@atcute/oauth-browser-client 2.0.0-next.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +125 -16
- package/dist/agents/exchange.d.ts +10 -2
- package/dist/agents/exchange.d.ts.map +1 -0
- package/dist/agents/exchange.js +23 -17
- package/dist/agents/exchange.js.map +1 -1
- package/dist/agents/server-agent.d.ts +1 -0
- package/dist/agents/server-agent.d.ts.map +1 -0
- package/dist/agents/server-agent.js +21 -3
- package/dist/agents/server-agent.js.map +1 -1
- package/dist/agents/sessions.d.ts +1 -0
- package/dist/agents/sessions.d.ts.map +1 -0
- package/dist/agents/user-agent.d.ts +1 -0
- package/dist/agents/user-agent.d.ts.map +1 -0
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/dpop.d.ts +1 -0
- package/dist/dpop.d.ts.map +1 -0
- package/dist/dpop.js +3 -0
- package/dist/dpop.js.map +1 -1
- package/dist/environment.d.ts +11 -7
- package/dist/environment.d.ts.map +1 -0
- package/dist/environment.js +3 -3
- package/dist/environment.js.map +1 -1
- package/dist/errors.d.ts +1 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/resolvers.d.ts +3 -2
- package/dist/resolvers.d.ts.map +1 -0
- package/dist/resolvers.js +4 -22
- package/dist/resolvers.js.map +1 -1
- package/dist/store/db.d.ts +2 -0
- package/dist/store/db.d.ts.map +1 -0
- package/dist/store/db.js.map +1 -1
- package/dist/types/client-assertion.d.ts +21 -0
- package/dist/types/client-assertion.d.ts.map +1 -0
- package/dist/types/client-assertion.js +3 -0
- package/dist/types/client-assertion.js.map +1 -0
- package/dist/types/client.d.ts +1 -0
- package/dist/types/client.d.ts.map +1 -0
- package/dist/types/dpop.d.ts +3 -0
- package/dist/types/dpop.d.ts.map +1 -0
- package/dist/types/identity.d.ts +13 -5
- package/dist/types/identity.d.ts.map +1 -0
- package/dist/types/par.d.ts +1 -0
- package/dist/types/par.d.ts.map +1 -0
- package/dist/types/server.d.ts +1 -0
- package/dist/types/server.d.ts.map +1 -0
- package/dist/types/store.d.ts +1 -0
- package/dist/types/store.d.ts.map +1 -0
- package/dist/types/token.d.ts +1 -0
- package/dist/types/token.d.ts.map +1 -0
- package/dist/utils/identity-resolver.d.ts +8 -0
- package/dist/utils/identity-resolver.d.ts.map +1 -0
- package/dist/utils/identity-resolver.js +44 -0
- package/dist/utils/identity-resolver.js.map +1 -0
- package/dist/utils/misc.d.ts +1 -0
- package/dist/utils/misc.d.ts.map +1 -0
- package/dist/utils/response.d.ts +1 -0
- package/dist/utils/response.d.ts.map +1 -0
- package/dist/utils/runtime.d.ts +1 -0
- package/dist/utils/runtime.d.ts.map +1 -0
- package/dist/utils/strings.d.ts +1 -0
- package/dist/utils/strings.d.ts.map +1 -0
- package/lib/agents/exchange.ts +32 -20
- package/lib/agents/server-agent.ts +26 -3
- package/lib/dpop.ts +4 -0
- package/lib/environment.ts +14 -9
- package/lib/index.ts +3 -0
- package/lib/resolvers.ts +7 -26
- package/lib/store/db.ts +1 -0
- package/lib/types/client-assertion.ts +25 -0
- package/lib/types/dpop.ts +2 -0
- package/lib/types/identity.ts +14 -5
- package/lib/utils/identity-resolver.ts +59 -0
- package/package.json +8 -8
package/README.md
CHANGED
|
@@ -23,7 +23,7 @@ along with the resolvers that will be used to resolve and verify account details
|
|
|
23
23
|
be placed before any other calls you make with this library.
|
|
24
24
|
|
|
25
25
|
```ts
|
|
26
|
-
import { configureOAuth } from '@atcute/oauth-browser-client';
|
|
26
|
+
import { configureOAuth, defaultIdentityResolver } from '@atcute/oauth-browser-client';
|
|
27
27
|
|
|
28
28
|
import {
|
|
29
29
|
CompositeDidDocumentResolver,
|
|
@@ -37,21 +37,22 @@ configureOAuth({
|
|
|
37
37
|
client_id: 'https://example.com/oauth-client-metadata.json',
|
|
38
38
|
redirect_uri: 'https://example.com/oauth/callback',
|
|
39
39
|
},
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
40
|
+
identityResolver: defaultIdentityResolver({
|
|
41
|
+
// AT Protocol handles resolve via DNS TXT record or HTTP well-known endpoints.
|
|
42
|
+
// since web apps lack direct DNS access and face CORS restrictions, we're using
|
|
43
|
+
// Bluesky's AppView for this example.
|
|
44
|
+
//
|
|
45
|
+
// NOTE: Bluesky may log handle resolutions and requester info per their privacy
|
|
46
|
+
// policy. consider the privacy implications of this arrangement and change this
|
|
47
|
+
// setup if unsuitable for your use case.
