@atproto/oauth-client 0.1.7 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/README.md +128 -7
  3. package/dist/index.d.ts +1 -2
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +1 -2
  6. package/dist/index.js.map +1 -1
  7. package/dist/oauth-client.d.ts +8 -8
  8. package/dist/oauth-client.d.ts.map +1 -1
  9. package/dist/oauth-client.js +13 -27
  10. package/dist/oauth-client.js.map +1 -1
  11. package/dist/oauth-server-agent.d.ts +2 -3
  12. package/dist/oauth-server-agent.d.ts.map +1 -1
  13. package/dist/oauth-server-agent.js +11 -6
  14. package/dist/oauth-server-agent.js.map +1 -1
  15. package/dist/{oauth-agent.d.ts → oauth-session.d.ts} +14 -14
  16. package/dist/oauth-session.d.ts.map +1 -0
  17. package/dist/{oauth-agent.js → oauth-session.js} +19 -18
  18. package/dist/oauth-session.js.map +1 -0
  19. package/dist/runtime.d.ts +1 -10
  20. package/dist/runtime.d.ts.map +1 -1
  21. package/dist/runtime.js +0 -70
  22. package/dist/runtime.js.map +1 -1
  23. package/dist/state-store.d.ts +0 -1
  24. package/dist/state-store.d.ts.map +1 -1
  25. package/dist/types.d.ts +14 -16
  26. package/dist/types.d.ts.map +1 -1
  27. package/dist/types.js.map +1 -1
  28. package/package.json +3 -4
  29. package/src/index.ts +1 -2
  30. package/src/oauth-client.ts +15 -43
  31. package/src/oauth-server-agent.ts +17 -9
  32. package/src/{oauth-agent.ts → oauth-session.ts} +27 -24
  33. package/src/runtime.ts +2 -94
  34. package/src/state-store.ts +0 -1
  35. package/src/types.ts +1 -3
  36. package/dist/oauth-agent.d.ts.map +0 -1
  37. package/dist/oauth-agent.js.map +0 -1
  38. package/dist/oauth-atp-agent.d.ts +0 -11
  39. package/dist/oauth-atp-agent.d.ts.map +0 -1
  40. package/dist/oauth-atp-agent.js +0 -51
  41. package/dist/oauth-atp-agent.js.map +0 -1
  42. package/src/oauth-atp-agent.ts +0 -48
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAa,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AAKvE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,qBAAa,YAAY;aAIL,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,MAAM;IAC3B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACV,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAajC,IAAI,GAAG,8BAEN;IAED,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAED;;OAEG;IACU,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAKxD,YAAY,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC;IAmBnD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2D5E"}
@@ -1,13 +1,13 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthAgent = void 0;
3
+ exports.OAuthSession = void 0;
4
+ const did_1 = require("@atproto/did");
4
5
  const fetch_1 = require("@atproto-labs/fetch");
5
- const jwk_1 = require("@atproto/jwk");
6
6
  const token_invalid_error_js_1 = require("./errors/token-invalid-error.js");
7
7
  const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
8
8
  const fetch_dpop_js_1 = require("./fetch-dpop.js");
9
9
  const ReadableStream = globalThis.ReadableStream;
10
- class OAuthAgent {
10
+ class OAuthSession {
11
11
  constructor(server, sub, sessionGetter, fetch = globalThis.fetch) {
12
12
  Object.defineProperty(this, "server", {
13
13
  enumerable: true,
@@ -43,12 +43,12 @@ class OAuthAgent {
43
43
  isAuthServer: false,
44
44
  });
45
45
  }
46
+ get did() {
47
+ return (0, did_1.asDid)(this.sub);
48
+ }
46
49
  get serverMetadata() {
47
50
  return this.server.serverMetadata;
48
51
  }
49
- async refreshIfNeeded() {
50
- await this.getTokenSet(undefined);
51
- }
52
52
  /**
53
53
  * @param refresh See {@link SessionGetter.getSession}
54
54
  */
@@ -56,15 +56,16 @@ class OAuthAgent {
56
56
  const { tokenSet } = await this.sessionGetter.getSession(this.sub, refresh);
57
57
  return tokenSet;
58
58
  }
59
- async getInfo() {
60
- const tokenSet = await this.getTokenSet();
59
+ async getTokenInfo(refresh) {
60
+ const tokenSet = await this.getTokenSet(refresh);
61
+ const expiresAt = tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at);
61
62
  return {
62
- userinfo: tokenSet.id_token
63
- ? (0, jwk_1.unsafeDecodeJwt)(tokenSet.id_token).payload
64
- : undefined,
65
- expired: tokenSet.expires_at == null
66
- ? undefined
67
- : new Date(tokenSet.expires_at).getTime() < Date.now() - 5e3,
63
+ expiresAt,
64
+ get expired() {
65
+ return expiresAt == null
66
+ ? undefined
67
+ : expiresAt.getTime() < Date.now() - 5e3;
68
+ },
68
69
  scope: tokenSet.scope,
69
70
  iss: tokenSet.iss,
70
71
  aud: tokenSet.aud,
@@ -80,7 +81,7 @@ class OAuthAgent {
80
81
  await this.sessionGetter.delStored(this.sub, new token_revoked_error_js_1.TokenRevokedError(this.sub));
81
82
  }
82
83
  }
83
- async request(pathname, init) {
84
+ async fetchHandler(pathname, init) {
84
85
  // This will try and refresh the token if it is known to be expired
85
86
  const tokenSet = await this.getTokenSet(undefined);
86
87
  const initialUrl = new URL(pathname, tokenSet.aud);
@@ -121,13 +122,13 @@ class OAuthAgent {
121
122
  if (isInvalidTokenResponse(finalResponse)) {
122
123
  // TODO: Is there a "softer" way to handle this, e.g. by marking the
123
124
  // session as "expired" in the session store, allowing the user to trigger
124
- // a new login (using login_hint/id_token_hint)?
