@atproto/oauth-client 0.1.7 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/README.md +128 -7
- package/dist/index.d.ts +1 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/oauth-client.d.ts +8 -8
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/oauth-client.js +13 -27
- package/dist/oauth-client.js.map +1 -1
- package/dist/oauth-server-agent.d.ts +2 -3
- package/dist/oauth-server-agent.d.ts.map +1 -1
- package/dist/oauth-server-agent.js +11 -6
- package/dist/oauth-server-agent.js.map +1 -1
- package/dist/{oauth-agent.d.ts → oauth-session.d.ts} +14 -14
- package/dist/oauth-session.d.ts.map +1 -0
- package/dist/{oauth-agent.js → oauth-session.js} +19 -18
- package/dist/oauth-session.js.map +1 -0
- package/dist/runtime.d.ts +1 -10
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +0 -70
- package/dist/runtime.js.map +1 -1
- package/dist/state-store.d.ts +0 -1
- package/dist/state-store.d.ts.map +1 -1
- package/dist/types.d.ts +14 -16
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +3 -4
- package/src/index.ts +1 -2
- package/src/oauth-client.ts +15 -43
- package/src/oauth-server-agent.ts +17 -9
- package/src/{oauth-agent.ts → oauth-session.ts} +27 -24
- package/src/runtime.ts +2 -94
- package/src/state-store.ts +0 -1
- package/src/types.ts +1 -3
- package/dist/oauth-agent.d.ts.map +0 -1
- package/dist/oauth-agent.js.map +0 -1
- package/dist/oauth-atp-agent.d.ts +0 -11
- package/dist/oauth-atp-agent.d.ts.map +0 -1
- package/dist/oauth-atp-agent.js +0 -51
- package/dist/oauth-atp-agent.js.map +0 -1
- package/src/oauth-atp-agent.ts +0 -48
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAa,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AAKvE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,qBAAa,YAAY;aAIL,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,MAAM;IAC3B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACV,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAajC,IAAI,GAAG,8BAEN;IAED,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAED;;OAEG;IACU,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAKxD,YAAY,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC;IAmBnD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2D5E"}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.OAuthSession = void 0;
|
|
4
|
+
const did_1 = require("@atproto/did");
|
|
4
5
|
const fetch_1 = require("@atproto-labs/fetch");
|
|
5
|
-
const jwk_1 = require("@atproto/jwk");
|
|
6
6
|
const token_invalid_error_js_1 = require("./errors/token-invalid-error.js");
|
|
7
7
|
const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
|
|
8
8
|
const fetch_dpop_js_1 = require("./fetch-dpop.js");
|
|
9
9
|
const ReadableStream = globalThis.ReadableStream;
|
|
10
|
-
class
|
|
10
|
+
class OAuthSession {
|
|
11
11
|
constructor(server, sub, sessionGetter, fetch = globalThis.fetch) {
|
|
12
12
|
Object.defineProperty(this, "server", {
|
|
13
13
|
enumerable: true,
|
|
@@ -43,12 +43,12 @@ class OAuthAgent {
|
|
|
43
43
|
isAuthServer: false,
|
|
44
44
|
});
|
|
45
45
|
}
|
|
46
|
+
get did() {
|
|
47
|
+
return (0, did_1.asDid)(this.sub);
|
|
48
|
+
}
|
|
46
49
|
get serverMetadata() {
|
|
47
50
|
return this.server.serverMetadata;
|
|
48
51
|
}
|
|
49
|
-
async refreshIfNeeded() {
|
|
50
|
-
await this.getTokenSet(undefined);
|
|
51
|
-
}
|
|
52
52
|
/**
|
|
53
53
|
* @param refresh See {@link SessionGetter.getSession}
|
|
54
54
|
*/
|
|
@@ -56,15 +56,16 @@ class OAuthAgent {
|
|
|
56
56
|
const { tokenSet } = await this.sessionGetter.getSession(this.sub, refresh);
|
|
57
57
|
return tokenSet;
|
|
58
58
|
}
|
|
59
|
-
async
|
|
60
|
-
const tokenSet = await this.getTokenSet();
|
|
59
|
+
async getTokenInfo(refresh) {
|
|
60
|
+
const tokenSet = await this.getTokenSet(refresh);
|
|
61
|
+
const expiresAt = tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at);
|
|
61
62
|
return {
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
63
|
+
expiresAt,
|
|
64
|
+
get expired() {
|
|
65
|
+
return expiresAt == null
|
|
66
|
+
? undefined
|
|
67
|
+
: expiresAt.getTime() < Date.now() - 5e3;
|
|
68
|
+
},
|
|
68
69
|
scope: tokenSet.scope,
|
|
69
70
|
iss: tokenSet.iss,
|
|
70
71
|
aud: tokenSet.aud,
|
|
@@ -80,7 +81,7 @@ class OAuthAgent {
|
|
|
80
81
|
await this.sessionGetter.delStored(this.sub, new token_revoked_error_js_1.TokenRevokedError(this.sub));
|
|
81
82
|
}
|
|
82
83
|
}
|
|
83
|
-
async
|
|
84
|
+
async fetchHandler(pathname, init) {
|
|
84
85
|
// This will try and refresh the token if it is known to be expired
