@atcute/oauth-browser-client 1.0.25 → 2.0.0-next.0

package/dist/environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAExE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,QAAuB,CAAC;AAkBnC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAE,EAAE;IAChE,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC1E,QAAQ,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,cAAc,EAAE,CAAC,CAAC;AACjF,CAAC,CAAC"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAExE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,QAAuB,CAAC;AAEnC,MAAM,CAAC,IAAI,cAA8B,CAAC;AAC1C,MAAM,CAAC,IAAI,mBAAwC,CAAC;AAuBpD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAE,EAAE;IAChE,CAAC,EAAE,cAAc,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,CAAC;IACpD,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1E,QAAQ,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,cAAc,EAAE,CAAC,CAAC;AACjF,CAAC,CAAC"}

package/dist/index.d.ts

@@ -1,6 +1,5 @@
 export { configureOAuth, type ConfigureOAuthOptions } from './environment.js';
 export * from './errors.js';
-export * from './resolvers.js';
 export * from './agents/exchange.js';
 export * from './agents/server-agent.js';
 export * from './agents/sessions.js';

package/dist/index.js

@@ -1,6 +1,5 @@
 export { configureOAuth } from './environment.js';
 export * from './errors.js';
-export * from './resolvers.js';
 export * from './agents/exchange.js';
 export * from './agents/server-agent.js';
 export * from './agents/sessions.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAE/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC"}

package/dist/resolvers.d.ts

@@ -1,52 +1,10 @@
-import { type DidDocument } from '@atcute/identity';
-import type { Did } from '@atcute/lexicons';
+import type { ActorIdentifier } from '@atcute/lexicons';
 import type { IdentityMetadata } from './types/identity.js';
-import type { AuthorizationServerMetadata, ProtectedResourceMetadata } from './types/server.js';
-/**
- * Resolves domain handles into DID identifiers, by requesting Bluesky's AppView
- * for identity resolution.
- * @param handle Domain handle to resolve
- * @returns DID identifier resolved from the domain handle
- */
-export declare const resolveHandle: (handle: string) => Promise<Did>;
-/**
- * Get DID documents of did:plc (via plc.directory) and did:web identifiers
- * @param did DID identifier we're seeking DID doc from
- * @returns Retrieved DID document
- */
-export declare const getDidDocument: (did: Did) => Promise<DidDocument>;
-/**
- * Get OAuth protected resource metadata from a host
- * @param host URL of the host
- * @returns Retrieved protected resource metadata
- */
-export declare const getProtectedResourceMetadata: (host: string) => Promise<ProtectedResourceMetadata>;
-/**
- * Get OAuth authorization server metadata from a host
- * @param host URL of the host
- * @returns Retrieved authorization server metadata
- */
-export declare const getAuthorizationServerMetadata: (host: string) => Promise<AuthorizationServerMetadata>;
-/**
- * Resolve handle domains or DID identifiers to get their PDS and its authorization server metadata
- * @param ident Handle domain or DID identifier to resolve
- * @returns Resolved PDS and authorization server metadata
- */
-export declare const resolveFromIdentity: (ident: string) => Promise<{
+import type { AuthorizationServerMetadata } from './types/server.js';
+export declare const resolveFromIdentifier: (ident: ActorIdentifier) => Promise<{
     identity: IdentityMetadata;
     metadata: AuthorizationServerMetadata;
 }>;
-/**
- * Request authorization server metadata from a PDS
- * @param host URL of the host
- * @returns Resolved authorization server metadata
- */
 export declare const resolveFromService: (host: string) => Promise<{
     metadata: AuthorizationServerMetadata;
 }>;
-/**
- * Request authorization server metadata from its protected resource metadata
- * @param input URL of the host whose authorization server is delegated
- * @returns Resolved authorization server metadata
- */
-export declare const getMetadataFromResourceServer: (input: string) => Promise<AuthorizationServerMetadata>;

