@atcute/oauth-browser-client 2.0.0-next.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +104 -16
- package/dist/agents/exchange.d.ts +10 -2
- package/dist/agents/exchange.d.ts.map +1 -0
- package/dist/agents/exchange.js +23 -17
- package/dist/agents/exchange.js.map +1 -1
- package/dist/agents/server-agent.d.ts +1 -0
- package/dist/agents/server-agent.d.ts.map +1 -0
- package/dist/agents/server-agent.js +20 -3
- package/dist/agents/server-agent.js.map +1 -1
- package/dist/agents/sessions.d.ts +1 -0
- package/dist/agents/sessions.d.ts.map +1 -0
- package/dist/agents/user-agent.d.ts +1 -0
- package/dist/agents/user-agent.d.ts.map +1 -0
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/dpop.d.ts +1 -0
- package/dist/dpop.d.ts.map +1 -0
- package/dist/dpop.js +3 -0
- package/dist/dpop.js.map +1 -1
- package/dist/environment.d.ts +11 -7
- package/dist/environment.d.ts.map +1 -0
- package/dist/environment.js +3 -3
- package/dist/environment.js.map +1 -1
- package/dist/errors.d.ts +1 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/resolvers.d.ts +3 -2
- package/dist/resolvers.d.ts.map +1 -0
- package/dist/resolvers.js +4 -22
- package/dist/resolvers.js.map +1 -1
- package/dist/store/db.d.ts +2 -0
- package/dist/store/db.d.ts.map +1 -0
- package/dist/store/db.js.map +1 -1
- package/dist/types/client-assertion.d.ts +21 -0
- package/dist/types/client-assertion.d.ts.map +1 -0
- package/dist/types/client-assertion.js +3 -0
- package/dist/types/client-assertion.js.map +1 -0
- package/dist/types/client.d.ts +1 -0
- package/dist/types/client.d.ts.map +1 -0
- package/dist/types/dpop.d.ts +3 -0
- package/dist/types/dpop.d.ts.map +1 -0
- package/dist/types/identity.d.ts +13 -5
- package/dist/types/identity.d.ts.map +1 -0
- package/dist/types/par.d.ts +1 -0
- package/dist/types/par.d.ts.map +1 -0
- package/dist/types/server.d.ts +1 -0
- package/dist/types/server.d.ts.map +1 -0
- package/dist/types/store.d.ts +1 -0
- package/dist/types/store.d.ts.map +1 -0
- package/dist/types/token.d.ts +1 -0
- package/dist/types/token.d.ts.map +1 -0
- package/dist/utils/identity-resolver.d.ts +8 -0
- package/dist/utils/identity-resolver.d.ts.map +1 -0
- package/dist/utils/identity-resolver.js +44 -0
- package/dist/utils/identity-resolver.js.map +1 -0
- package/dist/utils/misc.d.ts +1 -0
- package/dist/utils/misc.d.ts.map +1 -0
- package/dist/utils/response.d.ts +1 -0
- package/dist/utils/response.d.ts.map +1 -0
- package/dist/utils/runtime.d.ts +1 -0
- package/dist/utils/runtime.d.ts.map +1 -0
- package/dist/utils/strings.d.ts +1 -0
- package/dist/utils/strings.d.ts.map +1 -0
- package/lib/agents/exchange.ts +32 -20
- package/lib/agents/server-agent.ts +23 -3
- package/lib/dpop.ts +4 -0
- package/lib/environment.ts +14 -9
- package/lib/index.ts +3 -0
- package/lib/resolvers.ts +7 -26
- package/lib/store/db.ts +1 -0
- package/lib/types/client-assertion.ts +25 -0
- package/lib/types/dpop.ts +2 -0
- package/lib/types/identity.ts +14 -5
- package/lib/utils/identity-resolver.ts +59 -0
- package/package.json +8 -8
package/dist/resolvers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACzC,KAAsB,EAC2D,EAAE;IACnF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAEvD,OAAO;QACN,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM,6BAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC;KAC3D,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EACyC,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;gBAC5D,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AACF,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,KAAK,EAAE,IAAY,EAAsC,EAAE;IAC/F,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,KAAK,EAAE,IAAY,EAAwC,EAAE;IACnG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,aAAa,CAAC,gEAAgE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE;IAC7D,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,KAAK,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AACpB,CAAC,CAAC"}
|
package/dist/store/db.d.ts
CHANGED
|
@@ -13,7 +13,9 @@ export declare const createOAuthDatabase: ({ name }: OAuthDatabaseOptions) => {
|
|
|
13
13
|
dpopKey: DPoPKey;
|
|
14
14
|
metadata: AuthorizationServerMetadata;
|
|
15
15
|
verifier?: string;
|
|
16
|
+
state?: unknown;
|
|
16
17
|
}>;
|
|
17
18
|
dpopNonces: SimpleStore<string, string>;
|
|
18
19
|
inflightDpop: Map<string, PromiseWithResolvers<void>>;
|
|
19
20
|
};
|
|
21
|
+
//# sourceMappingURL=db.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../lib/store/db.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAGjD,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,MAAM,CAAC;CACb;AA2CD,MAAM,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEnE,eAAO,MAAM,mBAAmB,GAAI,UAAU,oBAAoB;;;;iBA1BtD,OAAO;kBACN,2BAA2B;mBAC1B,MAAM;gBACT,OAAO;;;;CAgLjB,CAAC"}
|
