@atcute/oauth-browser-client 1.0.22 → 1.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/exchange.js +3 -2
- package/dist/agents/exchange.js.map +1 -1
- package/dist/dpop.js +7 -5
- package/dist/dpop.js.map +1 -1
- package/dist/utils/runtime.d.ts +0 -4
- package/dist/utils/runtime.js +5 -22
- package/dist/utils/runtime.js.map +1 -1
- package/lib/agents/exchange.ts +4 -2
- package/lib/dpop.ts +8 -5
- package/lib/utils/runtime.ts +6 -28
- package/package.json +7 -6
package/dist/agents/exchange.js
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
+
import { nanoid } from 'nanoid';
|
|
1
2
|
import { createES256Key } from '../dpop.js';
|
|
2
3
|
import { CLIENT_ID, database, REDIRECT_URI } from '../environment.js';
|
|
3
4
|
import { AuthorizationError, LoginError } from '../errors.js';
|
|
4
|
-
import { generatePKCE
|
|
5
|
+
import { generatePKCE } from '../utils/runtime.js';
|
|
5
6
|
import { OAuthServerAgent } from './server-agent.js';
|
|
6
7
|
import { storeSession } from './sessions.js';
|
|
7
8
|
/**
|
|
@@ -10,7 +11,7 @@ import { storeSession } from './sessions.js';
|
|
|
10
11
|
* @returns URL to redirect the user for authorization
|
|
11
12
|
*/
|
|
12
13
|
export const createAuthorizationUrl = async ({ metadata, identity, scope, }) => {
|
|
13
|
-
const state =
|
|
14
|
+
const state = nanoid(16);
|
|
14
15
|
const pkce = await generatePKCE();
|
|
15
16
|
const dpopKey = await createES256Key();
|
|
16
17
|
const params = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,EAAE,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAQ7C;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EAAE,EAC5C,QAAQ,EACR,QAAQ,EACR,KAAK,GACa,EAAgB,EAAE;IACpC,MAAM,KAAK,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAEzB,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG;QACd,YAAY,EAAE,YAAY;QAC1B,cAAc,EAAE,IAAI,CAAC,SAAS;QAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;QAClC,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,QAAQ,EAAE,GAAG;QACzB,aAAa,EAAE,UAAU;QACzB,aAAa,EAAE,MAAM;QACrB,OAAO,EAAE,MAAM;QACf,4BAA4B;QAC5B,sBAAsB;QACtB,qBAAqB;QACrB,KAAK,EAAE,KAAK;QACZ,yBAAyB;KACoB,CAAC;IAE/C,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE;QAC1B,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACvB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;IAE9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAuB,EAAE,EAAE;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAElC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACZ,kCAAkC;QAClC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAEjC,IAAI,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,0BAA0B,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzE,kBAAkB;IAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACrB,MAAM,OAAO,GAAY,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAElD,MAAM,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAEjC,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC"}
|
package/dist/dpop.js
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import { fromBase64Url, toBase64Url } from '@atcute/multibase';
|
|
2
|
+
import { encodeUtf8 } from '@atcute/uint8array';
|
|
3
|
+
import { nanoid } from 'nanoid';
|
|
2
4
|
import { database } from './environment.js';
|
|
3
5
|
import { extractContentType } from './utils/response.js';
|
|
4
|
-
import {
|
|
6
|
+
import { stringToSha256 } from './utils/runtime.js';
|
|
5
7
|
const ES256_ALG = { name: 'ECDSA', namedCurve: 'P-256' };
|
|
6
8
|
export const createES256Key = async () => {
|
|
7
9
|
