@atcute/oauth-browser-client 1.0.25 → 2.0.0-next.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +12 -15
- package/README.md +35 -222
- package/dist/agents/exchange.d.ts +10 -5
- package/dist/agents/exchange.js +13 -1
- package/dist/agents/exchange.js.map +1 -1
- package/dist/agents/server-agent.js +3 -3
- package/dist/agents/server-agent.js.map +1 -1
- package/dist/agents/sessions.js.map +1 -1
- package/dist/agents/user-agent.js +1 -2
- package/dist/agents/user-agent.js.map +1 -1
- package/dist/dpop.d.ts +2 -2
- package/dist/dpop.js +20 -10
- package/dist/dpop.js.map +1 -1
- package/dist/environment.d.ts +9 -2
- package/dist/environment.js +3 -0
- package/dist/environment.js.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/resolvers.d.ts +3 -45
- package/dist/resolvers.js +36 -118
- package/dist/resolvers.js.map +1 -1
- package/lib/agents/exchange.ts +22 -7
- package/lib/agents/server-agent.ts +3 -3
- package/lib/agents/sessions.ts +5 -5
- package/lib/agents/user-agent.ts +1 -2
- package/lib/dpop.ts +30 -18
- package/lib/environment.ts +14 -2
- package/lib/index.ts +0 -1
- package/lib/resolvers.ts +42 -139
- package/package.json +6 -5
package/LICENSE
CHANGED
|
@@ -1,17 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
3
|
-
in the Software without restriction, including without limitation the rights
|
|
4
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
5
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
6
|
-
furnished to do so, subject to the following conditions:
|
|
1
|
+
BSD Zero Clause License
|
|
7
2
|
|
|
8
|
-
|
|
9
|
-
copies or substantial portions of the Software.
|
|
3
|
+
Copyright (c) 2025 Mary
|
|
10
4
|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
5
|
+
Permission to use, copy, modify, and/or distribute this software for any
|
|
6
|
+
purpose with or without fee is hereby granted.
|
|
7
|
+
|
|
8
|
+
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
|
|
9
|
+
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
10
|
+
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
11
|
+
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
12
|
+
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
|
|
13
|
+
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
14
|
+
PERFORMANCE OF THIS SOFTWARE.
|
package/README.md
CHANGED
|
@@ -18,60 +18,56 @@ minimal OAuth browser client implementation for AT Protocol.
|
|
|
18
18
|
|
|
19
19
|
### setup
|
|
20
20
|
|
|
21
|
-
initialize the client by importing and calling `configureOAuth` with the client ID and redirect URL
|
|
22
|
-
|
|
21
|
+
initialize the client by importing and calling `configureOAuth` with the client ID and redirect URL,
|
|
22
|
+
along with the resolvers that will be used to resolve and verify account details. this call should
|
|
23
|
+
be placed before any other calls you make with this library.
|
|
23
24
|
|
|
24
25
|
```ts
|
|
25
26
|
import { configureOAuth } from '@atcute/oauth-browser-client';
|
|
26
27
|
|
|
28
|
+
import {
|
|
29
|
+
CompositeDidDocumentResolver,
|
|
30
|
+
PlcDidDocumentResolver,
|
|
31
|
+
WebDidDocumentResolver,
|
|
32
|
+
XrpcHandleResolver,
|
|
33
|
+
} from '@atcute/identity-resolver';
|
|
34
|
+
|
|
27
35
|
configureOAuth({
|
|
28
36
|
metadata: {
|
|
29
|
-
client_id: 'https://example.com/oauth
|
|
37
|
+
client_id: 'https://example.com/oauth-client-metadata.json',
|
|
30
38
|
redirect_uri: 'https://example.com/oauth/callback',
|
|
31
39
|
},
|
|
40
|
+
|
|
41
|
+
// AT Protocol handles resolve via DNS TXT record or HTTP well-known endpoints.
|
|
42
|
+
// since web apps lack direct DNS access and face CORS restrictions, we're using
|
|
43
|
+
// Bluesky's AppView for this example.
|
|
44
|
+
//
|
|
45
|
+
// NOTE: Bluesky may log handle resolutions and requester info per their privacy
|
|
46
|
+
// policy. consider the privacy implications of this arrangement and change this
|
|
47
|
+
// setup if unsuitable for your use case.
|
|
48
|
+
handleResolver: new XrpcHandleResolver({ serviceUrl: 'https://public.api.bsky.app' }),
|
|
49
|
+
|
|
50
|
+
didDocumentResolver: new CompositeDidDocumentResolver({
|
|
51
|
+
methods: {
|
|
52
|
+
plc: new PlcDidDocumentResolver(),
|
|
53
|
+
web: new WebDidDocumentResolver(),
|
|
54
|
+
},
|
|
55
|
+
}),
|
|
32
56
|
});
|
|
33
57
|
```
|
|
34
58
|
|
|
35
59
|
### starting an authorization flow
|
|
36
60
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
>
|
|
41
|
-
> while Bluesky has a declared privacy policy, both developers and users need to be informed and
|
|
42
|
-
> aware of the privacy implications of this arrangement. read [this guide](#doing-handle-resolution)
|
|
43
|
-
> on how you can implement your own resolution code.