package/dist/store/db.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"db.js","sourceRoot":"","sources":["../../lib/store/db.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"db.js","sourceRoot":"","sources":["../../lib/store/db.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAoC5C,MAAM,KAAK,GAAG,CAAC,GAAkB,EAAE,EAAE;IACpC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC;QACf,CAAC;IACF,CAAC;IAED,OAAO,EAAE,CAAC;AACX,CAAC,CAAC;AAIF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,EAAE,IAAI,EAAwB,EAAE,EAAE;IACrE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAEjC,MAAM,WAAW,GAAG,CACnB,OAAU,EACV,SAAsD,EACtD,gBAAgB,GAAG,KAAK,EAC4B,EAAE;QACtD,IAAI,KAAU,CAAC;QAEf,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;QAExC,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACvF,MAAM,IAAI,GAAG,GAAG,EAAE;YACjB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;YACjC,CAAC;YAED,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC;QAEF,CAAC;YACA,MAAM,QAAQ,GAAG,CAAC,EAAgB,EAAE,EAAE;gBACrC,IAAI,EAAE,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC3B,KAAK,GAAG,SAAS,CAAC;gBACnB,CAAC;YACF,CAAC,CAAC;YAEF,UAAU,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,CAAC;YACA,MAAM,OAAO,GAAG,KAAK,EAAE,IAAwB,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC7B,OAAO;gBACR,CAAC;gBAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;gBAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,OAAO;gBACR,CAAC;gBAED,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACrB,IAAI,OAAO,GAAG,KAAK,CAAC;gBAEpB,IAAI,EAAE,CAAC;gBAEP,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;oBACxB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;oBAEjC,IAAI,SAAS,KAAK,IAAI,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;wBAC3C,OAAO,GAAG,IAAI,CAAC;wBACf,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,CAAC;gBACF,CAAC;gBAED,IAAI,OAAO,EAAE,CAAC;oBACb,OAAO,EAAE,CAAC;gBACX,CAAC;YACF,CAAC,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACX,KAAK,CAAC,OAAO,CAAC,GAAG,UAAU,UAAU,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;YACxE,CAAC;iBAAM,CAAC;gBACP,OAAO,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;QACF,CAAC;QAED,OAAO;YACN,GAAG,CAAC,GAAG;gBACN,IAAI,EAAE,CAAC;gBAEP,MAAM,IAAI,GAAmC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACX,OAAO;gBACR,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBACjC,IAAI,SAAS,KAAK,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;oBAClD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,EAAE,CAAC;oBAEV,OAAO;gBACR,CAAC;gBAED,OAAO,IAAI,CAAC,KAAK,CAAC;YACnB,CAAC;YACD,aAAa,CAAC,GAAG;gBAChB,IAAI,EAAE,CAAC;gBAEP,MAAM,IAAI,GAAmC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,IAAI,CAAC,IAAI,EAAE,CAAC;oBACX,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC9B,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBACjC,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC7B,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC/B,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC;YACtC,CAAC;YACD,GAAG,CAAC,GAAG,EAAE,KAAK;gBACb,IAAI,EAAE,CAAC;gBAEP,MAAM,IAAI,GAAmC;oBAC5C,KAAK,EAAE,KAAK;oBACZ,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC;oBAC3B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC;gBAEF,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBAClB,OAAO,EAAE,CAAC;YACX,CAAC;YACD,MAAM,CAAC,GAAG;gBACT,IAAI,EAAE,CAAC;gBAEP,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,EAAE,CAAC;gBACX,CAAC;YACF,CAAC;YACD,IAAI;gBACH,IAAI,EAAE,CAAC;gBAEP,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;SACD,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACN,OAAO,EAAE,GAAG,EAAE;YACb,UAAU,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;QAED,QAAQ,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;YAC/C,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC;YACb,CAAC;YAED,OAAO,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC;QACjC,CAAC,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,EAAE,aAAa;QAErF,yEAAyE;QACzE,qDAAqD;QACrD,uBAAuB;QACvB,UAAU,EAAE,WAAW,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,CAAC;QACzF,YAAY,EAAE,IAAI,GAAG,EAAsC;KAC3D,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
declare const CLIENT_ASSERTION_TYPE_JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
|
|
2
|
+
export interface ClientAssertionCredentials {
|
|
3
|
+
client_assertion: string;
|
|
4
|
+
client_assertion_type: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER;
|
|
5
|
+
}
|
|
6
|
+
export interface FetchClientAssertionParams {
|
|
7
|
+
/** JWK thumbprint of the DPoP key to bind the assertion to */
|
|
8
|
+
jkt: string;
|
|
9
|
+
/** authorization server issuer (audience for the assertion) */
|
|
10
|
+
aud: string;
|
|
11
|
+
/**
|
|
12
|
+
* create a DPoP proof to prove you possess the key for the claimed jkt.