|
|
48
|
+
handleResolver: new XrpcHandleResolver({ serviceUrl: 'https://public.api.bsky.app' }),
|
|
49
|
+
|
|
50
|
+
didDocumentResolver: new CompositeDidDocumentResolver({
|
|
51
|
+
methods: {
|
|
52
|
+
plc: new PlcDidDocumentResolver(),
|
|
53
|
+
web: new WebDidDocumentResolver(),
|
|
54
|
+
},
|
|
55
|
+
}),
|
|
55
56
|
}),
|
|
56
57
|
});
|
|
57
58
|
```
|
|
@@ -171,6 +172,114 @@ try {
|
|
|
171
172
|
}
|
|
172
173
|
```
|
|
173
174
|
|
|
175
|
+
## confidential client mode (optional)
|
|
176
|
+
|
|
177
|
+
by default, `@atcute/oauth-browser-client` operates as a **public client**, resulting in shorter
|
|
178
|
+
session lifetimes by authorization servers as it's deemed to be unable to securely store
|
|
179
|
+
credentials.
|
|
180
|
+
|
|
181
|
+
if you want longer-lived sessions and better security controls, you can enable **confidential client
|
|
182
|
+
mode** by setting up a [client assertion backend](client-assertion-backend).
|
|
183
|
+
|
|
184
|
+
[client-assertion-backend]:
|
|
185
|
+
https://github.com/bluesky-social/proposals/tree/main/0010-client-assertion-backend
|
|
186
|
+
|
|
187
|
+
### setup
|
|
188
|
+
|
|
189
|
+
configure the client with a function to fetch client assertions from your backend:
|
|
190
|
+
|
|
191
|
+
```ts
|
|
192
|
+
import { configureOAuth } from '@atcute/oauth-browser-client';
|
|
193
|
+
|
|
194
|
+
configureOAuth({
|
|
195
|
+
// ... existing config
|
|
196
|
+
|
|
197
|
+
async fetchClientAssertion({ jkt, aud, createDpopProof }) {
|
|
198
|
+
const dpop = await createDpopProof('https://example.com/api/client-assertion');
|
|
199
|
+
|
|
200
|
+
const response = await fetch('https://example.com/api/client-assertion', {
|
|
201
|
+
method: 'POST',
|
|
202
|
+
headers: {
|
|
203
|
+
dpop: dpop,
|
|
204
|
+
'content-type': 'application/json',
|
|
205
|
+
},
|
|
206
|
+
body: JSON.stringify({ jkt, aud }),
|
|
207
|
+
});
|
|
208
|
+
|
|
209
|
+
const data = await response.json();
|
|
210
|
+
|
|
211
|
+
return {
|
|
212
|
+
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
|
|
213
|
+
client_assertion: data.assertion,
|
|
214
|
+
};
|
|
215
|
+
},
|
|
216
|
+
});
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
the backend API is completely up to you—there's no standardized spec. design it however works best
|
|
220
|
+
for your infrastructure (authentication, request format, error handling, etc.)
|
|
221
|
+
|
|
222
|
+
your backend needs to validate the incoming DPoP proof and sign a client assertion JWT with the
|
|
223
|
+
following interface:
|
|
224
|
+
|
|
225
|
+
```ts
|
|
226
|
+
interface ClientAssertionJwt {
|
|
227
|
+
/** your client ID */
|
|
228
|
+
iss: string;
|
|
229
|
+
/** also your client ID */
|
|
230
|
+
sub: string;
|
|
231
|
+
/** the authorization server receiving this token */
|
|
232
|
+
aud: string;
|
|
233
|
+
/** when this token expires */
|
|
234
|
+
exp: number;
|
|
235
|
+
/** unique nonce */
|
|
236
|
+
jti: string;
|
|
237
|
+
/** asserts that this jkt is allowed */
|
|
238
|
+
cnf: { jkt: string };
|
|
239
|
+
}
|
|
240
|
+
```
|
|
241
|
+
|
|
242
|
+
you're able to use the `jkt` to refuse assertions when necessary (suspicious activity, compromised
|
|
243
|
+
code, etc.)
|
|
244
|
+
|
|
245
|
+
### client metadata updates
|
|
246
|
+
|
|
247
|
+
your OAuth client metadata document must also be updated for confidential clients:
|
|
248
|
+
|
|
249
|
+
```json
|
|
250
|
+
{
|
|
251
|
+
"client_id": "https://example.com/oauth-client-metadata.json",
|
|
252
|
+
"client_name": "My App",
|
|
253
|
+
"redirect_uris": ["https://example.com/oauth/callback"],
|
|
254
|
+
"scope": "atproto transition:generic",
|
|
255
|
+
"token_endpoint_auth_method": "private_key_jwt",
|
|
256
|
+
"token_endpoint_auth_signing_alg": "ES256",
|
|
257
|
+
"jwks_uri": "https://example.com/oauth-jwks.json"
|
|
258
|
+
}
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
the `jwks_uri` should expose the public keys used to sign client assertions. it should return a JSON
|
|
262
|
+
Web Key Set (JWKS) document:
|
|
263
|
+
|
|
264
|
+
```json
|
|
265
|
+
{
|
|
266
|
+
"keys": [
|
|
267
|
+
{
|
|
268
|
+
"kty": "EC",
|
|
269
|
+
"crv": "P-256",
|
|
270
|
+
"x": "base64url-encoded-x-coordinate",
|
|
271
|
+
"y": "base64url-encoded-y-coordinate",
|
|
272
|
+
"use": "sig",
|
|
273
|
+
"kid": "key-identifier",
|
|
274
|
+
"alg": "ES256"
|
|
275
|
+
}
|
|
276
|
+
]
|
|
277
|
+
}
|
|
278
|
+
```
|
|
279
|
+
|
|
280
|
+
the public keys in the JWKS must correspond to the private keys your backend uses to sign client
|
|
281
|
+
assertions. multiple keys can be listed to support key rotation.