package/dist/resolvers.js

@@ -1,72 +1,49 @@
 import { getPdsEndpoint } from '@atcute/identity';
 import { isDid } from '@atcute/lexicons/syntax';
-import { DEFAULT_APPVIEW_URL } from './constants.js';
+import { didDocumentResolver, handleResolver } from './environment.js';
 import { ResolverError } from './errors.js';
 import { extractContentType } from './utils/response.js';
 import { isValidUrl } from './utils/strings.js';
-const DID_WEB_RE = /^([a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*(?:\.[a-zA-Z]{2,}))$/;
-/**
- * Resolves domain handles into DID identifiers, by requesting Bluesky's AppView
- * for identity resolution.
- * @param handle Domain handle to resolve
- * @returns DID identifier resolved from the domain handle
- */
-export const resolveHandle = async (handle) => {
-    const url = DEFAULT_APPVIEW_URL + `/xrpc/com.atproto.identity.resolveHandle` + `?handle=${handle}`;
-    const response = await fetch(url);
-    if (response.status === 400) {
-        throw new ResolverError(`domain handle not found`);
+export const resolveFromIdentifier = async (ident) => {
+    let did;
+    if (isDid(ident)) {
+        did = ident;
     }
-    else if (!response.ok) {
-        throw new ResolverError(`directory is unreachable`);
+    else {
+        const resolved = await handleResolver.resolve(ident);
+        did = resolved;
+    }
+    const doc = await didDocumentResolver.resolve(did);
+    const pds = getPdsEndpoint(doc);
+    if (!pds) {
+        throw new ResolverError(`missing pds endpoint`);
     }
-    const json = (await response.json());
-    return json.did;
+    return {
+        identity: {
+            id: did,
+            raw: ident,
+            pds: new URL(pds),
+        },
+        metadata: await getMetadataFromResourceServer(pds),
+    };
 };
-/**
- * Get DID documents of did:plc (via plc.directory) and did:web identifiers
- * @param did DID identifier we're seeking DID doc from
- * @returns Retrieved DID document
- */
-export const getDidDocument = async (did) => {
-    const colon_index = did.indexOf(':', 4);
-    const type = did.slice(4, colon_index);
-    const ident = did.slice(colon_index + 1);
-    // 2. retrieve their DID documents
-    let doc;
-    if (type === 'plc') {
-        const response = await fetch(`https://plc.directory/${did}`);
-        if (response.status === 404) {
-            throw new ResolverError(`did not found in directory`);
-        }
-        else if (!response.ok) {
-            throw new ResolverError(`directory is unreachable`);
-        }
-        const json = await response.json();
-        doc = json;
+export const resolveFromService = async (host) => {
+    try {
+        const metadata = await getMetadataFromResourceServer(host);
+        return { metadata };
     }
-    else if (type === 'web') {
-        if (!DID_WEB_RE.test(ident)) {
-            throw new ResolverError(`invalid identifier`);
-        }
-        const response = await fetch(`https://${ident}/.well-known/did.json`);
-        if (!response.ok) {
-            throw new ResolverError(`did document is unreachable`);
+    catch (err) {
+        if (err instanceof ResolverError) {
+            try {
+                const metadata = await getAuthorizationServerMetadata(host);
+                return { metadata };
+            }
+            catch { }
         }
-        const json = await response.json();
-        doc = json;
-    }
-    else {
-        throw new ResolverError(`unsupported did method`);
+        throw err;
     }
-    return doc;
 };
-/**
- * Get OAuth protected resource metadata from a host
- * @param host URL of the host
- * @returns Retrieved protected resource metadata
- */
-export const getProtectedResourceMetadata = async (host) => {
+const getProtectedResourceMetadata = async (host) => {
     const url = new URL(`/.well-known/oauth-protected-resource`, host);
     const response = await fetch(url, {
         redirect: 'manual',
@@ -83,12 +60,7 @@ export const getProtectedResourceMetadata = async (host) => {
     }
     return metadata;
 };
-/**
- * Get OAuth authorization server metadata from a host
- * @param host URL of the host
- * @returns Retrieved authorization server metadata
- */
-export const getAuthorizationServerMetadata = async (host) => {
+const getAuthorizationServerMetadata = async (host) => {
     const url = new URL(`/.well-known/oauth-authorization-server`, host);
     const response = await fetch(url, {
         redirect: 'manual',
@@ -119,61 +91,7 @@ export const getAuthorizationServerMetadata = async (host) => {
     }
     return metadata;
 };
-/**
- * Resolve handle domains or DID identifiers to get their PDS and its authorization server metadata
- * @param ident Handle domain or DID identifier to resolve
- * @returns Resolved PDS and authorization server metadata
- */
-export const resolveFromIdentity = async (ident) => {
-    let did;
-    if (isDid(ident)) {
-        did = ident;
-    }
-    else {
-        const resolved = await resolveHandle(ident);
-        did = resolved;
-    }
-    const doc = await getDidDocument(did);
-    const pds = getPdsEndpoint(doc);
-    if (!pds) {
-        throw new ResolverError(`missing pds endpoint`);
-    }
-    return {
-        identity: {
-            id: did,
-            raw: ident,
-            pds: new URL(pds),
-        },
-        metadata: await getMetadataFromResourceServer(pds),
-    };
-};
-/**
- * Request authorization server metadata from a PDS
- * @param host URL of the host
- * @returns Resolved authorization server metadata
- */
-export const resolveFromService = async (host) => {
-    try {
-        const metadata = await getMetadataFromResourceServer(host);
-        return { metadata };
-    }
-    catch (err) {
-        if (err instanceof ResolverError) {
-            try {
-                const metadata = await getAuthorizationServerMetadata(host);
-                return { metadata };
-            }
-            catch { }
-        }
-        throw err;
-    }
-};
-/**
- * Request authorization server metadata from its protected resource metadata
- * @param input URL of the host whose authorization server is delegated
- * @returns Resolved authorization server metadata
- */
-export const getMetadataFromResourceServer = async (input) => {
+const getMetadataFromResourceServer = async (input) => {
     const rs_metadata = await getProtectedResourceMetadata(input);
     if (rs_metadata.authorization_servers?.length !== 1) {
         throw new ResolverError(`expected exactly one authorization server in the listing`);