125
+ // a new login (using login_hint)?
125
126
  await this.sessionGetter.delStored(this.sub, new token_invalid_error_js_1.TokenInvalidError(this.sub));
126
127
  }
127
128
  return finalResponse;
128
129
  }
129
130
  }
130
- exports.OAuthAgent = OAuthAgent;
131
+ exports.OAuthSession = OAuthSession;
131
132
  /**
132
133
  * @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}
133
134
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}
@@ -140,4 +141,4 @@ function isInvalidTokenResponse(response) {
140
141
  (wwwAuth.startsWith('Bearer ') || wwwAuth.startsWith('DPoP ')) &&
141
142
  wwwAuth.includes('error="invalid_token"'));
142
143
  }
143
- //# sourceMappingURL=oauth-agent.js.map
144
+ //# sourceMappingURL=oauth-session.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAAA,sCAAoC;AACpC,+CAAsD;AAGtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAWb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAW,EACV,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAQ;QAC3B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,SAAS;YACpC,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAA,WAAK,EAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,WAAW,CAAC,OAAiB;QACxC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC3E,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAiB;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YACzE,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QAElD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AA9HD,oCA8HC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC"}
package/dist/runtime.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { JwtHeader, JwtPayload, Key } from '@atproto/jwk';
1
+ import { Key } from '@atproto/jwk';
2
2
  import { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js';
3
3
  export declare class Runtime {
4
4
  protected implementation: RuntimeImplementation;
@@ -8,15 +8,6 @@ export declare class Runtime {
8
8
  generateKey(algs: string[]): Promise<Key>;
9
9
  sha256(text: string): Promise<string>;
10
10
  generateNonce(length?: number): Promise<string>;
11
- validateIdTokenClaims(token: string, state: string, nonce: string, code?: string, accessToken?: string): Promise<{
12
- header: JwtHeader;
13
- payload: JwtPayload;
14
- }>;
15
- private validateHashClaim;
16
- protected generateHashClaim(source: string, header: {
17
- alg: string;
18
- crv?: string;
19
- }): Promise<string>;
20
11
  generatePKCE(byteLength?: number): Promise<{
21
12
  verifier: string;
22
13
  challenge: string;
@@ -1 +1 @@
1
- {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAI1E,OAAO,EAEL,qBAAqB,EACrB,WAAW,EACZ,MAAM,6BAA6B,CAAA;AAEpC,qBAAa,OAAO;IAIN,SAAS,CAAC,cAAc,EAAE,qBAAqB;IAH3D,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAA;IACvC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAA;gBAET,cAAc,EAAE,qBAAqB;IAU9C,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IAKzC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMrC,aAAa,CAAC,MAAM,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAK3C,qBAAqB,CAChC,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,MAAM,EACb,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC;QACT,MAAM,EAAE,SAAS,CAAA;QACjB,OAAO,EAAE,UAAU,CAAA;KACpB,CAAC;YAoBY,iBAAiB;cAiBf,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE;IAU1B,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM;;;;;IAShC,sBAAsB,CAAC,GAAG,KAAA;IAMvC;;;;;;OAMG;cACa,gBAAgB,CAAC,UAAU,SAAK;CAOjD"}
1
+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAIlC,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAA;AAEhF,qBAAa,OAAO;IAIN,SAAS,CAAC,cAAc,EAAE,qBAAqB;IAH3D,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAA;IACvC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAA;gBAET,cAAc,EAAE,qBAAqB;IAU9C,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IAKzC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMrC,aAAa,CAAC,MAAM,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAK3C,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM;;;;;IAShC,sBAAsB,CAAC,GAAG,KAAA;IAMvC;;;;;;OAMG;cACa,gBAAgB,CAAC,UAAU,SAAK;CAOjD"}
package/dist/runtime.js CHANGED
@@ -1,7 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.Runtime = void 0;
4
- const jwk_1 = require("@atproto/jwk");
5
4
  const base64_1 = require("multiformats/bases/base64");
6
5
  const lock_js_1 = require("./lock.js");
7
6
  class Runtime {
@@ -44,46 +43,6 @@ class Runtime {
44
43
  const bytes = await this.implementation.getRandomValues(length);
45
44
  return base64_1.base64url.baseEncode(bytes);
46
45
  }
47
- async validateIdTokenClaims(token, state, nonce, code, accessToken) {
48
- // It's fine to use unsafeDecodeJwt here because the token was received from
49
- // the server's token endpoint. The following checks are to ensure that the
50
- // oauth flow was indeed initiated by the client.