|
|
44
|
-
|
|
45
|
-
if your application involves asking for the user's handle or DID, you can use `resolveFromIdentity`
|
|
46
|
-
which resolves the user's identity to get its PDS, and the metadata of its authorization server.
|
|
47
|
-
|
|
48
|
-
```ts
|
|
49
|
-
import { resolveFromIdentity } from '@atcute/oauth-browser-client';
|
|
50
|
-
|
|
51
|
-
const { identity, metadata } = await resolveFromIdentity('mary.my.id');
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
alternatively, if it involves asking for the user's PDS, then you can use `resolveFromService` which
|
|
55
|
-
just grabs the authorization server metadata.
|
|
56
|
-
|
|
57
|
-
```ts
|
|
58
|
-
import { resolveFromService } from '@atcute/oauth-browser-client';
|
|
59
|
-
|
|
60
|
-
const { metadata } = await resolveFromService('bsky.social');
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
we can then proceed with authorization by calling `createAuthorizationUrl` with the resolved
|
|
64
|
-
`metadata` (and `identity`, if using `resolveFromIdentity`) along with the scope of the
|
|
65
|
-
authorization, which should either match the one in your client metadata, or a reduced set of it.
|
|
61
|
+
we can start authorization by calling `createAuthorizationUrl` with the intended account's
|
|
62
|
+
identifier or service along with the scope of the authorization, which should either match the one
|
|
63
|
+
in your client metadata, or a reduced set of it.
|
|
66
64
|
|
|
67
65
|
```ts
|
|
68
66
|
import { createAuthorizationUrl } from '@atcute/oauth-browser-client';
|
|
69
67
|
|
|
70
|
-
// passing `identity` is optional,
|
|
71
|
-
// it allows for the login form to be autofilled with the user's handle or DID
|
|
72
68
|
const authUrl = await createAuthorizationUrl({
|
|
73
|
-
|
|
74
|
-
|
|
69
|
+
target: { type: 'account', identifier: 'mary.my.id' },
|
|
70
|
+
// or { type: 'pds', serviceUrl: 'https://bsky.social' }
|
|
75
71
|
scope: 'atproto transition:generic transition:chat.bsky',
|
|
76
72
|
});
|
|
77
73
|
|
|
@@ -203,7 +199,7 @@ adding a plugin that'll inject the necessary values for you through environment
|
|
|
203
199
|
|
|
204
200
|
```ts
|
|
205
201
|
/// vite.config.ts
|
|
206
|
-
import metadata from './public/oauth
|
|
202
|
+
import metadata from './public/oauth-client-metadata.json' with { type: 'json' };
|
|
207
203
|
|
|
208
204
|
export default defineConfig({
|
|
209
205
|
// ...
|
|
@@ -265,198 +261,15 @@ configureOAuth({
|
|
|
265
261
|
client_id: import.meta.env.VITE_OAUTH_CLIENT_ID,
|
|
266
262
|
redirect_uri: import.meta.env.VITE_OAUTH_REDIRECT_URI,
|
|
267
263
|
},
|
|
264
|
+
// ...
|
|
268
265
|
});
|
|
269
266
|
|
|
270
267
|
// ... later during sign-in process
|
|
271
268
|
const authUrl = await createAuthorizationUrl({
|
|
272
|
-
|
|
273
|
-
identity: identity,
|
|
269
|
+
// ...
|
|
274
270
|
scope: import.meta.env.VITE_OAUTH_SCOPE,
|
|
275
271
|
});
|
|
276
272
|
```
|
|
277
273
|
|
|
278
274
|
adjust the code here as necessary, the plugin adds more environment variables than what is actually
|
|
279
275
|
needed, you can remove them if you don't think you'd need it.
|
|
280
|
-
|
|
281
|
-
### doing handle resolution
|
|
282
|
-
|
|
283
|
-
there are two ways that a handle can be verified:
|
|
284
|
-
|
|
285
|
-
1. HTTP verification: there is a file at `/.well-known/atproto-did` containing your account's DID
|
|
286
|
-
2. DNS verification: there is an `_atproto` TXT record containing your account's DID
|
|
287
|
-
|
|
288
|
-
you'd want to resolve both of these. if both methods return a response but does not match each other
|
|
289
|
-
then it should ideally be thrown.
|
|
290
|
-
|
|
291
|
-
verify that the DID matches the intended format
|
|
292
|
-
|
|
293
|
-
```ts
|
|
294
|
-
const isDid = (did: string): did is At.DID => {
|
|
295
|
-
return /^did:([a-z]+):([a-zA-Z0-9._:%-]*[a-zA-Z0-9._-])$/.test(did);
|
|
296
|
-
};
|
|
297
|
-
```
|
|
298
|
-
|
|
299
|
-
pass this resolved DID to `resolveFromIdentity`, and carry on as per usual.
|
|
300
|
-
|
|
301
|
-
#### HTTP handle resolution
|
|
302
|
-
|
|
303
|
-
this is very straightforward, make a request to `https://<handle>/.well-known/atproto-did` without
|
|
304
|
-
following redirects. check if the response status is 200 and trim off any excess whitespaces.