|
|
85
86
|
const tokenSet = await this.getTokenSet(undefined);
|
|
86
87
|
const initialUrl = new URL(pathname, tokenSet.aud);
|
|
@@ -121,13 +122,13 @@ class OAuthAgent {
|
|
|
121
122
|
if (isInvalidTokenResponse(finalResponse)) {
|
|
122
123
|
// TODO: Is there a "softer" way to handle this, e.g. by marking the
|
|
123
124
|
// session as "expired" in the session store, allowing the user to trigger
|
|
124
|
-
// a new login (using login_hint
|
|
125
|
+
// a new login (using login_hint)?
|
|
125
126
|
await this.sessionGetter.delStored(this.sub, new token_invalid_error_js_1.TokenInvalidError(this.sub));
|
|
126
127
|
}
|
|
127
128
|
return finalResponse;
|
|
128
129
|
}
|
|
129
130
|
}
|
|
130
|
-
exports.
|
|
131
|
+
exports.OAuthSession = OAuthSession;
|
|
131
132
|
/**
|
|
132
133
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}
|
|
133
134
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}
|
|
@@ -140,4 +141,4 @@ function isInvalidTokenResponse(response) {
|
|
|
140
141
|
(wwwAuth.startsWith('Bearer ') || wwwAuth.startsWith('DPoP ')) &&
|
|
141
142
|
wwwAuth.includes('error="invalid_token"'));
|
|
142
143
|
}
|
|
143
|
-
//# sourceMappingURL=oauth-
|
|
144
|
+
//# sourceMappingURL=oauth-session.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAAA,sCAAoC;AACpC,+CAAsD;AAGtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAWb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAW,EACV,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAQ;QAC3B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,SAAS;YACpC,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAA,WAAK,EAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,WAAW,CAAC,OAAiB;QACxC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC3E,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAiB;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YACzE,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QAElD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AA9HD,oCA8HC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC"}
|
package/dist/runtime.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Key } from '@atproto/jwk';
|
|
2
2
|
import { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js';
|
|
3
3
|
export declare class Runtime {
|
|
4
4
|
protected implementation: RuntimeImplementation;
|
|
@@ -8,15 +8,6 @@ export declare class Runtime {
|
|
|
8
8
|
generateKey(algs: string[]): Promise<Key>;
|
|
9
9
|
sha256(text: string): Promise<string>;
|
|
10
10
|
generateNonce(length?: number): Promise<string>;
|
|
11
|
-
validateIdTokenClaims(token: string, state: string, nonce: string, code?: string, accessToken?: string): Promise<{
|
|
12
|
-
header: JwtHeader;
|
|
13
|
-
payload: JwtPayload;
|
|
14
|
-
}>;
|
|
15
|
-
private validateHashClaim;
|
|
16
|
-
protected generateHashClaim(source: string, header: {
|
|
17
|
-
alg: string;
|
|
18
|
-
crv?: string;
|
|
19
|
-
}): Promise<string>;
|
|
20
11
|
generatePKCE(byteLength?: number): Promise<{
|
|
21
12
|
verifier: string;
|
|
22
13
|
challenge: string;
|
package/dist/runtime.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAIlC,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAA;AAEhF,qBAAa,OAAO;IAIN,SAAS,CAAC,cAAc,EAAE,qBAAqB;IAH3D,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAA;IACvC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAA;gBAET,cAAc,EAAE,qBAAqB;IAU9C,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IAKzC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMrC,aAAa,CAAC,MAAM,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAK3C,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM;;;;;IAShC,sBAAsB,CAAC,GAAG,KAAA;IAMvC;;;;;;OAMG;cACa,gBAAgB,CAAC,UAAU,SAAK;CAOjD"}
|
package/dist/runtime.js
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Runtime = void 0;
|
|
4
|
-
const jwk_1 = require("@atproto/jwk");
|
|
5
4
|
const base64_1 = require("multiformats/bases/base64");
|
|
6
5
|
const lock_js_1 = require("./lock.js");
|
|
7
6
|
class Runtime {
|
|
@@ -44,46 +43,6 @@ class Runtime {
|
|
|
44
43
|
const bytes = await this.implementation.getRandomValues(length);
|
|
45
44
|
return base64_1.base64url.baseEncode(bytes);
|
|
46
45
|
}
|
|
47
|
-
async validateIdTokenClaims(token, state, nonce, code, accessToken) {
|
|
48
|
-
// It's fine to use unsafeDecodeJwt here because the token was received from
|
|
49
|
-
// the server's token endpoint. The following checks are to ensure that the
|
|
50
|
-
// oauth flow was indeed initiated by the client.