package/dist/resolvers.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEpE,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAEhD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,UAAU,GAAG,yDAAyD,CAAC;AAE7E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,MAAc,EAAgB,EAAE;IACnE,MAAM,GAAG,GAAG,mBAAmB,GAAG,0CAA0C,GAAG,WAAW,MAAM,EAAE,CAAC;IAEnG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;SAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAElC,CAAC;IACF,OAAO,IAAI,CAAC,GAAG,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,EAAE,GAAQ,EAAwB,EAAE;IACtE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAEzC,kCAAkC;IAClC,IAAI,GAAgB,CAAC;IAErB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAE7D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,4BAA4B,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,KAAK,uBAAuB,CAAC,CAAC;QAEtE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,aAAa,CAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,GAAG,CAAC;AACZ,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,KAAK,EAAE,IAAY,EAAsC,EAAE;IACtG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,KAAK,EAAE,IAAY,EAAwC,EAAE;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,aAAa,CAAC,gEAAgE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACvC,KAAa,EACoE,EAAE;IACnF,IAAI,GAAQ,CAAC;IACb,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,GAAG,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,CAAC;QACP,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC5C,GAAG,GAAG,QAAQ,CAAC;IAChB,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEhC,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO;QACN,QAAQ,EAAE;YACT,EAAE,EAAE,GAAG;YACP,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC;SACjB;QACD,QAAQ,EAAE,MAAM,6BAA6B,CAAC,GAAG,CAAC;KAClD,CAAC;AACH,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EACyC,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;gBAC5D,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE;IACpE,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC"}
+{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAEhD,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACzC,KAAsB,EAC2D,EAAE;IACnF,IAAI,GAAQ,CAAC;IACb,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,GAAG,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,CAAC;QACP,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACrD,GAAG,GAAG,QAAQ,CAAC;IAChB,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEhC,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO;QACN,QAAQ,EAAE;YACT,EAAE,EAAE,GAAG;YACP,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC;SACjB;QACD,QAAQ,EAAE,MAAM,6BAA6B,CAAC,GAAG,CAAC;KAClD,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EACyC,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;gBAC5D,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,KAAK,EAAE,IAAY,EAAsC,EAAE;IAC/F,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,KAAK,EAAE,IAAY,EAAwC,EAAE;IACnG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,aAAa,CAAC,gEAAgE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE;IAC7D,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC"}

package/lib/agents/exchange.ts

@@ -1,5 +1,7 @@
 import { nanoid } from 'nanoid';
 
