@atcute/oauth-browser-client 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -4
- package/dist/resolvers.js +4 -1
- package/dist/resolvers.js.map +1 -1
- package/dist/utils/strings.d.ts +1 -0
- package/dist/utils/strings.js +17 -0
- package/dist/utils/strings.js.map +1 -1
- package/lib/resolvers.ts +4 -1
- package/lib/utils/strings.ts +19 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -7,9 +7,9 @@ minimal OAuth browser client implementation for AT Protocol.
|
|
|
7
7
|
- **does not use IndexedDB**: makes the library work under Safari's lockdown mode, and has less
|
|
8
8
|
maintenance headache overall, but it also means this is "less secure" (it won't be able to use
|
|
9
9
|
non-exportable keys as recommended by [DPoP specification][idb-dpop-spec].)
|
|
10
|
-
- **not well-tested**: it has been used in personal projects for quite some time, but
|
|
11
|
-
any use outside of that. using the [reference implementation][oauth-atproto-lib] is
|
|
12
|
-
you are unsure about the implications presented here.
|
|
10
|
+
- **not well-tested**: it has been used in personal projects and by friends for quite some time, but
|
|
11
|
+
hasn't seen any use outside of that. using the [reference implementation][oauth-atproto-lib] is
|
|
12
|
+
recommended if you are unsure about the implications presented here.
|
|
13
13
|
|
|
14
14
|
[idb-dpop-spec]: https://datatracker.ietf.org/doc/html/rfc9449#section-2-4
|
|
15
15
|
[oauth-atproto-lib]: https://npm.im/@atproto/oauth-client-browser
|
|
@@ -118,7 +118,20 @@ const session = await finalizeAuthorization(params);
|
|
|
118
118
|
const agent = new OAuthUserAgent(session);
|
|
119
119
|
|
|
120
120
|
// pass it onto the XRPC so you can make RPC calls with the PDS.
|
|
121
|
-
|
|
121
|
+
{
|
|
122
|
+
const rpc = new XRPC({ handler: agent });
|
|
123
|
+
|
|
124
|
+
const { data } = await rpc.get('com.atproto.identity.resolveHandle', {
|
|
125
|
+
params: {
|
|
126
|
+
handle: 'mary.my.id',
|
|
127
|
+
},
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
// or, use it directly!
|
|
132
|
+
{
|
|
133
|
+
const response = await agent.handle('/xrpc/com.atproto.identity.resolveHandle?handle=mary.my.id');
|
|
134
|
+
}
|
|
122
135
|
```
|
|
123
136
|
|
|
124
137
|
the `session` object returned by `finalizeAuthorization` should not be stored anywhere else, as it
|
package/dist/resolvers.js
CHANGED
|
@@ -2,7 +2,7 @@ import { getPdsEndpoint } from '@atcute/client/utils/did';
|
|
|
2
2
|
import { DEFAULT_APPVIEW_URL } from './constants.js';
|
|
3
3
|
import { ResolverError } from './errors.js';
|
|
4
4
|
import { extractContentType } from './utils/response.js';
|
|
5
|
-
import { isDid } from './utils/strings.js';
|
|
5
|
+
import { isDid, isValidUrl } from './utils/strings.js';
|
|
6
6
|
const DID_WEB_RE = /^([a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*(?:\.[a-zA-Z]{2,}))$/;
|
|
7
7
|
/**
|
|
8
8
|
* Resolves domain handles into DID identifiers, by requesting Bluesky's AppView
|
|
@@ -102,6 +102,9 @@ export const getAuthorizationServerMetadata = async (host) => {
|
|
|
102
102
|
if (metadata.issuer !== url.origin) {
|
|
103
103
|
throw new ResolverError(`unexpected issuer`);
|
|
104
104
|
}
|
|
105
|
+
if (!isValidUrl(metadata.authorization_endpoint)) {
|
|
106
|
+
throw new ResolverError(`authorization server provided incorrect authorization endpoint`);
|
|
107
|
+
}
|
|
105
108
|
if (!metadata.client_id_metadata_document_supported) {
|
|
106
109
|
throw new ResolverError(`authorization server does not support 'client_id_metadata_document'`);
|
|
107
110
|
}
|
package/dist/resolvers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEvD,MAAM,UAAU,GAAG,yDAAyD,CAAC;AAE7E;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,MAAc,EAAmB,EAAE;IACtE,MAAM,GAAG,GAAG,mBAAmB,GAAG,0CAA0C,GAAG,WAAW,MAAM,EAAE,CAAC;IAEnG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;SAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2C,CAAC;IAC/E,OAAO,IAAI,CAAC,GAAG,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,EAAE,GAAW,EAAwB,EAAE;IACzE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAEzC,kCAAkC;IAClC,IAAI,GAAgB,CAAC;IAErB,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAE7D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,4BAA4B,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CAAC,0BAA0B,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,KAAK,uBAAuB,CAAC,CAAC;QAEtE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,GAAG,GAAG,IAAmB,CAAC;IAC3B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,aAAa,CAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,GAAG,CAAC;AACZ,