|
|
51
|
-
const { header, payload } = (0, jwk_1.unsafeDecodeJwt)(token);
|
|
52
|
-
if (!payload.nonce || payload.nonce !== nonce) {
|
|
53
|
-
throw new TypeError('Nonce mismatch');
|
|
54
|
-
}
|
|
55
|
-
if (payload.c_hash) {
|
|
56
|
-
await this.validateHashClaim(payload.c_hash, code, header);
|
|
57
|
-
}
|
|
58
|
-
if (payload.s_hash) {
|
|
59
|
-
await this.validateHashClaim(payload.s_hash, state, header);
|
|
60
|
-
}
|
|
61
|
-
if (payload.at_hash) {
|
|
62
|
-
await this.validateHashClaim(payload.at_hash, accessToken, header);
|
|
63
|
-
}
|
|
64
|
-
return { header, payload };
|
|
65
|
-
}
|
|
66
|
-
async validateHashClaim(claim, source, header) {
|
|
67
|
-
if (typeof claim !== 'string' || !claim) {
|
|
68
|
-
throw new TypeError(`string "_hash" claim expected`);
|
|
69
|
-
}
|
|
70
|
-
if (typeof source !== 'string' || !source) {
|
|
71
|
-
throw new TypeError(`string value expected`);
|
|
72
|
-
}
|
|
73
|
-
const expected = await this.generateHashClaim(source, header);
|
|
74
|
-
if (expected !== claim) {
|
|
75
|
-
throw new TypeError(`"_hash" does not match`);
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
async generateHashClaim(source, header) {
|
|
79
|
-
const algo = getHashAlgo(header);
|
|
80
|
-
const bytes = new TextEncoder().encode(source);
|
|
81
|
-
const digest = await this.implementation.digest(bytes, algo);
|
|
82
|
-
if (digest.length % 2 !== 0)
|
|
83
|
-
throw new TypeError('Invalid digest length');
|
|
84
|
-
const digestHalf = digest.slice(0, digest.length / 2);
|
|
85
|
-
return base64_1.base64url.baseEncode(digestHalf);
|
|
86
|
-
}
|
|
87
46
|
async generatePKCE(byteLength) {
|
|
88
47
|
const verifier = await this.generateVerifier(byteLength);
|
|
89
48
|
return {
|
|
@@ -113,35 +72,6 @@ class Runtime {
|
|
|
113
72
|
}
|
|
114
73
|
}
|
|
115
74
|
exports.Runtime = Runtime;
|
|
116
|
-
function getHashAlgo(header) {
|
|
117
|
-
switch (header.alg) {
|
|
118
|
-
case 'HS256':
|
|
119
|
-
case 'RS256':
|
|
120
|
-
case 'PS256':
|
|
121
|
-
case 'ES256':
|
|
122
|
-
case 'ES256K':
|
|
123
|
-
return { name: 'sha256' };
|
|
124
|
-
case 'HS384':
|
|
125
|
-
case 'RS384':
|
|
126
|
-
case 'PS384':
|
|
127
|
-
case 'ES384':
|
|
128
|
-
return { name: 'sha384' };
|
|
129
|
-
case 'HS512':
|
|
130
|
-
case 'RS512':
|
|
131
|
-
case 'PS512':
|
|
132
|
-
case 'ES512':
|
|
133
|
-
return { name: 'sha512' };
|
|
134
|
-
case 'EdDSA':
|
|
135
|
-
switch (header.crv) {
|
|
136
|
-
case 'Ed25519':
|
|
137
|
-
return { name: 'sha512' };
|
|
138
|
-
default:
|
|
139
|
-
throw new TypeError('unrecognized or invalid EdDSA curve provided');
|
|
140
|
-
}
|
|
141
|
-
default:
|
|
142
|
-
throw new TypeError('unrecognized or invalid JWS algorithm provided');
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
75
|
function extractJktComponents(jwk) {
|
|
146
76
|
const get = (field) => {
|
|
147
77
|
const value = jwk[field];
|
package/dist/runtime.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AACA,sDAAqD;AAErD,uCAA4C;AAG5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAM;SACf,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AA3DD,0BA2DC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC"}
|
package/dist/state-store.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state-store.d.ts","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,
|
|
1
|
+
