@atproto/oauth-client 0.1.6 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/README.md +128 -7
  3. package/dist/index.d.ts +1 -2
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +1 -2
  6. package/dist/index.js.map +1 -1
  7. package/dist/oauth-client.d.ts +8 -8
  8. package/dist/oauth-client.d.ts.map +1 -1
  9. package/dist/oauth-client.js +13 -27
  10. package/dist/oauth-client.js.map +1 -1
  11. package/dist/oauth-server-agent.d.ts +2 -3
  12. package/dist/oauth-server-agent.d.ts.map +1 -1
  13. package/dist/oauth-server-agent.js +11 -6
  14. package/dist/oauth-server-agent.js.map +1 -1
  15. package/dist/{oauth-agent.d.ts → oauth-session.d.ts} +14 -14
  16. package/dist/oauth-session.d.ts.map +1 -0
  17. package/dist/{oauth-agent.js → oauth-session.js} +19 -18
  18. package/dist/oauth-session.js.map +1 -0
  19. package/dist/runtime.d.ts +1 -10
  20. package/dist/runtime.d.ts.map +1 -1
  21. package/dist/runtime.js +0 -70
  22. package/dist/runtime.js.map +1 -1
  23. package/dist/state-store.d.ts +0 -1
  24. package/dist/state-store.d.ts.map +1 -1
  25. package/dist/types.d.ts +14 -16
  26. package/dist/types.d.ts.map +1 -1
  27. package/dist/types.js.map +1 -1
  28. package/package.json +3 -4
  29. package/src/index.ts +1 -2
  30. package/src/oauth-client.ts +15 -43
  31. package/src/oauth-server-agent.ts +17 -9
  32. package/src/{oauth-agent.ts → oauth-session.ts} +27 -24
  33. package/src/runtime.ts +2 -94
  34. package/src/state-store.ts +0 -1
  35. package/src/types.ts +1 -3
  36. package/dist/oauth-agent.d.ts.map +0 -1
  37. package/dist/oauth-agent.js.map +0 -1
  38. package/dist/oauth-atp-agent.d.ts +0 -11
  39. package/dist/oauth-atp-agent.d.ts.map +0 -1
  40. package/dist/oauth-atp-agent.js +0 -51
  41. package/dist/oauth-atp-agent.js.map +0 -1
  42. package/src/oauth-atp-agent.ts +0 -48
package/CHANGELOG.md CHANGED
@@ -1,5 +1,44 @@
1
1
  # @atproto/oauth-client
2
2
 
3
+ ## 0.2.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#2714](https://github.com/bluesky-social/atproto/pull/2714) [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - The `OAuthClient` (and runtime specific sub-classes) no longer return @atproto/api `Agent` instances. Instead, they return `OAuthSession` instances that can be used to instantiate the `Agent` class.
8
+
9
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove "nonce" from authorization request
10
+
11
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Mandate the use of "atproto" scope
12
+
13
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove "openid" compatibility. The reason is that although we were technically "openid" compatible, ATProto identifiers are distributed identifiers. When a client relies on OpenID to authenticate users, it will use the auth provider in combination with the identifier to uniquely identify the user. Since ATProto identifiers are meant to be able to move from one provider to the other, OpenID compatibility could break authentication after a user was migrated to a different provider.
14
+
15
+ The way OpenID compliant clients would adapt to this particularity would typically be to remove the provider + identifier combination and use the identifier alone. While this is indeed the right way to handle ATProto identifiers, it requires more work to avoid impersonation. In particular, when obtaining a user identifier, the client **must** verify that the issuer of the identity token is indeed the server responsible for that user. This mechanism being not enforced by the OpenID standard, OpenID compatibility could lead to security issues. For this reason, we decided to remove OpenID compatibility from the OAuth provider.
16
+
17
+ Note that a trusted central authority could still offer OpenID compatibility by relying on ATProto's regular OAuth flow under the hood. This capability is out of the scope of this library.
18
+
19
+ - [#2714](https://github.com/bluesky-social/atproto/pull/2714) [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Rename OAuthAgent into OAuthSession
20
+
21
+ - [#2714](https://github.com/bluesky-social/atproto/pull/2714) [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Rename `OAuthSession`'s `request` method to `fetchHandler`. The goal of this change is to allow `OAuthSession` to be used in order to instantiate `XrpcClient` by implementing the `FetchHandlerObject` interface.
22
+
23
+ ### Patch Changes
24
+
25
+ - [#2714](https://github.com/bluesky-social/atproto/pull/2714) [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add `getTokenInfo()` method to `OAuthSession`.
26
+
27
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Do not remove scopes not advertised in the AS's "scopes_supported" when building the authorization request.
28
+
29
+ - [#2714](https://github.com/bluesky-social/atproto/pull/2714) [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Make `getTokenSet()` method public in `OAuthSession`.
30
+
31
+ - Updated dependencies [[`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c), [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7), [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7), [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7), [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c), [`d9ffa3c46`](https://github.com/bluesky-social/atproto/commit/d9ffa3c460924010d7002b616cb7a0c66111cc6c)]:
32
+ - @atproto/xrpc@0.6.1
33
+ - @atproto/oauth-types@0.1.4
34
+
35
+ ## 0.1.7
36
+
37
+ ### Patch Changes
38
+
39
+ - Updated dependencies [[`4ab248354`](https://github.com/bluesky-social/atproto/commit/4ab2483547d5dabfba88ed4419a4f374bbd7cae7)]:
40
+ - @atproto/api@0.13.3
41
+
3
42
  ## 0.1.6
4
43
 
5
44
  ### Patch Changes
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # @atproto/oauth-client: atproto flavoured OAuth client
2
2
 
3
- Core library for implementing [ATPROTO] OAuth clients.
3
+ Core library for implementing [atproto][ATPROTO] OAuth clients.
4
4
 
5
5
  For a browser specific implementation, see [@atproto/oauth-client-browser](https://www.npmjs.com/package/@atproto/oauth-client-browser).
