npm - @atcute/oauth-browser-client - Versions diffs - 2.0.0-next.0 → 2.0.1 - Mend

@atcute/oauth-browser-client 2.0.0-next.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/README.md +125 -16
package/dist/agents/exchange.d.ts +10 -2
package/dist/agents/exchange.d.ts.map +1 -0
package/dist/agents/exchange.js +23 -17
package/dist/agents/exchange.js.map +1 -1
package/dist/agents/server-agent.d.ts +1 -0
package/dist/agents/server-agent.d.ts.map +1 -0
package/dist/agents/server-agent.js +21 -3
package/dist/agents/server-agent.js.map +1 -1
package/dist/agents/sessions.d.ts +1 -0
package/dist/agents/sessions.d.ts.map +1 -0
package/dist/agents/user-agent.d.ts +1 -0
package/dist/agents/user-agent.d.ts.map +1 -0
package/dist/constants.d.ts +1 -0
package/dist/constants.d.ts.map +1 -0
package/dist/dpop.d.ts +1 -0
package/dist/dpop.d.ts.map +1 -0
package/dist/dpop.js +3 -0
package/dist/dpop.js.map +1 -1
package/dist/environment.d.ts +11 -7
package/dist/environment.d.ts.map +1 -0
package/dist/environment.js +3 -3
package/dist/environment.js.map +1 -1
package/dist/errors.d.ts +1 -0
package/dist/errors.d.ts.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/resolvers.d.ts +3 -2
package/dist/resolvers.d.ts.map +1 -0
package/dist/resolvers.js +4 -22
package/dist/resolvers.js.map +1 -1
package/dist/store/db.d.ts +2 -0
package/dist/store/db.d.ts.map +1 -0
package/dist/store/db.js.map +1 -1
package/dist/types/client-assertion.d.ts +21 -0
package/dist/types/client-assertion.d.ts.map +1 -0
package/dist/types/client-assertion.js +3 -0
package/dist/types/client-assertion.js.map +1 -0
package/dist/types/client.d.ts +1 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/dpop.d.ts +3 -0
package/dist/types/dpop.d.ts.map +1 -0
package/dist/types/identity.d.ts +13 -5
package/dist/types/identity.d.ts.map +1 -0
package/dist/types/par.d.ts +1 -0
package/dist/types/par.d.ts.map +1 -0
package/dist/types/server.d.ts +1 -0
package/dist/types/server.d.ts.map +1 -0
package/dist/types/store.d.ts +1 -0
package/dist/types/store.d.ts.map +1 -0
package/dist/types/token.d.ts +1 -0
package/dist/types/token.d.ts.map +1 -0
package/dist/utils/identity-resolver.d.ts +8 -0
package/dist/utils/identity-resolver.d.ts.map +1 -0
package/dist/utils/identity-resolver.js +44 -0
package/dist/utils/identity-resolver.js.map +1 -0
package/dist/utils/misc.d.ts +1 -0
package/dist/utils/misc.d.ts.map +1 -0
package/dist/utils/response.d.ts +1 -0
package/dist/utils/response.d.ts.map +1 -0
package/dist/utils/runtime.d.ts +1 -0
package/dist/utils/runtime.d.ts.map +1 -0
package/dist/utils/strings.d.ts +1 -0
package/dist/utils/strings.d.ts.map +1 -0
package/lib/agents/exchange.ts +32 -20
package/lib/agents/server-agent.ts +26 -3
package/lib/dpop.ts +4 -0
package/lib/environment.ts +14 -9
package/lib/index.ts +3 -0
package/lib/resolvers.ts +7 -26
package/lib/store/db.ts +1 -0
package/lib/types/client-assertion.ts +25 -0
package/lib/types/dpop.ts +2 -0
package/lib/types/identity.ts +14 -5
package/lib/utils/identity-resolver.ts +59 -0
package/package.json +8 -8

package/lib/store/db.ts CHANGED Viewed

@@ -30,6 +30,7 @@ interface Schema {
 			dpopKey: DPoPKey;
 			metadata: AuthorizationServerMetadata;
 			verifier?: string;
+			state?: unknown;
 		};
 	};

package/lib/types/client-assertion.ts ADDED Viewed

@@ -0,0 +1,25 @@
+const CLIENT_ASSERTION_TYPE_JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
+export interface ClientAssertionCredentials {
+	client_assertion: string;
+	client_assertion_type: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER;
+}
+export interface FetchClientAssertionParams {
+	/** JWK thumbprint of the DPoP key to bind the assertion to */
+	jkt: string;
+	/** authorization server issuer (audience for the assertion) */
+	aud: string;
+	/**
+	 * create a DPoP proof to prove you possess the key for the claimed jkt.
+	 *
+	 * @param htu origin and pathname to your backend
+	 * @returns DPoP proof that can be included in the assertion
+	 */
+	createDpopProof: (htu: string) => Promise<string>;
+}
+export type ClientAssertionFetcher = (
+	params: FetchClientAssertionParams,
+) => Promise<ClientAssertionCredentials>;