{"version":3,"file":"state-store.d.ts","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,GAAG,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA"}
|
package/dist/types.d.ts
CHANGED
|
@@ -7,8 +7,6 @@ export type AuthorizeOptions = {
|
|
|
7
7
|
state?: string;
|
|
8
8
|
signal?: AbortSignal;
|
|
9
9
|
ui_locales?: string;
|
|
10
|
-
id_token_hint?: string;
|
|
11
|
-
max_age?: number;
|
|
12
10
|
};
|
|
13
11
|
export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<{
|
|
14
12
|
redirect_uris: z.ZodArray<z.ZodString, "atleastone">;
|
|
@@ -95,7 +93,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
95
93
|
kty: "RSA";
|
|
96
94
|
n: string;
|
|
97
95
|
e: string;
|
|
98
|
-
alg?: "RS256" | "
|
|
96
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
99
97
|
kid?: string | undefined;
|
|
100
98
|
ext?: boolean | undefined;
|
|
101
99
|
use?: "sig" | "enc" | undefined;
|
|
@@ -123,7 +121,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
123
121
|
kty: "RSA";
|
|
124
122
|
n: string;
|
|
125
123
|
e: string;
|
|
126
|
-
alg?: "RS256" | "
|
|
124
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
127
125
|
kid?: string | undefined;
|
|
128
126
|
ext?: boolean | undefined;
|
|
129
127
|
use?: "sig" | "enc" | undefined;
|
|
@@ -331,7 +329,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
331
329
|
kty: "RSA";
|
|
332
330
|
n: string;
|
|
333
331
|
e: string;
|
|
334
|
-
alg?: "RS256" | "
|
|
332
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
335
333
|
kid?: string | undefined;
|
|
336
334
|
ext?: boolean | undefined;
|
|
337
335
|
use?: "sig" | "enc" | undefined;
|
|
@@ -426,7 +424,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
426
424
|
kty: "RSA";
|
|
427
425
|
n: string;
|
|
428
426
|
e: string;
|
|
429
|
-
alg?: "RS256" | "
|
|
427
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
430
428
|
kid?: string | undefined;
|
|
431
429
|
ext?: boolean | undefined;
|
|
432
430
|
use?: "sig" | "enc" | undefined;
|
|
@@ -521,7 +519,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
521
519
|
kty: "RSA";
|
|
522
520
|
n: string;
|
|
523
521
|
e: string;
|
|
524
|
-
alg?: "RS256" | "
|
|
522
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
525
523
|
kid?: string | undefined;
|
|
526
524
|
ext?: boolean | undefined;
|
|
527
525
|
use?: "sig" | "enc" | undefined;
|
|
@@ -616,7 +614,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
616
614
|
kty: "RSA";
|
|
617
615
|
n: string;
|
|
618
616
|
e: string;
|
|
619
|
-
alg?: "RS256" | "
|
|
617
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
620
618
|
kid?: string | undefined;
|
|
621
619
|
ext?: boolean | undefined;
|
|
622
620
|
use?: "sig" | "enc" | undefined;
|
|
@@ -711,7 +709,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
711
709
|
kty: "RSA";
|
|
712
710
|
n: string;
|
|
713
711
|
e: string;
|
|
714
|
-
alg?: "RS256" | "
|
|
712
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
715
713
|
kid?: string | undefined;
|
|
716
714
|
ext?: boolean | undefined;
|
|
717
715
|
use?: "sig" | "enc" | undefined;
|
|
@@ -806,7 +804,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
806
804
|
kty: "RSA";
|
|
807
805
|
n: string;
|
|
808
806
|
e: string;
|
|
809
|
-
alg?: "RS256" | "
|
|
807
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
810
808
|
kid?: string | undefined;
|
|
811
809
|
ext?: boolean | undefined;
|
|
812
810
|
use?: "sig" | "enc" | undefined;
|
|
@@ -901,7 +899,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