|
|
282
|
+
|
|
174
283
|
## additional guide
|
|
175
284
|
|
|
176
285
|
### configuring your Vite project
|
|
@@ -10,16 +10,24 @@ export type AuthorizeTargetOptions = {
|
|
|
10
10
|
export interface AuthorizeOptions {
|
|
11
11
|
target: AuthorizeTargetOptions;
|
|
12
12
|
scope: string;
|
|
13
|
+
state?: unknown;
|
|
14
|
+
prompt?: 'none' | 'login' | 'consent' | 'select_account';
|
|
15
|
+
display?: 'page' | 'popup' | 'touch' | 'wap';
|
|
16
|
+
locale?: string;
|
|
13
17
|
}
|
|
14
18
|
/**
|
|
15
19
|
* Create authentication URL for authorization
|
|
16
20
|
* @param options
|
|
17
21
|
* @returns URL to redirect the user for authorization
|
|
18
22
|
*/
|
|
19
|
-
export declare const createAuthorizationUrl: (
|
|
23
|
+
export declare const createAuthorizationUrl: (options: AuthorizeOptions) => Promise<URL>;
|
|
20
24
|
/**
|
|
21
25
|
* Finalize authorization
|
|
22
26
|
* @param params Search params
|
|
23
27
|
* @returns Session object, which you can use to instantiate user agents
|
|
24
28
|
*/
|
|
25
|
-
export declare const finalizeAuthorization: (params: URLSearchParams) => Promise<
|
|
29
|
+
export declare const finalizeAuthorization: (params: URLSearchParams) => Promise<{
|
|
30
|
+
session: Session;
|
|
31
|
+
state: {} | null;
|
|
32
|
+
}>;
|
|
33
|
+
//# sourceMappingURL=exchange.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exchange.d.ts","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOxD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAOjD,MAAM,MAAM,sBAAsB,GAC/B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,GAChD;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,MAAM,WAAW,gBAAgB;IAChC,MAAM,EAAE,sBAAsB,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,gBAAgB,CAAC;IACzD,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAC;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,GAAG,CAwDnF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAU,QAAQ,eAAe;;;EA8ClE,CAAC"}
|
package/dist/agents/exchange.js
CHANGED
|
@@ -11,7 +11,8 @@ import { storeSession } from './sessions.js';
|
|
|
11
11
|
* @param options
|
|
12
12
|
* @returns URL to redirect the user for authorization
|
|
13
13
|
*/
|
|
14
|
-
export const createAuthorizationUrl = async (
|
|
14
|
+
export const createAuthorizationUrl = async (options) => {
|
|
15
|
+
const { target, scope, state = null, ...reqs } = options;
|
|
15
16
|
let resolved;
|
|
16
17
|
switch (target.type) {
|
|
17
18
|
case 'account': {
|
|
@@ -23,28 +24,32 @@ export const createAuthorizationUrl = async ({ target, scope }) => {
|
|
|
23
24
|
}
|
|
24
25
|
}
|
|
25
26
|
const { identity, metadata } = resolved;
|
|
26
|
-
const
|
|
27
|
+
const loginHint = identity
|
|
28
|
+
? identity.handle !== 'handle.invalid'
|
|
29
|
+
? identity.handle
|
|
30
|
+
: identity.did
|
|
31
|
+
: undefined;
|
|
32
|
+
const sid = nanoid(24);
|
|
27
33
|
const pkce = await generatePKCE();
|
|
28
34
|
const dpopKey = await createES256Key();
|
|
29
35
|
const params = {
|
|
36
|
+
display: reqs.display,
|
|
37
|
+
ui_locales: reqs.locale,
|
|
38
|
+
prompt: reqs.prompt,
|
|
30
39
|
redirect_uri: REDIRECT_URI,
|
|
31
40
|
code_challenge: pkce.challenge,
|
|
32
41
|
code_challenge_method: pkce.method,
|
|
33
|
-
state:
|
|
34
|
-
login_hint:
|
|
42
|
+
state: sid,
|
|
43
|
+
login_hint: loginHint,
|
|
35
44
|
response_mode: 'fragment',
|
|
36
45
|
response_type: 'code',
|
|
37
|
-
display: 'page',
|
|
38
|
-
// id_token_hint: undefined,
|
|
39
|
-
// max_age: undefined,
|
|
40
|
-
// prompt: undefined,
|
|
41
46
|
scope: scope,
|
|
42
|
-
// ui_locales: undefined,
|
|
43
47
|
};
|
|
44
|
-
database.states.set(
|
|
48
|
+
database.states.set(sid, {
|
|
45
49
|
dpopKey: dpopKey,
|
|
46
50
|
metadata: metadata,
|
|
47
51
|
verifier: pkce.verifier,
|
|
52
|
+
state: state,
|
|
48
53
|
});
|
|
49
54
|
const server = new OAuthServerAgent(metadata, dpopKey);
|
|
50
55
|
const response = await server.request('pushed_authorization_request', params);
|
|
@@ -60,28 +65,29 @@ export const createAuthorizationUrl = async ({ target, scope }) => {
|
|
|
60
65
|
*/
|
|
61
66
|
export const finalizeAuthorization = async (params) => {
|
|
62
67
|
const issuer = params.get('iss');
|
|
63
|
-
const
|
|
68
|
+
const sid = params.get('state');
|
|
64
69
|
const code = params.get('code');
|
|
65
70
|
const error = params.get('error');
|
|
66
|
-
if (!
