@atproto/oauth-client 0.1.6 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/README.md +128 -7
  3. package/dist/index.d.ts +1 -2
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +1 -2
  6. package/dist/index.js.map +1 -1
  7. package/dist/oauth-client.d.ts +8 -8
  8. package/dist/oauth-client.d.ts.map +1 -1
  9. package/dist/oauth-client.js +13 -27
  10. package/dist/oauth-client.js.map +1 -1
  11. package/dist/oauth-server-agent.d.ts +2 -3
  12. package/dist/oauth-server-agent.d.ts.map +1 -1
  13. package/dist/oauth-server-agent.js +11 -6
  14. package/dist/oauth-server-agent.js.map +1 -1
  15. package/dist/{oauth-agent.d.ts → oauth-session.d.ts} +14 -14
  16. package/dist/oauth-session.d.ts.map +1 -0
  17. package/dist/{oauth-agent.js → oauth-session.js} +19 -18
  18. package/dist/oauth-session.js.map +1 -0
  19. package/dist/runtime.d.ts +1 -10
  20. package/dist/runtime.d.ts.map +1 -1
  21. package/dist/runtime.js +0 -70
  22. package/dist/runtime.js.map +1 -1
  23. package/dist/state-store.d.ts +0 -1
  24. package/dist/state-store.d.ts.map +1 -1
  25. package/dist/types.d.ts +14 -16
  26. package/dist/types.d.ts.map +1 -1
  27. package/dist/types.js.map +1 -1
  28. package/package.json +3 -4
  29. package/src/index.ts +1 -2
  30. package/src/oauth-client.ts +15 -43
  31. package/src/oauth-server-agent.ts +17 -9
  32. package/src/{oauth-agent.ts → oauth-session.ts} +27 -24
  33. package/src/runtime.ts +2 -94
  34. package/src/state-store.ts +0 -1
  35. package/src/types.ts +1 -3
  36. package/dist/oauth-agent.d.ts.map +0 -1
  37. package/dist/oauth-agent.js.map +0 -1
  38. package/dist/oauth-atp-agent.d.ts +0 -11
  39. package/dist/oauth-atp-agent.d.ts.map +0 -1
  40. package/dist/oauth-atp-agent.js +0 -51
  41. package/dist/oauth-atp-agent.js.map +0 -1
  42. package/src/oauth-atp-agent.ts +0 -48
@@ -1,6 +1,6 @@
1
1
  import { Fetch, Json, bindFetch, fetchJsonProcessor } from '@atproto-labs/fetch'
2
2
  import { SimpleStore } from '@atproto-labs/simple-store'
3
- import { Key, Keyset, SignedJwt } from '@atproto/jwk'
3
+ import { Key, Keyset } from '@atproto/jwk'
4
4
  import {
5
5
  CLIENT_ASSERTION_TYPE_JWT_BEARER,
6
6
  OAuthAuthorizationServerMetadata,
@@ -26,9 +26,8 @@ export type TokenSet = {
26
26
  iss: string
27
27
  sub: string
28
28
  aud: string
29
- scope?: string
29
+ scope: string
30
30
 
31
- id_token?: SignedJwt
32
31
  refresh_token?: string
33
32
  access_token: string
34
33
  token_type: OAuthTokenType
@@ -128,8 +127,17 @@ export class OAuthServerAgent {
128
127
  tokenResponse: OAuthTokenResponse,
129
128
  ): Promise<TokenSet> {
130
129
  const { sub } = tokenResponse
131
- // ATPROTO requires that the "sub" is always present in the token response.
132
- if (!sub) throw new TypeError(`Missing "sub" in token response`)
130
+
131
+ if (!sub || typeof sub !== 'string') {
132
+ throw new TypeError(`Unexpected ${typeof sub} "sub" in token response`)
133
+ }
134
+
135
+ // Using an array to check for the presence of the "atproto" scope (we don't
136
+ // want atproto to be a substring of another scope)
137
+ const scopes = tokenResponse.scope?.split(' ')
138
+ if (!scopes?.includes('atproto')) {
139
+ throw new TypeError('Missing "atproto" scope in token response')
140
+ }
133
141
 
134
142
  // @TODO (?) make timeout configurable
135
143
  using signal = timeoutSignal(10e3)
@@ -138,7 +146,7 @@ export class OAuthServerAgent {
138
146
  signal,
139
147
  })
140
148
 