901
899
|
kty: "RSA";
|
|
902
900
|
n: string;
|
|
903
901
|
e: string;
|
|
904
|
-
alg?: "RS256" | "
|
|
902
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
905
903
|
kid?: string | undefined;
|
|
906
904
|
ext?: boolean | undefined;
|
|
907
905
|
use?: "sig" | "enc" | undefined;
|
|
@@ -996,7 +994,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
996
994
|
kty: "RSA";
|
|
997
995
|
n: string;
|
|
998
996
|
e: string;
|
|
999
|
-
alg?: "RS256" | "
|
|
997
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
1000
998
|
kid?: string | undefined;
|
|
1001
999
|
ext?: boolean | undefined;
|
|
1002
1000
|
use?: "sig" | "enc" | undefined;
|
|
@@ -1093,7 +1091,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
1093
1091
|
kty: "RSA";
|
|
1094
1092
|
n: string;
|
|
1095
1093
|
e: string;
|
|
1096
|
-
alg?: "RS256" | "
|
|
1094
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
1097
1095
|
kid?: string | undefined;
|
|
1098
1096
|
ext?: boolean | undefined;
|
|
1099
1097
|
use?: "sig" | "enc" | undefined;
|
|
@@ -1190,7 +1188,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
1190
1188
|
kty: "RSA";
|
|
1191
1189
|
n: string;
|
|
1192
1190
|
e: string;
|
|
1193
|
-
alg?: "RS256" | "
|
|
1191
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
1194
1192
|
kid?: string | undefined;
|
|
1195
1193
|
ext?: boolean | undefined;
|
|
1196
1194
|
use?: "sig" | "enc" | undefined;
|
|
@@ -1320,7 +1318,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
1320
1318
|
kty: "RSA";
|
|
1321
1319
|
n: string;
|
|
1322
1320
|
e: string;
|
|
1323
|
-
alg?: "RS256" | "
|
|
1321
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
1324
1322
|
kid?: string | undefined;
|
|
1325
1323
|
ext?: boolean | undefined;
|
|
1326
1324
|
use?: "sig" | "enc" | undefined;
|
|
@@ -1447,7 +1445,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
1447
1445
|
kty: "RSA";
|
|
1448
1446
|
n: string;
|
|
1449
1447
|
e: string;
|
|
1450
|
-
alg?: "RS256" | "
|
|
1448
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
1451
1449
|
kid?: string | undefined;
|
|
1452
1450
|
ext?: boolean | undefined;
|
|
1453
1451
|
use?: "sig" | "enc" | undefined;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,OAAO,CAAC,MAAM,KAAK,CAAA;AAMnB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAA;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAA;IACxD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,OAAO,CAAC,MAAM,KAAK,CAAA;AAMnB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAA;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAA;IACxD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE/B,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAmBhB,QAAA,oBAAoB,GAAG,uCAAyB,CAAC,MAAM,CAAC;IACnE,SAAS,EAAE,iCAAmB,CAAC,GAAG,EAAE;CACrC,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-client",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "OAuth client for ATPROTO PDS. This package serves as common base for environment-specific implementations (NodeJS, Browser, React-Native).",
|
|
6
6
|
"keywords": [
|
|
@@ -33,11 +33,10 @@
|
|
|
33
33
|
"@atproto-labs/identity-resolver": "0.1.2",
|
|
34
34
|
"@atproto-labs/simple-store": "0.1.1",
|
|
35
35
|
"@atproto-labs/simple-store-memory": "0.1.1",
|
|
36
|
-
"@atproto/api": "0.13.3",
|
|
37
36
|
"@atproto/did": "0.1.1",
|
|
38
37
|
"@atproto/jwk": "0.1.1",
|
|
39
|
-
"@atproto/oauth-types": "0.1.
