@atcute/oauth-browser-client 2.0.2 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +100 -244
- package/dist/agents/exchange.d.ts +2 -1
- package/dist/agents/exchange.d.ts.map +1 -1
- package/dist/agents/exchange.js +3 -4
- package/dist/agents/exchange.js.map +1 -1
- package/dist/agents/server-agent.d.ts +5 -5
- package/dist/agents/server-agent.d.ts.map +1 -1
- package/dist/agents/server-agent.js +5 -9
- package/dist/agents/server-agent.js.map +1 -1
- package/dist/agents/sessions.d.ts.map +1 -1
- package/dist/agents/sessions.js +16 -1
- package/dist/agents/sessions.js.map +1 -1
- package/dist/agents/user-agent.js +2 -2
- package/dist/agents/user-agent.js.map +1 -1
- package/dist/dpop.d.ts +2 -4
- package/dist/dpop.d.ts.map +1 -1
- package/dist/dpop.js +6 -79
- package/dist/dpop.js.map +1 -1
- package/dist/environment.d.ts +3 -3
- package/dist/environment.d.ts.map +1 -1
- package/dist/environment.js.map +1 -1
- package/dist/index.d.ts +3 -11
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -11
- package/dist/index.js.map +1 -1
- package/dist/resolvers.d.ts +92 -4
- package/dist/resolvers.d.ts.map +1 -1
- package/dist/resolvers.js +7 -7
- package/dist/resolvers.js.map +1 -1
- package/dist/store/db.d.ts +49 -6
- package/dist/store/db.d.ts.map +1 -1
- package/dist/types/client-assertion.d.ts +2 -3
- package/dist/types/client-assertion.d.ts.map +1 -1
- package/dist/types/server.d.ts +2 -56
- package/dist/types/server.d.ts.map +1 -1
- package/dist/types/token.d.ts +8 -20
- package/dist/types/token.d.ts.map +1 -1
- package/dist/utils/dpop-key.d.ts +10 -0
- package/dist/utils/dpop-key.d.ts.map +1 -0
- package/dist/utils/dpop-key.js +13 -0
- package/dist/utils/dpop-key.js.map +1 -0
- package/dist/utils/runtime.d.ts +0 -6
- package/dist/utils/runtime.d.ts.map +1 -1
- package/dist/utils/runtime.js +0 -16
- package/dist/utils/runtime.js.map +1 -1
- package/lib/agents/exchange.ts +10 -11
- package/lib/agents/server-agent.ts +14 -17
- package/lib/agents/sessions.ts +23 -2
- package/lib/agents/user-agent.ts +2 -2
- package/lib/dpop.ts +7 -108
- package/lib/environment.ts +3 -3
- package/lib/index.ts +12 -12
- package/lib/resolvers.ts +15 -13
- package/lib/store/db.ts +6 -6
- package/lib/types/client-assertion.ts +2 -4
- package/lib/types/server.ts +2 -57
- package/lib/types/token.ts +10 -24
- package/lib/utils/dpop-key.ts +24 -0
- package/lib/utils/runtime.ts +0 -22
- package/package.json +12 -8
- package/dist/types/client.d.ts +0 -38
- package/dist/types/client.d.ts.map +0 -1
- package/dist/types/client.js +0 -2
- package/dist/types/client.js.map +0 -1
- package/dist/types/dpop.d.ts +0 -10
- package/dist/types/dpop.d.ts.map +0 -1
- package/dist/types/dpop.js +0 -2
- package/dist/types/dpop.js.map +0 -1
- package/dist/types/identity.d.ts +0 -6
- package/dist/types/identity.d.ts.map +0 -1
- package/dist/types/identity.js +0 -2
- package/dist/types/identity.js.map +0 -1
- package/dist/types/par.d.ts +0 -5
- package/dist/types/par.d.ts.map +0 -1
- package/dist/types/par.js +0 -2
- package/dist/types/par.js.map +0 -1
- package/dist/utils/identity-resolver.d.ts +0 -7
- package/dist/utils/identity-resolver.d.ts.map +0 -1
- package/dist/utils/identity-resolver.js +0 -8
- package/dist/utils/identity-resolver.js.map +0 -1
- package/lib/types/client.ts +0 -82
- package/lib/types/dpop.ts +0 -9
- package/lib/types/identity.ts +0 -12
- package/lib/types/par.ts +0 -4
- package/lib/utils/identity-resolver.ts +0 -12
package/dist/agents/sessions.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { database } from '../environment.js';
|
|
2
2
|
import { OAuthResponseError, TokenRefreshError } from '../errors.js';
|
|
3
|
+
import { isLegacyDpopKey, migrateLegacyDpopKey } from '../utils/dpop-key.js';
|
|
3
4
|
import { locks } from '../utils/runtime.js';
|
|
4
5
|
import { OAuthServerAgent } from './server-agent.js';
|
|
5
6
|
const pending = new Map();
|
|
@@ -33,7 +34,7 @@ export const getSession = async (sub, options) => {
|
|
|
33
34
|
options?.signal?.throwIfAborted();
|
|
34
35
|
}
|
|
35
36
|
const run = async () => {
|
|
36
|
-
const storedSession = database.sessions.get(sub);
|
|
37
|
+
const storedSession = await migrateSessionIfNeeded(sub, database.sessions.get(sub));
|
|
37
38
|
if (storedSession && allowStored(storedSession)) {
|
|
38
39
|
// Use the stored value as return value for the current execution
|
|
39
40
|
// flow. Notify other concurrent execution flows (that should be
|
|
@@ -107,4 +108,18 @@ const isTokenUsable = ({ token }) => {
|
|
|
107
108
|
const expires = token.expires_at;
|
|
108
109
|
return expires == null || Date.now() + 60_000 <= expires;
|
|
109
110
|
};
|
|
111
|
+
const migrateSessionIfNeeded = async (sub, session) => {
|
|
112
|
+
if (!session || !isLegacyDpopKey(session.dpopKey)) {
|
|
113
|
+
return session;
|
|
114
|
+
}
|
|
115
|
+
const dpopKey = await migrateLegacyDpopKey(session.dpopKey);
|
|
116
|
+
const migrated = { ...session, dpopKey };
|
|
117
|
+
try {
|
|
118
|
+
database.sessions.set(sub, migrated);
|
|
119
|
+
}
|
|
120
|
+