const pair = await crypto.subtle.generateKey(ES256_ALG, true, ['sign', 'verify']);
|
|
@@ -10,7 +12,7 @@ export const createES256Key = async () => {
|
|
|
10
12
|
return {
|
|
11
13
|
typ: 'ES256',
|
|
12
14
|
key: toBase64Url(new Uint8Array(key)),
|
|
13
|
-
jwt: toBase64Url(
|
|
15
|
+
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
14
16
|
};
|
|
15
17
|
};
|
|
16
18
|
export const createDPoPSignage = (issuer, dpopKey) => {
|
|
@@ -20,17 +22,17 @@ export const createDPoPSignage = (issuer, dpopKey) => {
|
|
|
20
22
|
const payload = {
|
|
21
23
|
iss: issuer,
|
|
22
24
|
iat: Math.floor(Date.now() / 1_000),
|
|
23
|
-
jti:
|
|
25
|
+
jti: nanoid(24),
|
|
24
26
|
htm: method,
|
|
25
27
|
htu: htu,
|
|
26
28
|
nonce: nonce,
|
|
27
29
|
ath: ath,
|
|
28
30
|
};
|
|
29
|
-
return toBase64Url(
|
|
31
|
+
return toBase64Url(encodeUtf8(JSON.stringify(payload)));
|
|
30
32
|
};
|
|
31
33
|
return async (method, htu, nonce, ath) => {
|
|
32
34
|
const payloadString = constructPayload(method, htu, nonce, ath);
|
|
33
|
-
const signed = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, await keyPromise,
|
|
35
|
+
const signed = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, await keyPromise, encodeUtf8(headerString + '.' + payloadString));
|
|
34
36
|
const signatureString = toBase64Url(new Uint8Array(signed));
|
|
35
37
|
return headerString + '.' + payloadString + '.' + signatureString;
|
|
36
38
|
};
|
package/dist/dpop.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;KACzF,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,OAAgB,EAAE,EAAE;IACrE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAE3G,MAAM,gBAAgB,GAAG,CACxB,MAAc,EACd,GAAW,EACX,KAAyB,EACzB,GAAuB,EACtB,EAAE;QACH,MAAM,OAAO,GAAG;YACf,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC;YACf,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,GAAG;YACR,KAAK,EAAE,KAAK;YACZ,GAAG,EAAE,GAAG;SACR,CAAC;QAEF,OAAO,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,OAAO,KAAK,EAAE,MAAc,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QAChG,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACtC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,UAAU,EAChB,UAAU,CAAC,YAAY,GAAG,GAAG,GAAG,aAAa,CAAC,CAC9C,CAAC;QAEF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,OAAO,YAAY,GAAG,GAAG,GAAG,aAAa,GAAG,GAAG,GAAG,eAAe,CAAC;IACnE,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAgB,EAAE,YAAsB,EAAgB,EAAE;IACzG,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC;IAEtC,MAAM,IAAI,GAAG,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEhD,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAY,IAAI,IAAI,IAAI,IAAI,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAErG,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YACnD,CAAC,CAAC,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE1C,MAAM,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE9B,uEAAuE;QACvE,wEAAwE;QACxE,kBAAkB;QAClB,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,OAAO,CAAC;YACvB,QAAQ,GAAG,SAAS,CAAC;QACtB,CAAC;QAED,gDAAgD;QAChD,IAAI,SAA6B,CAAC;QAClC,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAErD,SAAS,GAAG,KAAK,CAAC;YAElB,wEAAwE;YACxE,4DAA4D;YAC5D,EAAE;YACF,0EAA0E;YAC1E,0EAA0E;YAC1E,wBAAwB;YACxB,EAAE;YACF,uEAAuE;YACvE,uEAAuE;YACvE,wEAAwE;YACxE,eAAe;YACf,EAAE;YACF,0EAA0E;YAC1E,kBAAkB;YAClB,gBAAgB,GAAG,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACR,iEAAiE;QAClE,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACtB,mDAAmD;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,SAAwB,