141
- if (resolved.metadata.issuer !== this.serverMetadata.issuer) {
149
+ if (this.serverMetadata.issuer !== resolved.metadata.issuer) {
142
150
  // Best case scenario; the user switched PDS. Worst case scenario; a bad
143
151
  // actor is trying to impersonate a user. In any case, we must not allow
144
152
  // this token to be used.
@@ -146,12 +154,12 @@ export class OAuthServerAgent {
146
154
  }
147
155
 
148
156
  return {
149
- sub,
150
157
  aud: resolved.identity.pds.href,
151
158
  iss: resolved.metadata.issuer,
152
159
 
153
- scope: tokenResponse.scope,
154
- id_token: tokenResponse.id_token,
160
+ sub,
161
+
162
+ scope: tokenResponse.scope!,
155
163
  refresh_token: tokenResponse.refresh_token,
156
164
  access_token: tokenResponse.access_token,
157
165
  token_type: tokenResponse.token_type ?? 'Bearer',
@@ -1,5 +1,5 @@
1
+ import { asDid } from '@atproto/did'
1
2
  import { Fetch, bindFetch } from '@atproto-labs/fetch'
2
- import { JwtPayload, unsafeDecodeJwt } from '@atproto/jwk'
3
3
  import { OAuthAuthorizationServerMetadata } from '@atproto/oauth-types'
4
4
 
5
5
  import { TokenInvalidError } from './errors/token-invalid-error.js'
@@ -12,7 +12,16 @@ const ReadableStream = globalThis.ReadableStream as
12
12
  | typeof globalThis.ReadableStream
13
13
  | undefined
14
14
 
15
- export class OAuthAgent {
15
+ export type TokenInfo = {
16
+ expiresAt?: Date
17
+ expired?: boolean
18
+ scope?: string
19
+ iss: string
20
+ aud: string
21
+ sub: string
22
+ }
23
+
24
+ export class OAuthSession {
16
25
  protected dpopFetch: Fetch<unknown>
17
26
 
18
27
  constructor(
@@ -32,40 +41,34 @@ export class OAuthAgent {
32
41
  })
33
42
  }
34
43
 
35
- get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata> {
36
- return this.server.serverMetadata
44
+ get did() {
45
+ return asDid(this.sub)
37
46
  }
38
47
 
39
- public async refreshIfNeeded(): Promise<void> {
40
- await this.getTokenSet(undefined)
48
+ get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata> {
49
+ return this.server.serverMetadata
41
50
  }
42
51
 
43
52
  /**
44
53
  * @param refresh See {@link SessionGetter.getSession}
45
54
  */
46
- protected async getTokenSet(refresh?: boolean): Promise<TokenSet> {
55
+ public async getTokenSet(refresh?: boolean): Promise<TokenSet> {
47
56
  const { tokenSet } = await this.sessionGetter.getSession(this.sub, refresh)
48
57
  return tokenSet
49
58
  }
50
59
 
51
- async getInfo(): Promise<{
52
- userinfo?: JwtPayload
53
- expired?: boolean
54
- scope?: string
55
- iss: string
56
- aud: string
57
- sub: string
58
- }> {
59
- const tokenSet = await this.getTokenSet()
60
+ async getTokenInfo(refresh?: boolean): Promise<TokenInfo> {
61
+ const tokenSet = await this.getTokenSet(refresh)
62
+ const expiresAt =
63
+ tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at)
60
64
 
61
65
  return {
62
- userinfo: tokenSet.id_token
63
- ? unsafeDecodeJwt(tokenSet.id_token).payload
64
- : undefined,
65
- expired:
66
- tokenSet.expires_at == null
66
+ expiresAt,
67
+ get expired() {
68
+ return expiresAt == null
67
69
  ? undefined
68
- : new Date(tokenSet.expires_at).getTime() < Date.now() - 5e3,
70
+ : expiresAt.getTime() < Date.now() - 5e3
71
+ },
69
72
  scope: tokenSet.scope,
70
73
  iss: tokenSet.iss,
71
74
  aud: tokenSet.aud,
@@ -85,7 +88,7 @@ export class OAuthAgent {
85
88
  }
86
89
  }
87
90
 
