@atcute/oauth-browser-client 2.0.3 → 3.0.1

package/lib/resolvers.ts

@@ -1,15 +1,15 @@
+import type { ResolvedActor } from '@atcute/identity-resolver';
 import type { ActorIdentifier } from '@atcute/lexicons';
+import type { OAuthAuthorizationServerMetadata, OAuthProtectedResourceMetadata } from '@atcute/oauth-types';
 
-import { identityResolver } from './environment.js';
-import { ResolverError } from './errors.js';
-import type { ResolvedIdentity } from './types/identity.js';
-import type { AuthorizationServerMetadata, ProtectedResourceMetadata } from './types/server.js';
-import { extractContentType } from './utils/response.js';
-import { isValidUrl } from './utils/strings.js';
+import { identityResolver } from './environment.ts';
+import { ResolverError } from './errors.ts';
+import { extractContentType } from './utils/response.ts';
+import { isValidUrl } from './utils/strings.ts';
 
 export const resolveFromIdentifier = async (
 	ident: ActorIdentifier,
-): Promise<{ identity: ResolvedIdentity; metadata: AuthorizationServerMetadata }> => {
+): Promise<{ identity: ResolvedActor; metadata: OAuthAuthorizationServerMetadata }> => {
 	const identity = await identityResolver.resolve(ident);
 
 	return {
@@ -20,14 +20,14 @@ export const resolveFromIdentifier = async (
 
 export const resolveFromService = async (
 	host: string,
-): Promise<{ metadata: AuthorizationServerMetadata }> => {
+): Promise<{ metadata: OAuthAuthorizationServerMetadata }> => {
 	try {
 		const metadata = await getMetadataFromResourceServer(host);
 		return { metadata };
 	} catch (err) {
 		if (err instanceof ResolverError) {
 			try {
-				const metadata = await getAuthorizationServerMetadata(host);
+				const metadata = await getOAuthAuthorizationServerMetadata(host);
 				return { metadata };
 			} catch {}
 		}
@@ -36,7 +36,7 @@ export const resolveFromService = async (
 	}
 };
 
-const getProtectedResourceMetadata = async (host: string): Promise<ProtectedResourceMetadata> => {
+const getOAuthProtectedResourceMetadata = async (host: string): Promise<OAuthProtectedResourceMetadata> => {
 	const url = new URL(`/.well-known/oauth-protected-resource`, host);
 	const response = await fetch(url.href, {
 		redirect: 'manual',
@@ -49,7 +49,7 @@ const getProtectedResourceMetadata = async (host: string): Promise<ProtectedReso
 		throw new ResolverError(`unexpected response`);
 	}
 
-	const metadata = (await response.json()) as ProtectedResourceMetadata;
+	const metadata = (await response.json()) as OAuthProtectedResourceMetadata;
 	if (metadata.resource !== url.origin) {
 		throw new ResolverError(`unexpected issuer`);
 	}
@@ -57,7 +57,9 @@ const getProtectedResourceMetadata = async (host: string): Promise<ProtectedReso
 	return metadata;
 };
 
-const getAuthorizationServerMetadata = async (host: string): Promise<AuthorizationServerMetadata> => {
+const getOAuthAuthorizationServerMetadata = async (
+	host: string,
+): Promise<OAuthAuthorizationServerMetadata> => {
 	const url = new URL(`/.well-known/oauth-authorization-server`, host);
 	const response = await fetch(url.href, {
 		redirect: 'manual',
@@ -70,7 +72,7 @@ const getAuthorizationServerMetadata = async (host: string): Promise<Authorizati
 		throw new ResolverError(`unexpected response`);
 	}
 