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAEvC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YAE1C,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACnD,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnD,yEAAyE;gBACzE,gDAAgD;gBAEhD,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,4CAA4C;YAC5C,IAAI,CAAC;gBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACR,sBAAsB;YACvB,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClB,6DAA6D;gBAE7D,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,IAAI,KAAK,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;gBAC/D,2EAA2E;gBAC3E,wEAAwE;gBACxE,2EAA2E;gBAC3E,6EAA6E;gBAE7E,OAAO,YAAY,CAAC;YACrB,CAAC;QACF,CAAC;gBAAS,CAAC;YACV,oCAAoC;YACpC,IAAI,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvB,QAAQ,CAAC,OAAO,EAAE,CAAC;YACpB,CAAC;QACF,CAAC;QAED,yEAAyE;QACzE,yDAAyD;QACzD,CAAC;YACA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE3C,OAAO,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;IACF,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,QAAkB,EAAE,YAAsB,EAAoB,EAAE;IAClG,0DAA0D;IAC1D,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YACnD,CAAC;QACF,CAAC;IACF,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAC5F,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC3C,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACR,kEAAkE;gBAClE,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}
|
package/dist/utils/runtime.d.ts
CHANGED
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
export declare const encoder: TextEncoder;
|
|
2
1
|
export declare const locks: LockManager | undefined;
|
|
3
2
|
export declare const stringToSha256: (input: string) => Promise<string>;
|
|
4
|
-
export declare const randomBytes: (length: number) => string;
|
|
5
|
-
export declare const generateState: () => string;
|
|
6
3
|
export declare const generatePKCE: () => Promise<{
|
|
7
4
|
verifier: string;
|
|
8
5
|
challenge: string;
|
|
9
6
|
method: string;
|
|
10
7
|
}>;
|
|
11
|
-
export declare const generateJti: () => string;
|
package/dist/utils/runtime.js
CHANGED
|
@@ -1,35 +1,18 @@
|
|
|
1
|
+
import { nanoid } from 'nanoid';
|
|
1
2
|
import { toBase64Url } from '@atcute/multibase';
|
|
2
|
-
import { toSha256 } from '@atcute/uint8array';
|
|
3
|
-
export const encoder = new TextEncoder();
|
|
3
|
+
import { encodeUtf8, toSha256 } from '@atcute/uint8array';
|
|
4
4
|
export const locks = typeof navigator !== 'undefined' ? navigator.locks : undefined;
|
|
5
5
|
export const stringToSha256 = async (input) => {
|
|
6
|
-
const bytes =
|
|
6
|
+
const bytes = encodeUtf8(input);
|
|
7
7
|
const digest = await toSha256(bytes);
|
|
8
|
-
return toBase64Url(
|
|
9
|
-
};
|
|
10
|
-
export const randomBytes = (length) => {
|
|
11
|
-
return toBase64Url(crypto.getRandomValues(new Uint8Array(length)));
|
|
12
|
-
};
|
|
13
|
-
export const generateState = () => {
|
|
14
|
-
return randomBytes(16);
|
|
8
|
+
return toBase64Url(digest);
|
|
15
9
|
};
|
|
16
10
|
export const generatePKCE = async () => {
|
|
17
|
-
const verifier =
|
|
11
|
+
const verifier = nanoid(32);
|
|
18
12
|
return {
|
|
19
13
|
verifier: verifier,
|
|
20
14
|
challenge: await stringToSha256(verifier),
|
|
21
15
|
method: 'S256',
|
|
22
16
|
};
|
|
23
17
|
};
|
|
24
|
-
let lastTimestamp = 0;
|
|
25
|
-
let randomString;
|
|
26
|
-
export const generateJti = () => {
|
|
27
|
-
if (randomString === undefined) {
|
|
28
|
-
const random = crypto.getRandomValues(new BigUint64Array(1));
|
|
29
|
-
randomString = random[0].toString(36);
|
|