88
- async request(pathname: string, init?: RequestInit): Promise<Response> {
91
+ async fetchHandler(pathname: string, init?: RequestInit): Promise<Response> {
89
92
  // This will try and refresh the token if it is known to be expired
90
93
  const tokenSet = await this.getTokenSet(undefined)
91
94
 
@@ -135,7 +138,7 @@ export class OAuthAgent {
135
138
  if (isInvalidTokenResponse(finalResponse)) {
136
139
  // TODO: Is there a "softer" way to handle this, e.g. by marking the
137
140
  // session as "expired" in the session store, allowing the user to trigger
138
- // a new login (using login_hint/id_token_hint)?
141
+ // a new login (using login_hint)?
139
142
  await this.sessionGetter.delStored(
140
143
  this.sub,
141
144
  new TokenInvalidError(this.sub),
package/src/runtime.ts CHANGED
@@ -1,12 +1,8 @@
1
- import { JwtHeader, JwtPayload, Key, unsafeDecodeJwt } from '@atproto/jwk'
1
+ import { Key } from '@atproto/jwk'
2
2
  import { base64url } from 'multiformats/bases/base64'
3
3
 
4
4
  import { requestLocalLock } from './lock.js'
5
- import {
6
- DigestAlgorithm,
7
- RuntimeImplementation,
8
- RuntimeLock,
9
- } from './runtime-implementation.js'
5
+ import { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js'
10
6
 
11
7
  export class Runtime {
12
8
  readonly hasImplementationLock: boolean
@@ -38,64 +34,6 @@ export class Runtime {
38
34
  return base64url.baseEncode(bytes)
39
35
  }
40
36
 
41
- public async validateIdTokenClaims(
42
- token: string,
43
- state: string,
44
- nonce: string,
45
- code?: string,
46
- accessToken?: string,
47
- ): Promise<{
48
- header: JwtHeader
49
- payload: JwtPayload
50
- }> {
51
- // It's fine to use unsafeDecodeJwt here because the token was received from
52
- // the server's token endpoint. The following checks are to ensure that the
53
- // oauth flow was indeed initiated by the client.
54
- const { header, payload } = unsafeDecodeJwt(token)
55
- if (!payload.nonce || payload.nonce !== nonce) {
56
- throw new TypeError('Nonce mismatch')
57
- }
58
- if (payload.c_hash) {
59
- await this.validateHashClaim(payload.c_hash, code, header)
60
- }
61
- if (payload.s_hash) {
62
- await this.validateHashClaim(payload.s_hash, state, header)
63
- }
64
- if (payload.at_hash) {
65
- await this.validateHashClaim(payload.at_hash, accessToken, header)
66
- }
67
- return { header, payload }
68
- }
69
-
70
- private async validateHashClaim(
71
- claim: unknown,
72
- source: unknown,
73
- header: { alg: string; crv?: string },
74
- ): Promise<void> {
75
- if (typeof claim !== 'string' || !claim) {
76
- throw new TypeError(`string "_hash" claim expected`)
77
- }
78
- if (typeof source !== 'string' || !source) {
79
- throw new TypeError(`string value expected`)
80
- }
81
- const expected = await this.generateHashClaim(source, header)
82
- if (expected !== claim) {
83
- throw new TypeError(`"_hash" does not match`)
84
- }
85
- }
86
-
87
- protected async generateHashClaim(
88
- source: string,
89
- header: { alg: string; crv?: string },
90
- ) {
91
- const algo = getHashAlgo(header)
92
- const bytes = new TextEncoder().encode(source)
93
- const digest = await this.implementation.digest(bytes, algo)
94
- if (digest.length % 2 !== 0) throw new TypeError('Invalid digest length')
95
- const digestHalf = digest.slice(0, digest.length / 2)
96
- return base64url.baseEncode(digestHalf)
97
- }
98
-
99
37
  public async generatePKCE(byteLength?: number) {
100
38
  const verifier = await this.generateVerifier(byteLength)
101
39
  return {
@@ -127,36 +65,6 @@ export class Runtime {
127
65
  }
128
66
  }
129
67
 