6
6
  For a node specific implementation, see
@@ -147,7 +147,35 @@ const result = await client.callback(params)
147
147
  // Verify the state (e.g. to link to an internal user)
148
148
  result.state === '434321' // true
149
149
 
150
- const agent = result.agent
150
+ const oauthSession = result.session
151
+ ```
152
+
153
+ The sign-in process results in an `OAuthSession` instance that can be used to make
154
+ authenticated requests to the resource server. This instance will automatically
155
+ refresh the credentials when needed.
156
+
157
+ ### Making authenticated requests
158
+
159
+ The `OAuthSession` instance obtained after signing in can be used to make
160
+ authenticated requests to the user's PDS. There are two main use-cases:
161
+
162
+ 1. Making authenticated request to Bluesky's AppView in order to fetch and
163
+ manipulate data from the `app.bsky` lexicon.
164
+
165
+ 2. Making authenticated request to your own AppView, in order to fetch and
166
+ manipulate data from your own lexicon.
167
+
168
+ #### Making authenticated requests to Bluesky's AppView
169
+
170
+ The `@atproto/oauth-client` package provides a `OAuthSession` class that can be
171
+ used to make authenticated requests to Bluesky's AppView. This can be achieved
172
+ by constructing an `Agent` (from `@atproto/api`) instance using the
173
+ `OAuthSession` instance.
174
+
175
+ ```ts
176
+ import { Agent } from '@atproto/api'
177
+
178
+ const agent = new Agent(oauthSession)
151
179
 
152
180
  // Make an authenticated request to the server. New credentials will be
153
181
  // automatically fetched if needed (causing sessionStore.set() to be called).
@@ -155,12 +183,106 @@ await agent.post({
155
183
  text: 'Hello, world!',
156
184
  })
157
185
 
158
- if (agent instanceof AtpAgent) {
159
- // revoke credentials on the server (causing sessionStore.del() to be called)
160
- await agent.logout()
161
- }
186
+ // revoke credentials on the server (causing sessionStore.del() to be called)
187
+ await agent.signOut()
162
188
  ```
163
189
 
190
+ #### Making authenticated requests to your own AppView
191
+
192
+ The `OAuthSession` instance obtained after signing in can be used to instantiate
193
+ the `XrpcClient` class from the `@atproto/xrpc` package.
194
+
195
+ ```ts
196
+ import { Lexicons } from '@atproto/lexicon'
197
+ import { OAuthClient } from '@atproto/oauth-client' // or "@atproto/oauth-client-browser" or "@atproto/oauth-client-node"
198
+ import { XrpcClient } from '@atproto/xrpc'
199
+
200
+ // Define your lexicons
201
+ const myLexicon = new Lexicons([
202
+ {
203
+ lexicon: 1,
204
+ id: 'com.example.query',
205
+ defs: {
206
+ main: {
207
+ // ...
208
+ },
209
+ },
210
+ },
211
+ ])
212
+
213
+ // Describe your app's oauth client
214
+ const oauthClient = new OAuthClient({
215
+ // ...
216
+ })
217
+
218
+ // Authenticate the user
219
+ const oauthSession = await oauthClient.restore('did:plc:123')
220
+
221
+ // Instantiate a client using the `oauthSession` as fetch handler object
222
+ const client = new XrpcClient(oauthSession, myLexicon)
223
+
224
+ // Make authenticated calls
225
+ const response = await client.call('com.example.query')
226
+ ```
227
+
228
+ Note that the user's PDS might not know about your lexicon, or what to do with
229
+ those calls (PDS' are only mandated to implement the `com.atproto` lexicon). In
230
+ order to process your calls, you need to have a backend that will process those
231
+ calls. You can then instruct your PDS to forward those calls to your backend.
232
+
233
+ ```ts
234
+ const response = await client.call(
235
+ 'com.example.query',
236
+ {
237
+ // Params
238
+ },
239
+ {
240
+ headers: {
241
+ // The PDS will proxy calls to the specified service in did:plc:xyz's did document.
242
+ // These calls will be authenticated using "service auth", a single use JWT Bearer token, signed with the logged-in user's private key.
243
+ 'atproto-proxy': 'did:plc:xyz#serviceId',
244
+ },
245
+ },
246
+ )
247
+ ```
248
+
249
+ You can also instantiate the `XrpcClient` class with a custom `fetch` function
250
+ that will provide the `atproto-proxy` header on all calls:
251
+
252
+ ```ts
253
+ const boundClient = new XrpcClient((url, init) => {
254
+ const headers = new Headers(init?.headers)
255
+
256
+ // Add the atproto-proxy header if it is not already present
257
+ if (!headers.has('atproto-proxy')) {
258
+ headers.set('atproto-proxy', 'did:plc:xyz#serviceId')
259
+ }
260
+
261
+ return oauthSession.fetchHandler(url, { ...init, headers })
262
+ }, myLexicon)
263
+
264
+ // No need to specify the atproto-proxy header anymore
265
+ const response = await boundClient.call('com.example.query')
266
+ ```
267
+
268
+ > [!NOTE]
269
+ >
270
+ > Proxying every call through the PDS is not recommended for performance
271
+ > reasons, as it will increase the latency of readonly calls to your lexicon.
272
+ > Doing so will also prevent your backend from being able to anticipate writes
273
+ > on the network. Indeed, write calls will be sent to the PDS, which will then
274
+ > propagate them on the network through a relay (a.k.a. "firehose"). This will
275
+ > introduce a delay between the time the write is made and the time it is
276
+ > processed by your backend.
277
+ >
278
+ > In order to avoid those issues, it is recommended that you implement your
279
+ > backend using a backend-for-frontend pattern. This backend will be responsible
280
+ > for processing the calls made by the client, and will be able to anticipate
281
+ > writes on the network.
282
+ >
283
+ > Read more about the backend-for-frontend pattern in the [atproto][ATPROTO]
284
+ > documentation website.