|
|
305
|
-
|
|
306
|
-
some web servers might not set a permissible CORS header to access this resource, in which case
|
|
307
|
-
there is nothing that can be done, unless you'd want to proxy the requests.
|
|
308
|
-
|
|
309
|
-
```ts
|
|
310
|
-
const resolveHandleViaHttp = async (handle: string): Promise<At.DID> => {
|
|
311
|
-
const url = new URL('/.well-known/atproto-did', `https://${handle}`);
|
|
312
|
-
|
|
313
|
-
const response = await fetch(url, { redirect: 'error' });
|
|
314
|
-
if (!response.ok) {
|
|
315
|
-
throw new ResolverError(`domain is unreachable`);
|
|
316
|
-
}
|
|
317
|
-
|
|
318
|
-
const text = await response.text();
|
|
319
|
-
|
|
320
|
-
const did = text.split('\n')[0]!.trim();
|
|
321
|
-
if (isDid(did)) {
|
|
322
|
-
return did;
|
|
323
|
-
}
|
|
324
|
-
|
|
325
|
-
throw new ResolverError(`failed to resolve ${handle}`);
|
|
326
|
-
};
|
|
327
|
-
```
|
|
328
|
-
|
|
329
|
-
#### DNS handle resolution
|
|
330
|
-
|
|
331
|
-
as websites can't do DNS resolution on their own, we'd have to rely on DNS-over-HTTPS (DoH)
|
|
332
|
-
services. it should be noted that this _can_ have privacy implications of its own, please read
|
|
333
|
-
through the privacy policy of whichever DoH service you end up using and make the user aware of it
|
|
334
|
-
as well.
|
|
335
|
-
|
|
336
|
-
for this example, we'll be using Cloudflare's DoH resolver for Firefox ([privacy
|
|
337
|
-
policy][cf-resolver-firefox-privacy]) as it has support for `application/dns-json` format which
|
|
338
|
-
allows us to query and see the responses in JSON.
|
|
339
|
-
|
|
340
|
-
```ts
|
|
341
|
-
const SUBDOMAIN = '_atproto';
|
|
342
|
-
const PREFIX = 'did=';
|
|
343
|
-
|
|
344
|
-
const resolveHandleViaDoH = async (handle: string): Promise<At.DID> => {
|
|
345
|
-
const url = new URL('https://mozilla.cloudflare-dns.com/dns-query');
|
|
346
|
-
url.searchParams.set('type', 'TXT');
|
|
347
|
-
url.searchParams.set('name', `${SUBDOMAIN}.${handle}`);
|
|
348
|
-
|
|
349
|
-
const response = await fetch(url, {
|
|
350
|
-
method: 'GET',
|
|
351
|
-
headers: { accept: 'application/dns-json' },
|
|
352
|
-
redirect: 'follow',
|
|
353
|
-
});
|
|
354
|
-
|
|
355
|
-
const type = response.headers.get('content-type')?.trim();
|
|
356
|
-
if (!response.ok) {
|
|
357
|
-
const message = type?.startsWith('text/plain')
|
|
358
|
-
? await response.text()
|
|
359
|
-
: `failed to resolve ${handle}`;
|
|
360
|
-
|
|
361
|
-
throw new ResolverError(message);
|
|
362
|
-
}
|
|
363
|
-
|
|
364
|
-
if (type !== 'application/dns-json') {
|
|
365
|
-
throw new ResolverError(`unexpected response from DoH server`);
|
|
366
|
-
}
|
|
367
|
-
|
|
368
|
-
const result = asResult(await response.json());
|
|
369
|
-
const answers = result.Answer?.filter(isAnswerTxt).map(extractTxtData) ?? [];
|
|
370
|
-
|
|
371
|
-
for (let i = 0; i < answers.length; i++) {
|
|
372
|
-
// skip if the line does not start with "did="
|
|
373
|
-
if (!answers[i].startsWith(PREFIX)) {
|
|
374
|
-
continue;
|
|
375
|
-
}
|
|
376
|
-
|
|
377
|
-
// ensure there is no other entry starting with "did="
|
|
378
|
-
for (let j = i + 1; j < answers.length; j++) {
|
|
379
|
-
if (answers[j].startsWith(PREFIX)) {
|
|
380
|
-
throw new ResolverError(`handle returned multiple did values`);
|
|
381
|
-
}
|
|
382
|
-
}
|
|
383
|
-
|
|
384
|
-
const did = answers[i].slice(PREFIX.length);
|
|
385
|
-
if (isDid(did)) {
|
|
386
|
-
return did;
|
|
387
|
-
}
|
|
388
|
-
|
|
389
|
-
break;
|
|
390
|
-
}
|
|
391
|
-
|
|
392
|
-
throw new ResolverError(`failed to resolve ${handle}`);
|
|
393
|
-
};
|
|
394
|
-
|
|
395
|
-
type Result = { Status: number; Answer?: Answer[] };
|
|
396
|
-
const isResult = (result: unknown): result is Result => {
|
|
397
|
-
if (result === null || typeof result !== 'object') {
|
|
398
|
-
return false;
|
|
399
|
-
}
|
|
400
|
-
|
|
401
|
-
return (
|
|
402
|
-
'Status' in result &&
|
|
403
|
-
typeof result.Status === 'number' &&
|
|
404
|
-
(!('Answer' in result) || (Array.isArray(result.Answer) && result.Answer.every(isAnswer)))
|
|
405
|
-
);
|
|
406
|
-
};
|
|
407
|
-
const asResult = (result: unknown): Result => {
|
|
408
|
-
if (!isResult(result)) {
|
|
409
|
-
throw new TypeError(`unexpected DoH response`);
|
|
410
|
-
}
|
|
411
|
-
|
|
412
|
-
return result;
|
|
413
|
-
};
|
|
414
|
-
|
|
415
|
-
type Answer = { name: string; type: number; data: string; TTL: number };
|
|
416
|
-
const isAnswer = (answer: unknown): answer is Answer => {
|
|
417
|
-
if (answer === null || typeof answer !== 'object') {
|
|
418
|
-
return false;
|
|
419
|
-
}
|
|
420
|
-
|
|
421
|
-
return (
|
|
422
|
-
'name' in answer &&
|
|
423
|
-