+import type { ActorIdentifier } from '@atcute/lexicons';
+
 import { createES256Key } from '../dpop.js';
 import { CLIENT_ID, database, REDIRECT_URI } from '../environment.js';
 import { AuthorizationError, LoginError } from '../errors.js';
@@ -8,12 +10,16 @@ import type { AuthorizationServerMetadata } from '../types/server.js';
 import type { Session } from '../types/token.js';
 import { generatePKCE } from '../utils/runtime.js';
 
+import { resolveFromIdentifier, resolveFromService } from '../resolvers.js';
 import { OAuthServerAgent } from './server-agent.js';
 import { storeSession } from './sessions.js';
 
+export type AuthorizeTargetOptions =
+	| { type: 'account'; identifier: ActorIdentifier }
+	| { type: 'pds'; serviceUrl: string };
+
 export interface AuthorizeOptions {
-	metadata: AuthorizationServerMetadata;
-	identity?: IdentityMetadata;
+	target: AuthorizeTargetOptions;
 	scope: string;
 }
 
@@ -22,11 +28,20 @@ export interface AuthorizeOptions {
  * @param options
  * @returns URL to redirect the user for authorization
  */
-export const createAuthorizationUrl = async ({
-	metadata,
-	identity,
-	scope,
-}: AuthorizeOptions): Promise<URL> => {
+export const createAuthorizationUrl = async ({ target, scope }: AuthorizeOptions): Promise<URL> => {
+	let resolved: { identity?: IdentityMetadata; metadata: AuthorizationServerMetadata };
+	switch (target.type) {
+		case 'account': {
+			resolved = await resolveFromIdentifier(target.identifier);
+			break;
+		}
+		case 'pds': {
+			resolved = await resolveFromService(target.serviceUrl);
+		}
+	}
+
+	const { identity, metadata } = resolved;
+
 	const state = nanoid(24);
 
 	const pkce = await generatePKCE();

package/lib/agents/server-agent.ts

@@ -3,7 +3,7 @@ import type { Did } from '@atcute/lexicons';
 import { createDPoPFetch } from '../dpop.js';
 import { CLIENT_ID, REDIRECT_URI } from '../environment.js';
 import { FetchResponseError, OAuthResponseError, TokenRefreshError } from '../errors.js';
-import { resolveFromIdentity } from '../resolvers.js';
+import { resolveFromIdentifier } from '../resolvers.js';
 import type { DPoPKey } from '../types/dpop.js';
 import type { OAuthParResponse } from '../types/par.js';
 import type { PersistedAuthorizationServerMetadata } from '../types/server.js';
@@ -17,7 +17,7 @@ export class OAuthServerAgent {
 
 	constructor(metadata: PersistedAuthorizationServerMetadata, dpopKey: DPoPKey) {
 		this.#metadata = metadata;
-		this.#fetch = createDPoPFetch(CLIENT_ID, dpopKey, true);
+		this.#fetch = createDPoPFetch(dpopKey, true);
 	}
 
 	async request(
@@ -124,7 +124,7 @@ export class OAuthServerAgent {
 		}
 
 		const token = this.#processTokenResponse(res);
-		const resolved = await resolveFromIdentity(sub);
+		const resolved = await resolveFromIdentifier(sub as Did);
 
 		if (resolved.metadata.issuer !== this.#metadata.issuer) {
 			throw new TypeError(`issuer mismatch; got ${resolved.metadata.issuer}`);