285
+
164
286
  ## Advances use-cases
165
287
 
166
288
  ### Listening for session updates and deletion
@@ -219,7 +341,6 @@ or
219
341
  ```ts
220
342
  const url = await client.authorize(handle, {
221
343
  state,
222
- max_age: 600, // Require re-authentication after 10 minutes
223
344
  })
224
345
  ```
225
346
 
package/dist/index.d.ts CHANGED
@@ -3,8 +3,6 @@ export { FetchError, FetchRequestError, FetchResponseError, } from '@atproto-lab
3
3
  export * from '@atproto-labs/handle-resolver';
4
4
  export * from '@atproto/did';
5
5
  export * from '@atproto/oauth-types';
6
- export * from './oauth-agent.js';
7
- export * from './oauth-atp-agent.js';
8
6
  export * from './oauth-authorization-server-metadata-resolver.js';
9
7
  export * from './oauth-callback-error.js';
10
8
  export * from './oauth-client.js';
@@ -13,6 +11,7 @@ export * from './oauth-resolver-error.js';
13
11
  export * from './oauth-response-error.js';
14
12
  export * from './oauth-server-agent.js';
15
13
  export * from './oauth-server-factory.js';
14
+ export * from './oauth-session.js';
16
15
  export * from './runtime-implementation.js';
17
16
  export * from './session-getter.js';
18
17
  export * from './state-store.js';
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAC5B,cAAc,+BAA+B,CAAA;AAE7C,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA;AAEpC,cAAc,kBAAkB,CAAA;AAChC,cAAc,sBAAsB,CAAA;AACpC,cAAc,mDAAmD,CAAA;AACjE,cAAc,2BAA2B,CAAA;AACzC,cAAc,mBAAmB,CAAA;AACjC,cAAc,iDAAiD,CAAA;AAC/D,cAAc,2BAA2B,CAAA;AACzC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,YAAY,CAAA;AAE1B,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAC5B,cAAc,+BAA+B,CAAA;AAE7C,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA;AAEpC,cAAc,mDAAmD,CAAA;AACjE,cAAc,2BAA2B,CAAA;AACzC,cAAc,mBAAmB,CAAA;AACjC,cAAc,iDAAiD,CAAA;AAC/D,cAAc,2BAA2B,CAAA;AACzC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,oBAAoB,CAAA;AAClC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,YAAY,CAAA;AAE1B,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA"}
package/dist/index.js CHANGED
@@ -23,8 +23,6 @@ Object.defineProperty(exports, "FetchResponseError", { enumerable: true, get: fu
23
23
  __exportStar(require("@atproto-labs/handle-resolver"), exports);
24
24
  __exportStar(require("@atproto/did"), exports);
25
25
  __exportStar(require("@atproto/oauth-types"), exports);
26
- __exportStar(require("./oauth-agent.js"), exports);
27
- __exportStar(require("./oauth-atp-agent.js"), exports);
28
26
  __exportStar(require("./oauth-authorization-server-metadata-resolver.js"), exports);
29
27
  __exportStar(require("./oauth-callback-error.js"), exports);
30
28
  __exportStar(require("./oauth-client.js"), exports);
@@ -33,6 +31,7 @@ __exportStar(require("./oauth-resolver-error.js"), exports);
33
31
  __exportStar(require("./oauth-response-error.js"), exports);
34
32
  __exportStar(require("./oauth-server-agent.js"), exports);
35
33
  __exportStar(require("./oauth-server-factory.js"), exports);
34
+ __exportStar(require("./oauth-session.js"), exports);
36
35
  __exportStar(require("./runtime-implementation.js"), exports);
37
36
  __exportStar(require("./session-getter.js"), exports);
38
37
  __exportStar(require("./state-store.js"), exports);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAA0C;AAC1C,6CAI4B;AAH1B,mGAAA,UAAU,OAAA;AACV,0GAAA,iBAAiB,OAAA;AACjB,2GAAA,kBAAkB,OAAA;AAEpB,gEAA6C;AAE7C,+CAA4B;AAC5B,uDAAoC;AAEpC,mDAAgC;AAChC,uDAAoC;AACpC,oFAAiE;AACjE,4DAAyC;AACzC,oDAAiC;AACjC,kFAA+D;AAC/D,4DAAyC;AACzC,4DAAyC;AACzC,0DAAuC;AACvC,4DAAyC;AACzC,8DAA2C;AAC3C,sDAAmC;AACnC,mDAAgC;AAChC,6CAA0B;AAE1B,kEAA+C;AAC/C,kEAA+C;AAC/C,kEAA+C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAA0C;AAC1C,6CAI4B;AAH1B,mGAAA,UAAU,OAAA;AACV,0GAAA,iBAAiB,OAAA;AACjB,2GAAA,kBAAkB,OAAA;AAEpB,gEAA6C;AAE7C,+CAA4B;AAC5B,uDAAoC;AAEpC,oFAAiE;AACjE,4DAAyC;AACzC,oDAAiC;AACjC,kFAA+D;AAC/D,4DAAyC;AACzC,4DAAyC;AACzC,0DAAuC;AACvC,4DAAyC;AACzC,qDAAkC;AAClC,8DAA2C;AAC3C,sDAAmC;AACnC,mDAAgC;AAChC,6CAA0B;AAE1B,kEAA+C;AAC/C,kEAA+C;AAC/C,kEAA+C"}
@@ -4,12 +4,12 @@ import { HandleCache, HandleResolver } from '@atproto-labs/handle-resolver';
4
4
  import { IdentityResolver } from '@atproto-labs/identity-resolver';
5
5
  import { Key, Keyset } from '@atproto/jwk';
6
6
  import { OAuthClientIdDiscoverable, OAuthClientMetadata, OAuthClientMetadataInput, OAuthResponseMode } from '@atproto/oauth-types';
7
- import { OAuthAtpAgent } from './oauth-atp-agent.js';
8
7
  import { AuthorizationServerMetadataCache } from './oauth-authorization-server-metadata-resolver.js';
9
8
  import { ProtectedResourceMetadataCache } from './oauth-protected-resource-metadata-resolver.js';
10
9
  import { OAuthResolver } from './oauth-resolver.js';
11
10
  import { DpopNonceCache, OAuthServerAgent } from './oauth-server-agent.js';
12
11
  import { OAuthServerFactory } from './oauth-server-factory.js';
12
+ import { OAuthSession } from './oauth-session.js';
13
13
  import { RuntimeImplementation } from './runtime-implementation.js';
14
14
  import { Runtime } from './runtime.js';
15
15
  import { SessionEventMap, SessionGetter, SessionStore } from './session-getter.js';
@@ -55,7 +55,7 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
55
55
  kty: "RSA";
56
56
  n: string;
57
57
  e: string;
58
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
58
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
59
59
  kid?: string | undefined;
60
60
  ext?: boolean | undefined;
61
61
  use?: "sig" | "enc" | undefined;
@@ -186,7 +186,7 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
186
186
  readonly kty: "RSA";
187
187
  readonly n: string;
188
188
  readonly e: string;
189
- readonly alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
189
+ readonly alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
190
190
  readonly kid?: string | undefined;
191
191
  readonly ext?: boolean | undefined;
192
192
  readonly use?: "sig" | "enc" | undefined;
@@ -286,17 +286,17 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
286
286
  */
287
287
  abortRequest(authorizeUrl: URL): Promise<void>;
288
288
  callback(params: URLSearchParams): Promise<{
289
- agent: OAuthAtpAgent;
289
+ session: OAuthSession;
290
290
  state: string | null;
291
291
  }>;
292
292
  /**
293
- * Build an agent from a stored session. This will refresh the token only if
294
- * needed (about to expire) by default.