|
|
13
|
+
*
|
|
14
|
+
* @param htu origin and pathname to your backend
|
|
15
|
+
* @returns DPoP proof that can be included in the assertion
|
|
16
|
+
*/
|
|
17
|
+
createDpopProof: (htu: string) => Promise<string>;
|
|
18
|
+
}
|
|
19
|
+
export type ClientAssertionFetcher = (params: FetchClientAssertionParams) => Promise<ClientAssertionCredentials>;
|
|
20
|
+
export {};
|
|
21
|
+
//# sourceMappingURL=client-assertion.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client-assertion.d.ts","sourceRoot":"","sources":["../../lib/types/client-assertion.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,gCAAgC,2DAA2D,CAAC;AAElG,MAAM,WAAW,0BAA0B;IAC1C,gBAAgB,EAAE,MAAM,CAAC;IACzB,qBAAqB,EAAE,OAAO,gCAAgC,CAAC;CAC/D;AAED,MAAM,WAAW,0BAA0B;IAC1C,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,+DAA+D;IAC/D,GAAG,EAAE,MAAM,CAAC;IAEZ;;;;;OAKG;IACH,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CAClD;AAED,MAAM,MAAM,sBAAsB,GAAG,CACpC,MAAM,EAAE,0BAA0B,KAC9B,OAAO,CAAC,0BAA0B,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client-assertion.js","sourceRoot":"","sources":["../../lib/types/client-assertion.ts"],"names":[],"mappings":"AAAA,MAAM,gCAAgC,GAAG,wDAAwD,CAAC"}
|
package/dist/types/client.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../lib/types/client.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC9B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,EAAE,CACb,MAAM,GACN,OAAO,GACP,MAAM,GACN,qBAAqB,GACrB,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,UAAU,CACZ,EAAE,CAAC;IACJ,WAAW,EAAE,CACV,oBAAoB,GACpB,UAAU,GACV,eAAe,GACf,UAAU,GACV,oBAAoB,GACpB,6CAA6C,GAC7C,+CAA+C,CACjD,EAAE,CAAC;IACJ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0BAA0B,CAAC,EACxB,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,kCAAkC,CAAC,EAChC,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,uCAAuC,CAAC,EAAE,MAAM,CAAC;IACjD,+BAA+B,CAAC,EAC7B,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,iDAAiD,CAAC,EAC/C,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,sDAAsD,CAAC,EAAE,MAAM,CAAC;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,gBAAgB,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAC;IACpC,YAAY,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IACrC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,iCAAiC,CAAC,EAAE,MAAM,CAAC;IAC3C,oCAAoC,CAAC,EAAE,eAAe,CAAC;IACvD,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,0CAA0C,CAAC,EAAE,OAAO,CAAC;IACrD,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;CACvC"}
|
package/dist/types/dpop.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../lib/types/dpop.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,OAAO,CAAC;IACb,+CAA+C;IAC/C,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,gFAAgF;IAChF,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;CACxB"}
|
package/dist/types/identity.d.ts
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
|
-
import type { Did } from '@atcute/lexicons';
|
|
2
|
-
export interface
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
pds:
|
|
1
|
+
import type { ActorIdentifier, Did, Handle } from '@atcute/lexicons';
|
|
2
|
+
export interface ResolvedIdentity {
|
|
3
|
+
did: Did;
|
|
4
|
+
handle: Handle;
|
|
5
|
+
pds: string;
|
|
6
6
|
}
|
|
7
|
+
export interface ResolveIdentityOptions {
|
|
8
|
+
signal?: AbortSignal;
|
|
9
|
+
noCache?: boolean;
|
|
10
|
+
}
|
|
11
|
+
export interface IdentityResolver {
|
|
12
|
+
resolve(actor: ActorIdentifier, options?: ResolveIdentityOptions): Promise<ResolvedIdentity>;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../lib/types/identity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAErE,MAAM,WAAW,gBAAgB;IAChC,GAAG,EAAE,GAAG,CAAC;IACT,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,sBAAsB;IACtC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAChC,OAAO,CAAC,KAAK,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC7F"}
|
package/dist/types/par.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"par.d.ts","sourceRoot":"","sources":["../../lib/types/par.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACnB"}
|
package/dist/types/server.d.ts
CHANGED
|
@@ -55,3 +55,4 @@ export interface AuthorizationServerMetadata {
|
|
|
55
55
|
}
|
|
56
56
|
export interface PersistedAuthorizationServerMetadata extends Pick<AuthorizationServerMetadata, 'issuer' | 'authorization_endpoint' | 'introspection_endpoint' | 'pushed_authorization_request_endpoint' | 'revocation_endpoint' | 'token_endpoint'> {