typeof answer.name === 'string' &&
|
|
424
|
-
'type' in answer &&
|
|
425
|
-
typeof answer.type === 'number' &&
|
|
426
|
-
'data' in answer &&
|
|
427
|
-
typeof answer.data === 'string' &&
|
|
428
|
-
'TTL' in answer &&
|
|
429
|
-
typeof answer.TTL === 'number'
|
|
430
|
-
);
|
|
431
|
-
};
|
|
432
|
-
|
|
433
|
-
type AnswerTxt = Answer & { type: 16 };
|
|
434
|
-
const isAnswerTxt = (answer: Answer): answer is AnswerTxt => {
|
|
435
|
-
return answer.type === 16;
|
|
436
|
-
};
|
|
437
|
-
|
|
438
|
-
const extractTxtData = (answer: AnswerTxt): string => {
|
|
439
|
-
return answer.data.replace(/^"|"$/g, '').replace(/\\"/g, '"');
|
|
440
|
-
};
|
|
441
|
-
```
|
|
442
|
-
|
|
443
|
-
[cf-resolver-firefox-privacy]:
|
|
444
|
-
https://developers.cloudflare.com/1.1.1.1/privacy/cloudflare-resolver-firefox/
|
|
445
|
-
|
|
446
|
-
#### using your PDS for handle resolution
|
|
447
|
-
|
|
448
|
-
alternatively, if you operate your own PDS, you can make use of it as a handle resolver.
|
|
449
|
-
|
|
450
|
-
```ts
|
|
451
|
-
const resolveHandleViaPds = async (handle: string): Promise<At.DID> => {
|
|
452
|
-
const rpc = new XRPC({ handler: simpleFetchHandler({ service: `https://my-pds.example.com` }) });
|
|
453
|
-
|
|
454
|
-
const { data } = await rpc.get('com.atproto.identity.resolveHandle', {
|
|
455
|
-
params: {
|
|
456
|
-
handle: handle,
|
|
457
|
-
},
|
|
458
|
-
});
|
|
459
|
-
|
|
460
|
-
return data.did;
|
|
461
|
-
};
|
|
462
|
-
```
|
|
@@ -1,9 +1,14 @@
|
|
|
1
|
-
import type {
|
|
2
|
-
import type { AuthorizationServerMetadata } from '../types/server.js';
|
|
1
|
+
import type { ActorIdentifier } from '@atcute/lexicons';
|
|
3
2
|
import type { Session } from '../types/token.js';
|
|
3
|
+
export type AuthorizeTargetOptions = {
|
|
4
|
+
type: 'account';
|
|
5
|
+
identifier: ActorIdentifier;
|
|
6
|
+
} | {
|
|
7
|
+
type: 'pds';
|
|
8
|
+
serviceUrl: string;
|
|
9
|
+
};
|
|
4
10
|
export interface AuthorizeOptions {
|
|
5
|
-
|
|
6
|
-
identity?: IdentityMetadata;
|
|
11
|
+
target: AuthorizeTargetOptions;
|
|
7
12
|
scope: string;
|
|
8
13
|
}
|
|
9
14
|
/**
|
|
@@ -11,7 +16,7 @@ export interface AuthorizeOptions {
|
|
|
11
16
|
* @param options
|
|
12
17
|
* @returns URL to redirect the user for authorization
|
|
13
18
|
*/
|
|
14
|
-
export declare const createAuthorizationUrl: ({
|
|
19
|
+
export declare const createAuthorizationUrl: ({ target, scope }: AuthorizeOptions) => Promise<URL>;
|
|
15
20
|
/**
|
|
16
21
|
* Finalize authorization
|
|
17
22
|
* @param params Search params
|
package/dist/agents/exchange.js
CHANGED
|
@@ -3,6 +3,7 @@ import { createES256Key } from '../dpop.js';
|
|
|
3
3
|
import { CLIENT_ID, database, REDIRECT_URI } from '../environment.js';
|
|
4
4
|
import { AuthorizationError, LoginError } from '../errors.js';
|
|
5
5
|
import { generatePKCE } from '../utils/runtime.js';
|
|
6
|
+
import { resolveFromIdentifier, resolveFromService } from '../resolvers.js';
|
|
6
7
|
import { OAuthServerAgent } from './server-agent.js';
|
|
7
8
|
import { storeSession } from './sessions.js';
|
|
8
9
|
/**
|
|
@@ -10,7 +11,18 @@ import { storeSession } from './sessions.js';
|
|
|
10
11
|
* @param options
|
|
11
12
|
* @returns URL to redirect the user for authorization
|
|
12
13
|
*/
|
|
13
|
-
export const createAuthorizationUrl = async ({
|
|
14
|
+
export const createAuthorizationUrl = async ({ target, scope }) => {
|
|
15
|
+
let resolved;
|
|
16
|
+
switch (target.type) {
|
|
17
|
+
case 'account': {
|
|
18
|
+
resolved = await resolveFromIdentifier(target.identifier);
|
|
19
|
+
break;
|
|
20
|
+
}
|
|
21
|
+
case 'pds': {
|
|
22
|
+
resolved = await resolveFromService(target.serviceUrl);
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
const { identity, metadata } = resolved;
|
|
14
26
|
const state = nanoid(24);
|
|
15
27
|
const pkce = await generatePKCE();
|
|
16
28
|
const dpopKey = await createES256Key();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAW7C;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAoB,EAAgB,EAAE;IACjG,IAAI,QAAgF,CAAC;IACrF,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,SAAS,CAAC,CAAC,CAAC;YAChB,QAAQ,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1D,MAAM;QACP,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACZ,QAAQ,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACxD,CAAC;IACF,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;IAExC,MAAM,KAAK,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAEzB,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG;QACd,YAAY,EAAE,YAAY;QAC1B,cAAc,EAAE,IAAI,CAAC,SAAS;QAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;QAClC,