-	const metadata = (await response.json()) as AuthorizationServerMetadata;
+	const metadata = (await response.json()) as OAuthAuthorizationServerMetadata;
 	if (metadata.issuer !== url.origin) {
 		throw new ResolverError(`unexpected issuer`);
 	}
@@ -93,7 +95,7 @@ const getAuthorizationServerMetadata = async (host: string): Promise<Authorizati
 };
 
 const getMetadataFromResourceServer = async (input: string) => {
-	const rs_metadata = await getProtectedResourceMetadata(input);
+	const rs_metadata = await getOAuthProtectedResourceMetadata(input);
 
 	if (rs_metadata.authorization_servers?.length !== 1) {
 		throw new ResolverError(`expected exactly one authorization server in the listing`);
@@ -101,7 +103,7 @@ const getMetadataFromResourceServer = async (input: string) => {
 
 	const issuer = rs_metadata.authorization_servers[0];
 
-	const as_metadata = await getAuthorizationServerMetadata(issuer);
+	const as_metadata = await getOAuthAuthorizationServerMetadata(issuer);
 
 	if (as_metadata.protected_resources) {
 		if (!as_metadata.protected_resources.includes(rs_metadata.resource)) {

package/lib/store/db.ts

@@ -1,10 +1,10 @@
 import type { Did } from '@atcute/lexicons';
+import type { DpopPrivateJwk } from '@atcute/oauth-crypto';
+import type { OAuthAuthorizationServerMetadata } from '@atcute/oauth-types';
 
-import type { DPoPKey } from '../types/dpop.js';
-import type { AuthorizationServerMetadata } from '../types/server.js';
-import type { SimpleStore } from '../types/store.js';
-import type { Session } from '../types/token.js';
-import { locks } from '../utils/runtime.js';
+import type { SimpleStore } from '../types/store.ts';
+import type { RawSession } from '../types/token.ts';
+import { locks } from '../utils/runtime.ts';
 
 export interface OAuthDatabaseOptions {
 	name: string;
@@ -19,7 +19,7 @@ interface SchemaItem<T> {
 interface Schema {
 	sessions: {
 		key: Did;
-		value: Session;
+		value: RawSession;
 		indexes: {
 			expiresAt: number;
 		};
@@ -27,8 +27,8 @@ interface Schema {
 	states: {
 		key: string;
 		value: {
-			dpopKey: DPoPKey;
-			metadata: AuthorizationServerMetadata;
+			dpopKey: DpopPrivateJwk;
+			metadata: OAuthAuthorizationServerMetadata;
 			verifier?: string;
 			state?: unknown;
 		};

package/lib/types/client-assertion.ts

@@ -6,18 +6,16 @@ export interface ClientAssertionCredentials {
 }
 
 export interface FetchClientAssertionParams {
-	/** JWK thumbprint of the DPoP key to bind the assertion to */
-	jkt: string;
 	/** authorization server issuer (audience for the assertion) */
 	aud: string;
-
 	/**
 	 * create a DPoP proof to prove you possess the key for the claimed jkt.
 	 *
 	 * @param htu origin and pathname to your backend
+	 * @param nonce optional DPoP nonce from the server
 	 * @returns DPoP proof that can be included in the assertion
 	 */
-	createDpopProof: (htu: string) => Promise<string>;
+	createDpopProof: (htu: string, nonce?: string) => Promise<string>;
 }
 