|
|
57
57
|
}
|
|
58
|
+
//# sourceMappingURL=server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../lib/types/server.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,CAAC,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;IAC3D,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;IACjD,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,2BAA2B;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,gCAAgC,CAAC,EAAE,OAAO,CAAC;IAC3C,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,gCAAgC,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;IACjD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,2CAA2C,CAAC,EAAE,MAAM,EAAE,CAAC;IACvD,8CAA8C,CAAC,EAAE,OAAO,CAAC;IACzD,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;IACjD,8CAA8C,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1D,8CAA8C,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1D,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;IACjD,gDAAgD,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5D,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,0CAA0C,CAAC,EAAE,MAAM,EAAE,CAAC;IACtD,qDAAqD,CAAC,EAAE,MAAM,EAAE,CAAC;IACjE,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,6CAA6C,CAAC,EAAE,MAAM,EAAE,CAAC;IACzD,wDAAwD,CAAC,EAAE,MAAM,EAAE,CAAC;IACpE,qCAAqC,CAAC,EAAE,MAAM,CAAC;IAC/C,4DAA4D,CAAC,EAAE,MAAM,EAAE,CAAC;IACxE,uEAAuE,CAAC,EAAE,MAAM,EAAE,CAAC;IACnF,qCAAqC,CAAC,EAAE,OAAO,CAAC;IAChD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iCAAiC,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7C,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,qCAAqC,CAAC,EAAE,OAAO,CAAC;CAChD;AAED,MAAM,WAAW,oCAChB,SAAQ,IAAI,CACX,2BAA2B,EACzB,QAAQ,GACR,wBAAwB,GACxB,wBAAwB,GACxB,uCAAuC,GACvC,qBAAqB,GACrB,gBAAgB,CAClB;CAAG"}
|
package/dist/types/store.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../lib/types/store.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,SAAS,EAAE,GAAG,IAAI;IAC1E,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IACnD,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IAChC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;CAChB"}
|
package/dist/types/token.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../lib/types/token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,KAAK,EAAE,oCAAoC,EAAE,MAAM,aAAa,CAAC;AAExE,MAAM,WAAW,kBAAkB;IAClC,YAAY,EAAE,MAAM,CAAC;IAErB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;IAC3C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qBAAqB,CAAC,EACnB;QACA,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,EAAE,GACH,SAAS,CAAC;CACb;AAED,MAAM,WAAW,SAAS;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC5B,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,oCAAoC,CAAC;CAC7C;AAED,MAAM,WAAW,OAAO;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,SAAS,CAAC;CACjB"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { DidDocumentResolver, HandleResolver } from '@atcute/identity-resolver';
|
|
2
|
+
import type { IdentityResolver } from '../types/identity.js';
|
|
3
|
+
export interface DefaultIdentityResolverOptions {
|
|
4
|
+
handleResolver: HandleResolver;
|
|
5
|
+
didDocumentResolver: DidDocumentResolver;
|
|
6
|
+
}
|
|
7
|
+
export declare const defaultIdentityResolver: ({ handleResolver, didDocumentResolver, }: DefaultIdentityResolverOptions) => IdentityResolver;
|
|
8
|
+
//# sourceMappingURL=identity-resolver.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-resolver.d.ts","sourceRoot":"","sources":["../../lib/utils/identity-resolver.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAKrF,OAAO,KAAK,EAAE,gBAAgB,EAA4C,MAAM,sBAAsB,CAAC;AAEvG,MAAM,WAAW,8BAA8B;IAC9C,cAAc,EAAE,cAAc,CAAC;IAC/B,mBAAmB,EAAE,mBAAmB,CAAC;CACzC;AAED,eAAO,MAAM,uBAAuB,GAAI,0CAGrC,8BAA8B,KAAG,gBA0CnC,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { getAtprotoHandle, getPdsEndpoint } from '@atcute/identity';
|
|
2
|
+
import { isDid } from '@atcute/lexicons/syntax';
|
|
3
|
+
import { ResolverError } from '../errors.js';
|
|
4
|
+
export const defaultIdentityResolver = ({ handleResolver, didDocumentResolver, }) => {
|
|
5
|
+
return {
|
|
6
|
+
async resolve(actor, options) {
|
|
7
|
+
const identifierIsDid = isDid(actor);
|
|
8
|
+
let did;
|
|
9
|
+
if (identifierIsDid) {
|
|
10
|
+
did = actor;
|
|
11
|
+
}
|
|
12
|
+
else {
|
|
13
|
+
did = await handleResolver.resolve(actor, options);
|
|
14
|
+
}
|
|
15
|
+
const doc = await didDocumentResolver.resolve(did, options);