catch {
|
|
121
|
+
// ignore persistence errors
|
|
122
|
+
}
|
|
123
|
+
return migrated;
|
|
124
|
+
};
|
|
110
125
|
//# sourceMappingURL=sessions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../lib/agents/sessions.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AASrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;AAE9D,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,GAAQ,EAAE,OAA2B,EAAoB,EAAE,CAAC;IAC5F,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAElC,IAAI,WAAW,GAAG,aAAa,CAAC;IAChC,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,WAAW,GAAG,WAAW,CAAC;IAC3B,CAAC;SAAM,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QAChC,WAAW,GAAG,UAAU,CAAC;IAC1B,CAAC;IAED,qEAAqE;IACrE,4EAA4E;IAC5E,uEAAuE;IACvE,iEAAiE;IACjE,4EAA4E;IAC5E,cAAc;IACd,IAAI,qBAAgE,CAAC;IACrE,OAAO,CAAC,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,CAAC;YAEvD,IAAI,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,mEAAmE;YACnE,4BAA4B;QAC7B,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,IAAmC,EAAE,CAAC;QACtD,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../lib/agents/sessions.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AASrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;AAE9D,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,GAAQ,EAAE,OAA2B,EAAoB,EAAE,CAAC;IAC5F,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAElC,IAAI,WAAW,GAAG,aAAa,CAAC;IAChC,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,WAAW,GAAG,WAAW,CAAC;IAC3B,CAAC;SAAM,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QAChC,WAAW,GAAG,UAAU,CAAC;IAC1B,CAAC;IAED,qEAAqE;IACrE,4EAA4E;IAC5E,uEAAuE;IACvE,iEAAiE;IACjE,4EAA4E;IAC5E,cAAc;IACd,IAAI,qBAAgE,CAAC;IACrE,OAAO,CAAC,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,CAAC;YAEvD,IAAI,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,mEAAmE;YACnE,4BAA4B;QAC7B,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,IAAmC,EAAE,CAAC;QACtD,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAEpF,IAAI,aAAa,IAAI,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;YACjD,iEAAiE;YACjE,gEAAgE;YAChE,sEAAsE;YACtE,8DAA8D;YAC9D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAE1D,MAAM,YAAY,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAAA,CAC5C,CAAC;IAEF,IAAI,OAAsC,CAAC;IAE3C,IAAI,KAAK,EAAE,CAAC;QACX,OAAO,GAAG,KAAK,CAAC,OAAO,CAAuB,gBAAgB,GAAG,EAAE,EAAE,GAAU,CAAC,CAAC;IAClF,CAAC;SAAM,CAAC;QACP,OAAO,GAAG,GAAG,EAAE,CAAC;IACjB,CAAC;IAED,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,kEAAkE;QAClE,mEAAmE;QACnE,sEAAsE;QACtE,6CAA6C;QAC7C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAE1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,OAAO,CAAC;IAChC,OAAO,KAAK,CAAC;AAAA,CACb,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAQ,EAAE,UAAmB,EAAiB,EAAE,CAAC;IACnF,IAAI,CAAC;QACJ,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,MAAM,cAAc,CAAC,UAAU,CAAC,CAAC;QACjC,MAAM,GAAG,CAAC;IACX,CAAC;AAAA,CACD,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAQ,EAAE,CAAC;IACtD,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAAA,CAC9B,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAU,EAAE,CAAC;IAC9C,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AAAA,CAChC,CAAC;AAEF,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC;AAC9B,MAAM,WAAW,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC;AAEhC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAQ,EAAE,aAAkC,EAAoB,EAAE,CAAC;IAC9F,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE1D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;YACpG,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,KAAK,CAAC;IACb,CAAC;AAAA,CACD,CAAC;AAEF,MAAM,cAAc,GAAG,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAW,EAAE,EAAE,CAAC;IACnE,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;AAAA,CACnD,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,EAAE,KAAK,EAAW,EAAW,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,UAAU,CAAC;IACjC,OAAO,OAAO,IAAI,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,IAAI,OAAO,CAAC;AAAA,CACzD,CAAC;AAEF,MAAM,sBAAsB,GAAG,KAAK,EACnC,GAAQ,EACR,OAA+B,EACA,EAAE,CAAC;IAClC,IAAI,CAAC,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,OAAO,OAA8B,CAAC;IACvC,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;IAEzC,IAAI,CAAC;QACJ,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACR,4BAA4B;IAC7B,CAAC;IAED,OAAO,QAAQ,CAAC;AAAA,CAChB,CAAC"}
|
|
@@ -40,7 +40,7 @@ export class OAuthUserAgent {
|
|
|
40
40
|
let session = this.session;
|
|
41
41
|
let url = new URL(pathname, session.info.aud);
|
|
42
42
|
headers.set('authorization', `${session.token.type} ${session.token.access}`);
|
|
43
|
-
let response = await this.#fetch(url, { ...init, headers });
|
|
43
|
+
let response = await this.#fetch(url.href, { ...init, headers });
|
|
44
44
|
if (!isInvalidTokenResponse(response)) {
|
|
45
45
|
return response;
|
|
46
46
|
}
|
|
@@ -61,7 +61,7 @@ export class OAuthUserAgent {
|
|
|
61
61
|
}
|
|
62
62
|
url = new URL(pathname, session.info.aud);
|
|
63
63
|
headers.set('authorization', `${session.token.type} ${session.token.access}`);