293
+ * Load a stored session. This will refresh the token only if needed (about to
294
+ * expire) by default.
295
295
  *
296
296
  * @param refresh See {@link SessionGetter.getSession}
297
297
  */
298
- restore(sub: string, refresh?: boolean): Promise<OAuthAtpAgent>;
298
+ restore(sub: string, refresh?: boolean): Promise<OAuthSession>;
299
299
  revoke(sub: string): Promise<void>;
300
- createAgent(server: OAuthServerAgent, sub: string): OAuthAtpAgent;
300
+ protected createSession(server: OAuthServerAgent, sub: string): OAuthSession;
301
301
  }
302
302
  //# sourceMappingURL=oauth-client.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,EAGT,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAGL,WAAW,EACX,cAAc,EACf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EAExB,iBAAiB,EAClB,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EACL,gCAAgC,EAEjC,MAAM,mDAAmD,CAAA;AAE1D,OAAO,EAEL,8BAA8B,EAC/B,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,YAAY,EACb,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAI7C,YAAY,EACV,gCAAgC,EAChC,QAAQ,EACR,cAAc,EACd,KAAK,EACL,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,GAAG,EACH,MAAM,EACN,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EACjB,8BAA8B,EAC9B,qBAAqB,EACrB,YAAY,EACZ,UAAU,GACX,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAE/B,YAAY,EAAE,iBAAiB,CAAA;IAC/B,cAAc,EAAE,QAAQ,CAAC,wBAAwB,CAAC,CAAA;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAG1D,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,YAAY,CAAA;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gCAAgC,CAAC,EAAE,gCAAgC,CAAA;IACnE,8BAA8B,CAAC,EAAE,8BAA8B,CAAA;IAC/D,cAAc,CAAC,EAAE,cAAc,CAAA;IAG/B,cAAc,EAAE,cAAc,GAAG,GAAG,GAAG,MAAM,CAAA;IAC7C,eAAe,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;IAC9B,qBAAqB,EAAE,qBAAqB,CAAA;IAC5C,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,eAAe,CAAA;AAEjD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,QAAQ,EAAE,yBAAyB,CAAA;IACnC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CAAA;AAED,qBAAa,WAAY,SAAQ,iBAAiB,CAAC,mBAAmB,CAAC;WACxD,aAAa,CAAC,EACzB,QAAQ,EACR,KAAwB,EACxB,MAAM,GACP,EAAE,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6BlC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAGxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAA;IACrB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,kBAAkB,CAAA;IAG1C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;gBAEnB,EACV,KAAwB,EAExB,UAAU,EACV,YAAY,EAEZ,QAAoB,EACpB,cAA+D,EAC/D,WAAuB,EACvB,gCAGE,EACF,8BAGE,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACP,EAAE,kBAAkB;IA4DrB,IAAI,gBAAgB,qBAEnB;IAGD,IAAI,WAAW,qHAEd;IAGD,IAAI,cAAc,mBAEjB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAEK,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC;IAgGxE;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,GAAG;IAY9B,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC;QAC/C,KAAK,EAAE,aAAa,CAAA;QACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,CAAC;IAuGF;;;;;OAKG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAc/D,MAAM,CAAC,GAAG,EAAE,MAAM;IAiBxB,WAAW,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa;CAUlE"}
1
+ {"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,EAGT,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAGL,WAAW,EACX,cAAc,EACf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAElE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EAExB,iBAAiB,EAClB,MAAM,sBAAsB,CAAA;AAI7B,OAAO,EACL,gCAAgC,EAEjC,MAAM,mDAAmD,CAAA;AAE1D,OAAO,EAEL,8BAA8B,EAC/B,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,YAAY,EACb,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAI7C,YAAY,EACV,gCAAgC,EAChC,QAAQ,EACR,cAAc,EACd,KAAK,EACL,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,GAAG,EACH,MAAM,EACN,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EACjB,8BAA8B,EAC9B,qBAAqB,EACrB,YAAY,EACZ,UAAU,GACX,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAE/B,YAAY,EAAE,iBAAiB,CAAA;IAC/B,cAAc,EAAE,QAAQ,CAAC,wBAAwB,CAAC,CAAA;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAG1D,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,YAAY,CAAA;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gCAAgC,CAAC,EAAE,gCAAgC,CAAA;IACnE,8BAA8B,CAAC,EAAE,8BAA8B,CAAA;IAC/D,cAAc,CAAC,EAAE,cAAc,CAAA;IAG/B,cAAc,EAAE,cAAc,GAAG,GAAG,GAAG,MAAM,CAAA;IAC7C,eAAe,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;IAC9B,qBAAqB,EAAE,qBAAqB,CAAA;IAC5C,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,eAAe,CAAA;AAEjD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,QAAQ,EAAE,yBAAyB,CAAA;IACnC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CAAA;AAED,qBAAa,WAAY,SAAQ,iBAAiB,CAAC,mBAAmB,CAAC;WACxD,aAAa,CAAC,EACzB,QAAQ,EACR,KAAwB,EACxB,MAAM,GACP,EAAE,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6BlC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAGxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAA;IACrB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,kBAAkB,CAAA;IAG1C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