|
|
16
|
+
const pds = getPdsEndpoint(doc);
|
|
17
|
+
if (!pds) {
|
|
18
|
+
throw new ResolverError(`missing pds endpoint`);
|
|
19
|
+
}
|
|
20
|
+
let handle = 'handle.invalid';
|
|
21
|
+
if (identifierIsDid) {
|
|
22
|
+
const writtenHandle = getAtprotoHandle(doc);
|
|
23
|
+
if (writtenHandle) {
|
|
24
|
+
try {
|
|
25
|
+
const resolved = await handleResolver.resolve(writtenHandle, options);
|
|
26
|
+
if (resolved === did) {
|
|
27
|
+
handle = writtenHandle;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch { }
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
else if (getAtprotoHandle(doc) === actor) {
|
|
34
|
+
handle = actor;
|
|
35
|
+
}
|
|
36
|
+
return {
|
|
37
|
+
did: did,
|
|
38
|
+
handle: handle,
|
|
39
|
+
pds: new URL(pds).href,
|
|
40
|
+
};
|
|
41
|
+
},
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
//# sourceMappingURL=identity-resolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-resolver.js","sourceRoot":"","sources":["../../lib/utils/identity-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGpE,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAEhD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAQ7C,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,EACvC,cAAc,EACd,mBAAmB,GACa,EAAoB,EAAE;IACtD,OAAO;QACN,KAAK,CAAC,OAAO,CAAC,KAAsB,EAAE,OAAgC;YACrE,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;YAErC,IAAI,GAAQ,CAAC;YACb,IAAI,eAAe,EAAE,CAAC;gBACrB,GAAG,GAAG,KAAK,CAAC;YACb,CAAC;iBAAM,CAAC;gBACP,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE5D,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACV,MAAM,IAAI,aAAa,CAAC,sBAAsB,CAAC,CAAC;YACjD,CAAC;YAED,IAAI,MAAM,GAAW,gBAAgB,CAAC;YACtC,IAAI,eAAe,EAAE,CAAC;gBACrB,MAAM,aAAa,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBAC5C,IAAI,aAAa,EAAE,CAAC;oBACnB,IAAI,CAAC;wBACJ,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;wBAEtE,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;4BACtB,MAAM,GAAG,aAAa,CAAC;wBACxB,CAAC;oBACF,CAAC;oBAAC,MAAM,CAAC,CAAA,CAAC;gBACX,CAAC;YACF,CAAC;iBAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC5C,MAAM,GAAG,KAAK,CAAC;YAChB,CAAC;YAED,OAAO;gBACN,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,MAAM;gBACd,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI;aACtB,CAAC;QACH,CAAC;KACD,CAAC;AACH,CAAC,CAAC"}
|
package/dist/utils/misc.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"misc.d.ts","sourceRoot":"","sources":["../../lib/utils/misc.ts"],"names":[],"mappings":"AAAA,KAAK,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;AAExD,eAAO,MAAM,IAAI,GAAI,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,KAAG,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,CAWtF,CAAC"}
|
package/dist/utils/response.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"response.d.ts","sourceRoot":"","sources":["../../lib/utils/response.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,MAAM,GAAG,SAE9D,CAAC"}
|
package/dist/utils/runtime.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../lib/utils/runtime.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,KAAK,EAAE,WAAW,GAAG,SAA0E,CAAC;AAE7G,eAAO,MAAM,cAAc,GAAU,OAAO,MAAM,KAAG,OAAO,CAAC,MAAM,CAKlE,CAAC;AAEF,eAAO,MAAM,YAAY,QAAa,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAQpG,CAAC"}
|
package/dist/utils/strings.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"strings.d.ts","sourceRoot":"","sources":["../../lib/utils/strings.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,UAAU,GAAI,WAAW,MAAM,KAAG,OAe9C,CAAC"}
|
package/lib/agents/exchange.ts
CHANGED
|
@@ -5,7 +5,7 @@ import type { ActorIdentifier } from '@atcute/lexicons';
|
|
|
5
5
|
import { createES256Key } from '../dpop.js';
|
|
6
6
|
import { CLIENT_ID, database, REDIRECT_URI } from '../environment.js';
|
|
7
7
|
import { AuthorizationError, LoginError } from '../errors.js';
|
|
8
|
-
import type {
|
|
8
|
+
import type { ResolvedIdentity } from '../types/identity.js';
|
|
9
9
|
import type { AuthorizationServerMetadata } from '../types/server.js';
|
|
10
10
|
import type { Session } from '../types/token.js';
|
|
11
11
|
import { generatePKCE } from '../utils/runtime.js';
|
|
@@ -21,6 +21,10 @@ export type AuthorizeTargetOptions =
|
|
|
21
21
|
export interface AuthorizeOptions {
|
|
22
22
|
target: AuthorizeTargetOptions;
|
|
23
23
|
scope: string;
|
|
24
|
+
state?: unknown;
|
|
25
|
+
prompt?: 'none' | 'login' | 'consent' | 'select_account';
|
|
26
|
+