|
|
40
|
-
"@atproto/xrpc": "0.6.
|
|
38
|
+
"@atproto/oauth-types": "0.1.4",
|
|
39
|
+
"@atproto/xrpc": "0.6.1"
|
|
41
40
|
},
|
|
42
41
|
"devDependencies": {
|
|
43
42
|
"typescript": "^5.3.3"
|
package/src/index.ts
CHANGED
|
@@ -9,8 +9,6 @@ export * from '@atproto-labs/handle-resolver'
|
|
|
9
9
|
export * from '@atproto/did'
|
|
10
10
|
export * from '@atproto/oauth-types'
|
|
11
11
|
|
|
12
|
-
export * from './oauth-agent.js'
|
|
13
|
-
export * from './oauth-atp-agent.js'
|
|
14
12
|
export * from './oauth-authorization-server-metadata-resolver.js'
|
|
15
13
|
export * from './oauth-callback-error.js'
|
|
16
14
|
export * from './oauth-client.js'
|
|
@@ -19,6 +17,7 @@ export * from './oauth-resolver-error.js'
|
|
|
19
17
|
export * from './oauth-response-error.js'
|
|
20
18
|
export * from './oauth-server-agent.js'
|
|
21
19
|
export * from './oauth-server-factory.js'
|
|
20
|
+
export * from './oauth-session.js'
|
|
22
21
|
export * from './runtime-implementation.js'
|
|
23
22
|
export * from './session-getter.js'
|
|
24
23
|
export * from './state-store.js'
|
package/src/oauth-client.ts
CHANGED
|
@@ -23,8 +23,6 @@ import {
|
|
|
23
23
|
|
|
24
24
|
import { FALLBACK_ALG } from './constants.js'
|
|
25
25
|
import { TokenRevokedError } from './errors/token-revoked-error.js'
|
|
26
|
-
import { OAuthAgent } from './oauth-agent.js'
|
|
27
|
-
import { OAuthAtpAgent } from './oauth-atp-agent.js'
|
|
28
26
|
import {
|
|
29
27
|
AuthorizationServerMetadataCache,
|
|
30
28
|
OAuthAuthorizationServerMetadataResolver,
|
|
@@ -37,6 +35,7 @@ import {
|
|
|
37
35
|
import { OAuthResolver } from './oauth-resolver.js'
|
|
38
36
|
import { DpopNonceCache, OAuthServerAgent } from './oauth-server-agent.js'
|
|
39
37
|
import { OAuthServerFactory } from './oauth-server-factory.js'
|
|
38
|
+
import { OAuthSession } from './oauth-session.js'
|
|
40
39
|
import { RuntimeImplementation } from './runtime-implementation.js'
|
|
41
40
|
import { Runtime } from './runtime.js'
|
|
42
41
|
import {
|
|
@@ -262,7 +261,6 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
262
261
|
options,
|
|
263
262
|
)
|
|
264
263
|
|
|
265
|
-
const nonce = await this.runtime.generateNonce()
|
|
266
264
|
const pkce = await this.runtime.generatePKCE()
|
|
267
265
|
const dpopKey = await this.runtime.generateKey(
|
|
268
266
|
metadata.dpop_signing_alg_values_supported || [FALLBACK_ALG],
|
|
@@ -273,17 +271,15 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
273
271
|
await this.stateStore.set(state, {
|
|
274
272
|
iss: metadata.issuer,
|
|
275
273
|
dpopKey,
|
|
276
|
-
|
|
277
|
-
verifier: pkce?.verifier,
|
|
274
|
+
verifier: pkce.verifier,
|
|
278
275
|
appState: options?.state,
|
|
279
276
|
})
|
|
280
277
|
|
|
281
278
|
const parameters = {
|
|
282
279
|
client_id: this.clientMetadata.client_id,
|
|
283
280
|
redirect_uri: redirectUri,
|
|
284
|
-
code_challenge: pkce
|
|
285
|
-
code_challenge_method: pkce
|
|
286
|
-
nonce,
|
|
281
|
+
code_challenge: pkce.challenge,
|
|
282
|
+
code_challenge_method: pkce.method,
|
|
287
283
|
state,
|
|
288
284
|
login_hint: identity
|
|
289
285
|
? input // If input is a handle or a DID, use it as a login_hint
|
|
@@ -296,13 +292,8 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
296
292
|
) ?? 'code',