;gBAEnB,EACV,KAAwB,EAExB,UAAU,EACV,YAAY,EAEZ,QAAoB,EACpB,cAA+D,EAC/D,WAAuB,EACvB,gCAGE,EACF,8BAGE,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACP,EAAE,kBAAkB;IA4DrB,IAAI,gBAAgB,qBAEnB;IAGD,IAAI,WAAW,qHAEd;IAGD,IAAI,cAAc,mBAEjB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAEK,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC;IAwFxE;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,GAAG;IAY9B,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC;QAC/C,OAAO,EAAE,YAAY,CAAA;QACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,CAAC;IA2FF;;;;;OAKG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC;IAc9D,MAAM,CAAC,GAAG,EAAE,MAAM;IAiBxB,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,GAAG,YAAY;CAG7E"}
@@ -9,13 +9,12 @@ const jwk_1 = require("@atproto/jwk");
9
9
  const oauth_types_1 = require("@atproto/oauth-types");
10
10
  const constants_js_1 = require("./constants.js");
11
11
  const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
12
- const oauth_agent_js_1 = require("./oauth-agent.js");
13
- const oauth_atp_agent_js_1 = require("./oauth-atp-agent.js");
14
12
  const oauth_authorization_server_metadata_resolver_js_1 = require("./oauth-authorization-server-metadata-resolver.js");
15
13
  const oauth_callback_error_js_1 = require("./oauth-callback-error.js");
16
14
  const oauth_protected_resource_metadata_resolver_js_1 = require("./oauth-protected-resource-metadata-resolver.js");
17
15
  const oauth_resolver_js_1 = require("./oauth-resolver.js");
18
16
  const oauth_server_factory_js_1 = require("./oauth-server-factory.js");
17
+ const oauth_session_js_1 = require("./oauth-session.js");
19
18
  const runtime_js_1 = require("./runtime.js");
20
19
  const session_getter_js_1 = require("./session-getter.js");
21
20
  const util_js_1 = require("./util.js");
@@ -151,23 +150,20 @@ class OAuthClient extends util_js_1.CustomEventTarget {
151
150
  throw new TypeError('Invalid redirect_uri');
152
151
  }
153
152
  const { identity, metadata } = await this.oauthResolver.resolve(input, options);
154
- const nonce = await this.runtime.generateNonce();
155
153
  const pkce = await this.runtime.generatePKCE();
156
154
  const dpopKey = await this.runtime.generateKey(metadata.dpop_signing_alg_values_supported || [constants_js_1.FALLBACK_ALG]);
157
155
  const state = await this.runtime.generateNonce();
158
156
  await this.stateStore.set(state, {
159
157
  iss: metadata.issuer,
160
158
  dpopKey,
161
- nonce,
162
- verifier: pkce?.verifier,
159
+ verifier: pkce.verifier,
163
160
  appState: options?.state,
164
161
  });
165
162
  const parameters = {
166
163
  client_id: this.clientMetadata.client_id,
167
164
  redirect_uri: redirectUri,
168
- code_challenge: pkce?.challenge,
169
- code_challenge_method: pkce?.method,
170
- nonce,
165
+ code_challenge: pkce.challenge,
166
+ code_challenge_method: pkce.method,
171
167
  state,
172
168
  login_hint: identity
173
169
  ? input // If input is a handle or a DID, use it as a login_hint
@@ -177,13 +173,8 @@ class OAuthClient extends util_js_1.CustomEventTarget {
177
173
  // Negotiate by using the order in the client metadata
178
174
  this.clientMetadata.response_types?.find((t) => metadata['response_types_supported']?.includes(t)) ?? 'code',
179
175
  display: options?.display,
180
- id_token_hint: options?.id_token_hint,
181
- max_age: options?.max_age, // this.clientMetadata.default_max_age
182
176
  prompt: options?.prompt,
183
- scope: options?.scope
184
- ?.split(' ')
185
- .filter((s) => metadata.scopes_supported?.includes(s))
186
- .join(' '),
177
+ scope: options?.scope || undefined,
187
178
  ui_locales: options?.ui_locales,
188
179
  };
189
180
  if (metadata.pushed_authorization_request_endpoint) {
@@ -270,16 +261,12 @@ class OAuthClient extends util_js_1.CustomEventTarget {
270
261
  }
271
262
  const tokenSet = await server.exchangeCode(codeParam, stateData.verifier);
272
263
  try {
273
- if (tokenSet.id_token) {
274
- await this.runtime.validateIdTokenClaims(tokenSet.id_token, stateParam, stateData.nonce, codeParam, tokenSet.access_token);
275
- }
276
- const { sub } = tokenSet;
277
- await this.sessionGetter.setStored(sub, {
264
+ await this.sessionGetter.setStored(tokenSet.sub, {
278
265
  dpopKey: stateData.dpopKey,
279
266
  tokenSet,
280
267
  });
281
- const agent = this.createAgent(server, sub);
282
- return { agent, state: stateData.appState ?? null };
268
+ const session = this.createSession(server, tokenSet.sub);
269
+ return { session, state: stateData.appState ?? null };
283
270
  }
284
271
  catch (err) {
285
272
  await server.revoke(tokenSet.access_token);
@@ -293,8 +280,8 @@ class OAuthClient extends util_js_1.CustomEventTarget {
293
280
  }
294
281
  }
295
282
  /**
296
- * Build an agent from a stored session. This will refresh the token only if
297
- * needed (about to expire) by default.
283
+ * Load a stored session. This will refresh the token only if needed (about to
284
+ * expire) by default.