51
- const { header, payload } = (0, jwk_1.unsafeDecodeJwt)(token);
52
- if (!payload.nonce || payload.nonce !== nonce) {
53
- throw new TypeError('Nonce mismatch');
54
- }
55
- if (payload.c_hash) {
56
- await this.validateHashClaim(payload.c_hash, code, header);
57
- }
58
- if (payload.s_hash) {
59
- await this.validateHashClaim(payload.s_hash, state, header);
60
- }
61
- if (payload.at_hash) {
62
- await this.validateHashClaim(payload.at_hash, accessToken, header);
63
- }
64
- return { header, payload };
65
- }
66
- async validateHashClaim(claim, source, header) {
67
- if (typeof claim !== 'string' || !claim) {
68
- throw new TypeError(`string "_hash" claim expected`);
69
- }
70
- if (typeof source !== 'string' || !source) {
71
- throw new TypeError(`string value expected`);
72
- }
73
- const expected = await this.generateHashClaim(source, header);
74
- if (expected !== claim) {
75
- throw new TypeError(`"_hash" does not match`);
76
- }
77
- }
78
- async generateHashClaim(source, header) {
79
- const algo = getHashAlgo(header);
80
- const bytes = new TextEncoder().encode(source);
81
- const digest = await this.implementation.digest(bytes, algo);
82
- if (digest.length % 2 !== 0)
83
- throw new TypeError('Invalid digest length');
84
- const digestHalf = digest.slice(0, digest.length / 2);
85
- return base64_1.base64url.baseEncode(digestHalf);
86
- }
87
46
  async generatePKCE(byteLength) {
88
47
  const verifier = await this.generateVerifier(byteLength);
89
48
  return {
@@ -113,35 +72,6 @@ class Runtime {
113
72
  }
114
73
  }
115
74
  exports.Runtime = Runtime;
116
- function getHashAlgo(header) {
117
- switch (header.alg) {
118
- case 'HS256':
119
- case 'RS256':
120
- case 'PS256':
121
- case 'ES256':
122
- case 'ES256K':
123
- return { name: 'sha256' };
124
- case 'HS384':
125
- case 'RS384':
126
- case 'PS384':
127
- case 'ES384':
128
- return { name: 'sha384' };
129
- case 'HS512':
130
- case 'RS512':
131
- case 'PS512':
132
- case 'ES512':
133
- return { name: 'sha512' };
134
- case 'EdDSA':
135
- switch (header.crv) {
136
- case 'Ed25519':
137
- return { name: 'sha512' };
138
- default:
139
- throw new TypeError('unrecognized or invalid EdDSA curve provided');
140
- }
141
- default:
142
- throw new TypeError('unrecognized or invalid JWS algorithm provided');
143
- }
144
- }
145
75
  function extractJktComponents(jwk) {
146
76
  const get = (field) => {
147
77
  const value = jwk[field];
@@ -1 +1 @@
1
- {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AAAA,sCAA0E;AAC1E,sDAAqD;AAErD,uCAA4C;AAO5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,KAAa,EACb,KAAa,EACb,KAAa,EACb,IAAa,EACb,WAAoB;QAKpB,4EAA4E;QAC5E,2EAA2E;QAC3E,iDAAiD;QACjD,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,qBAAe,EAAC,KAAK,CAAC,CAAA;QAClD,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YAC9C,MAAM,IAAI,SAAS,CAAC,gBAAgB,CAAC,CAAA;QACvC,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAA;QAC5D,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;QAC7D,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,CAAA;QACpE,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IAC5B,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,KAAc,EACd,MAAe,EACf,MAAqC;QAErC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,+BAA+B,CAAC,CAAA;QACtD,CAAC;QACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1C,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAC7D,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;YACvB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,MAAc,EACd,MAAqC;QAErC,MAAM,IAAI,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;QAChC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QAC5D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QACzE,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACrD,OAAO,kBAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;IACzC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAM;SACf,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AArHD,0BAqHC;AAED,SAAS,WAAW,CAAC,MAAqC;IACxD,QAAQ,MAAM,CAAC,GAAG,EAAE,CAAC;QACnB,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;QAC3B,KAAK,OAAO;YACV,QAAQ,MAAM,CAAC,GAAG,EAAE,CAAC;gBACnB,KAAK,SAAS;oBACZ,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;gBAC3B;oBACE,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAA;YACvE,CAAC;QACH;YACE,MAAM,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAA;IACzE,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC"}
1
+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AACA,sDAAqD;AAErD,uCAA4C;AAG5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAM;SACf,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AA3DD,0BA2DC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC"}