|
|
297
293
|
|
|
298
294
|
display: options?.display,
|
|
299
|
-
id_token_hint: options?.id_token_hint,
|
|
300
|
-
max_age: options?.max_age, // this.clientMetadata.default_max_age
|
|
301
295
|
prompt: options?.prompt,
|
|
302
|
-
scope: options?.scope
|
|
303
|
-
?.split(' ')
|
|
304
|
-
.filter((s) => metadata.scopes_supported?.includes(s))
|
|
305
|
-
.join(' '),
|
|
296
|
+
scope: options?.scope || undefined,
|
|
306
297
|
ui_locales: options?.ui_locales,
|
|
307
298
|
}
|
|
308
299
|
|
|
@@ -362,7 +353,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
362
353
|
}
|
|
363
354
|
|
|
364
355
|
async callback(params: URLSearchParams): Promise<{
|
|
365
|
-
|
|
356
|
+
session: OAuthSession
|
|
366
357
|
state: string | null
|
|
367
358
|
}> {
|
|
368
359
|
const responseJwt = params.get('response')
|
|
@@ -435,26 +426,14 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
435
426
|
|
|
436
427
|
const tokenSet = await server.exchangeCode(codeParam, stateData.verifier)
|
|
437
428
|
try {
|
|
438
|
-
|
|
439
|
-
await this.runtime.validateIdTokenClaims(
|
|
440
|
-
tokenSet.id_token,
|
|
441
|
-
stateParam,
|
|
442
|
-
stateData.nonce,
|
|
443
|
-
codeParam,
|
|
444
|
-
tokenSet.access_token,
|
|
445
|
-
)
|
|
446
|
-
}
|
|
447
|
-
|
|
448
|
-
const { sub } = tokenSet
|
|
449
|
-
|
|
450
|
-
await this.sessionGetter.setStored(sub, {
|
|
429
|
+
await this.sessionGetter.setStored(tokenSet.sub, {
|
|
451
430
|
dpopKey: stateData.dpopKey,
|
|
452
431
|
tokenSet,
|
|
453
432
|
})
|
|
454
433
|
|
|
455
|
-
const
|
|
434
|
+
const session = this.createSession(server, tokenSet.sub)
|
|
456
435
|
|
|
457
|
-
return {
|
|
436
|
+
return { session, state: stateData.appState ?? null }
|
|
458
437
|
} catch (err) {
|
|
459
438
|
await server.revoke(tokenSet.access_token)
|
|
460
439
|
|
|
@@ -468,12 +447,12 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
468
447
|
}
|
|
469
448
|
|
|
470
449
|
/**
|
|
471
|
-
*
|
|
472
|
-
*
|
|
450
|
+
* Load a stored session. This will refresh the token only if needed (about to
|
|
451
|
+
* expire) by default.
|
|
473
452
|
*
|
|
474
453
|
* @param refresh See {@link SessionGetter.getSession}
|
|
475
454
|
*/
|
|
476
|
-
async restore(sub: string, refresh?: boolean): Promise<
|
|
455
|
+
async restore(sub: string, refresh?: boolean): Promise<OAuthSession> {
|
|
477
456
|
const { dpopKey, tokenSet } = await this.sessionGetter.getSession(
|
|
478
457
|
sub,
|
|
479
458
|
refresh,
|
|
@@ -484,7 +463,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
484
463
|
allowStale: refresh === false,
|
|
485
464
|
})
|
|
486
465
|
|
|
487
|
-
return this.
|
|
466
|
+
return this.createSession(server, sub)
|
|
488
467
|
}
|
|
489
468
|
|
|
490
469
|
async revoke(sub: string) {
|
|
@@ -504,14 +483,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
|
|
|
504
483
|
}
|
|
505
484
|
}
|
|
506
485
|
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
server,
|
|
510
|
-
sub,
|
|
511
|
-
this.sessionGetter,
|
|
512
|
-
this.fetch,
|
|
513
|
-
)
|
|
514
|
-
|
|
515
|
-
return new OAuthAtpAgent(oauthAgent)
|
|
486
|
+
protected createSession(server: OAuthServerAgent, sub: string): OAuthSession {
|
|
487
|
+
return new OAuthSession(server, sub, this.sessionGetter, this.fetch)
|
|
516
488
|
}
|
|
517
489
|
}
|