298
285
  *
299
286
  * @param refresh See {@link SessionGetter.getSession}
300
287
  */
@@ -304,7 +291,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
304
291
  noCache: refresh === true,
305
292
  allowStale: refresh === false,
306
293
  });
307
- return this.createAgent(server, sub);
294
+ return this.createSession(server, sub);
308
295
  }
309
296
  async revoke(sub) {
310
297
  const { dpopKey, tokenSet } = await this.sessionGetter.getSession(sub, false);
@@ -319,9 +306,8 @@ class OAuthClient extends util_js_1.CustomEventTarget {
319
306
  await this.sessionGetter.delStored(sub, new token_revoked_error_js_1.TokenRevokedError(sub));
320
307
  }
321
308
  }
322
- createAgent(server, sub) {
323
- const oauthAgent = new oauth_agent_js_1.OAuthAgent(server, sub, this.sessionGetter, this.fetch);
324
- return new oauth_atp_agent_js_1.OAuthAtpAgent(oauthAgent);
309
+ createSession(server, sub) {
310
+ return new oauth_session_js_1.OAuthSession(server, sub, this.sessionGetter, this.fetch);
325
311
  }
326
312
  }
327
313
  exports.OAuthClient = OAuthClient;
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,6DAImC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,sCAA0C;AAC1C,sDAM6B;AAE7B,iDAA6C;AAC7C,4EAAmE;AACnE,qDAA6C;AAC7C,6DAAoD;AACpD,uHAG0D;AAC1D,uEAA8D;AAC9D,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAE9D,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAoDtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EAExB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAxCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACA;;;;;WAA4B;QAC5B;;;;;WAAsB;QA6B7B,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EACjD,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,CACN,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,CACN,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,OAA0B;QACvD,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAC7D,KAAK,EACL,OAAO,CACR,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,KAAK;YACL,QAAQ,EAAE,IAAI,EAAE,QAAQ;YACxB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,EAAE,SAAS;YAC/B,qBAAqB,EAAE,IAAI,EAAE,MAAM;YACnC,KAAK;YACL,KAAK;YACL,UAAU,EAAE,QAAQ;gBAClB,CAAC,CAAC,KAAK,CAAC,wDAAwD;gBAChE,CAAC,CAAC,SAAS;YACb,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa;YACX,sDAAsD;YACtD,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC7C,QAAQ,CAAC,0BAA0B,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAClD,IAAI,MAAM;YAEb,OAAO,EAAE,OAAO,EAAE,OAAO;YACzB,aAAa,EAAE,OAAO,EAAE,aAAa;YACrC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,sCAAsC;YACjE,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,KAAK,EAAE,OAAO,EAAE,KAAK;gBACnB,EAAE,KAAK,CAAC,GAAG,CAAC;iBACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;iBACrD,IAAI,CAAC,GAAG,CAAC;YACZ,UAAU,EAAE,OAAO,EAAE,UAAU;SAChC,CAAA;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG,EACb,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBACjD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACtB,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,CACtC,QAAQ,CAAC,QAAQ,EACjB,UAAU,EACV,SAAS,CAAC,KAAK,EACf,SAAS,EACT,QAAQ,CAAC,YAAY,CACtB,CAAA;gBACH,CAAC;gBAED,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAA;gBAExB,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE;oBACtC,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;gBAE3C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACrD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAE1C,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,OAAiB;QAC1C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAC/D,GAAG,EACH,OAAO,CACR,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE;YACxE,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACtC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAC/D,GAAG,EACH,KAAK,CACN,CAAA;QAED,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACzE,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAED,WAAW,CAAC,MAAwB,EAAE,GAAW;QAC/C,MAAM,UAAU,GAAG,IAAI,2BAAU,CAC/B,MAAM,EACN,GAAG,EACH,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,CACX,CAAA;QAED,OAAO,IAAI,kCAAa,CAAC,UAAU,CAAC,CAAA;IACtC,CAAC;CACF;AA/ZD,kCA+ZC"}
1
+ {"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,6DAImC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,sCAA0C;AAC1C,sDAM6B;AAE7B,iDAA6C;AAC7C,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAoDtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EAExB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAxCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACA;;;;;WAA4B;QAC5B;;;;;WAAsB;QA6B7B,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EACjD,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,CACN,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,CACN,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,OAA0B;QACvD,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAC7D,KAAK,EACL,OAAO,CACR,CAAA;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ;gBAClB,CAAC,CAAC,KAAK,CAAC,wDAAwD;gBAChE,CAAC,CAAC,SAAS;YACb,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa;YACX,sDAAsD;YACtD,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC7C,QAAQ,CAAC,0BAA0B,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAClD,IAAI,MAAM;YAEb,OAAO,EAAE,OAAO,EAAE,OAAO;YACzB,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,SAAS;YAClC,UAAU,EAAE,OAAO,EAAE,UAAU;SAChC,CAAA;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG,EACb,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBACjD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAE1C,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,OAAiB;QAC1C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAC/D,GAAG,EACH,OAAO,CACR,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE;YACxE,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAC/D,GAAG,EACH,KAAK,CACN,CAAA;QAED,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACzE,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CAAC,MAAwB,EAAE,GAAW;QAC3D,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AApYD,kCAoYC"}
@@ -1,6 +1,6 @@
1
1
  import { Fetch, Json } from '@atproto-labs/fetch';
2
2
  import { SimpleStore } from '@atproto-labs/simple-store';
3
- import { Key, Keyset, SignedJwt } from '@atproto/jwk';
3
+ import { Key, Keyset } from '@atproto/jwk';
4
4
  import { OAuthAuthorizationServerMetadata, OAuthClientIdentification, OAuthEndpointName, OAuthParResponse, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
5
5
  import { OAuthResolver } from './oauth-resolver.js';
6
6
  import { Runtime } from './runtime.js';
@@ -9,8 +9,7 @@ export type TokenSet = {
9
9
  iss: string;
10
10
  sub: string;
11
11
  aud: string;
12
- scope?: string;
13
- id_token?: SignedJwt;
12
+ scope: string;
14
13
  refresh_token?: string;
15
14
  access_token: string;
16
15
  token_type: OAuthTokenType;
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACrD,OAAO,EAEL,gCAAgC,EAChC,yBAAyB,EACzB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,cAAc,EAGf,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAG3C,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;IAEd,QAAQ,CAAC,EAAE,SAAS,CAAA;IACpB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,cAAc,CAAA;IAC1B,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAIzB,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC;IATlB,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGxB,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,yBAAQ,EACxB,KAAK,CAAC,EAAE,KAAK;IAaT,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiBhE,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IA6BpD;;;;;;;OAOG;YACW,oBAAoB;IAsC5B,OAAO,CACX,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,kBAAkB,CAAC;IACxB,OAAO,CACX,QAAQ,EAAE,8BAA8B,EACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,gBAAgB,CAAC;IACtB,OAAO,CACX,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,IAAI,CAAC;IA4BV,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAC1D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAChC,OAAO,EAAE,yBAAyB,CAAA;KACnC,CAAC;CA+DH"}
1
+ {"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,gCAAgC,EAChC,yBAAyB,EACzB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,cAAc,EAGf,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAG3C,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IAEb,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,cAAc,CAAA;IAC1B,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAIzB,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC;IATlB,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGxB,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,yBAAQ,EACxB,KAAK,CAAC,EAAE,KAAK;IAaT,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiBhE,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IA6BpD;;;;;;;OAOG;YACW,oBAAoB;IA+C5B,OAAO,CACX,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,kBAAkB,CAAC;IACxB,OAAO,CACX,QAAQ,EAAE,8BAA8B,EACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,gBAAgB,CAAC;IACtB,OAAO,CACX,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,IAAI,CAAC;IA4BV,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAC1D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAChC,OAAO,EAAE,yBAAyB,CAAA;KACnC,CAAC;CA+DH"}
@@ -170,26 +170,31 @@ class OAuthServerAgent {
170
170
  const env_1 = { stack: [], error: void 0, hasError: false };
171
171
  try {
172
172
  const { sub } = tokenResponse;
173
- // ATPROTO requires that the "sub" is always present in the token response.