|
|
64
|
-
return await this.#fetch(url, { ...init, headers });
|
|
64
|
+
return await this.#fetch(url.href, { ...init, headers });
|
|
65
65
|
}
|
|
66
66
|
}
|
|
67
67
|
const isInvalidTokenResponse = (response) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAA0B,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAExF,MAAM,OAAO,cAAc;IAIP,OAAO;IAH1B,MAAM,CAAe;IACrB,kBAAkB,CAA+B;IAEjD,YAAmB,OAAgB,EAAE;uBAAlB,OAAO;QACzB,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAAA,CACtD;IAED,IAAI,GAAG,GAAQ;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAAA,CAC7B;IAED,UAAU,CAAC,OAA2B,EAAoB;QACzD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE3D,OAAO;aACL,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAAA,CACvB,CAAC;aACD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAAA,CACpC,CAAC,CAAC;QAEJ,OAAO,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,CAAC;IAAA,CAC3C;IAED,KAAK,CAAC,OAAO,GAAkB;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAElC,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAE1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACV,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IAAA,CACD;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAkB,EAAqB;QACrE,MAAM,IAAI,CAAC,kBAAkB,CAAC;QAE9B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE3C,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC3B,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../lib/agents/user-agent.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAA0B,mBAAmB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAExF,MAAM,OAAO,cAAc;IAIP,OAAO;IAH1B,MAAM,CAAe;IACrB,kBAAkB,CAA+B;IAEjD,YAAmB,OAAgB,EAAE;uBAAlB,OAAO;QACzB,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAAA,CACtD;IAED,IAAI,GAAG,GAAQ;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;IAAA,CAC7B;IAED,UAAU,CAAC,OAA2B,EAAoB;QACzD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE3D,OAAO;aACL,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAAA,CACvB,CAAC;aACD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAAA,CACpC,CAAC,CAAC;QAEJ,OAAO,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,CAAC;IAAA,CAC3C;IAED,KAAK,CAAC,OAAO,GAAkB;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAElC,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAE1D,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACV,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IAAA,CACD;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAkB,EAAqB;QACrE,MAAM,IAAI,CAAC,kBAAkB,CAAC;QAE9B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE3C,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC3B,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACJ,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACP,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC1C,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAAA,CACzD;CACD;AAED,MAAM,sBAAsB,GAAG,CAAC,QAAkB,EAAE,EAAE,CAAC;IACtD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAEtD,OAAO,CACN,IAAI,IAAI,IAAI;QACZ,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CACtC,CAAC;AAAA,CACF,CAAC"}
|
package/dist/dpop.d.ts
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import type
|
|
2
|
-
export declare const
|
|
3
|
-
export declare const createDPoPSignage: (dpopKey: DPoPKey) => (method: string, htu: string, nonce: string | undefined, ath: string | undefined) => Promise<string>;
|
|
4
|
-
export declare const createDPoPFetch: (dpopKey: DPoPKey, isAuthServer?: boolean | undefined) => typeof fetch;
|
|
1
|
+
import { type DpopPrivateJwk } from '@atcute/oauth-crypto';
|
|
2
|
+
export declare const createDPoPFetch: (dpopKey: DpopPrivateJwk, isAuthServer?: boolean | undefined) => typeof fetch;
|
|
5
3
|
//# sourceMappingURL=dpop.d.ts.map
|
package/dist/dpop.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0C,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAKnG,eAAO,MAAM,eAAe,+EA4F3B,CAAC"}
|
package/dist/dpop.js
CHANGED
|
@@ -1,92 +1,35 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { encodeUtf8 } from '@atcute/uint8array';
|
|
3
|
-
import { nanoid } from 'nanoid';
|
|
1
|
+
import { createDpopProofSigner, sha256Base64Url } from '@atcute/oauth-crypto';
|
|
4
2
|
import { database } from './environment.js';
|
|
5
3
|
import { extractContentType } from './utils/response.js';
|
|
6
|
-
import { stringToSha256 } from './utils/runtime.js';
|
|
7
|
-
const ES256_ALG = { name: 'ECDSA', namedCurve: 'P-256' };
|
|
8
|
-
export const createES256Key = async () => {
|
|
9
|
-
const pair = await crypto.subtle.generateKey(ES256_ALG, true, ['sign', 'verify']);
|
|
10
|
-
const key = await crypto.subtle.exportKey('pkcs8', pair.privateKey);
|
|
11
|
-
const { ext: _ext, key_ops: _key_opts, ...jwk } = await crypto.subtle.exportKey('jwk', pair.publicKey);
|
|
12
|
-
const canonicalJwk = JSON.stringify({ crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y });
|
|
13
|
-
const jkt = await stringToSha256(canonicalJwk);
|
|
14
|
-
return {
|
|
15
|
-
typ: 'ES256',
|
|
16
|
-
key: toBase64Url(new Uint8Array(key)),