display?: 'page' | 'popup' | 'touch' | 'wap';
|
|
27
|
+
locale?: string;
|
|
24
28
|
}
|
|
25
29
|
|
|
26
30
|
/**
|
|
@@ -28,8 +32,10 @@ export interface AuthorizeOptions {
|
|
|
28
32
|
* @param options
|
|
29
33
|
* @returns URL to redirect the user for authorization
|
|
30
34
|
*/
|
|
31
|
-
export const createAuthorizationUrl = async (
|
|
32
|
-
|
|
35
|
+
export const createAuthorizationUrl = async (options: AuthorizeOptions): Promise<URL> => {
|
|
36
|
+
const { target, scope, state = null, ...reqs } = options;
|
|
37
|
+
|
|
38
|
+
let resolved: { identity?: ResolvedIdentity; metadata: AuthorizationServerMetadata };
|
|
33
39
|
switch (target.type) {
|
|
34
40
|
case 'account': {
|
|
35
41
|
resolved = await resolveFromIdentifier(target.identifier);
|
|
@@ -41,32 +47,37 @@ export const createAuthorizationUrl = async ({ target, scope }: AuthorizeOptions
|
|
|
41
47
|
}
|
|
42
48
|
|
|
43
49
|
const { identity, metadata } = resolved;
|
|
50
|
+
const loginHint = identity
|
|
51
|
+
? identity.handle !== 'handle.invalid'
|
|
52
|
+
? identity.handle
|
|
53
|
+
: identity.did
|
|
54
|
+
: undefined;
|
|
44
55
|
|
|
45
|
-
const
|
|
56
|
+
const sid = nanoid(24);
|
|
46
57
|
|
|
47
58
|
const pkce = await generatePKCE();
|
|
48
59
|
const dpopKey = await createES256Key();
|
|
49
60
|
|
|
50
61
|
const params = {
|
|
62
|
+
display: reqs.display,
|
|
63
|
+
ui_locales: reqs.locale,
|
|
64
|
+
prompt: reqs.prompt,
|
|
65
|
+
|
|
51
66
|
redirect_uri: REDIRECT_URI,
|
|
52
67
|
code_challenge: pkce.challenge,
|
|
53
68
|
code_challenge_method: pkce.method,
|
|
54
|
-
state:
|
|
55
|
-
login_hint:
|
|
69
|
+
state: sid,
|
|
70
|
+
login_hint: loginHint,
|
|
56
71
|
response_mode: 'fragment',
|
|
57
72
|
response_type: 'code',
|
|
58
|
-
display: 'page',
|
|
59
|
-
// id_token_hint: undefined,
|
|
60
|
-
// max_age: undefined,
|
|
61
|
-
// prompt: undefined,
|
|
62
73
|
scope: scope,
|
|
63
|
-
// ui_locales: undefined,
|
|
64
74
|
} satisfies Record<string, string | undefined>;
|
|
65
75
|
|
|
66
|
-
database.states.set(
|
|
76
|
+
database.states.set(sid, {
|
|
67
77
|
dpopKey: dpopKey,
|
|
68
78
|
metadata: metadata,
|
|
69
79
|
verifier: pkce.verifier,
|
|
80
|
+
state: state,
|
|
70
81
|
});
|
|
71
82
|
|
|
72
83
|
const server = new OAuthServerAgent(metadata, dpopKey);
|
|
@@ -86,25 +97,22 @@ export const createAuthorizationUrl = async ({ target, scope }: AuthorizeOptions
|
|
|
86
97
|
*/
|
|
87
98
|
export const finalizeAuthorization = async (params: URLSearchParams) => {
|
|
88
99
|
const issuer = params.get('iss');
|
|
89
|
-
const
|
|
100
|
+
const sid = params.get('state');
|
|
90
101
|
const code = params.get('code');
|
|
91
102
|
const error = params.get('error');
|
|
92
103
|
|
|
93
|
-
if (!
|
|
104
|
+
if (!sid || !(code || error)) {
|
|
94
105
|
throw new LoginError(`missing parameters`);
|
|
95
106
|
}
|
|
96
107
|
|
|
97
|
-
const stored = database.states.get(
|
|
108
|
+
const stored = database.states.get(sid);
|
|
98
109
|
if (stored) {
|
|
99
110
|
// Delete now that we've caught it
|
|
100
|
-
database.states.delete(
|
|
111
|
+
database.states.delete(sid);
|
|
101
112
|
} else {
|
|
102
113
|
throw new LoginError(`unknown state provided`);
|
|
103
114
|
}
|
|
104
115
|
|
|
105
|
-
const dpopKey = stored.dpopKey;
|
|
106
|
-
const metadata = stored.metadata;
|
|
107
|
-
|
|
108
116
|
if (error) {
|
|
109
117
|
throw new AuthorizationError(params.get('error_description') || error);
|
|
110
118
|
}
|
|
@@ -112,6 +120,10 @@ export const finalizeAuthorization = async (params: URLSearchParams) => {
|
|
|
112
120
|
throw new LoginError(`missing code parameter`);
|
|
113
121
|
}
|
|
114
122
|
|
|
123
|
+
const dpopKey = stored.dpopKey;
|
|
124
|
+
const metadata = stored.metadata;
|
|
125
|
+
const state = stored.state ?? null;
|
|
126
|
+
|
|
115
127
|
if (issuer === null) {
|
|
116
128
|
throw new LoginError(`missing issuer parameter`);
|
|
117
129
|
} else if (issuer !== metadata.issuer) {
|
|
@@ -128,5 +140,5 @@ export const finalizeAuthorization = async (params: URLSearchParams) => {
|
|
|
128
140
|
|
|
129
141
|
await storeSession(sub, session);
|
|
130
142
|
|
|
131
|
-
return session;
|
|
143
|
+
return { session, state };
|
|
132
144
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { Did } from '@atcute/lexicons';
|
|
2
2
|
|
|
3
|
-
import { createDPoPFetch } from '../dpop.js';
|
|
4
|
-
import { CLIENT_ID, REDIRECT_URI } from '../environment.js';