package/lib/agents/sessions.ts

@@ -14,7 +14,7 @@ export interface SessionGetOptions {
 }
 
 type PendingItem<V> = Promise<{ value: V; isFresh: boolean }>;
-const pending = new Map<Did, PendingItem<Session>>();
+const pending = new Map<Did, Promise<PendingItem<Session>>>();
 
 export const getSession = async (sub: Did, options?: SessionGetOptions): Promise<Session> => {
 	options?.signal?.throwIfAborted();
@@ -32,7 +32,7 @@ export const getSession = async (sub: Did, options?: SessionGetOptions): Promise
 	// pending.set() call. Because of the "single threaded" nature of
 	// JavaScript, the pending item will be set before the next iteration of the
 	// while loop.
-	let previousExecutionFlow: PendingItem<Session> | undefined;
+	let previousExecutionFlow: Promise<PendingItem<Session>> | undefined;
 	while ((previousExecutionFlow = pending.get(sub))) {
 		try {
 			const { isFresh, value } = await previousExecutionFlow;
@@ -48,7 +48,7 @@ export const getSession = async (sub: Did, options?: SessionGetOptions): Promise
 		options?.signal?.throwIfAborted();
 	}
 
-	const run = async (): PendingItem<Session> => {
+	const run = async (): Promise<PendingItem<Session>> => {
 		const storedSession = database.sessions.get(sub);
 
 		if (storedSession && allowStored(storedSession)) {
@@ -65,10 +65,10 @@ export const getSession = async (sub: Did, options?: SessionGetOptions): Promise
 		return { isFresh: true, value: newSession };
 	};
 
-	let promise: PendingItem<Session>;
+	let promise: Promise<PendingItem<Session>>;
 
 	if (locks) {
-		promise = locks.request(`atcute-oauth:${sub}`, run);
+		promise = locks.request<PendingItem<Session>>(`atcute-oauth:${sub}`, run as any);
 	} else {
 		promise = run();
 	}

package/lib/agents/user-agent.ts

@@ -2,7 +2,6 @@ import type { FetchHandlerObject } from '@atcute/client';
 import type { Did } from '@atcute/lexicons';
 
 import { createDPoPFetch } from '../dpop.js';
-import { CLIENT_ID } from '../environment.js';
 import type { Session } from '../types/token.js';
 
 import { OAuthServerAgent } from './server-agent.js';
@@ -13,7 +12,7 @@ export class OAuthUserAgent implements FetchHandlerObject {
 	#getSessionPromise: Promise<Session> | undefined;
 
 	constructor(public session: Session) {
-		this.#fetch = createDPoPFetch(CLIENT_ID, session.dpopKey, false);
+		this.#fetch = createDPoPFetch(session.dpopKey, false);
 	}
 
 	get sub(): Did {

package/lib/dpop.ts

@@ -23,24 +23,24 @@ export const createES256Key = async (): Promise<DPoPKey> => {
 	};
 };
 
-export const createDPoPSignage = (issuer: string, dpopKey: DPoPKey) => {
+export const createDPoPSignage = (dpopKey: DPoPKey) => {
 	const headerString = dpopKey.jwt;
-	const keyPromise = crypto.subtle.importKey('pkcs8', fromBase64Url(dpopKey.key), ES256_ALG, true, ['sign']);
-
-	const constructPayload = (
-		method: string,
-		htu: string,
-		nonce: string | undefined,
-		ath: string | undefined,
-	) => {
+	const keyPromise = crypto.subtle.importKey(
+		'pkcs8',
+		fromBase64Url(dpopKey.key) as Uint8Array<ArrayBuffer>,
+		ES256_ALG,
+		true,
+		['sign'],
+	);
+
+	const constructPayload = (htm: string, htu: string, nonce: string | undefined, ath: string | undefined) => {
 		const payload = {
-			iss: issuer,
+			ath: ath,
+			htm: htm,
+			htu: htu,
 			iat: Math.floor(Date.now() / 1_000),
 			jti: nanoid(24),
-			htm: method,
-			htu: htu,
 			nonce: nonce,
-			ath: ath,
 		};
 