130
- function getHashAlgo(header: { alg: string; crv?: string }): DigestAlgorithm {
131
- switch (header.alg) {
132
- case 'HS256':
133
- case 'RS256':
134
- case 'PS256':
135
- case 'ES256':
136
- case 'ES256K':
137
- return { name: 'sha256' }
138
- case 'HS384':
139
- case 'RS384':
140
- case 'PS384':
141
- case 'ES384':
142
- return { name: 'sha384' }
143
- case 'HS512':
144
- case 'RS512':
145
- case 'PS512':
146
- case 'ES512':
147
- return { name: 'sha512' }
148
- case 'EdDSA':
149
- switch (header.crv) {
150
- case 'Ed25519':
151
- return { name: 'sha512' }
152
- default:
153
- throw new TypeError('unrecognized or invalid EdDSA curve provided')
154
- }
155
- default:
156
- throw new TypeError('unrecognized or invalid JWS algorithm provided')
157
- }
158
- }
159
-
160
68
  function extractJktComponents(jwk) {
161
69
  const get = (field) => {
162
70
  const value = jwk[field]
@@ -3,7 +3,6 @@ import { Key } from '@atproto/jwk'
3
3
 
4
4
  export type InternalStateData = {
5
5
  iss: string
6
- nonce: string
7
6
  dpopKey: Key
8
7
  verifier?: string
9
8
  appState?: string
package/src/types.ts CHANGED
@@ -16,10 +16,8 @@ export type AuthorizeOptions = {
16
16
  state?: string
17
17
  signal?: AbortSignal
18
18
 
19
- // Only for OIDC compatible
19
+ // Borrowed from OIDC
20
20
  ui_locales?: string
21
- id_token_hint?: string
22
- max_age?: number
23
21
  }
24
22
 