|
|
3
|
+
import { createDPoPFetch, createDPoPSignage } from '../dpop.js';
|
|
4
|
+
import { CLIENT_ID, fetchClientAssertion, REDIRECT_URI } from '../environment.js';
|
|
5
5
|
import { FetchResponseError, OAuthResponseError, TokenRefreshError } from '../errors.js';
|
|
6
6
|
import { resolveFromIdentifier } from '../resolvers.js';
|
|
7
7
|
import type { DPoPKey } from '../types/dpop.js';
|
|
@@ -14,9 +14,11 @@ import { extractContentType } from '../utils/response.js';
|
|
|
14
14
|
export class OAuthServerAgent {
|
|
15
15
|
#fetch: typeof fetch;
|
|
16
16
|
#metadata: PersistedAuthorizationServerMetadata;
|
|
17
|
+
#dpopKey: DPoPKey;
|
|
17
18
|
|
|
18
19
|
constructor(metadata: PersistedAuthorizationServerMetadata, dpopKey: DPoPKey) {
|
|
19
20
|
this.#metadata = metadata;
|
|
21
|
+
this.#dpopKey = dpopKey;
|
|
20
22
|
this.#fetch = createDPoPFetch(dpopKey, true);
|
|
21
23
|
}
|
|
22
24
|
|
|
@@ -33,6 +35,24 @@ export class OAuthServerAgent {
|
|
|
33
35
|
throw new Error(`no endpoint for ${endpoint}`);
|
|
34
36
|
}
|
|
35
37
|
|
|
38
|
+
if (endpoint === 'token' && fetchClientAssertion !== undefined) {
|
|
39
|
+
const jkt = this.#dpopKey.jkt;
|
|
40
|
+
if (jkt === undefined) {
|
|
41
|
+
throw new Error(`DPoP key missing jkt field`);
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
const clientAssertionCredentials = await fetchClientAssertion({
|
|
45
|
+
jkt: jkt,
|
|
46
|
+
aud: this.#metadata.issuer,
|
|
47
|
+
createDpopProof: async (url) => {
|
|
48
|
+
const sign = createDPoPSignage(this.#dpopKey);
|
|
49
|
+
return await sign('POST', url, undefined, undefined);
|
|
50
|
+
},
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
payload = { ...payload, ...clientAssertionCredentials };
|
|
54
|
+
}
|
|
55
|
+
|
|
36
56
|
const response = await this.#fetch(url, {
|
|
37
57
|
method: 'post',
|
|
38
58
|
headers: { 'content-type': 'application/json' },
|
|
@@ -134,7 +154,7 @@ export class OAuthServerAgent {
|
|
|
134
154
|
token: token,
|
|
135
155
|
info: {
|
|
136
156
|
sub: sub as Did,
|
|
137
|
-
aud: resolved.identity.pds
|
|
157
|
+
aud: resolved.identity.pds,
|
|
138
158
|
server: pick(resolved.metadata, [
|
|
139
159
|
'issuer',
|
|
140
160
|
'authorization_endpoint',
|
package/lib/dpop.ts
CHANGED
|
@@ -16,10 +16,14 @@ export const createES256Key = async (): Promise<DPoPKey> => {
|
|
|
16
16
|
const key = await crypto.subtle.exportKey('pkcs8', pair.privateKey);
|
|
17
17
|
const { ext: _ext, key_ops: _key_opts, ...jwk } = await crypto.subtle.exportKey('jwk', pair.publicKey);
|
|
18
18
|
|
|
19
|
+
const canonicalJwk = JSON.stringify({ crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y });
|
|
20
|
+
const jkt = await stringToSha256(canonicalJwk);
|
|
21
|
+
|
|
19
22
|
return {
|
|
20
23
|
typ: 'ES256',
|
|
21
24
|
key: toBase64Url(new Uint8Array(key)),
|
|
22
25
|
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
26
|
+
jkt: jkt,
|
|
23
27
|
};
|
|
24
28
|
};
|
|
25
29
|
|
package/lib/environment.ts
CHANGED
|
@@ -1,21 +1,18 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { IdentityResolver } from './types/identity.js';
|
|
2
2
|
|
|
3
3
|
import { createOAuthDatabase, type OAuthDatabase } from './store/db.js';
|
|
4
|
+
import type { ClientAssertionFetcher } from './types/client-assertion.js';
|
|
4
5
|
|
|
5
6
|
export let CLIENT_ID: string;
|
|
6
7
|
export let REDIRECT_URI: string;
|
|
7
8
|
|
|
9
|
+
export let fetchClientAssertion: ClientAssertionFetcher | undefined;
|
|
10
|
+
|
|
8
11
|
export let database: OAuthDatabase;
|
|
9
12
|
|
|
10
|
-
export let
|
|
11
|
-
export let didDocumentResolver: DidDocumentResolver;
|
|
13
|
+
export let identityResolver: IdentityResolver;
|
|
12
14
|
|
|
13
15
|
export interface ConfigureOAuthOptions {
|
|
14
|
-
/** used to resolve handles into DIDs */
|
|
15
|
-
handleResolver: HandleResolver;
|
|
16
|
-
/** used to resolve DIDs into DID documents */
|
|
17
|
-
didDocumentResolver: DidDocumentResolver;
|
|
18
|
-
|
|
19
16
|
/**
|
|
20
17
|
* client metadata, necessary to drive the whole request
|
|
21
18
|
*/
|
|
@@ -24,6 +21,14 @@ export interface ConfigureOAuthOptions {
|
|
|
24
21
|
redirect_uri: string;
|
|
25
22
|
};
|
|
26
23
|
|
|
24
|
+
/** resolves actor identifiers into identity metadata */
|
|
25
|
+
identityResolver: IdentityResolver;
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* optional function to fetch DPoP-bound client assertions from your backend.