 		return toBase64Url(encodeUtf8(JSON.stringify(payload)));
@@ -52,7 +52,7 @@ export const createDPoPSignage = (issuer: string, dpopKey: DPoPKey) => {
 		const signed = await crypto.subtle.sign(
 			{ name: 'ECDSA', hash: { name: 'SHA-256' } },
 			await keyPromise,
-			encodeUtf8(headerString + '.' + payloadString),
+			encodeUtf8(headerString + '.' + payloadString) as Uint8Array<ArrayBuffer>,
 		);
 
 		const signatureString = toBase64Url(new Uint8Array(signed));
@@ -61,14 +61,14 @@ export const createDPoPSignage = (issuer: string, dpopKey: DPoPKey) => {
 	};
 };
 
-export const createDPoPFetch = (issuer: string, dpopKey: DPoPKey, isAuthServer?: boolean): typeof fetch => {
+export const createDPoPFetch = (dpopKey: DPoPKey, isAuthServer?: boolean): typeof fetch => {
 	const nonces = database.dpopNonces;
 	const pending = database.inflightDpop;
 
-	const sign = createDPoPSignage(issuer, dpopKey);
+	const sign = createDPoPSignage(dpopKey);
 
 	return async (input, init) => {
-		const request: Request = init == null && input instanceof Request ? input : new Request(input, init);
+		const request = new Request(input, init);
 
 		const authorizationHeader = request.headers.get('authorization');
 		const ath = authorizationHeader?.startsWith('DPoP ')
@@ -173,7 +173,19 @@ export const createDPoPFetch = (issuer: string, dpopKey: DPoPKey, isAuthServer?:
 			const nextRequest = new Request(input, init);
 			nextRequest.headers.set('dpop', nextProof);
 
-			return await fetch(nextRequest);
+			const retryResponse = await fetch(nextRequest);
+
+			// Check if the server returned another new nonce in the retry response
+			const retryNonce = retryResponse.headers.get('dpop-nonce');
+			if (retryNonce !== null && retryNonce !== nextNonce) {
+				try {
+					nonces.set(origin, retryNonce);
+				} catch {
+					// Ignore write errors
+				}
+			}
+
+			return retryResponse;
 		}
 	};
 };

package/lib/environment.ts

@@ -1,3 +1,5 @@
+import type { DidDocumentResolver, HandleResolver } from '@atcute/identity-resolver';
+
 import { createOAuthDatabase, type OAuthDatabase } from './store/db.js';
 
 export let CLIENT_ID: string;
@@ -5,9 +7,17 @@ export let REDIRECT_URI: string;
 
 export let database: OAuthDatabase;
 
+export let handleResolver: HandleResolver;
+export let didDocumentResolver: DidDocumentResolver;
+
 export interface ConfigureOAuthOptions {
+	/** used to resolve handles into DIDs */
+	handleResolver: HandleResolver;
+	/** used to resolve DIDs into DID documents */
+	didDocumentResolver: DidDocumentResolver;
+
 	/**
-	 * Client metadata, necessary to drive the whole request
+	 * client metadata, necessary to drive the whole request
 	 */
 	metadata: {
 		client_id: string;
@@ -15,13 +25,15 @@ export interface ConfigureOAuthOptions {
 	};
 
 	/**
-	 * Name that will be used as prefix for storage keys needed to persist authentication.
+	 * name that will be used as prefix for storage keys needed to persist authentication.
 	 * @default "atcute-oauth"
 	 */
 	storageName?: string;
 }
 
 export const configureOAuth = (options: ConfigureOAuthOptions) => {
+	({ handleResolver, didDocumentResolver } = options);
 	({ client_id: CLIENT_ID, redirect_uri: REDIRECT_URI } = options.metadata);
+
 	database = createOAuthDatabase({ name: options.storageName ?? 'atcute-oauth' });
 };

package/lib/index.ts

@@ -1,7 +1,6 @@
 export { configureOAuth, type ConfigureOAuthOptions } from './environment.js';
 
 export * from './errors.js';
-export * from './resolvers.js';
 
 export * from './agents/exchange.js';
 export * from './agents/server-agent.js';