|
|
71
|
+
if (!sid || !(code || error)) {
|
|
67
72
|
throw new LoginError(`missing parameters`);
|
|
68
73
|
}
|
|
69
|
-
const stored = database.states.get(
|
|
74
|
+
const stored = database.states.get(sid);
|
|
70
75
|
if (stored) {
|
|
71
76
|
// Delete now that we've caught it
|
|
72
|
-
database.states.delete(
|
|
77
|
+
database.states.delete(sid);
|
|
73
78
|
}
|
|
74
79
|
else {
|
|
75
80
|
throw new LoginError(`unknown state provided`);
|
|
76
81
|
}
|
|
77
|
-
const dpopKey = stored.dpopKey;
|
|
78
|
-
const metadata = stored.metadata;
|
|
79
82
|
if (error) {
|
|
80
83
|
throw new AuthorizationError(params.get('error_description') || error);
|
|
81
84
|
}
|
|
82
85
|
if (!code) {
|
|
83
86
|
throw new LoginError(`missing code parameter`);
|
|
84
87
|
}
|
|
88
|
+
const dpopKey = stored.dpopKey;
|
|
89
|
+
const metadata = stored.metadata;
|
|
90
|
+
const state = stored.state ?? null;
|
|
85
91
|
if (issuer === null) {
|
|
86
92
|
throw new LoginError(`missing issuer parameter`);
|
|
87
93
|
}
|
|
@@ -95,6 +101,6 @@ export const finalizeAuthorization = async (params) => {
|
|
|
95
101
|
const sub = info.sub;
|
|
96
102
|
const session = { dpopKey, info, token };
|
|
97
103
|
await storeSession(sub, session);
|
|
98
|
-
return session;
|
|
104
|
+
return { session, state };
|
|
99
105
|
};
|
|
100
106
|
//# sourceMappingURL=exchange.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../lib/agents/exchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI9D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAe7C;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EAAE,OAAyB,EAAgB,EAAE;IACvF,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,GAAG,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzD,IAAI,QAAgF,CAAC;IACrF,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,SAAS,CAAC,CAAC,CAAC;YAChB,QAAQ,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1D,MAAM;QACP,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACZ,QAAQ,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACxD,CAAC;IACF,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;IACxC,MAAM,SAAS,GAAG,QAAQ;QACzB,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,gBAAgB;YACrC,CAAC,CAAC,QAAQ,CAAC,MAAM;YACjB,CAAC,CAAC,QAAQ,CAAC,GAAG;QACf,CAAC,CAAC,SAAS,CAAC;IAEb,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAEvB,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG;QACd,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,UAAU,EAAE,IAAI,CAAC,MAAM;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QAEnB,YAAY,EAAE,YAAY;QAC1B,cAAc,EAAE,IAAI,CAAC,SAAS;QAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;QAClC,KAAK,EAAE,GAAG;QACV,UAAU,EAAE,SAAS;QACrB,aAAa,EAAE,UAAU;QACzB,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,KAAK;KACiC,CAAC;IAE/C,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,KAAK;KACZ,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,8BAA8B,EAAE,MAAM,CAAC,CAAC;IAE9E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAuB,EAAE,EAAE;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAElC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,MAAM,EAAE,CAAC;QACZ,kCAAkC;QAClC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC;IAEnC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,0BAA0B,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzE,kBAAkB;IAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACrB,MAAM,OAAO,GAAY,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAElD,MAAM,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAEjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server-agent.d.ts","sourceRoot":"","sources":["../../lib/agents/server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAM5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAE,oCAAoC,EAAE,MAAM,oBAAoB,CAAC;AAC/E,OAAO,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAIrF,qBAAa,gBAAgB;;gBAKhB,QAAQ,EAAE,oCAAoC,EAAE,OAAO,EAAE,OAAO;IAMtE,OAAO,CACZ,QAAQ,EAAE,8BAA8B,EACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,OAAO,CAAC,gBAAgB,CAAC;IACtB,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACzF,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC;IAC/E,OAAO,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC;IA+ClF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,KAAK,EAAE,SAAS,CAAA;KAAE,CAAC;IAgBhG,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;QAAE,GAAG,EAAE,GAAG,CAAC;QAAC,KAAK,EAAE,SAAS,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC;CAwEjF"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { createDPoPFetch } from '../dpop.js';
|
|
2
|
-
import { CLIENT_ID, REDIRECT_URI } from '../environment.js';
|
|
1
|
+
import { createDPoPFetch, createDPoPSignage } from '../dpop.js';
|
|
2
|
+
import { CLIENT_ID, fetchClientAssertion, REDIRECT_URI } from '../environment.js';
|
|
3
3
|
import { FetchResponseError, OAuthResponseError, TokenRefreshError } from '../errors.js';
|
|
4
4
|