|
|
29
|
+
*/
|
|
30
|
+
fetchClientAssertion?: ClientAssertionFetcher;
|
|
31
|
+
|
|
27
32
|
/**
|
|
28
33
|
* name that will be used as prefix for storage keys needed to persist authentication.
|
|
29
34
|
* @default "atcute-oauth"
|
|
@@ -32,7 +37,7 @@ export interface ConfigureOAuthOptions {
|
|
|
32
37
|
}
|
|
33
38
|
|
|
34
39
|
export const configureOAuth = (options: ConfigureOAuthOptions) => {
|
|
35
|
-
({
|
|
40
|
+
({ identityResolver, fetchClientAssertion } = options);
|
|
36
41
|
({ client_id: CLIENT_ID, redirect_uri: REDIRECT_URI } = options.metadata);
|
|
37
42
|
|
|
38
43
|
database = createOAuthDatabase({ name: options.storageName ?? 'atcute-oauth' });
|
package/lib/index.ts
CHANGED
|
@@ -7,6 +7,7 @@ export * from './agents/server-agent.js';
|
|
|
7
7
|
export * from './agents/sessions.js';
|
|
8
8
|
export * from './agents/user-agent.js';
|
|
9
9
|
|
|
10
|
+
export * from './types/client-assertion.js';
|
|
10
11
|
export * from './types/client.js';
|
|
11
12
|
export * from './types/dpop.js';
|
|
12
13
|
export * from './types/identity.js';
|
|
@@ -14,3 +15,5 @@ export * from './types/par.js';
|
|
|
14
15
|
export * from './types/server.js';
|
|
15
16
|
export * from './types/store.js';
|
|
16
17
|
export * from './types/token.js';
|
|
18
|
+
|
|
19
|
+
export * from './utils/identity-resolver.js';
|
package/lib/resolvers.ts
CHANGED
|
@@ -1,39 +1,20 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import type { ActorIdentifier, Did } from '@atcute/lexicons';
|
|
3
|
-
import { isDid } from '@atcute/lexicons/syntax';
|
|
1
|
+
import type { ActorIdentifier } from '@atcute/lexicons';
|
|
4
2
|
|
|
5
|
-
import {
|
|
3
|
+
import { identityResolver } from './environment.js';
|
|
6
4
|
import { ResolverError } from './errors.js';
|
|
7
|
-
import type {
|
|
5
|
+
import type { ResolvedIdentity } from './types/identity.js';
|
|
8
6
|
import type { AuthorizationServerMetadata, ProtectedResourceMetadata } from './types/server.js';
|
|
9
7
|
import { extractContentType } from './utils/response.js';
|
|
10
8
|
import { isValidUrl } from './utils/strings.js';
|
|
11
9
|
|
|
12
10
|
export const resolveFromIdentifier = async (
|
|
13
11
|
ident: ActorIdentifier,
|
|
14
|
-
): Promise<{ identity:
|
|
15
|
-
|
|
16
|
-
if (isDid(ident)) {
|
|
17
|
-
did = ident;
|
|
18
|
-
} else {
|
|
19
|
-
const resolved = await handleResolver.resolve(ident);
|
|
20
|
-
did = resolved;
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
const doc = await didDocumentResolver.resolve(did);
|
|
24
|
-
const pds = getPdsEndpoint(doc);
|
|
25
|
-
|
|
26
|
-
if (!pds) {
|
|
27
|
-
throw new ResolverError(`missing pds endpoint`);
|
|
28
|
-
}
|
|
12
|
+
): Promise<{ identity: ResolvedIdentity; metadata: AuthorizationServerMetadata }> => {
|
|
13
|
+
const identity = await identityResolver.resolve(ident);
|
|
29
14
|
|
|
30
15
|
return {
|
|
31
|
-
identity:
|
|
32
|
-
|
|
33
|
-
raw: ident,
|
|
34
|
-
pds: new URL(pds),
|
|
35
|
-
},
|
|
36
|
-
metadata: await getMetadataFromResourceServer(pds),
|
|
16
|
+
identity: identity,
|
|
17
|
+
metadata: await getMetadataFromResourceServer(identity.pds),
|
|
37
18
|
};
|
|
38
19
|
};
|
|
39
20
|
|
package/lib/store/db.ts
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
const CLIENT_ASSERTION_TYPE_JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
|
|
2
|
+
|
|
3
|
+
export interface ClientAssertionCredentials {
|
|
4
|
+
client_assertion: string;
|
|
5
|
+
client_assertion_type: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER;
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
export interface FetchClientAssertionParams {
|
|
9
|
+
/** JWK thumbprint of the DPoP key to bind the assertion to */
|
|
10
|
+
jkt: string;
|
|
11
|
+
/** authorization server issuer (audience for the assertion) */
|
|
12
|
+
aud: string;
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* create a DPoP proof to prove you possess the key for the claimed jkt.
|
|
16
|
+
*
|
|
17
|
+
* @param htu origin and pathname to your backend
|
|
18
|
+
* @returns DPoP proof that can be included in the assertion
|
|
19
|
+
*/
|
|
20
|
+
createDpopProof: (htu: string) => Promise<string>;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export type ClientAssertionFetcher = (
|
|
24
|
+
params: FetchClientAssertionParams,
|
|
25
|
+
) => Promise<ClientAssertionCredentials>;
|