30
|
-
}
|
|
31
|
-
const timestamp = Math.max(Date.now() * 1_000, lastTimestamp);
|
|
32
|
-
lastTimestamp = timestamp + 1;
|
|
33
|
-
return `${timestamp.toString(36)}:${randomString}`;
|
|
34
|
-
};
|
|
35
18
|
//# sourceMappingURL=runtime.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../lib/utils/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../lib/utils/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,CAAC,MAAM,KAAK,GAA4B,OAAO,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAE7G,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,EAAE,KAAa,EAAmB,EAAE;IACtE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IAErC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,IAAsE,EAAE;IACxG,MAAM,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAE5B,OAAO;QACN,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM,cAAc,CAAC,QAAQ,CAAC;QACzC,MAAM,EAAE,MAAM;KACd,CAAC;AACH,CAAC,CAAC"}
|
package/lib/agents/exchange.ts
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
|
+
import { nanoid } from 'nanoid';
|
|
2
|
+
|
|
1
3
|
import { createES256Key } from '../dpop.js';
|
|
2
4
|
import { CLIENT_ID, database, REDIRECT_URI } from '../environment.js';
|
|
3
5
|
import { AuthorizationError, LoginError } from '../errors.js';
|
|
4
6
|
import type { IdentityMetadata } from '../types/identity.js';
|
|
5
7
|
import type { AuthorizationServerMetadata } from '../types/server.js';
|
|
6
8
|
import type { Session } from '../types/token.js';
|
|
7
|
-
import { generatePKCE
|
|
9
|
+
import { generatePKCE } from '../utils/runtime.js';
|
|
8
10
|
|
|
9
11
|
import { OAuthServerAgent } from './server-agent.js';
|
|
10
12
|
import { storeSession } from './sessions.js';
|
|
@@ -25,7 +27,7 @@ export const createAuthorizationUrl = async ({
|
|
|
25
27
|
identity,
|
|
26
28
|
scope,
|
|
27
29
|
}: AuthorizeOptions): Promise<URL> => {
|
|
28
|
-
const state =
|
|
30
|
+
const state = nanoid(16);
|
|
29
31
|
|
|
30
32
|
const pkce = await generatePKCE();
|
|
31
33
|
const dpopKey = await createES256Key();
|
package/lib/dpop.ts
CHANGED
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { fromBase64Url, toBase64Url } from '@atcute/multibase';
|
|
2
|
+
import { encodeUtf8 } from '@atcute/uint8array';
|
|
3
|
+
|
|
4
|
+
import { nanoid } from 'nanoid';
|
|
2
5
|
|
|
3
6
|
import { database } from './environment.js';
|
|
4
7
|
import type { DPoPKey } from './types/dpop.js';
|
|
5
8
|
import { extractContentType } from './utils/response.js';
|
|
6
|
-
import {
|
|
9
|
+
import { stringToSha256 } from './utils/runtime.js';
|
|
7
10
|
|
|
8
11
|
const ES256_ALG = { name: 'ECDSA', namedCurve: 'P-256' } as const;
|
|
9
12
|
|
|
@@ -16,7 +19,7 @@ export const createES256Key = async (): Promise<DPoPKey> => {
|
|
|
16
19
|
return {
|
|
17
20
|
typ: 'ES256',
|
|
18
21
|
key: toBase64Url(new Uint8Array(key)),
|
|
19
|
-
jwt: toBase64Url(
|
|
22
|
+
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
20
23
|
};
|
|
21
24
|
};
|
|
22
25
|
|
|
@@ -33,14 +36,14 @@ export const createDPoPSignage = (issuer: string, dpopKey: DPoPKey) => {
|
|
|
33
36
|
const payload = {
|
|
34
37
|
iss: issuer,
|
|
35
38
|
iat: Math.floor(Date.now() / 1_000),
|
|
36
|
-
jti:
|
|
39
|
+
jti: nanoid(24),
|
|
37
40
|
htm: method,
|
|
38
41
|
htu: htu,
|
|
39
42
|
nonce: nonce,
|
|
40
43
|
ath: ath,
|
|
41
44
|
};
|
|
42
45
|
|
|
43
|
-
return toBase64Url(
|
|
46
|
+
return toBase64Url(encodeUtf8(JSON.stringify(payload)));
|
|
44
47
|
};
|
|
45
48
|
|
|
46
49
|
return async (method: string, htu: string, nonce: string | undefined, ath: string | undefined) => {