import { resolveFromIdentifier } from '../resolvers.js';
|
|
5
5
|
import { pick } from '../utils/misc.js';
|
|
@@ -7,8 +7,10 @@ import { extractContentType } from '../utils/response.js';
|
|
|
7
7
|
export class OAuthServerAgent {
|
|
8
8
|
#fetch;
|
|
9
9
|
#metadata;
|
|
10
|
+
#dpopKey;
|
|
10
11
|
constructor(metadata, dpopKey) {
|
|
11
12
|
this.#metadata = metadata;
|
|
13
|
+
this.#dpopKey = dpopKey;
|
|
12
14
|
this.#fetch = createDPoPFetch(dpopKey, true);
|
|
13
15
|
}
|
|
14
16
|
async request(endpoint, payload) {
|
|
@@ -16,6 +18,22 @@ export class OAuthServerAgent {
|
|
|
16
18
|
if (!url) {
|
|
17
19
|
throw new Error(`no endpoint for ${endpoint}`);
|
|
18
20
|
}
|
|
21
|
+
if ((endpoint === 'token' || endpoint === 'pushed_authorization_request') &&
|
|
22
|
+
fetchClientAssertion !== undefined) {
|
|
23
|
+
const jkt = this.#dpopKey.jkt;
|
|
24
|
+
if (jkt === undefined) {
|
|
25
|
+
throw new Error(`DPoP key missing jkt field`);
|
|
26
|
+
}
|
|
27
|
+
const assertion = await fetchClientAssertion({
|
|
28
|
+
jkt: jkt,
|
|
29
|
+
aud: this.#metadata.issuer,
|
|
30
|
+
createDpopProof: async (url) => {
|
|
31
|
+
const sign = createDPoPSignage(this.#dpopKey);
|
|
32
|
+
return await sign('POST', url, undefined, undefined);
|
|
33
|
+
},
|
|
34
|
+
});
|
|
35
|
+
payload = { ...payload, ...assertion };
|
|
36
|
+
}
|
|
19
37
|
const response = await this.#fetch(url, {
|
|
20
38
|
method: 'post',
|
|
21
39
|
headers: { 'content-type': 'application/json' },
|
|
@@ -104,7 +122,7 @@ export class OAuthServerAgent {
|
|
|
104
122
|
token: token,
|
|
105
123
|
info: {
|
|
106
124
|
sub: sub,
|
|
107
|
-
aud: resolved.identity.pds
|
|
125
|
+
aud: resolved.identity.pds,
|
|
108
126
|
server: pick(resolved.metadata, [
|
|
109
127
|
'issuer',
|
|
110
128
|
'authorization_endpoint',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-agent.js","sourceRoot":"","sources":["../../lib/agents/server-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"server-agent.js","sourceRoot":"","sources":["../../lib/agents/server-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACzF,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAKxD,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,OAAO,gBAAgB;IAC5B,MAAM,CAAe;IACrB,SAAS,CAAuC;IAChD,QAAQ,CAAU;IAElB,YAAY,QAA8C,EAAE,OAAgB;QAC3E,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IASD,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,OAAgC;QAC/D,MAAM,GAAG,GAAwB,IAAI,CAAC,SAAiB,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAC;QAChF,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IACC,CAAC,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,8BAA8B,CAAC;YACrE,oBAAoB,KAAK,SAAS,EACjC,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAC9B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC/C,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC;gBAC5C,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;gBAC1B,eAAe,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;oBAC9B,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC9C,OAAO,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;gBACtD,CAAC;aACD,CAAC,CAAC;YAEH,OAAO,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,SAAS,EAAE,CAAC;QACxC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;SAC1D,CAAC,CAAC;QAEH,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACjE,MAAM,IAAI,kBAAkB,CAAC,QAAQ,EAAE,CAAC,EAAE,yBAAyB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACb,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;IACF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACzB,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACX,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAiB;QACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAC5C,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,YAAY;YAC1B,IAAI,EAAE,IAAI;YACV,aAAa,EAAE,QAAQ;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YACzC,MAAM,GAAG,CAAC;QACX,CAAC;IACF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAkC;QAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAC5C,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,KAAK,CAAC,OAAO;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACJ,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAC1B,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,uCAAuC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEzC,MAAM,GAAG,CAAC;QACX,CAAC;IACF,CAAC;IAED,qBAAqB,CAAC,GAAuB;QAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,GAAG,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAC;QACjE,CAAC;QAED,OAAO;YACN,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,OAAO,EAAE,GAAG,CAAC,aAAa;YAC1B,MAAM,EAAE,GAAG,CAAC,YAAY;YACxB,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,UAAU,EAAE,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS;SAChG,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,GAAuB;QACrD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,GAAU,CAAC,CAAC;QAEzD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACxD,MAAM,IAAI,SAAS,CAAC,wBAAwB,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE;gBACL,GAAG,EAAE,GAAU;gBACf,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG;gBAC1B,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE;oBAC/B,QAAQ;oBACR,wBAAwB;oBACxB,wBAAwB;oBACxB,uCAAuC;oBACvC,qBAAqB;oBACrB,gBAAgB;iBAChB,CAAC;aACF;SACD,CAAC;IACH,CAAC;CACD"}