 export type ClientAssertionFetcher = (

package/lib/types/server.ts

@@ -1,62 +1,7 @@
-export interface ProtectedResourceMetadata {
-	resource: string;
-	jwks_uri?: string;
-	authorization_servers?: string[];
-	scopes_supported?: string[];
-	bearer_methods_supported?: ('header' | 'body' | 'query')[];
-	resource_signing_alg_values_supported?: string[];
-	resource_documentation?: string;
-	resource_policy_uri?: string;
-	resource_tos_uri?: string;
-}
-
-export interface AuthorizationServerMetadata {
-	issuer: string;
-	authorization_endpoint: string;
-	token_endpoint: string;
-	jwks_uri?: string;
-	scopes_supported?: string[];
-	claims_supported?: string[];
-	claims_locales_supported?: string[];
-	claims_parameter_supported?: boolean;
-	request_parameter_supported?: boolean;
-	request_uri_parameter_supported?: boolean;
-	require_request_uri_registration?: boolean;
-	subject_types_supported?: string[];
-	response_types_supported?: string[];
-	response_modes_supported?: string[];
-	grant_types_supported?: string[];
-	code_challenge_methods_supported?: string[];
-	ui_locales_supported?: string[];
-	id_token_signing_alg_values_supported?: string[];
-	display_values_supported?: string[];
-	request_object_signing_alg_values_supported?: string[];
-	authorization_response_iss_parameter_supported?: boolean;
-	authorization_details_types_supported?: string[];
-	request_object_encryption_alg_values_supported?: string[];
-	request_object_encryption_enc_values_supported?: string[];
-	token_endpoint_auth_methods_supported?: string[];
-	token_endpoint_auth_signing_alg_values_supported?: string[];
-	revocation_endpoint?: string;
-	revocation_endpoint_auth_methods_supported?: string[];
-	revocation_endpoint_auth_signing_alg_values_supported?: string[];
-	introspection_endpoint?: string;
-	introspection_endpoint_auth_methods_supported?: string[];
-	introspection_endpoint_auth_signing_alg_values_supported?: string[];
-	pushed_authorization_request_endpoint?: string;
-	pushed_authorization_request_endpoint_auth_methods_supported?: string[];
-	pushed_authorization_request_endpoint_auth_signing_alg_values_supported?: string[];
-	require_pushed_authorization_requests?: boolean;
-	userinfo_endpoint?: string;
-	end_session_endpoint?: string;
-	registration_endpoint?: string;
-	dpop_signing_alg_values_supported?: string[];
-	protected_resources?: string[];
-	client_id_metadata_document_supported?: boolean;
-}
+import type { OAuthAuthorizationServerMetadata } from '@atcute/oauth-types';
 
 export interface PersistedAuthorizationServerMetadata extends Pick<
-	AuthorizationServerMetadata,
+	OAuthAuthorizationServerMetadata,
 	| 'issuer'
 	| 'authorization_endpoint'
 	| 'introspection_endpoint'

package/lib/types/token.ts

@@ -1,29 +1,9 @@
 import type { Did } from '@atcute/lexicons';
+import type { DpopPrivateJwk } from '@atcute/oauth-crypto';
 
-import type { DPoPKey } from './dpop.js';
-import type { PersistedAuthorizationServerMetadata } from './server.js';
+import type { LegacyDpopKey } from '../utils/dpop-key.ts';
 
-export interface OAuthTokenResponse {
-	access_token: string;
-	// Can be DPoP or Bearer, normalize casing.
-	token_type: string;
-	issuer?: string;
-	sub?: string;
-	scope?: string;
-	id_token?: `${string}.${string}.${string}`;
-	refresh_token?: string;
-	expires_in?: number;
-	authorization_details?:
-		| {
-				type: string;
-				locations?: string[];
-				actions?: string[];
-				datatypes?: string[];
-				identifier?: string;
-				privileges?: string[];
-		  }[]
-		| undefined;
-}
+import type { PersistedAuthorizationServerMetadata } from './server.ts';
 
 export interface TokenInfo {
 	scope: string;
@@ -39,8 +19,14 @@ export interface ExchangeInfo {
 	server: PersistedAuthorizationServerMetadata;
 }
 
+export interface RawSession {
+	dpopKey: DpopPrivateJwk | LegacyDpopKey;
+	info: ExchangeInfo;
+	token: TokenInfo;
+}
+
 export interface Session {
-	dpopKey: DPoPKey;
+	dpopKey: DpopPrivateJwk;
 	info: ExchangeInfo;
 	token: TokenInfo;
 }