|
|
17
|
-
jwt: toBase64Url(encodeUtf8(JSON.stringify({ typ: 'dpop+jwt', alg: 'ES256', jwk: jwk }))),
|
|
18
|
-
jkt: jkt,
|
|
19
|
-
};
|
|
20
|
-
};
|
|
21
|
-
export const createDPoPSignage = (dpopKey) => {
|
|
22
|
-
const headerString = dpopKey.jwt;
|
|
23
|
-
const keyPromise = crypto.subtle.importKey('pkcs8', fromBase64Url(dpopKey.key), ES256_ALG, true, ['sign']);
|
|
24
|
-
const constructPayload = (htm, htu, nonce, ath) => {
|
|
25
|
-
const payload = {
|
|
26
|
-
ath: ath,
|
|
27
|
-
htm: htm,
|
|
28
|
-
htu: htu,
|
|
29
|
-
iat: Math.floor(Date.now() / 1_000),
|
|
30
|
-
jti: nanoid(24),
|
|
31
|
-
nonce: nonce,
|
|
32
|
-
};
|
|
33
|
-
return toBase64Url(encodeUtf8(JSON.stringify(payload)));
|
|
34
|
-
};
|
|
35
|
-
return async (method, htu, nonce, ath) => {
|
|
36
|
-
const payloadString = constructPayload(method, htu, nonce, ath);
|
|
37
|
-
const signed = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, await keyPromise, encodeUtf8(headerString + '.' + payloadString));
|
|
38
|
-
const signatureString = toBase64Url(new Uint8Array(signed));
|
|
39
|
-
return headerString + '.' + payloadString + '.' + signatureString;
|
|
40
|
-
};
|
|
41
|
-
};
|
|
42
4
|
export const createDPoPFetch = (dpopKey, isAuthServer) => {
|
|
43
5
|
const nonces = database.dpopNonces;
|
|
44
6
|
const pending = database.inflightDpop;
|
|
45
|
-
const sign =
|
|
7
|
+
const sign = createDpopProofSigner(dpopKey);
|
|
46
8
|
return async (input, init) => {
|
|
47
9
|
const request = new Request(input, init);
|
|
48
10
|
const authorizationHeader = request.headers.get('authorization');
|
|
49
11
|
const ath = authorizationHeader?.startsWith('DPoP ')
|
|
50
|
-
? await
|
|
12
|
+
? await sha256Base64Url(authorizationHeader.slice(5))
|
|
51
13
|
: undefined;
|
|
52
14
|
const { method, url } = request;
|
|
53
15
|
const { origin, pathname } = new URL(url);
|
|
54
16
|
const htu = origin + pathname;
|
|
55
|
-
// See if we have a pending promise for this origin, we'll await before
|
|
56
|
-
// proceeding with this request, next comment describes what the promise
|
|
57
|
-
// is meant to be.
|
|
58
17
|
let deferred = pending.get(origin);
|
|
59
18
|
if (deferred) {
|
|
60
19
|
await deferred.promise;
|
|
61
20
|
deferred = undefined;
|
|
62
21
|
}
|
|
63
|
-
// Get our persisted nonce value for this origin
|
|
64
22
|
let initNonce;
|
|
65
23
|
let expiredOrMissing = false;
|
|
66
24
|
try {
|
|
67
25
|
const [nonce, lapsed] = nonces.getWithLapsed(origin);
|
|
68
26
|
initNonce = nonce;
|
|
69
|
-
// The problem with DPoP nonces is that we don't have insight as to when
|
|
70
|
-
// they'll expire, either we have a nonce value or we don't.
|
|
71
|
-
//
|
|
72
|
-
// Which is very unfortunate, if the client makes multiple requests at the
|
|
73
|
-
// same time, there's a chance that all of them will fail due to the nonce
|
|
74
|
-
// value having expired.
|
|
75
|
-
//
|
|
76
|
-
// To make this less painful, if it's been over 3 minutes since we last
|
|
77
|
-
// had a nonce value, or we never had one to begin with, we'll let this
|
|
78
|
-
// request through and defer everyone else until we get a possibly fresh
|
|
79
|
-
// nonce value.
|
|
80
|
-
//
|
|
81
|
-
// 3 minutes being the DPoP nonce expiration time set by the reference PDS
|
|
82
|
-
// implementation.
|
|
83
27
|
expiredOrMissing = lapsed > 3 * 60 * 1_000;
|
|
84
28
|
}
|
|
85
29
|
catch {
|
|
86
|
-
//
|
|
30
|
+
// ignore read errors
|
|
87
31
|
}
|
|
88
32
|
if (expiredOrMissing) {
|
|
89
|
-
// Defer everyone else until this request finishes.
|
|
90
33
|
pending.set(origin, (deferred = Promise.withResolvers()));
|
|
91
34
|
}
|
|
92
35
|
let nextNonce;
|
|
@@ -96,52 +39,40 @@ export const createDPoPFetch = (dpopKey, isAuthServer) => {
|
|
|
96
39
|
const initResponse = await fetch(request);
|
|
97
40
|
nextNonce = initResponse.headers.get('dpop-nonce');
|
|
98
41
|
if (nextNonce === null || nextNonce === initNonce) {
|
|
99
|
-
// No nonce was returned or it is the same as the one we sent. No need to
|
|
100
|
-
// update the nonce store, or retry the request.
|
|
101
42
|
return initResponse;
|
|
102
43
|
}
|
|
103
|
-
// Store the fresh nonce for future requests
|
|
104
44
|
try {
|
|
105
45
|
nonces.set(origin, nextNonce);
|
|
106
46
|
}
|
|
107
47
|
catch {
|
|
108
|
-
//
|
|
48
|
+
// ignore write errors
|
|
109
49
|
}
|
|
110
50
|
const shouldRetry = await isUseDpopNonceError(initResponse, isAuthServer);
|
|
111
51
|
if (!shouldRetry) {
|
|
112
|
-
// Not a "use_dpop_nonce" error, so there is no need to retry
|
|
113
52
|
return initResponse;
|
|
114
53
|
}
|
|
115
54
|
if (input === request || init?.body instanceof ReadableStream) {
|
|
116
|
-
// If the input stream was already consumed, we cannot retry the request. A
|
|
117
|
-
// solution would be to clone() the request but that would bufferize the
|
|
118
|
-
// entire stream in memory which can lead to memory starvation. Instead, we
|
|
119
|
-
// will return the original response and let the calling code handle retries.