|
|
@@ -9,3 +9,4 @@ export declare const getSession: (sub: Did, options?: SessionGetOptions) => Prom
|
|
|
9
9
|
export declare const storeSession: (sub: Did, newSession: Session) => Promise<void>;
|
|
10
10
|
export declare const deleteStoredSession: (sub: Did) => void;
|
|
11
11
|
export declare const listStoredSessions: () => Did[];
|
|
12
|
+
//# sourceMappingURL=sessions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../../lib/agents/sessions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAKjD,MAAM,WAAW,iBAAiB;IACjC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,CAAC;CACrB;AAKD,eAAO,MAAM,UAAU,GAAU,KAAK,GAAG,EAAE,UAAU,iBAAiB,KAAG,OAAO,CAAC,OAAO,CAuEvF,CAAC;AAEF,eAAO,MAAM,YAAY,GAAU,KAAK,GAAG,EAAE,YAAY,OAAO,KAAG,OAAO,CAAC,IAAI,CAO9E,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAI,KAAK,GAAG,KAAG,IAE9C,CAAC;AAEF,eAAO,MAAM,kBAAkB,QAAO,GAAG,EAExC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-agent.d.ts","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAGjD,OAAO,EAAE,KAAK,iBAAiB,EAAmC,MAAM,eAAe,CAAC;AAExF,qBAAa,cAAe,YAAW,kBAAkB;;IAIrC,OAAO,EAAE,OAAO;gBAAhB,OAAO,EAAE,OAAO;IAInC,IAAI,GAAG,IAAI,GAAG,CAEb;IAED,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC;IAcnD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAaxB,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CAmCrE"}
|
package/dist/constants.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../lib/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,gCAAgC,CAAC"}
|
package/dist/dpop.d.ts
CHANGED
|
@@ -2,3 +2,4 @@ import type { DPoPKey } from './types/dpop.js';
|
|
|
2
2
|
export declare const createES256Key: () => Promise<DPoPKey>;
|
|
3
3
|
export declare const createDPoPSignage: (dpopKey: DPoPKey) => (method: string, htu: string, nonce: string | undefined, ath: string | undefined) => Promise<string>;
|
|
4
4
|
export declare const createDPoPFetch: (dpopKey: DPoPKey, isAuthServer?: boolean) => typeof fetch;
|
|
5
|
+
//# sourceMappingURL=dpop.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAM/C,eAAO,MAAM,cAAc,QAAa,OAAO,CAAC,OAAO,CAetD,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,SAAS,OAAO,MAuBnC,QAAQ,MAAM,EAAE,KAAK,MAAM,EAAE,OAAO,MAAM,GAAG,SAAS,EAAE,KAAK,MAAM,GAAG,SAAS,oBAa7F,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,EAAE,eAAe,OAAO,KAAG,OAAO,KA+HjF,CAAC"}
|
package/dist/dpop.js
CHANGED
|
@@ -9,10 +9,13 @@ export const createES256Key = async () => {
|
|
|
9
9
|
const pair = await crypto.subtle.generateKey(ES256_ALG, true, ['sign', 'verify']);
|
|
10
10
|
const key = await crypto.subtle.exportKey('pkcs8', pair.privateKey);
|
|
11
11
|
const { ext: _ext, key_ops: _key_opts, ...jwk } = await crypto.subtle.exportKey('jwk', pair.publicKey);
|
|
12
|
+
const canonicalJwk = JSON.stringify({ crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y });
|
|
13
|
+
const jkt = await stringToSha256(canonicalJwk);
|
|
12
14
|
return {
|
|
13
15
|
typ: 'ES256',
|
|
14
16
|
key: toBase64Url(new Uint8Array(key)),
|
|
15
17
|
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
18
|
+
jkt: jkt,
|
|
16
19
|
};
|
|
17
20
|
};
|
|
18
21
|
export const createDPoPSignage = (dpopKey) => {
|
package/dist/dpop.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;AAElE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAsB,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvG,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;IACxF,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,CAAC;IAE/C,OAAO;QACN,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,WAAW,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,GAAG,EAAE,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACzF,GAAG,EAAE,GAAG;KACR,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAgB,EAAE,EAAE;IACrD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CACzC,OAAO,EACP,aAAa,CAAC,OAAO,CAAC,GAAG,CAA4B,EACrD,SAAS,EACT,IAAI,EACJ,CAAC,MAAM,CAAC,CACR,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QACzG,MAAM,OAAO,GAAG;YACf,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC;YACf,KAAK,EAAE,KAAK;SACZ,CAAC;QAEF,OAAO,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,OAAO,KAAK,EAAE,MAAc,EAAE,GAAW,EAAE,KAAyB,EAAE,GAAuB,EAAE,EAAE;QAChG,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACtC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,UAAU,EAChB,UAAU,CAAC,YAAY,GAAG,GAAG,GAAG,aAAa,CAA4B,CACzE,CAAC;QAEF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,OAAO,YAAY,GAAG,GAAG,GAAG,aAAa,GAAG,GAAG,GAAG,eAAe,CAAC;IACnE,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAgB,EAAE,YAAsB