package/lib/utils/dpop-key.ts

@@ -0,0 +1,24 @@
+import { fromBase64Url } from '@atcute/multibase';
+import type { DpopPrivateJwk } from '@atcute/oauth-crypto';
+
+export interface LegacyDpopKey {
+	typ: 'ES256';
+	key: string;
+	jwt: string;
+	jkt?: string;
+}
+
+const ES256_ALG = { name: 'ECDSA', namedCurve: 'P-256' } as const;
+
+export const isLegacyDpopKey = (key: DpopPrivateJwk | LegacyDpopKey): key is LegacyDpopKey => {
+	return typeof (key as LegacyDpopKey).key === 'string' && typeof (key as LegacyDpopKey).jwt === 'string';
+};
+
+export const migrateLegacyDpopKey = async (key: LegacyDpopKey): Promise<DpopPrivateJwk> => {
+	const pkcs8 = fromBase64Url(key.key);
+	const cryptoKey = await crypto.subtle.importKey('pkcs8', pkcs8, ES256_ALG, true, ['sign']);
+	const jwk = (await crypto.subtle.exportKey('jwk', cryptoKey)) as DpopPrivateJwk;
+	jwk.alg = 'ES256';
+
+	return jwk;
+};

package/lib/utils/runtime.ts

@@ -1,23 +1 @@
-import { nanoid } from 'nanoid';
-
-import { toBase64Url } from '@atcute/multibase';
-import { encodeUtf8, toSha256 } from '@atcute/uint8array';
-
 export const locks: LockManager | undefined = typeof navigator !== 'undefined' ? navigator.locks : undefined;
-
-export const stringToSha256 = async (input: string): Promise<string> => {
-	const bytes = encodeUtf8(input);
-	const digest = await toSha256(bytes);
-
-	return toBase64Url(digest);
-};
-
-export const generatePKCE = async (): Promise<{ verifier: string; challenge: string; method: string }> => {
-	const verifier = nanoid(64);
-
-	return {
-		verifier: verifier,
-		challenge: await stringToSha256(verifier),
-		method: 'S256',
-	};
-};

package/package.json

@@ -1,7 +1,6 @@
 {
-  "type": "module",
   "name": "@atcute/oauth-browser-client",
-  "version": "2.0.3",
+  "version": "3.0.1",
   "description": "minimal OAuth browser client implementation for AT Protocol",
   "license": "0BSD",
   "repository": {
@@ -12,22 +11,32 @@
     "dist/",
     "lib/",
     "!lib/**/*.bench.ts",
-    "!lib/**/*.test.ts"
+    "!lib/**/*.test.ts",
+    "!dist/**/*.{test,bench}.*"
   ],
+  "type": "module",
+  "sideEffects": false,
   "exports": {
     ".": "./dist/index.js"
   },
-  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  },
   "dependencies": {
-    "nanoid": "^5.1.6",
-    "@atcute/client": "^4.1.1",
-    "@atcute/identity-resolver": "^1.2.0",
-    "@atcute/lexicons": "^1.2.5",
-    "@atcute/uint8array": "^1.0.6",
-    "@atcute/multibase": "^1.1.6"
+    "nanoid": "^5.1.11",
+    "@atcute/client": "^4.2.2",
+    "@atcute/lexicons": "^1.3.1",
+    "@atcute/identity-resolver": "^1.2.3",
+    "@atcute/multibase": "^1.2.0",
+    "@atcute/oauth-types": "^0.1.1",
+    "@atcute/oauth-crypto": "^0.1.0"
+  },
+  "peerDependencies": {
+    "@atcute/identity-resolver": "^1.0.0",
+    "@atcute/lexicons": "^1.0.0"
   },
   "scripts": {
-    "build": "tsgo --project tsconfig.build.json",
+    "build": "tsgo",
     "prepublish": "rm -rf dist; pnpm run build"
   }
 }