174
- if (!sub)
175
- throw new TypeError(`Missing "sub" in token response`);
173
+ if (!sub || typeof sub !== 'string') {
174
+ throw new TypeError(`Unexpected ${typeof sub} "sub" in token response`);
175
+ }
176
+ // Using an array to check for the presence of the "atproto" scope (we don't
177
+ // want atproto to be a substring of another scope)
178
+ const scopes = tokenResponse.scope?.split(' ');
179
+ if (!scopes?.includes('atproto')) {
180
+ throw new TypeError('Missing "atproto" scope in token response');
181
+ }
176
182
  // @TODO (?) make timeout configurable
177
183
  const signal = __addDisposableResource(env_1, (0, util_js_1.timeoutSignal)(10e3), false);
178
184
  const resolved = await this.oauthResolver.resolveFromIdentity(sub, {
179
185
  signal,
180
186
  });
181
- if (resolved.metadata.issuer !== this.serverMetadata.issuer) {
187
+ if (this.serverMetadata.issuer !== resolved.metadata.issuer) {
182
188
  // Best case scenario; the user switched PDS. Worst case scenario; a bad
183
189
  // actor is trying to impersonate a user. In any case, we must not allow
184
190
  // this token to be used.
185
191
  throw new TypeError('Issuer mismatch');
186
192
  }
187
193
  return {
188
- sub,
189
194
  aud: resolved.identity.pds.href,
190
195
  iss: resolved.metadata.issuer,
196
+ sub,
191
197
  scope: tokenResponse.scope,
192
- id_token: tokenResponse.id_token,
193
198
  refresh_token: tokenResponse.refresh_token,
194
199
  access_token: tokenResponse.access_token,
195
200
  token_type: tokenResponse.token_type ?? 'Bearer',
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAgF;AAGhF,sDAU6B;AAE7B,iDAA6C;AAC7C,4EAAmE;AACnE,mDAAkD;AAElD,uEAA8D;AAG9D,uCAAyC;AAkBzC,MAAa,gBAAgB;IAG3B,YACW,OAAY,EACZ,cAAgD,EAChD,cAA8B,EAC9B,UAA0B,EAC1B,aAA4B,EAC5B,OAAgB,EAChB,MAAe,EACxB,KAAa;QAPb;;;;mBAAS,OAAO;WAAK;QACrB;;;;mBAAS,cAAc;WAAkC;QACzD;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,UAAU;WAAgB;QACnC;;;;mBAAS,aAAa;WAAe;QACrC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,MAAM;WAAS;QAThB;;;;;WAAyB;QAYjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,cAAc,CAAC,SAAS;YAC7B,GAAG,EAAE,OAAO;YACZ,aAAa,EAAE,cAAc,CAAC,iCAAiC;YAC/D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAiB;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAE;YACnD,IAAI;YACJ,aAAa,EAAE,QAAQ;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;QACzE,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,IAAI,QAAQ,CAAC,GAAG,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;gBACvC,MAAM,IAAI,0CAAiB,CACzB,QAAQ,CAAC,GAAG,EACZ,uCAAuC,aAAa,CAAC,GAAG,GAAG,CAC5D,CAAA;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;gBAChD,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAA;YAC9D,CAAC;YAED,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,oBAAoB,CAChC,aAAiC;;;YAEjC,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,CAAA;YAC7B,2EAA2E;YAC3E,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAA;YAEhE,sCAAsC;YACtC,MAAM,MAAM,kCAAG,IAAA,uBAAa,EAAC,IAAI,CAAC,QAAA,CAAA;YAElC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE;gBACjE,MAAM;aACP,CAAC,CAAA;YAEF,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;gBAC5D,wEAAwE;gBACxE,wEAAwE;gBACxE,yBAAyB;gBACzB,MAAM,IAAI,SAAS,CAAC,iBAAiB,CAAC,CAAA;YACxC,CAAC;YAED,OAAO;gBACL,GAAG;gBACH,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI;gBAC/B,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM;gBAE7B,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,QAAQ,EAAE,aAAa,CAAC,QAAQ;gBAChC,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,UAAU,EAAE,aAAa,CAAC,UAAU,IAAI,QAAQ;gBAChD,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBACtE,CAAC,CAAC,SAAS;aAChB,CAAA;;;;;;;;;KACF;IAeD,KAAK,CAAC,OAAO,CAAC,QAA2B,EAAE,OAAgC;QACzE,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,qBAAqB,CAAC,CAAA;QAE9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QAEjD,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtD,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAkB,GAAE,CAAC,CAAA;QAE7B,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,OAAO;oBACV,OAAO,sCAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC7C,KAAK,8BAA8B;oBACjC,OAAO,oCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC3C;oBACE,OAAO,IAAI,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAA2B;QAI/C,MAAM,eAAe,GACnB,IAAI,CAAC,cAAc,CAAC,uCAAuC,CAAC,CAAA;QAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAA;QAEhE,IACE,MAAM,KAAK,iBAAiB;YAC5B,CAAC,IAAI,CAAC,MAAM;gBACV,CAAC,MAAM;gBACP,CAAC,eAAe,EAAE,QAAQ,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,CAAC,EAC1D,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;YAExD,IAAI,CAAC;gBACH,MAAM,GAAG,GACP,IAAI,CAAC,cAAc,CACjB,kDAAkD,CACnD,IAAI,2BAAY,CAAA;gBAEnB,wEAAwE;gBACxE,wEAAwE;gBACxE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI;qBACvC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC;qBACrB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAA;gBAEpD,OAAO;oBACL,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;wBACxC,qBAAqB,EAAE,8CAAgC;wBACvD,gBAAgB,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAC3C,EAAE,GAAG,EAAE,GAAG,EAAE,EACZ;4BACE,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM;4BAC/B,GAAG,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;4BACvC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;yBACnC,CACF;qBACF;iBACF,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,MAAM,KAAK,iBAAiB;oBAAE,MAAM,GAAG,CAAA;gBAE3C,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,IACE,MAAM,KAAK,MAAM;YACjB,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,EACxD,CAAC;YACD,OAAO;gBACL,OAAO,EAAE;oBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;iBACzC;aACF,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,eAAe,QAAQ,wBAAwB,CAAC,CAAA;IAClE,CAAC;CACF;AArOD,4CAqOC"}