,EAAgB,EAAE;IACzF,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC;IAEtC,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YACnD,CAAC,CAAC,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE1C,MAAM,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE9B,uEAAuE;QACvE,wEAAwE;QACxE,kBAAkB;QAClB,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,OAAO,CAAC;YACvB,QAAQ,GAAG,SAAS,CAAC;QACtB,CAAC;QAED,gDAAgD;QAChD,IAAI,SAA6B,CAAC;QAClC,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAErD,SAAS,GAAG,KAAK,CAAC;YAElB,wEAAwE;YACxE,4DAA4D;YAC5D,EAAE;YACF,0EAA0E;YAC1E,0EAA0E;YAC1E,wBAAwB;YACxB,EAAE;YACF,uEAAuE;YACvE,uEAAuE;YACvE,wEAAwE;YACxE,eAAe;YACf,EAAE;YACF,0EAA0E;YAC1E,kBAAkB;YAClB,gBAAgB,GAAG,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACR,iEAAiE;QAClE,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACtB,mDAAmD;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,SAAwB,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAEvC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YAE1C,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACnD,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnD,yEAAyE;gBACzE,gDAAgD;gBAEhD,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,4CAA4C;YAC5C,IAAI,CAAC;gBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACR,sBAAsB;YACvB,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClB,6DAA6D;gBAE7D,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,IAAI,KAAK,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;gBAC/D,2EAA2E;gBAC3E,wEAAwE;gBACxE,2EAA2E;gBAC3E,6EAA6E;gBAE7E,OAAO,YAAY,CAAC;YACrB,CAAC;QACF,CAAC;gBAAS,CAAC;YACV,oCAAoC;YACpC,IAAI,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvB,QAAQ,CAAC,OAAO,EAAE,CAAC;YACpB,CAAC;QACF,CAAC;QAED,yEAAyE;QACzE,yDAAyD;QACzD,CAAC;YACA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;YAE/C,uEAAuE;YACvE,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC3D,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBACrD,IAAI,CAAC;oBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACR,sBAAsB;gBACvB,CAAC;YACF,CAAC;YAED,OAAO,aAAa,CAAC;QACtB,CAAC;IACF,CAAC,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,QAAkB,EAAE,YAAsB,EAAoB,EAAE;IAClG,0DAA0D;IAC1D,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YACnD,CAAC;QACF,CAAC;IACF,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAC5F,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC3C,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACR,kEAAkE;gBAClE,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}
|
package/dist/environment.d.ts
CHANGED
|
@@ -1,15 +1,12 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { IdentityResolver } from './types/identity.js';
|
|
2
2
|
import { type OAuthDatabase } from './store/db.js';
|
|
3
|
+
import type { ClientAssertionFetcher } from './types/client-assertion.js';
|
|
3
4
|
export declare let CLIENT_ID: string;
|
|
4
5
|
export declare let REDIRECT_URI: string;
|
|
6
|
+
export declare let fetchClientAssertion: ClientAssertionFetcher | undefined;
|
|
5
7
|
export declare let database: OAuthDatabase;
|
|
6
|
-
export declare let
|
|
7
|
-
export declare let didDocumentResolver: DidDocumentResolver;
|
|
8
|
+
export declare let identityResolver: IdentityResolver;
|
|
8
9
|
export interface ConfigureOAuthOptions {
|
|
9
|
-
/** used to resolve handles into DIDs */
|
|
10
|
-
handleResolver: HandleResolver;
|
|
11
|
-
/** used to resolve DIDs into DID documents */
|
|
12
|
-
didDocumentResolver: DidDocumentResolver;
|
|
13
10
|
/**
|
|
14
11
|
* client metadata, necessary to drive the whole request
|
|
15
12
|
*/
|
|
@@ -17,6 +14,12 @@ export interface ConfigureOAuthOptions {
|
|
|
17
14
|
client_id: string;
|
|
18
15
|
redirect_uri: string;
|
|
19
16
|
};
|
|
17
|
+
/** resolves actor identifiers into identity metadata */
|
|
18
|
+
identityResolver: IdentityResolver;
|
|
19
|
+
/**
|
|
20
|
+
* optional function to fetch DPoP-bound client assertions from your backend.
|
|
21
|
+
*/
|
|
22
|
+
fetchClientAssertion?: ClientAssertionFetcher;
|
|
20
23
|
/**
|
|
21
24
|
* name that will be used as prefix for storage keys needed to persist authentication.
|
|
22
25
|
* @default "atcute-oauth"
|
|
@@ -24,3 +27,4 @@ export interface ConfigureOAuthOptions {
|
|
|
24
27
|
storageName?: string;
|
|
25
28
|
}
|
|
26
29
|
export declare const configureOAuth: (options: ConfigureOAuthOptions) => void;
|
|
30
|
+
//# sourceMappingURL=environment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AACxE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAE1E,eAAO,IAAI,SAAS,EAAE,MAAM,CAAC;AAC7B,eAAO,IAAI,YAAY,EAAE,MAAM,CAAC;AAEhC,eAAO,IAAI,oBAAoB,EAAE,sBAAsB,GAAG,SAAS,CAAC;AAEpE,eAAO,IAAI,QAAQ,EAAE,aAAa,CAAC;AAEnC,eAAO,IAAI,gBAAgB,EAAE,gBAAgB,CAAC;AAE9C,MAAM,WAAW,qBAAqB;IACrC;;OAEG;IACH,QAAQ,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF,wDAAwD;IACxD,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC;;OAEG;IACH,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;IAE9C;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,eAAO,MAAM,cAAc,GAAI,SAAS,qBAAqB,SAK5D,CAAC"}