package/lib/types/dpop.ts CHANGED Viewed

@@ -4,4 +4,6 @@ export interface DPoPKey {
 	key: string;
 	/** base64url-encoded jwt token */
 	jwt: string;
+	/** JWK thumbprint (RFC 7638) for this key, used for client assertion binding */
+	jkt: string | undefined;
 }

package/lib/types/identity.ts CHANGED Viewed

@@ -1,7 +1,16 @@
-import type { Did } from '@atcute/lexicons';
+import type { ActorIdentifier, Did, Handle } from '@atcute/lexicons';
-export interface IdentityMetadata {
-	id: Did;
-	raw: string;
-	pds: URL;
+export interface ResolvedIdentity {
+	did: Did;
+	handle: Handle;
+	pds: string;
+}
+export interface ResolveIdentityOptions {
+	signal?: AbortSignal;
+	noCache?: boolean;
+}
+export interface IdentityResolver {
+	resolve(actor: ActorIdentifier, options?: ResolveIdentityOptions): Promise<ResolvedIdentity>;
 }

package/lib/utils/identity-resolver.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import { getAtprotoHandle, getPdsEndpoint } from '@atcute/identity';
+import type { DidDocumentResolver, HandleResolver } from '@atcute/identity-resolver';
+import type { ActorIdentifier, Did, Handle } from '@atcute/lexicons';
+import { isDid } from '@atcute/lexicons/syntax';
+import { ResolverError } from '../errors.js';
+import type { IdentityResolver, ResolvedIdentity, ResolveIdentityOptions } from '../types/identity.js';
+export interface DefaultIdentityResolverOptions {
+	handleResolver: HandleResolver;
+	didDocumentResolver: DidDocumentResolver;
+}
+export const defaultIdentityResolver = ({
+	handleResolver,
+	didDocumentResolver,
+}: DefaultIdentityResolverOptions): IdentityResolver => {
+	return {
+		async resolve(actor: ActorIdentifier, options?: ResolveIdentityOptions): Promise<ResolvedIdentity> {
+			const identifierIsDid = isDid(actor);
+			let did: Did;
+			if (identifierIsDid) {
+				did = actor;
+			} else {
+				did = await handleResolver.resolve(actor, options);
+			}
+			const doc = await didDocumentResolver.resolve(did, options);
+			const pds = getPdsEndpoint(doc);
+			if (!pds) {
+				throw new ResolverError(`missing pds endpoint`);
+			}
+			let handle: Handle = 'handle.invalid';
+			if (identifierIsDid) {
+				const writtenHandle = getAtprotoHandle(doc);
+				if (writtenHandle) {
+					try {
+						const resolved = await handleResolver.resolve(writtenHandle, options);
+						if (resolved === did) {
+							handle = writtenHandle;
+						}
+					} catch {}
+				}
+			} else if (getAtprotoHandle(doc) === actor) {
+				handle = actor;
+			}
+			return {
+				did: did,
+				handle: handle,
+				pds: new URL(pds).href,
+			};
+		},
+	};
+};

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "@atcute/oauth-browser-client",
-  "version": "2.0.0-next.0",
+  "version": "2.0.1",
   "description": "minimal OAuth browser client implementation for AT Protocol",
   "license": "0BSD",
   "repository": {
@@ -20,15 +20,15 @@
   "sideEffects": false,
   "dependencies": {
     "nanoid": "^5.1.5",
-    "@atcute/identity": "^1.1.0",
-    "@atcute/identity-resolver": "^1.1.3",
-    "@atcute/client": "^4.0.3",
-    "@atcute/lexicons": "^1.1.1",
-    "@atcute/multibase": "^1.1.4",
-    "@atcute/uint8array": "^1.0.3"
+    "@atcute/client": "^4.0.5",
+    "@atcute/identity": "^1.1.1",
+    "@atcute/identity-resolver": "^1.1.4",
+    "@atcute/lexicons": "^1.2.2",
+    "@atcute/multibase": "^1.1.6",
+    "@atcute/uint8array": "^1.0.5"
   },
   "devDependencies": {
-    "@atcute/atproto": "^3.1.2"
+    "@atcute/atproto": "^3.1.8"
   },
   "scripts": {
     "build": "tsc --project tsconfig.build.json",