1
+ {"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAgF;AAGhF,sDAU6B;AAE7B,iDAA6C;AAC7C,4EAAmE;AACnE,mDAAkD;AAElD,uEAA8D;AAG9D,uCAAyC;AAiBzC,MAAa,gBAAgB;IAG3B,YACW,OAAY,EACZ,cAAgD,EAChD,cAA8B,EAC9B,UAA0B,EAC1B,aAA4B,EAC5B,OAAgB,EAChB,MAAe,EACxB,KAAa;QAPb;;;;mBAAS,OAAO;WAAK;QACrB;;;;mBAAS,cAAc;WAAkC;QACzD;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,UAAU;WAAgB;QACnC;;;;mBAAS,aAAa;WAAe;QACrC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,MAAM;WAAS;QAThB;;;;;WAAyB;QAYjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,cAAc,CAAC,SAAS;YAC7B,GAAG,EAAE,OAAO;YACZ,aAAa,EAAE,cAAc,CAAC,iCAAiC;YAC/D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAiB;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAE;YACnD,IAAI;YACJ,aAAa,EAAE,QAAQ;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;QACzE,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,IAAI,QAAQ,CAAC,GAAG,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;gBACvC,MAAM,IAAI,0CAAiB,CACzB,QAAQ,CAAC,GAAG,EACZ,uCAAuC,aAAa,CAAC,GAAG,GAAG,CAC5D,CAAA;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;gBAChD,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAA;YAC9D,CAAC;YAED,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,oBAAoB,CAChC,aAAiC;;;YAEjC,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,CAAA;YAE7B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACpC,MAAM,IAAI,SAAS,CAAC,cAAc,OAAO,GAAG,0BAA0B,CAAC,CAAA;YACzE,CAAC;YAED,4EAA4E;YAC5E,mDAAmD;YACnD,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9C,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;YAClE,CAAC;YAED,sCAAsC;YACtC,MAAM,MAAM,kCAAG,IAAA,uBAAa,EAAC,IAAI,CAAC,QAAA,CAAA;YAElC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE;gBACjE,MAAM;aACP,CAAC,CAAA;YAEF,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC5D,wEAAwE;gBACxE,wEAAwE;gBACxE,yBAAyB;gBACzB,MAAM,IAAI,SAAS,CAAC,iBAAiB,CAAC,CAAA;YACxC,CAAC;YAED,OAAO;gBACL,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI;gBAC/B,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM;gBAE7B,GAAG;gBAEH,KAAK,EAAE,aAAa,CAAC,KAAM;gBAC3B,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,UAAU,EAAE,aAAa,CAAC,UAAU,IAAI,QAAQ;gBAChD,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBACtE,CAAC,CAAC,SAAS;aAChB,CAAA;;;;;;;;;KACF;IAeD,KAAK,CAAC,OAAO,CAAC,QAA2B,EAAE,OAAgC;QACzE,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,qBAAqB,CAAC,CAAA;QAE9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QAEjD,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtD,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAkB,GAAE,CAAC,CAAA;QAE7B,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,OAAO;oBACV,OAAO,sCAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC7C,KAAK,8BAA8B;oBACjC,OAAO,oCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC3C;oBACE,OAAO,IAAI,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAA2B;QAI/C,MAAM,eAAe,GACnB,IAAI,CAAC,cAAc,CAAC,uCAAuC,CAAC,CAAA;QAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAA;QAEhE,IACE,MAAM,KAAK,iBAAiB;YAC5B,CAAC,IAAI,CAAC,MAAM;gBACV,CAAC,MAAM;gBACP,CAAC,eAAe,EAAE,QAAQ,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,CAAC,EAC1D,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;YAExD,IAAI,CAAC;gBACH,MAAM,GAAG,GACP,IAAI,CAAC,cAAc,CACjB,kDAAkD,CACnD,IAAI,2BAAY,CAAA;gBAEnB,wEAAwE;gBACxE,wEAAwE;gBACxE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI;qBACvC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC;qBACrB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAA;gBAEpD,OAAO;oBACL,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;wBACxC,qBAAqB,EAAE,8CAAgC;wBACvD,gBAAgB,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAC3C,EAAE,GAAG,EAAE,GAAG,EAAE,EACZ;4BACE,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM;4BAC/B,GAAG,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;4BACvC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;yBACnC,CACF;qBACF;iBACF,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,MAAM,KAAK,iBAAiB;oBAAE,MAAM,GAAG,CAAA;gBAE3C,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,IACE,MAAM,KAAK,MAAM;YACjB,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,EACxD,CAAC;YACD,OAAO;gBACL,OAAO,EAAE;oBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;iBACzC;aACF,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,eAAe,QAAQ,wBAAwB,CAAC,CAAA;IAClE,CAAC;CACF;AA9OD,4CA8OC"}