|
|
120
55
|
return initResponse;
|
|
121
56
|
}
|
|
122
57
|
}
|
|
123
58
|
finally {
|
|
124
|
-
// Now everyone can have their turn.
|
|
125
59
|
if (deferred) {
|
|
126
60
|
pending.delete(origin);
|
|
127
61
|
deferred.resolve();
|
|
128
62
|
}
|
|
129
63
|
}
|
|
130
|
-
// We got here because we were asked to retry the request (due to missing
|
|
131
|
-
// nonce value in the first request), let's do just that.
|
|
132
64
|
{
|
|
133
65
|
const nextProof = await sign(method, htu, nextNonce, ath);
|
|
134
66
|
const nextRequest = new Request(input, init);
|
|
135
67
|
nextRequest.headers.set('dpop', nextProof);
|
|
136
68
|
const retryResponse = await fetch(nextRequest);
|
|
137
|
-
// Check if the server returned another new nonce in the retry response
|
|
138
69
|
const retryNonce = retryResponse.headers.get('dpop-nonce');
|
|
139
70
|
if (retryNonce !== null && retryNonce !== nextNonce) {
|
|
140
71
|
try {
|
|
141
72
|
nonces.set(origin, retryNonce);
|
|
142
73
|
}
|
|
143
74
|
catch {
|
|
144
|
-
//
|
|
75
|
+
// ignore write errors
|
|
145
76
|
}
|
|
146
77
|
}
|
|
147
78
|
return retryResponse;
|
|
@@ -149,8 +80,6 @@ export const createDPoPFetch = (dpopKey, isAuthServer) => {
|
|
|
149
80
|
};
|
|
150
81
|
};
|
|
151
82
|
const isUseDpopNonceError = async (response, isAuthServer) => {
|
|
152
|
-
// https://datatracker.ietf.org/doc/html/rfc6750#section-3
|
|
153
|
-
// https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no
|
|
154
83
|
if (isAuthServer === undefined || isAuthServer === false) {
|
|
155
84
|
if (response.status === 401) {
|
|
156
85
|
const wwwAuth = response.headers.get('www-authenticate');
|
|
@@ -159,7 +88,6 @@ const isUseDpopNonceError = async (response, isAuthServer) => {
|
|
|
159
88
|
}
|
|
160
89
|
}
|
|
161
90
|
}
|
|
162
|
-
// https://datatracker.ietf.org/doc/html/rfc9449#name-authorization-server-provid
|
|
163
91
|
if (isAuthServer === undefined || isAuthServer === true) {
|
|
164
92
|
if (response.status === 400 && extractContentType(response.headers) === 'application/json') {
|
|
165
93
|
try {
|
|
@@ -167,7 +95,6 @@ const isUseDpopNonceError = async (response, isAuthServer) => {
|
|
|
167
95
|
return typeof json === 'object' && json?.['error'] === 'use_dpop_nonce';
|
|
168
96
|
}
|
|
169
97
|
catch {
|
|
170
|
-
// Response too big (to be "use_dpop_nonce" error) or invalid JSON
|
|
171
98
|
return false;
|
|
172
99
|
}
|
|
173
100
|
}
|
package/dist/dpop.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../lib/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAuB,MAAM,sBAAsB,CAAC;AAEnG,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAuB,EAAE,YAAsB,EAAgB,EAAE,CAAC;IACjG,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC;IAEtC,MAAM,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YACnD,CAAC,CAAC,MAAM,eAAe,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE1C,MAAM,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE9B,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,OAAO,CAAC;YACvB,QAAQ,GAAG,SAAS,CAAC;QACtB,CAAC;QAED,IAAI,SAA6B,CAAC;QAClC,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAErD,SAAS,GAAG,KAAK,CAAC;YAClB,gBAAgB,GAAG,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACR,qBAAqB;QACtB,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,SAAwB,CAAC;QAC7B,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAEvC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YAE1C,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACnD,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnD,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,IAAI,CAAC;gBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACR,sBAAsB;YACvB,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClB,OAAO,YAAY,CAAC;YACrB,CAAC;YAED,IAAI,KAAK,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;gBAC/D,OAAO,YAAY,CAAC;YACrB,CAAC;QACF,CAAC;gBAAS,CAAC;YACV,IAAI,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvB,QAAQ,CAAC,OAAO,EAAE,CAAC;YACpB,CAAC;QACF,CAAC;QAED,CAAC;YACA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE3C,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;YAE/C,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC3D,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBACrD,IAAI,CAAC;oBACJ,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACR,sBAAsB;gBACvB,CAAC;YACF,CAAC;YAED,OAAO,aAAa,CAAC;QACtB,CAAC;IAAA,CACD,CAAC;AAAA,CACF,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,QAAkB,EAAE,YAAsB,EAAoB,EAAE,CAAC;IACnG,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YACnD,CAAC;QACF,CAAC;IACF,CAAC;IAED,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAC5F,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC3C,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AAAA,CACb,CAAC"}
|
package/dist/environment.d.ts
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { ActorResolver } from '@atcute/identity-resolver';
|
|
2
2
|
import { type OAuthDatabase } from './store/db.js';
|
|
3
3
|
import type { ClientAssertionFetcher } from './types/client-assertion.js';
|
|
4
4
|
export declare let CLIENT_ID: string;
|
|
5
5
|
export declare let REDIRECT_URI: string;
|
|
6
6
|
export declare let fetchClientAssertion: ClientAssertionFetcher | undefined;
|
|
7
7
|
export declare let database: OAuthDatabase;
|
|
8
|
-
export declare let identityResolver:
|
|
8
|
+
export declare let identityResolver: ActorResolver;
|
|
9
9
|
export interface ConfigureOAuthOptions {
|
|
10
10
|
/**
|
|
11
11
|
* client metadata, necessary to drive the whole request
|
|
@@ -15,7 +15,7 @@ export interface ConfigureOAuthOptions {
|
|
|
15
15
|
redirect_uri: string;
|
|
16
16
|
};
|
|
17
17
|
/** resolves actor identifiers into identity metadata */
|
|
18
|
-
identityResolver:
|
|
18
|
+
identityResolver: ActorResolver;
|
|
19
19
|
/**
|
|
20
20
|
* optional function to fetch DPoP-bound client assertions from your backend.