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,QAAQ,EAAE,GAAG;QACzB,aAAa,EAAE,UAAU;QACzB,aAAa,EAAE,MAAM;QACrB,OAAO,EAAE,MAAM;QACf,4BAA4B;QAC5B,sBAAsB;QACtB,qBAAqB;QACrB,KAAK,EAAE,KAAK;QACZ,yBAAyB;KACoB,CAAC;IAE/C,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE;QAC1B,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACvB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;IAE9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAuB,EAAE,EAAE;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAElC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACZ,kCAAkC;QAClC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAEjC,IAAI,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,0BAA0B,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzE,kBAAkB;IAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACrB,MAAM,OAAO,GAAY,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAElD,MAAM,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAEjC,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { createDPoPFetch } from '../dpop.js';
|
|
2
2
|
import { CLIENT_ID, REDIRECT_URI } from '../environment.js';
|
|
3
3
|
import { FetchResponseError, OAuthResponseError, TokenRefreshError } from '../errors.js';
|
|
4
|
-
import {
|
|
4
|
+
import { resolveFromIdentifier } from '../resolvers.js';
|
|
5
5
|
import { pick } from '../utils/misc.js';
|
|
6
6
|
import { extractContentType } from '../utils/response.js';
|
|
7
7
|
export class OAuthServerAgent {
|
|
@@ -9,7 +9,7 @@ export class OAuthServerAgent {
|
|
|
9
9
|
#metadata;
|
|
10
10
|
constructor(metadata, dpopKey) {
|
|
11
11
|
this.#metadata = metadata;
|
|
12
|
-
this.#fetch = createDPoPFetch(
|
|
12
|
+
this.#fetch = createDPoPFetch(dpopKey, true);
|
|
13
13
|
}
|
|
14
14
|
async request(endpoint, payload) {
|
|
15
15
|
const url = this.#metadata[`${endpoint}_endpoint`];
|
|
@@ -96,7 +96,7 @@ export class OAuthServerAgent {
|
|
|
96
96
|
throw new TypeError(`missing sub field in token response`);
|
|
97
97
|
}
|
|
98
98
|
const token = this.#processTokenResponse(res);
|
|
99
|
-
const resolved = await
|
|
99
|
+
const resolved = await resolveFromIdentifier(sub);
|
|
100
100
|
if (resolved.metadata.issuer !== this.#metadata.issuer) {
|
|
101
101
|
throw new TypeError(`issuer mismatch; got ${resolved.metadata.issuer}`);
|
|
102
102
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-agent.js","sourceRoot":"","sources":["../../lib/agents/server-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACzF,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"server-agent.js","sourceRoot":"","sources":["../../lib/agents/server-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACzF,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAKxD,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,OAAO,gBAAgB;IAC5B,MAAM,CAAe;IACrB,SAAS,CAAuC;IAEhD,YAAY,QAA8C,EAAE,OAAgB;QAC3E,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IASD,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,OAAgC;QAC/D,MAAM,GAAG,GAAwB,IAAI,CAAC,SAAiB,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAC;QAChF,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;SAC1D,CAAC,CAAC;QAEH,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACjE,MAAM,IAAI,kBAAkB,CAAC,QAAQ,EAAE,CAAC,EAAE,yBAAyB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACb,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;IACF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACzB,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACX,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAiB;QACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAC5C,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,YAAY;YAC1B,IAAI,EAAE,IAAI;YACV,aAAa,EAAE,QAAQ;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YACzC,MAAM,GAAG,CAAC;QACX,CAAC;IACF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAkC;QAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAC5C,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,KAAK,CAAC,OAAO;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACJ,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAC1B,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,uCAAuC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEzC,MAAM,GAAG,CAAC;QACX,CAAC;IACF,CAAC;IAED,qBAAqB,CAAC,GAAuB;QAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,GAAG,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAC;QACjE,CAAC;QAED,OAAO;YACN,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,OAAO,EAAE,GAAG,CAAC,aAAa;YAC1B,MAAM,EAAE,GAAG,CAAC,YAAY;YACxB,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,UAAU,EAAE,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS;SAChG,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,GAAuB;QACrD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,GAAU,CAAC,CAAC;QAEzD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACxD,MAAM,IAAI,SAAS,CAAC,wBAAwB,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE;gBACL,GAAG,EAAE,GAAU;gBACf,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI;gBAC/B,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE;oBAC/B,QAAQ;oBACR,wBAAwB;oBACxB,wBAAwB;oBACxB,uCAAuC;oBACvC,qBAAqB;oBACrB,gBAAgB;iBAChB,CAAC;aACF;SACD,CAAC;IACH,CAAC;CACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../lib/agents/sessions.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AASrD,MAAM,OAAO,GAAG,IAAI,GAAG,