package/dist/types/client.d.ts

@@ -1,38 +0,0 @@
-export interface ClientMetadata {
-    redirect_uris: string[];
-    response_types: ('code' | 'token' | 'none' | 'code id_token token' | 'code id_token' | 'code token' | 'id_token token' | 'id_token')[];
-    grant_types: ('authorization_code' | 'implicit' | 'refresh_token' | 'password' | 'client_credentials' | 'urn:ietf:params:oauth:grant-type:jwt-bearer' | 'urn:ietf:params:oauth:grant-type:saml2-bearer')[];
-    scope?: string;
-    token_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
-    token_endpoint_auth_signing_alg?: string;
-    introspection_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
-    introspection_endpoint_auth_signing_alg?: string;
-    revocation_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
-    revocation_endpoint_auth_signing_alg?: string;
-    pushed_authorization_request_endpoint_auth_method?: 'none' | 'client_secret_basic' | 'client_secret_jwt' | 'client_secret_post' | 'private_key_jwt' | 'self_signed_tls_client_auth' | 'tls_client_auth';
-    pushed_authorization_request_endpoint_auth_signing_alg?: string;
-    userinfo_signed_response_alg?: string;
-    userinfo_encrypted_response_alg?: string;
-    jwks_uri?: string;
-    jwks?: unknown;
-    application_type?: 'web' | 'native';
-    subject_type?: 'public' | 'pairwise';
-    request_object_signing_alg?: string;
-    id_token_signed_response_alg?: string;
-    authorization_signed_response_alg?: string;
-    authorization_encrypted_response_enc?: 'A128CBC-HS256';
-    authorization_encrypted_response_alg?: string;
-    client_id?: string;
-    client_name?: string;
-    client_uri?: string;
-    policy_uri?: string;
-    tos_uri?: string;
-    logo_uri?: string;
-    default_max_age?: number;
-    require_auth_time?: boolean;
-    contacts?: string[];
-    tls_client_certificate_bound_access_tokens?: boolean;
-    dpop_bound_access_tokens?: boolean;
-    authorization_details_types?: string[];
-}
-//# sourceMappingURL=client.d.ts.map

package/dist/types/client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../lib/types/client.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC9B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,EAAE,CACb,MAAM,GACN,OAAO,GACP,MAAM,GACN,qBAAqB,GACrB,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,UAAU,CACZ,EAAE,CAAC;IACJ,WAAW,EAAE,CACV,oBAAoB,GACpB,UAAU,GACV,eAAe,GACf,UAAU,GACV,oBAAoB,GACpB,6CAA6C,GAC7C,+CAA+C,CACjD,EAAE,CAAC;IACJ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0BAA0B,CAAC,EACxB,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,kCAAkC,CAAC,EAChC,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,uCAAuC,CAAC,EAAE,MAAM,CAAC;IACjD,+BAA+B,CAAC,EAC7B,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,iDAAiD,CAAC,EAC/C,MAAM,GACN,qBAAqB,GACrB,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,6BAA6B,GAC7B,iBAAiB,CAAC;IACrB,sDAAsD,CAAC,EAAE,MAAM,CAAC;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,gBAAgB,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAC;IACpC,YAAY,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IACrC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,iCAAiC,CAAC,EAAE,MAAM,CAAC;IAC3C,oCAAoC,CAAC,EAAE,eAAe,CAAC;IACvD,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,0CAA0C,CAAC,EAAE,OAAO,CAAC;IACrD,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;CACvC"}

package/dist/types/client.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=client.js.map

package/dist/types/client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../lib/types/client.ts"],"names":[],"mappings":""}

package/dist/types/dpop.d.ts

@@ -1,10 +0,0 @@
-export interface DPoPKey {
-    typ: 'ES256';
-    /** private key in base64url-encoded pkcs #8 */
-    key: string;
-    /** base64url-encoded jwt token */
-    jwt: string;
-    /** JWK thumbprint (RFC 7638) for this key, used for client assertion binding */
-    jkt: string | undefined;
-}
-//# sourceMappingURL=dpop.d.ts.map

package/dist/types/dpop.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../lib/types/dpop.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,OAAO,CAAC;IACb,+CAA+C;IAC/C,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,gFAAgF;IAChF,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;CACxB"}

package/dist/types/dpop.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=dpop.js.map

package/dist/types/dpop.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../../lib/types/dpop.ts"],"names":[],"mappings":""}