|
|
21
21
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AACxE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAE1E,eAAO,IAAI,SAAS,EAAE,MAAM,CAAC;AAC7B,eAAO,IAAI,YAAY,EAAE,MAAM,CAAC;AAEhC,eAAO,IAAI,oBAAoB,EAAE,sBAAsB,GAAG,SAAS,CAAC;AAEpE,eAAO,IAAI,QAAQ,EAAE,aAAa,CAAC;AAEnC,eAAO,IAAI,gBAAgB,EAAE,aAAa,CAAC;AAE3C,MAAM,WAAW,qBAAqB;IACrC;;OAEG;IACH,QAAQ,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF,wDAAwD;IACxD,gBAAgB,EAAE,aAAa,CAAC;IAEhC;;OAEG;IACH,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;IAE9C;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,eAAO,MAAM,cAAc,0CAK1B,CAAC"}
|
package/dist/environment.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAGxE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,oBAAwD,CAAC;AAEpE,MAAM,CAAC,IAAI,QAAuB,CAAC;AAEnC,MAAM,CAAC,IAAI,
|
|
1
|
+
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../lib/environment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAsB,MAAM,eAAe,CAAC;AAGxE,MAAM,CAAC,IAAI,SAAiB,CAAC;AAC7B,MAAM,CAAC,IAAI,YAAoB,CAAC;AAEhC,MAAM,CAAC,IAAI,oBAAwD,CAAC;AAEpE,MAAM,CAAC,IAAI,QAAuB,CAAC;AAEnC,MAAM,CAAC,IAAI,gBAA+B,CAAC;AA0B3C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAE,EAAE,CAAC;IACjE,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,CAAC;IACvD,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1E,QAAQ,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,cAAc,EAAE,CAAC,CAAC;AAAA,CAChF,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,16 +1,8 @@
|
|
|
1
1
|
export { configureOAuth, type ConfigureOAuthOptions } from './environment.js';
|
|
2
2
|
export * from './errors.js';
|
|
3
3
|
export * from './agents/exchange.js';
|
|
4
|
-
export
|
|
5
|
-
export * from './agents/sessions.js';
|
|
4
|
+
export { getSession, deleteStoredSession, listStoredSessions, type SessionGetOptions, } from './agents/sessions.js';
|
|
6
5
|
export * from './agents/user-agent.js';
|
|
7
|
-
export
|
|
8
|
-
export
|
|
9
|
-
export * from './types/dpop.js';
|
|
10
|
-
export * from './types/identity.js';
|
|
11
|
-
export * from './types/par.js';
|
|
12
|
-
export * from './types/server.js';
|
|
13
|
-
export * from './types/store.js';
|
|
14
|
-
export * from './types/token.js';
|
|
15
|
-
export * from './utils/identity-resolver.js';
|
|
6
|
+
export type { ClientAssertionCredentials, ClientAssertionFetcher, FetchClientAssertionParams, } from './types/client-assertion.js';
|
|
7
|
+
export type { TokenInfo, ExchangeInfo, Session } from './types/token.js';
|
|
16
8
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,iBAAiB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,cAAc,wBAAwB,CAAC;AAEvC,YAAY,EACX,0BAA0B,EAC1B,sBAAsB,EACtB,0BAA0B,GAC1B,MAAM,6BAA6B,CAAC;AACrC,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,16 +1,6 @@
|
|
|
1
1
|
export { configureOAuth } from './environment.js';
|
|
2
2
|
export * from './errors.js';
|
|
3
3
|
export * from './agents/exchange.js';
|
|
4
|
-
export
|
|
5
|
-
export * from './agents/sessions.js';
|
|
4
|
+
export { getSession, deleteStoredSession, listStoredSessions, } from './agents/sessions.js';
|
|
6
5
|
export * from './agents/user-agent.js';
|
|
7
|
-
export * from './types/client-assertion.js';
|
|
8
|
-
export * from './types/client.js';
|
|
9
|
-
export * from './types/dpop.js';
|
|
10
|
-
export * from './types/identity.js';
|
|
11
|
-
export * from './types/par.js';
|
|
12
|
-
export * from './types/server.js';
|
|
13
|
-
export * from './types/store.js';
|
|
14
|
-
export * from './types/token.js';
|
|
15
|
-
export * from './utils/identity-resolver.js';
|
|
16
6
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAA8B,MAAM,kBAAkB,CAAC;AAE9E,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,kBAAkB,GAElB,MAAM,sBAAsB,CAAC;AAC9B,cAAc,wBAAwB,CAAC"}
|
package/dist/resolvers.d.ts
CHANGED
|
@@ -1,10 +1,98 @@
|
|
|
1
|
+
import type { ResolvedActor } from '@atcute/identity-resolver';
|
|
1
2
|
import type { ActorIdentifier } from '@atcute/lexicons';
|
|
2
|
-
import type { AuthorizationServerMetadata } from './types/server.js';
|
|
3
3
|
export declare const resolveFromIdentifier: (ident: ActorIdentifier) => Promise<{
|
|
4
|
-
identity:
|
|
5
|
-
metadata:
|
|
4
|
+
identity: ResolvedActor;
|
|
5
|
+
metadata: {
|
|
6
|
+
issuer: string;
|
|
7
|
+
claims_supported?: string[] | undefined;
|
|
8
|
+
claims_locales_supported?: string[] | undefined;
|
|
9
|
+
claims_parameter_supported?: boolean | undefined;
|
|
10
|
+
request_parameter_supported?: boolean | undefined;
|
|
11
|
+
request_uri_parameter_supported?: boolean | undefined;
|
|
12
|
+
require_request_uri_registration?: boolean | undefined;
|
|
13
|
+
scopes_supported?: string[] | undefined;
|
|
14
|
+
subject_types_supported?: string[] | undefined;
|
|
15
|
+
response_types_supported?: string[] | undefined;
|
|
16
|
+
response_modes_supported?: string[] | undefined;