|
|
1
|
+
{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../lib/agents/sessions.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AASrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;AAE9D,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,GAAQ,EAAE,OAA2B,EAAoB,EAAE;IAC3F,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAElC,IAAI,WAAW,GAAG,aAAa,CAAC;IAChC,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,WAAW,GAAG,WAAW,CAAC;IAC3B,CAAC;SAAM,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QAChC,WAAW,GAAG,UAAU,CAAC;IAC1B,CAAC;IAED,qEAAqE;IACrE,4EAA4E;IAC5E,uEAAuE;IACvE,iEAAiE;IACjE,4EAA4E;IAC5E,cAAc;IACd,IAAI,qBAAgE,CAAC;IACrE,OAAO,CAAC,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,CAAC;YAEvD,IAAI,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,mEAAmE;YACnE,4BAA4B;QAC7B,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,IAAmC,EAAE;QACrD,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEjD,IAAI,aAAa,IAAI,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;YACjD,iEAAiE;YACjE,gEAAgE;YAChE,sEAAsE;YACtE,8DAA8D;YAC9D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAE1D,MAAM,YAAY,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAC7C,CAAC,CAAC;IAEF,IAAI,OAAsC,CAAC;IAE3C,IAAI,KAAK,EAAE,CAAC;QACX,OAAO,GAAG,KAAK,CAAC,OAAO,CAAuB,gBAAgB,GAAG,EAAE,EAAE,GAAU,CAAC,CAAC;IAClF,CAAC;SAAM,CAAC;QACP,OAAO,GAAG,GAAG,EAAE,CAAC;IACjB,CAAC;IAED,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,kEAAkE;QAClE,mEAAmE;QACnE,sEAAsE;QACtE,6CAA6C;QAC7C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAE1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,OAAO,CAAC;IAChC,OAAO,KAAK,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAQ,EAAE,UAAmB,EAAiB,EAAE;IAClF,IAAI,CAAC;QACJ,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,MAAM,cAAc,CAAC,UAAU,CAAC,CAAC;QACjC,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAQ,EAAE;IACrD,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAU,EAAE;IAC7C,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC;AAC9B,MAAM,WAAW,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC;AAEhC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAQ,EAAE,aAAkC,EAAoB,EAAE;IAC7F,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE1D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;YACpG,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,KAAK,CAAC;IACb,CAAC;AACF,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAW,EAAE,EAAE;IAClE,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,EAAE,KAAK,EAAW,EAAW,EAAE;IACrD,MAAM,OAAO,GAAG,KAAK,CAAC,UAAU,CAAC;IACjC,OAAO,OAAO,IAAI,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,IAAI,OAAO,CAAC;AAC1D,CAAC,CAAC"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { createDPoPFetch } from '../dpop.js';
|
|
2
|
-
import { CLIENT_ID } from '../environment.js';
|
|
3
2
|
import { OAuthServerAgent } from './server-agent.js';
|
|
4
3
|
import { deleteStoredSession, getSession } from './sessions.js';
|
|
5
4
|
export class OAuthUserAgent {
|
|
@@ -8,7 +7,7 @@ export class OAuthUserAgent {
|
|
|
8
7
|
#getSessionPromise;
|
|
9
8
|
constructor(session) {
|
|
10
9
|
this.session = session;
|
|
11
|
-
this.#fetch = createDPoPFetch(
|
|
10
|
+
this.#fetch = createDPoPFetch(session.dpopKey, false);
|
|
12
11
|
}
|
|
13
12
|
get sub() {
|
|
14
13
|