package/dist/types/identity.d.ts

@@ -1,6 +0,0 @@
-import type { ActorResolver, LocalActorResolverOptions, ResolveActorOptions, ResolvedActor } from '@atcute/identity-resolver';
-export type IdentityResolver = ActorResolver;
-export type ResolvedIdentity = ResolvedActor;
-export type ResolveIdentityOptions = ResolveActorOptions;
-export type { LocalActorResolverOptions as DefaultIdentityResolverOptions };
-//# sourceMappingURL=identity.d.ts.map

package/dist/types/identity.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../lib/types/identity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,aAAa,EACb,yBAAyB,EACzB,mBAAmB,EACnB,aAAa,EACb,MAAM,2BAA2B,CAAC;AAGnC,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAC7C,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAC7C,MAAM,MAAM,sBAAsB,GAAG,mBAAmB,CAAC;AACzD,YAAY,EAAE,yBAAyB,IAAI,8BAA8B,EAAE,CAAC"}

package/dist/types/identity.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=identity.js.map

package/dist/types/identity.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../lib/types/identity.ts"],"names":[],"mappings":""}

package/dist/types/par.d.ts

@@ -1,5 +0,0 @@
-export interface OAuthParResponse {
-    request_uri: string;
-    expires_in: number;
-}
-//# sourceMappingURL=par.d.ts.map

package/dist/types/par.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"par.d.ts","sourceRoot":"","sources":["../../lib/types/par.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACnB"}

package/dist/types/par.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=par.js.map

package/dist/types/par.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"par.js","sourceRoot":"","sources":["../../lib/types/par.ts"],"names":[],"mappings":""}

package/dist/utils/identity-resolver.d.ts

@@ -1,7 +0,0 @@
-import type { DefaultIdentityResolverOptions } from '../types/identity.js';
-export type { DefaultIdentityResolverOptions };
-/**
- * @deprecated use `LocalActorResolver` from `@atcute/identity-resolver` instead
- */
-export declare const defaultIdentityResolver: (options: DefaultIdentityResolverOptions) => import("@atcute/identity-resolver").ActorResolver;
-//# sourceMappingURL=identity-resolver.d.ts.map

package/dist/utils/identity-resolver.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity-resolver.d.ts","sourceRoot":"","sources":["../../lib/utils/identity-resolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,8BAA8B,EAAoB,MAAM,sBAAsB,CAAC;AAE7F,YAAY,EAAE,8BAA8B,EAAE,CAAC;AAE/C;;GAEG;AACH,eAAO,MAAM,uBAAuB,gGAEnC,CAAC"}

package/dist/utils/identity-resolver.js

@@ -1,8 +0,0 @@
-import { LocalActorResolver } from '@atcute/identity-resolver';
-/**
- * @deprecated use `LocalActorResolver` from `@atcute/identity-resolver` instead
- */
-export const defaultIdentityResolver = (options) => {
-    return new LocalActorResolver(options);
-};
-//# sourceMappingURL=identity-resolver.js.map

package/dist/utils/identity-resolver.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity-resolver.js","sourceRoot":"","sources":["../../lib/utils/identity-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAM/D;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,OAAuC,EAAoB,EAAE,CAAC;IACrG,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAAA,CACvC,CAAC"}