|
|
17
|
+
grant_types_supported?: string[] | undefined;
|
|
18
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
|
19
|
+
ui_locales_supported?: string[] | undefined;
|
|
20
|
+
id_token_signing_alg_values_supported?: string[] | undefined;
|
|
21
|
+
display_values_supported?: string[] | undefined;
|
|
22
|
+
prompt_values_supported?: ("consent" | "create" | "login" | "none" | "select_account")[] | undefined;
|
|
23
|
+
request_object_signing_alg_values_supported?: string[] | undefined;
|
|
24
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
25
|
+
authorization_details_types_supported?: string[] | undefined;
|
|
26
|
+
request_object_encryption_alg_values_supported?: string[] | undefined;
|
|
27
|
+
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
28
|
+
jwks_uri?: string | undefined;
|
|
29
|
+
authorization_endpoint: string;
|
|
30
|
+
token_endpoint: string;
|
|
31
|
+
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
32
|
+
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
33
|
+
revocation_endpoint?: string | undefined;
|
|
34
|
+
revocation_endpoint_auth_methods_supported?: string[] | undefined;
|
|
35
|
+
revocation_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
36
|
+
introspection_endpoint?: string | undefined;
|
|
37
|
+
introspection_endpoint_auth_methods_supported?: string[] | undefined;
|
|
38
|
+
introspection_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
39
|
+
pushed_authorization_request_endpoint?: string | undefined;
|
|
40
|
+
pushed_authorization_request_endpoint_auth_methods_supported?: string[] | undefined;
|
|
41
|
+
pushed_authorization_request_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
42
|
+
require_pushed_authorization_requests?: boolean | undefined;
|
|
43
|
+
userinfo_endpoint?: string | undefined;
|
|
44
|
+
end_session_endpoint?: string | undefined;
|
|
45
|
+
registration_endpoint?: string | undefined;
|
|
46
|
+
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
47
|
+
protected_resources?: string[] | undefined;
|
|
48
|
+
client_id_metadata_document_supported?: boolean | undefined;
|
|
49
|
+
};
|
|
6
50
|
}>;
|
|
7
51
|
export declare const resolveFromService: (host: string) => Promise<{
|
|
8
|
-
metadata:
|
|
52
|
+
metadata: {
|
|
53
|
+
issuer: string;
|
|
54
|
+
claims_supported?: string[] | undefined;
|
|
55
|
+
claims_locales_supported?: string[] | undefined;
|
|
56
|
+
claims_parameter_supported?: boolean | undefined;
|
|
57
|
+
request_parameter_supported?: boolean | undefined;
|
|
58
|
+
request_uri_parameter_supported?: boolean | undefined;
|
|
59
|
+
require_request_uri_registration?: boolean | undefined;
|
|
60
|
+
scopes_supported?: string[] | undefined;
|
|
61
|
+
subject_types_supported?: string[] | undefined;
|
|
62
|
+
response_types_supported?: string[] | undefined;
|
|
63
|
+
response_modes_supported?: string[] | undefined;
|
|
64
|
+
grant_types_supported?: string[] | undefined;
|
|
65
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
|
66
|
+
ui_locales_supported?: string[] | undefined;
|
|
67
|
+
id_token_signing_alg_values_supported?: string[] | undefined;
|
|
68
|
+
display_values_supported?: string[] | undefined;
|
|
69
|
+
prompt_values_supported?: ("consent" | "create" | "login" | "none" | "select_account")[] | undefined;
|
|
70
|
+
request_object_signing_alg_values_supported?: string[] | undefined;
|
|
71
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
72
|
+
authorization_details_types_supported?: string[] | undefined;
|
|
73
|
+
request_object_encryption_alg_values_supported?: string[] | undefined;
|
|
74
|
+
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
75
|
+
jwks_uri?: string | undefined;
|
|
76
|
+
authorization_endpoint: string;
|
|
77
|
+
token_endpoint: string;
|
|
78
|
+
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
79
|
+
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
80
|
+
revocation_endpoint?: string | undefined;
|
|
81
|
+
revocation_endpoint_auth_methods_supported?: string[] | undefined;
|
|
82
|
+
revocation_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
83
|
+
introspection_endpoint?: string | undefined;
|
|
84
|
+
introspection_endpoint_auth_methods_supported?: string[] | undefined;
|
|
85
|
+
introspection_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
86
|
+
pushed_authorization_request_endpoint?: string | undefined;
|
|
87
|
+
pushed_authorization_request_endpoint_auth_methods_supported?: string[] | undefined;
|
|
88
|
+
pushed_authorization_request_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
89
|
+
require_pushed_authorization_requests?: boolean | undefined;
|
|
90
|
+
userinfo_endpoint?: string | undefined;
|
|
91
|
+
end_session_endpoint?: string | undefined;
|
|
92
|
+
registration_endpoint?: string | undefined;
|
|
93
|
+
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