return this.session.info.sub;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAA0B,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAExF,MAAM,OAAO,cAAc;IAIP;IAHnB,MAAM,CAAe;IACrB,kBAAkB,CAA+B;IAEjD,YAAmB,OAAgB;QAAhB,YAAO,GAAP,OAAO,CAAS;QAClC,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,GAAG;QACN,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,OAA2B;QACrC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE3D,OAAO;aACL,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACxB,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACb,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;QACrC,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACZ,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAElC,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAE1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACV,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAkB;QAChD,MAAM,IAAI,CAAC,kBAAkB,CAAC;QAE9B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE3C,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC3B,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACJ,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACP,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC1C,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACrD,CAAC;CACD;AAED,MAAM,sBAAsB,GAAG,CAAC,QAAkB,EAAE,EAAE;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAEtD,OAAO,CACN,IAAI,IAAI,IAAI;QACZ,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CACtC,CAAC;AACH,CAAC,CAAC"}
|
package/dist/dpop.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import type { DPoPKey } from './types/dpop.js';
|
|
2
2
|
export declare const createES256Key: () => Promise<DPoPKey>;
|
|
3
|
-
export declare const createDPoPSignage: (
|
|
4
|
-
export declare const createDPoPFetch: (
|
|
3
|
+
export declare const createDPoPSignage: (dpopKey: DPoPKey) => (method: string, htu: string, nonce: string | undefined, ath: string | undefined) => Promise<string>;
|
|
4
|
+
export declare const createDPoPFetch: (dpopKey: DPoPKey, isAuthServer?: boolean) => typeof fetch;
|
package/dist/dpop.js
CHANGED
|
@@ -15,18 +15,17 @@ export const createES256Key = async () => {
|
|
|
15
15
|
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
16
16
|
};
|
|
17
17
|
};
|
|
18
|
-
export const createDPoPSignage = (
|
|
18
|
+
export const createDPoPSignage = (dpopKey) => {
|
|
19
19
|
const headerString = dpopKey.jwt;
|
|
20
20
|
const keyPromise = crypto.subtle.importKey('pkcs8', fromBase64Url(dpopKey.key), ES256_ALG, true, ['sign']);
|
|
21
|
-
const constructPayload = (
|
|
21
|
+
const constructPayload = (htm, htu, nonce, ath) => {
|
|
22
22
|
const payload = {
|
|
23
|
-
|
|
23
|
+
ath: ath,
|
|
24
|
+
htm: htm,
|
|
25
|
+
htu: htu,
|
|
24
26
|
iat: Math.floor(Date.now() / 1_000),
|
|
25
27
|
jti: nanoid(24),
|
|
26
|
-
htm: method,
|
|
27
|
-
htu: htu,
|
|
28
28
|
nonce: nonce,
|
|
29
|
-
ath: ath,
|
|
30
29
|
};
|
|
31
30
|
return toBase64Url(encodeUtf8(JSON.stringify(payload)));
|
|
32
31
|
};
|
|
@@ -37,12 +36,12 @@ export const createDPoPSignage = (issuer, dpopKey) => {
|
|
|
37
36
|
return headerString + '.' + payloadString + '.' + signatureString;
|
|
38
37
|
};
|
|
39
38
|
};
|
|
40
|
-
export const createDPoPFetch = (
|
|
39
|
+
export const createDPoPFetch = (dpopKey, isAuthServer) => {
|
|
41
40
|
const nonces = database.dpopNonces;
|
|
42
41
|
const pending = database.inflightDpop;
|
|
43
|
-
const sign = createDPoPSignage(
|
|
42
|
+
const sign = createDPoPSignage(dpopKey);
|
|
44
43
|
return async (input, init) => {
|
|
45
|
-
const request =
|
|
44
|
+
const request = new Request(input, init);
|
|
46
45
|
const authorizationHeader = request.headers.get('authorization');
|
|
47
46
|
const ath = authorizationHeader?.startsWith('DPoP ')
|
|
48
47
|
? await stringToSha256(authorizationHeader.slice(5))
|
|
@@ -131,7 +130,18 @@ export const createDPoPFetch = (issuer, dpopKey, isAuthServer) => {
|
|
|
131
130
|
const nextProof = await sign(method, htu, nextNonce, ath);
|
|
132
131
|
const nextRequest = new Request(input, init);
|
|
133
132
|
nextRequest.headers.set('dpop', nextProof);
|
|
134
|
-
|
|
133
|
+
const retryResponse = await fetch(nextRequest);
|
|
134
|
+
// Check if the server returned another new nonce in the retry response
|
|
135
|
+
const retryNonce = retryResponse.headers.get('dpop-nonce');
|
|
136
|
+
if (retryNonce !== null && retryNonce !== nextNonce) {
|
|
137
|
+
try {
|
|
138
|
+
nonces.set(origin, retryNonce);
|
|
139
|
+
}
|
|
140
|
+
catch {
|
|
141
|
+
// Ignore write errors
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
return retryResponse;
|
|
135
145
|
}
|
|
136
146
|
};
|
|
137
147
|
};
|