25
23
  export const clientMetadataSchema = oauthClientMetadataSchema.extend({
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-agent.d.ts","sourceRoot":"","sources":["../src/oauth-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAa,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,UAAU,EAAmB,MAAM,cAAc,CAAA;AAC1D,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AAKvE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,qBAAa,UAAU;aAIH,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,MAAM;IAC3B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACV,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAajC,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAEY,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;OAEG;cACa,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAK3D,OAAO,IAAI,OAAO,CAAC;QACvB,QAAQ,CAAC,EAAE,UAAU,CAAA;QACrB,OAAO,CAAC,EAAE,OAAO,CAAA;QACjB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAC;IAkBI,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2DvE"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-agent.js","sourceRoot":"","sources":["../src/oauth-agent.ts"],"names":[],"mappings":";;;AAAA,+CAAsD;AACtD,sCAA0D;AAG1D,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAEb,MAAa,UAAU;IAGrB,YACkB,MAAwB,EACxB,GAAW,EACV,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAQ;QAC3B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,SAAS;YACpC,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAEM,KAAK,CAAC,eAAe;QAC1B,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,WAAW,CAAC,OAAiB;QAC3C,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC3E,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,OAAO;QAQX,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;QAEzC,OAAO;YACL,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBACzB,CAAC,CAAC,IAAA,qBAAe,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO;gBAC5C,CAAC,CAAC,SAAS;YACb,OAAO,EACL,QAAQ,CAAC,UAAU,IAAI,IAAI;gBACzB,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG;YAChE,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YACzE,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,IAAkB;QAChD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QAElD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,gDAAgD;YAChD,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AApID,gCAoIC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC"}
@@ -1,11 +0,0 @@
1
- import { Agent } from '@atproto/api';
2
- import { OAuthAgent } from './oauth-agent.js';
3
- export declare class OAuthAtpAgent extends Agent {
4
- readonly oauthAgent: OAuthAgent;
5
- constructor(oauthAgent: OAuthAgent);
6
- clone(): OAuthAtpAgent;
7
- get did(): string;
8
- signOut(): Promise<void>;
9
- refreshIfNeeded(): Promise<void>;
10
- }
11
- //# sourceMappingURL=oauth-atp-agent.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-atp-agent.d.ts","sourceRoot":"","sources":["../src/oauth-atp-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAA;AAIpC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAE7C,qBAAa,aAAc,SAAQ,KAAK;IAC1B,QAAQ,CAAC,UAAU,EAAE,UAAU;gBAAtB,UAAU,EAAE,UAAU;IAyB3C,KAAK,IAAI,aAAa;IAItB,IAAI,GAAG,IAAI,MAAM,CAEhB;IAEK,OAAO;IAIA,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;CAG9C"}
@@ -1,51 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthAtpAgent = void 0;
4
- const api_1 = require("@atproto/api");
5
- const xrpc_1 = require("@atproto/xrpc");
6
- const fetch_1 = require("@atproto-labs/fetch");
7
- class OAuthAtpAgent extends api_1.Agent {
8
- constructor(oauthAgent) {
9
- super(async (url, init) => {
10
- try {
11
- return await this.oauthAgent.request(url, init);
12
- }
13
- catch (cause) {
14
- if (cause instanceof fetch_1.FetchError) {
15
- const { statusCode, message } = cause;
16
- throw new xrpc_1.XRPCError(statusCode, undefined, message, undefined, {
17
- cause,
18
- });
19
- }
20
- if (cause instanceof fetch_1.FetchResponseError) {
21
- const { statusCode, message, response } = cause;
22
- const headers = Object.fromEntries(response.headers.entries());
23
- throw new xrpc_1.XRPCError(statusCode, undefined, message, headers, {
24
- cause,
25
- });
26
- }
27
- throw cause;
28
- }
29
- });
30
- Object.defineProperty(this, "oauthAgent", {
31
- enumerable: true,
32
- configurable: true,
33
- writable: true,
34
- value: oauthAgent
35
- });
36
- }
37
- clone() {
38
- return this.copyInto(new OAuthAtpAgent(this.oauthAgent));
39
- }
40
- get did() {
41
- return this.oauthAgent.sub;
42
- }
43
- async signOut() {
44
- await this.oauthAgent.signOut();
45
- }
46
- async refreshIfNeeded() {
47
- await this.oauthAgent.refreshIfNeeded();
48
- }
49
- }
50
- exports.OAuthAtpAgent = OAuthAtpAgent;
51
- //# sourceMappingURL=oauth-atp-agent.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-atp-agent.js","sourceRoot":"","sources":["../src/oauth-atp-agent.ts"],"names":[],"mappings":";;;AAAA,sCAAoC;AACpC,wCAAyC;AACzC,+CAAoE;AAIpE,MAAa,aAAc,SAAQ,WAAK;IACtC,YAAqB,UAAsB;QACzC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACxB,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;oBAChC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;oBACrC,MAAM,IAAI,gBAAS,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE;wBAC7D,KAAK;qBACN,CAAC,CAAA;gBACJ,CAAC;gBAED,IAAI,KAAK,YAAY,0BAAkB,EAAE,CAAC;oBACxC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAA;oBAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;oBAC9D,MAAM,IAAI,gBAAS,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE;wBAC3D,KAAK;qBACN,CAAC,CAAA;gBACJ,CAAC;gBAED,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC,CAAC,CAAA;QAtBQ;;;;mBAAS,UAAU;WAAY;IAuB3C,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;IAC1D,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAA;IAC5B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;IACjC,CAAC;IAEM,KAAK,CAAC,eAAe;QAC1B,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,CAAA;IACzC,CAAC;CACF;AAzCD,sCAyCC"}
@@ -1,48 +0,0 @@
1
- import { Agent } from '@atproto/api'
2
- import { XRPCError } from '@atproto/xrpc'
3
- import { FetchError, FetchResponseError } from '@atproto-labs/fetch'
4
-
5
- import { OAuthAgent } from './oauth-agent.js'
6
-
7
- export class OAuthAtpAgent extends Agent {
8
- constructor(readonly oauthAgent: OAuthAgent) {
9
- super(async (url, init) => {
10
- try {
11
- return await this.oauthAgent.request(url, init)
12
- } catch (cause) {
13
- if (cause instanceof FetchError) {
14
- const { statusCode, message } = cause
15
- throw new XRPCError(statusCode, undefined, message, undefined, {
16
- cause,
17
- })
18
- }
19
-
20
- if (cause instanceof FetchResponseError) {
21
- const { statusCode, message, response } = cause
22
- const headers = Object.fromEntries(response.headers.entries())
23
- throw new XRPCError(statusCode, undefined, message, headers, {
24
- cause,
25
- })
26
- }
27
-
28
- throw cause
29
- }
30
- })
31
- }
32
-
33
- clone(): OAuthAtpAgent {
34
- return this.copyInto(new OAuthAtpAgent(this.oauthAgent))
35
- }
36
-
37
- get did(): string {
38
- return this.oauthAgent.sub
39
- }
40
-
41
- async signOut() {
42
- await this.oauthAgent.signOut()
43
- }
44
-
45
- public async refreshIfNeeded(): Promise<void> {
46
- await this.oauthAgent.refreshIfNeeded()
47
- }
48
- }