAc,EAAU,EAAE;IACrD,OAAO,WAAW,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACpE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,GAAW,EAAE;IACzC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACxB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,IAAsE,EAAE;IACxG,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAEjC,OAAO;QACN,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM,QAAQ,CAAC,QAAQ,CAAC;QACnC,MAAM,EAAE,MAAM;KACd,CAAC;AACH,CAAC,CAAC"}

package/dist/utils/strings.d.ts

@@ -0,0 +1,2 @@
+import type { At } from '@atcute/client/lexicons';
+export declare const isDid: (value: string) => value is At.DID;

package/dist/utils/strings.js

@@ -0,0 +1,4 @@
+export const isDid = (value) => {
+    return value.startsWith('did:');
+};
+//# sourceMappingURL=strings.js.map

package/dist/utils/strings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../lib/utils/strings.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,KAAa,EAAmB,EAAE;IACvD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,29 @@
+{
+  "type": "module",
+  "name": "@atcute/oauth-browser-client",
+  "version": "1.0.1",
+  "description": "minimal OAuth browser client implementation for AT Protocol",
+  "license": "MIT",
+  "repository": {
+    "url": "https://codeberg.org/mary-ext/atcute"
+  },
+  "files": [
+    "dist/"
+  ],
+  "exports": {
+    ".": "./dist/index.js"
+  },
+  "sideEffects": false,
+  "dependencies": {
+    "nanoid": "^5.0.7",
+    "@atcute/client": "^2.0.3"
+  },
+  "devDependencies": {
+    "@types/bun": "^1.1.10"
+  },
+  "scripts": {
+    "build": "tsc --project tsconfig.build.json",
+    "test": "bun test --coverage",
+    "prepublish": "rm -rf dist; pnpm run build"
+  }
+}