package/dist/dpop.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;KACzF,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;KACzF,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAgB,EAAE,EAAE;IACrD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CACzC,OAAO,EACP,aAAa,CAAC,OAAO,CAAC,GAAG,CAA4B,EACrD,SAAS,EACT,IAAI,EACJ,CAAC,MAAM,CAAC,CACR,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QACzG,MAAM,OAAO,GAAG;YACf,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC;YACf,KAAK,EAAE,KAAK;SACZ,CAAC;QAEF,OAAO,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,OAAO,KAAK,EAAE,MAAc,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QAChG,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACtC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,UAAU,EAChB,UAAU,CAAC,YAAY,GAAG,GAAG,GAAG,aAAa,CAA4B,CACzE,CAAC;QAEF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,OAAO,YAAY,GAAG,GAAG,GAAG,aAAa,GAAG,GAAG,GAAG,eAAe,CAAC;IACnE,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAgB,EAAE,YAAsB,EAAgB,EAAE;IACzF,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC;IAEtC,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YACnD,CAAC,CAAC,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE1C,MAAM,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE9B,uEAAuE;QACvE,wEAAwE;QACxE,kBAAkB;QAClB,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,OAAO,CAAC;YACvB,QAAQ,GAAG,SAAS,CAAC;QACtB,CAAC;QAED,gDAAgD;QAChD,IAAI,SAA6B,CAAC;QAClC,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAErD,SAAS,GAAG,KAAK,CAAC;YAElB,wEAAwE;YACxE,4DAA4D;YAC5D,EAAE;YACF,0EAA0E;YAC1E,0EAA0E;YAC1E,wBAAwB;YACxB,EAAE;YACF,uEAAuE;YACvE,uEAAuE;YACvE,wEAAwE;YACxE,eAAe;YACf,EAAE;YACF,0EAA0E;YAC1E,kBAAkB;YAClB,gBAAgB,GAAG,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACR,iEAAiE;QAClE,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACtB,mDAAmD;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,SAAwB,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAEvC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YAE1C,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACnD,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnD,yEAAyE;gBACzE,gDAAgD;gBAEhD,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,4CAA4C;YAC5C,IAAI,CAAC;gBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACR,sBAAsB;YACvB,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClB,6DAA6D;gBAE7D,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,IAAI,KAAK,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;gBAC/D,2EAA2E;gBAC3E,wEAAwE;gBACxE,2EAA2E;gBAC3E,6EAA6E;gBAE7E,OAAO,YAAY,CAAC;YACrB,CAAC;QACF,CAAC;gBAAS,CAAC;YACV,oCAAoC;YACpC,IAAI,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvB,QAAQ,CAAC,OAAO,EAAE,CAAC;YACpB,CAAC;QACF,CAAC;QAED,yEAAyE;QACzE,yDAAyD;QACzD,CAAC;YACA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;YAE/C,uEAAuE;YACvE,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC3D,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBACrD,IAAI,CAAC;oBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACR,sBAAsB;gBACvB,CAAC;YACF,CAAC;YAED,OAAO,aAAa,CAAC;QACtB,CAAC;IACF,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,QAAkB,EAAE,YAAsB,EAAoB,EAAE;IAClG,0DAA0D;IAC1D,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YACnD,CAAC;QACF,CAAC;IACF,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAC5F,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC3C,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACR,kEAAkE;gBAClE,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}
|
package/dist/environment.d.ts
CHANGED
|
@@ -1,17 +1,24 @@
|
|
|
1
|
+
import type { DidDocumentResolver, HandleResolver } from '@atcute/identity-resolver';
|
|
1
2
|
import { type OAuthDatabase } from './store/db.js';
|
|
2
3
|
export declare let CLIENT_ID: string;
|
|
3
4
|
export declare let REDIRECT_URI: string;
|
|
4
5
|
export declare let database: OAuthDatabase;
|
|
6
|
+
export declare let handleResolver: HandleResolver;
|
|
7
|
+
export declare let didDocumentResolver: DidDocumentResolver;
|
|
5
8
|
export interface ConfigureOAuthOptions {
|
|
9
|
+
/** used to resolve handles into DIDs */
|
|
10
|
+
handleResolver: HandleResolver;
|
|
11
|
+
/** used to resolve DIDs into DID documents */
|
|
12
|
+
didDocumentResolver: DidDocumentResolver;
|
|
6
13
|
/**
|
|
7
|
-
*
|
|
14
|
+
* client metadata, necessary to drive the whole request
|
|
8
15
|
*/
|
|
9
16
|
metadata: {
|
|
10
17
|
client_id: string;
|
|
11
18
|
redirect_uri: string;
|
|
12
19
|
};
|
|
13
20
|
/**
|
|
14
|
-
*
|
|
21
|
+
* name that will be used as prefix for storage keys needed to persist authentication.
|
|
15
22
|
* @default "atcute-oauth"
|
|
16
23
|
*/
|
|
17
24
|
storageName?: string;
|
package/dist/environment.js
CHANGED
|
@@ -2,7 +2,10 @@ import { createOAuthDatabase } from './store/db.js';
|
|
|
2
2
|
export let CLIENT_ID;
|
|
3
3
|
export let REDIRECT_URI;
|
|
4
4
|
export let database;
|
|
5
|
+
export let handleResolver;
|
|
6
|
+
export let didDocumentResolver;
|
|
5
7
|
export const configureOAuth = (options) => {
|
|
8
|
+
({ handleResolver, didDocumentResolver } = options);
|
|
6
9
|
({ client_id: CLIENT_ID, redirect_uri: REDIRECT_URI } = options.metadata);
|
|
7
10
|
database = createOAuthDatabase({ name: options.storageName ?? 'atcute-oauth' });
|
|
8
11
|
};
|