94
|
+
protected_resources?: string[] | undefined;
|
|
95
|
+
client_id_metadata_document_supported?: boolean | undefined;
|
|
96
|
+
};
|
|
9
97
|
}>;
|
|
10
98
|
//# sourceMappingURL=resolvers.d.ts.map
|
package/dist/resolvers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolvers.d.ts","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"resolvers.d.ts","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQxD,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASjC,CAAC;AAEF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB9B,CAAC"}
|
package/dist/resolvers.js
CHANGED
|
@@ -17,7 +17,7 @@ export const resolveFromService = async (host) => {
|
|
|
17
17
|
catch (err) {
|
|
18
18
|
if (err instanceof ResolverError) {
|
|
19
19
|
try {
|
|
20
|
-
const metadata = await
|
|
20
|
+
const metadata = await getOAuthAuthorizationServerMetadata(host);
|
|
21
21
|
return { metadata };
|
|
22
22
|
}
|
|
23
23
|
catch { }
|
|
@@ -25,9 +25,9 @@ export const resolveFromService = async (host) => {
|
|
|
25
25
|
throw err;
|
|
26
26
|
}
|
|
27
27
|
};
|
|
28
|
-
const
|
|
28
|
+
const getOAuthProtectedResourceMetadata = async (host) => {
|
|
29
29
|
const url = new URL(`/.well-known/oauth-protected-resource`, host);
|
|
30
|
-
const response = await fetch(url, {
|
|
30
|
+
const response = await fetch(url.href, {
|
|
31
31
|
redirect: 'manual',
|
|
32
32
|
headers: {
|
|
33
33
|
accept: 'application/json',
|
|
@@ -42,9 +42,9 @@ const getProtectedResourceMetadata = async (host) => {
|
|
|
42
42
|
}
|
|
43
43
|
return metadata;
|
|
44
44
|
};
|
|
45
|
-
const
|
|
45
|
+
const getOAuthAuthorizationServerMetadata = async (host) => {
|
|
46
46
|
const url = new URL(`/.well-known/oauth-authorization-server`, host);
|
|
47
|
-
const response = await fetch(url, {
|
|
47
|
+
const response = await fetch(url.href, {
|
|
48
48
|
redirect: 'manual',
|
|
49
49
|
headers: {
|
|
50
50
|
accept: 'application/json',
|
|
@@ -74,12 +74,12 @@ const getAuthorizationServerMetadata = async (host) => {
|
|
|
74
74
|
return metadata;
|
|
75
75
|
};
|
|
76
76
|
const getMetadataFromResourceServer = async (input) => {
|
|
77
|
-
const rs_metadata = await
|
|
77
|
+
const rs_metadata = await getOAuthProtectedResourceMetadata(input);
|
|
78
78
|
if (rs_metadata.authorization_servers?.length !== 1) {
|
|
79
79
|
throw new ResolverError(`expected exactly one authorization server in the listing`);
|
|
80
80
|
}
|
|
81
81
|
const issuer = rs_metadata.authorization_servers[0];
|
|
82
|
-
const as_metadata = await
|
|
82
|
+
const as_metadata = await getOAuthAuthorizationServerMetadata(issuer);
|
|
83
83
|
if (as_metadata.protected_resources) {
|
|
84
84
|
if (!as_metadata.protected_resources.includes(rs_metadata.resource)) {
|
|
85
85
|
throw new ResolverError(`server is not in authorization server's jurisdiction`);
|
package/dist/resolvers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../lib/resolvers.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACzC,KAAsB,EAC6D,EAAE,CAAC;IACtF,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAEvD,OAAO;QACN,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM,6BAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC;KAC3D,CAAC;AAAA,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,IAAY,EAC8C,EAAE,CAAC;IAC7D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,6BAA6B,CAAC,IAAI,CAAC,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,mCAAmC,CAAC,IAAI,CAAC,CAAC;gBACjE,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,MAAM,GAAG,CAAC;IACX,CAAC;AAAA,CACD,CAAC;AAEF,MAAM,iCAAiC,GAAG,KAAK,EAAE,IAAY,EAA2C,EAAE,CAAC;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;QACtC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmC,CAAC;IAC3E,IAAI,QAAQ,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,QAAQ,CAAC;AAAA,CAChB,CAAC;AAEF,MAAM,mCAAmC,GAAG,KAAK,EAChD,IAAY,EACgC,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;QACtC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACR,MAAM,EAAE,kBAAkB;SAC1B;KACD,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5F,MAAM,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqC,CAAC;IAC7E,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,aAAa,CAAC,gEAAgE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,qEAAqE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,sEAAsE,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,aAAa,CAAC,4DAA4D,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AAAA,CAChB,CAAC;AAEF,MAAM,6BAA6B,GAAG,KAAK,EAAE,KAAa,EAAE,EAAE,CAAC;IAC9D,MAAM,WAAW,GAAG,MAAM,iCAAiC,CAAC,KAAK,CAAC,CAAC;IAEnE,IAAI,WAAW,CAAC,qBAAqB,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,mCAAmC,CAAC,MAAM,CAAC,CAAC;IAEtE,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,aAAa,CAAC,sDAAsD,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IAED,OAAO,WAAW,CAAC;AAAA,CACnB,CAAC"}
|