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,KAAK,EAAE,IAAY,EAAsC,EAAE;IACtG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,KAAK,EAAE,IAAY,EAAwC,EAAE;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,aAAa,CAAC,gEAAgE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACvC,KAAa,EACoE,EAAE;IACnF,IAAI,GAAW,CAAC;IAChB,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,GAAG,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,CAAC;QACP,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC5C,GAAG,GAAG,QAAQ,CAAC;IAChB,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEhC,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO;QACN,QAAQ,EAAE;YACT,EAAE,EAAE,GAAG;YACP,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC;SACjB;QACD,QAAQ,EAAE,MAAM,6BAA6B,CAAC,GAAG,CAAC;KAClD,CAAC;AACH,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EACyC,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;gBAC5D,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE;IACpE,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC"}
|
package/dist/utils/strings.d.ts
CHANGED
package/dist/utils/strings.js
CHANGED
|
@@ -1,4 +1,21 @@
|
|
|
1
|
+
const isUrlParseSupported = 'parse' in URL;
|
|
1
2
|
export const isDid = (value) => {
|
|
2
3
|
return value.startsWith('did:');
|
|
3
4
|
};
|
|
5
|
+
export const isValidUrl = (urlString) => {
|
|
6
|
+
let url = null;
|
|
7
|
+
if (isUrlParseSupported) {
|
|
8
|
+
url = URL.parse(urlString);
|
|
9
|
+
}
|
|
10
|
+
else {
|
|
11
|
+
try {
|
|
12
|
+
url = new URL(urlString);
|
|
13
|
+
}
|
|
14
|
+
catch { }
|
|
15
|
+
}
|
|
16
|
+
if (url !== null) {
|
|
17
|
+
return url.protocol === 'https:' || url.protocol === 'http:';
|
|
18
|
+
}
|
|
19
|
+
return false;
|
|
20
|
+
};
|
|
4
21
|
//# sourceMappingURL=strings.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../lib/utils/strings.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,KAAa,EAAmB,EAAE;IACvD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../lib/utils/strings.ts"],"names":[],"mappings":"AAEA,MAAM,mBAAmB,GAAG,OAAO,IAAI,GAAG,CAAC;AAE3C,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,KAAa,EAAmB,EAAE;IACvD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,SAAiB,EAAW,EAAE;IACxD,IAAI,GAAG,GAAe,IAAI,CAAC;IAC3B,IAAI,mBAAmB,EAAE,CAAC;QACzB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACP,IAAI,CAAC;YACJ,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACX,CAAC;IAED,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;IAC9D,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}
|
package/lib/resolvers.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { ResolverError } from './errors.js';
|
|
|
6
6
|
import type { IdentityMetadata } from './types/identity.js';
|
|
7
7
|
import type { AuthorizationServerMetadata, ProtectedResourceMetadata } from './types/server.js';
|
|
8
8
|
import { extractContentType } from './utils/response.js';
|
|
9
|
-
import { isDid } from './utils/strings.js';
|
|
9
|
+
import { isDid, isValidUrl } from './utils/strings.js';
|
|
10
10
|
|
|
11
11
|
const DID_WEB_RE = /^([a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*(?:\.[a-zA-Z]{2,}))$/;
|
|
12
12
|
|
|
@@ -125,6 +125,9 @@ export const getAuthorizationServerMetadata = async (host: string): Promise<Auth
|
|
|
125
125
|
if (metadata.issuer !== url.origin) {
|
|
126
126
|
throw new ResolverError(`unexpected issuer`);
|
|
127
127
|
}
|
|
128
|
+
if (!isValidUrl(metadata.authorization_endpoint)) {
|
|
129
|
+
throw new ResolverError(`authorization server provided incorrect authorization endpoint`);
|
|
130
|
+
}
|
|
128
131
|
if (!metadata.client_id_metadata_document_supported) {
|
|
129
132
|
throw new ResolverError(`authorization server does not support 'client_id_metadata_document'`);
|
|
130
133
|
}
|
package/lib/utils/strings.ts
CHANGED
|
@@ -1,5 +1,24 @@
|
|
|
1
1
|
import type { At } from '@atcute/client/lexicons';
|
|
2
2
|
|
|
3
|
+
const isUrlParseSupported = 'parse' in URL;
|
|
4
|
+
|
|
3
5
|
export const isDid = (value: string): value is At.DID => {
|
|
4
6
|
return value.startsWith('did:');
|
|
5
7
|
};
|
|
8
|
+
|
|
9
|
+
export const isValidUrl = (urlString: string): boolean => {
|
|
10
|
+
let url: URL | null = null;
|
|
11
|
+
if (isUrlParseSupported) {
|
|
12
|
+
url = URL.parse(urlString);
|
|
13
|
+
} else {
|
|
14
|
+
try {
|
|
15
|
+
url = new URL(urlString);
|
|
16
|
+
} catch {}
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
if (url !== null) {
|
|
20
|
+
return url.protocol === 'https:' || url.protocol === 'http:';
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
return false;
|
|
24
|
+
};
|