|
package/dist/environment.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { createOAuthDatabase } from './store/db.js';
|
|
2
2
|
export let CLIENT_ID;
|
|
3
3
|
export let REDIRECT_URI;
|
|
4
|
+
export let fetchClientAssertion;
|
|
4
5
|
export let database;
|
|
5
|
-
export let
|
|
6
|
-
export let didDocumentResolver;
|
|
6
|
+
export let identityResolver;
|
|
7
7
|
export const configureOAuth = (options) => {
|
|
8
|
-
({
|
|
8
|
+
({ identityResolver, fetchClientAssertion } = options);
|
|
9
9
|
({ client_id: CLIENT_ID, redirect_uri: REDIRECT_URI } = options.metadata);
|
|
10
10
|
database = createOAuthDatabase({ name: options.storageName ?? 'atcute-oauth' });
|
|
11
11
|
};
|
package/dist/environment.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAGxE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,oBAAwD,CAAC;AAEpE,MAAM,CAAC,IAAI,QAAuB,CAAC;AAEnC,MAAM,CAAC,IAAI,gBAAkC,CAAC;AA0B9C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAE,EAAE;IAChE,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,CAAC;IACvD,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1E,QAAQ,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,cAAc,EAAE,CAAC,CAAC;AACjF,CAAC,CAAC"}
|
package/dist/errors.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../lib/errors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,qBAAa,UAAW,SAAQ,KAAK;IAC3B,IAAI,SAAgB;CAC7B;AAED,qBAAa,kBAAmB,SAAQ,KAAK;IACnC,IAAI,SAAwB;CACrC;AAED,qBAAa,aAAc,SAAQ,KAAK;IAC9B,IAAI,SAAmB;CAChC;AAED,qBAAa,iBAAkB,SAAQ,KAAK;aAI1B,GAAG,EAAE,GAAG;IAHhB,IAAI,SAAuB;gBAGnB,GAAG,EAAE,GAAG,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,YAAY;CAIvB;AAED,qBAAa,kBAAmB,SAAQ,KAAK;aAO3B,QAAQ,EAAE,QAAQ;aAClB,IAAI,EAAE,GAAG;IAPjB,IAAI,SAAwB;IAErC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;gBAGxB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,GAAG;IAe1B,IAAI,MAAM,WAET;IAED,IAAI,OAAO,YAEV;CACD;AAED,qBAAa,kBAAmB,SAAQ,KAAK;aAI3B,QAAQ,EAAE,QAAQ;IAC3B,MAAM,EAAE,MAAM;IAJb,IAAI,SAAwB;gBAGpB,QAAQ,EAAE,QAAQ,EAC3B,MAAM,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM;CAIhB"}
|
package/dist/index.d.ts
CHANGED
|
@@ -4,6 +4,7 @@ export * from './agents/exchange.js';
|
|
|
4
4
|
export * from './agents/server-agent.js';
|
|
5
5
|
export * from './agents/sessions.js';
|
|
6
6
|
export * from './agents/user-agent.js';
|
|
7
|
+
export * from './types/client-assertion.js';
|
|
7
8
|
export * from './types/client.js';
|
|
8
9
|
export * from './types/dpop.js';
|
|
9
10
|
export * from './types/identity.js';
|
|
@@ -11,3 +12,5 @@ export * from './types/par.js';
|
|
|
11
12
|
export * from './types/server.js';
|
|
12
13
|
export * from './types/store.js';
|
|
13
14
|
export * from './types/token.js';
|
|
15
|
+
export * from './utils/identity-resolver.js';
|
|
16
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AAEjC,cAAc,8BAA8B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -4,6 +4,7 @@ export * from './agents/exchange.js';
|
|
|
4
4
|
export * from './agents/server-agent.js';
|
|
5
5
|
export * from './agents/sessions.js';
|
|
6
6
|
export * from './agents/user-agent.js';
|
|
7
|
+
export * from './types/client-assertion.js';
|
|
7
8
|
export * from './types/client.js';
|
|
8
9
|
export * from './types/dpop.js';
|
|
9
10
|
export * from './types/identity.js';
|
|
@@ -11,4 +12,5 @@ export * from './types/par.js';
|
|
|
11
12
|
export * from './types/server.js';
|
|
12
13
|
export * from './types/store.js';
|
|
13
14
|
export * from './types/token.js';
|
|
15
|
+
export * from './utils/identity-resolver.js';
|
|
14
16
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AAEjC,cAAc,8BAA8B,CAAC"}
|
package/dist/resolvers.d.ts
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import type { ActorIdentifier } from '@atcute/lexicons';
|
|
2
|
-
import type {
|
|
2
|
+
import type { ResolvedIdentity } from './types/identity.js';
|
|
3
3
|
import type { AuthorizationServerMetadata } from './types/server.js';
|
|
4
4
|
export declare const resolveFromIdentifier: (ident: ActorIdentifier) => Promise<{
|
|
5
|
-
identity:
|
|
5
|
+
identity: ResolvedIdentity;
|
|
6
6
|
metadata: AuthorizationServerMetadata;
|
|
7
7
|
}>;
|
|
8
8
|
export declare const resolveFromService: (host: string) => Promise<{
|
|
9
9
|
metadata: AuthorizationServerMetadata;
|
|
10
10
|
}>;
|
|
11
|
+
//# sourceMappingURL=resolvers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolvers.d.ts","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIxD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,KAAK,EAAE,2BAA2B,EAA6B,MAAM,mBAAmB,CAAC;AAIhG,eAAO,MAAM,qBAAqB,GACjC,OAAO,eAAe,KACpB,OAAO,CAAC;IAAE,QAAQ,EAAE,gBAAgB,CAAC;IAAC,QAAQ,EAAE,2BAA2B,CAAA;CAAE,CAO/E,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC9B,MAAM,MAAM,KACV,OAAO,CAAC;IAAE,QAAQ,EAAE,2BAA2B,CAAA;CAAE,CAcnD,CAAC"}
|