package/lib/types/client.ts

@@ -1,82 +0,0 @@
-export interface ClientMetadata {
-	redirect_uris: string[];
-	response_types: (
-		| 'code'
-		| 'token'
-		| 'none'
-		| 'code id_token token'
-		| 'code id_token'
-		| 'code token'
-		| 'id_token token'
-		| 'id_token'
-	)[];
-	grant_types: (
-		| 'authorization_code'
-		| 'implicit'
-		| 'refresh_token'
-		| 'password'
-		| 'client_credentials'
-		| 'urn:ietf:params:oauth:grant-type:jwt-bearer'
-		| 'urn:ietf:params:oauth:grant-type:saml2-bearer'
-	)[];
-	scope?: string;
-	token_endpoint_auth_method?:
-		| 'none'
-		| 'client_secret_basic'
-		| 'client_secret_jwt'
-		| 'client_secret_post'
-		| 'private_key_jwt'
-		| 'self_signed_tls_client_auth'
-		| 'tls_client_auth';
-	token_endpoint_auth_signing_alg?: string;
-	introspection_endpoint_auth_method?:
-		| 'none'
-		| 'client_secret_basic'
-		| 'client_secret_jwt'
-		| 'client_secret_post'
-		| 'private_key_jwt'
-		| 'self_signed_tls_client_auth'
-		| 'tls_client_auth';
-	introspection_endpoint_auth_signing_alg?: string;
-	revocation_endpoint_auth_method?:
-		| 'none'
-		| 'client_secret_basic'
-		| 'client_secret_jwt'
-		| 'client_secret_post'
-		| 'private_key_jwt'
-		| 'self_signed_tls_client_auth'
-		| 'tls_client_auth';
-	revocation_endpoint_auth_signing_alg?: string;
-	pushed_authorization_request_endpoint_auth_method?:
-		| 'none'
-		| 'client_secret_basic'
-		| 'client_secret_jwt'
-		| 'client_secret_post'
-		| 'private_key_jwt'
-		| 'self_signed_tls_client_auth'
-		| 'tls_client_auth';
-	pushed_authorization_request_endpoint_auth_signing_alg?: string;
-	userinfo_signed_response_alg?: string;
-	userinfo_encrypted_response_alg?: string;
-	jwks_uri?: string;
-	jwks?: unknown;
-	application_type?: 'web' | 'native';
-	subject_type?: 'public' | 'pairwise';
-	request_object_signing_alg?: string;
-	id_token_signed_response_alg?: string;
-	authorization_signed_response_alg?: string;
-	authorization_encrypted_response_enc?: 'A128CBC-HS256';
-	authorization_encrypted_response_alg?: string;
-	client_id?: string;
-	client_name?: string;
-	client_uri?: string;
-	policy_uri?: string;
-	tos_uri?: string;
-	logo_uri?: string;
-	default_max_age?: number;
-	require_auth_time?: boolean;
-	contacts?: string[];
-	tls_client_certificate_bound_access_tokens?: boolean;
-	dpop_bound_access_tokens?: boolean;
-	authorization_details_types?: string[];
-}

package/lib/types/dpop.ts

@@ -1,9 +0,0 @@
-export interface DPoPKey {
-	typ: 'ES256';
-	/** private key in base64url-encoded pkcs #8 */
-	key: string;
-	/** base64url-encoded jwt token */
-	jwt: string;
-	/** JWK thumbprint (RFC 7638) for this key, used for client assertion binding */
-	jkt: string | undefined;
-}

package/lib/types/identity.ts

@@ -1,12 +0,0 @@
-import type {
-	ActorResolver,
-	LocalActorResolverOptions,
-	ResolveActorOptions,
-	ResolvedActor,
-} from '@atcute/identity-resolver';
-
-// re-export types for backward compatibility
-export type IdentityResolver = ActorResolver;
-export type ResolvedIdentity = ResolvedActor;
-export type ResolveIdentityOptions = ResolveActorOptions;
-export type { LocalActorResolverOptions as DefaultIdentityResolverOptions };

package/lib/types/par.ts

@@ -1,4 +0,0 @@
-export interface OAuthParResponse {
-	request_uri: string;
-	expires_in: number;
-}

package/lib/utils/identity-resolver.ts

@@ -1,12 +0,0 @@
-import { LocalActorResolver } from '@atcute/identity-resolver';
-
-import type { DefaultIdentityResolverOptions, IdentityResolver } from '../types/identity.js';
-
-export type { DefaultIdentityResolverOptions };
-
-/**
- * @deprecated use `LocalActorResolver` from `@atcute/identity-resolver` instead
- */
-export const defaultIdentityResolver = (options: DefaultIdentityResolverOptions): IdentityResolver => {
-	return new LocalActorResolver(options);
-};