|
|
@@ -49,7 +52,7 @@ export const createDPoPSignage = (issuer: string, dpopKey: DPoPKey) => {
|
|
|
49
52
|
const signed = await crypto.subtle.sign(
|
|
50
53
|
{ name: 'ECDSA', hash: { name: 'SHA-256' } },
|
|
51
54
|
await keyPromise,
|
|
52
|
-
|
|
55
|
+
encodeUtf8(headerString + '.' + payloadString),
|
|
53
56
|
);
|
|
54
57
|
|
|
55
58
|
const signatureString = toBase64Url(new Uint8Array(signed));
|
package/lib/utils/runtime.ts
CHANGED
|
@@ -1,27 +1,19 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { toSha256 } from '@atcute/uint8array';
|
|
1
|
+
import { nanoid } from 'nanoid';
|
|
3
2
|
|
|
4
|
-
|
|
3
|
+
import { toBase64Url } from '@atcute/multibase';
|
|
4
|
+
import { encodeUtf8, toSha256 } from '@atcute/uint8array';
|
|
5
5
|
|
|
6
6
|
export const locks: LockManager | undefined = typeof navigator !== 'undefined' ? navigator.locks : undefined;
|
|
7
7
|
|
|
8
8
|
export const stringToSha256 = async (input: string): Promise<string> => {
|
|
9
|
-
const bytes =
|
|
9
|
+
const bytes = encodeUtf8(input);
|
|
10
10
|
const digest = await toSha256(bytes);
|
|
11
11
|
|
|
12
|
-
return toBase64Url(
|
|
13
|
-
};
|
|
14
|
-
|
|
15
|
-
export const randomBytes = (length: number): string => {
|
|
16
|
-
return toBase64Url(crypto.getRandomValues(new Uint8Array(length)));
|
|
17
|
-
};
|
|
18
|
-
|
|
19
|
-
export const generateState = (): string => {
|
|
20
|
-
return randomBytes(16);
|
|
12
|
+
return toBase64Url(digest);
|
|
21
13
|
};
|
|
22
14
|
|
|
23
15
|
export const generatePKCE = async (): Promise<{ verifier: string; challenge: string; method: string }> => {
|
|
24
|
-
const verifier =
|
|
16
|
+
const verifier = nanoid(32);
|
|
25
17
|
|
|
26
18
|
return {
|
|
27
19
|
verifier: verifier,
|
|
@@ -29,17 +21,3 @@ export const generatePKCE = async (): Promise<{ verifier: string; challenge: str
|
|
|
29
21
|
method: 'S256',
|
|
30
22
|
};
|
|
31
23
|
};
|
|
32
|
-
|
|
33
|
-
let lastTimestamp = 0;
|
|
34
|
-
let randomString: string | undefined;
|
|
35
|
-
export const generateJti = (): string => {
|
|
36
|
-
if (randomString === undefined) {
|
|
37
|
-
const random = crypto.getRandomValues(new BigUint64Array(1));
|
|
38
|
-
randomString = random[0].toString(36);
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
const timestamp = Math.max(Date.now() * 1_000, lastTimestamp);
|
|
42
|
-
lastTimestamp = timestamp + 1;
|
|
43
|
-
|
|
44
|
-
return `${timestamp.toString(36)}:${randomString}`;
|
|
45
|
-
};
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"type": "module",
|
|
3
3
|
"name": "@atcute/oauth-browser-client",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.24",
|
|
5
5
|
"description": "minimal OAuth browser client implementation for AT Protocol",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"repository": {
|
|
@@ -19,14 +19,15 @@
|
|
|
19
19
|
},
|
|
20
20
|
"sideEffects": false,
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"
|
|
22
|
+
"nanoid": "^5.1.5",
|
|
23
23
|
"@atcute/identity": "^1.0.2",
|
|
24
|
-
"@atcute/lexicons": "^1.0.
|
|
25
|
-
"@atcute/
|
|
26
|
-
"@atcute/uint8array": "^1.0.
|
|
24
|
+
"@atcute/lexicons": "^1.0.4",
|
|
25
|
+
"@atcute/client": "^4.0.3",
|
|
26
|
+
"@atcute/uint8array": "^1.0.3",
|
|
27
|
+
"@atcute/multibase": "^1.1.4"
|
|
27
28
|
},
|
|
28
29
|
"devDependencies": {
|
|
29
|
-
"@atcute/atproto": "^3.0.
|
|
30
|
+
"@atcute/atproto": "^3.0.3"
|
|
30
31
|
},
|
|
31
32
|
"scripts": {
|
|
32
33
|
"build": "tsc --project tsconfig.build.json",
|