@@ -2,7 +2,6 @@ import { SimpleStore } from '@atproto-labs/simple-store';
2
2
  import { Key } from '@atproto/jwk';
3
3
  export type InternalStateData = {
4
4
  iss: string;
5
- nonce: string;
6
5
  dpopKey: Key;
7
6
  verifier?: string;
8
7
  appState?: string;
@@ -1 +1 @@
1
- {"version":3,"file":"state-store.d.ts","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,GAAG,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA"}
1
+ {"version":3,"file":"state-store.d.ts","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,GAAG,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA"}
package/dist/types.d.ts CHANGED
@@ -7,8 +7,6 @@ export type AuthorizeOptions = {
7
7
  state?: string;
8
8
  signal?: AbortSignal;
9
9
  ui_locales?: string;
10
- id_token_hint?: string;
11
- max_age?: number;
12
10
  };
13
11
  export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<{
14
12
  redirect_uris: z.ZodArray<z.ZodString, "atleastone">;
@@ -95,7 +93,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
95
93
  kty: "RSA";
96
94
  n: string;
97
95
  e: string;
98
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
96
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
99
97
  kid?: string | undefined;
100
98
  ext?: boolean | undefined;
101
99
  use?: "sig" | "enc" | undefined;
@@ -123,7 +121,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
123
121
  kty: "RSA";
124
122
  n: string;
125
123
  e: string;
126
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
124
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
127
125
  kid?: string | undefined;
128
126
  ext?: boolean | undefined;
129
127
  use?: "sig" | "enc" | undefined;
@@ -331,7 +329,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
331
329
  kty: "RSA";
332
330
  n: string;
333
331
  e: string;
334
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
332
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
335
333
  kid?: string | undefined;
336
334
  ext?: boolean | undefined;
337
335
  use?: "sig" | "enc" | undefined;
@@ -426,7 +424,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
426
424
  kty: "RSA";
427
425
  n: string;
428
426
  e: string;
429
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
427
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
430
428
  kid?: string | undefined;
431
429
  ext?: boolean | undefined;
432
430
  use?: "sig" | "enc" | undefined;
@@ -521,7 +519,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
521
519
  kty: "RSA";
522
520
  n: string;
523
521
  e: string;
524
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
522
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
525
523
  kid?: string | undefined;
526
524
  ext?: boolean | undefined;
527
525
  use?: "sig" | "enc" | undefined;
@@ -616,7 +614,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
616
614
  kty: "RSA";
617
615
  n: string;
618
616
  e: string;
619
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
617
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
620
618
  kid?: string | undefined;
621
619
  ext?: boolean | undefined;
622
620
  use?: "sig" | "enc" | undefined;
@@ -711,7 +709,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
711
709
  kty: "RSA";
712
710
  n: string;
713
711
  e: string;
714
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
712
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
715
713
  kid?: string | undefined;
716
714
  ext?: boolean | undefined;
717
715
  use?: "sig" | "enc" | undefined;
@@ -806,7 +804,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
806
804
  kty: "RSA";
807
805
  n: string;
808
806
  e: string;
809
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
807
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
810
808
  kid?: string | undefined;
811
809
  ext?: boolean | undefined;
812
810
  use?: "sig" | "enc" | undefined;
@@ -901,7 +899,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
901
899
  kty: "RSA";
902
900
  n: string;
903
901
  e: string;
904
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
902
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
905
903
  kid?: string | undefined;
906
904
  ext?: boolean | undefined;
907
905
  use?: "sig" | "enc" | undefined;
@@ -996,7 +994,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
996
994
  kty: "RSA";
997
995
  n: string;
998
996
  e: string;
999
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
997
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
1000
998
  kid?: string | undefined;
1001
999
  ext?: boolean | undefined;
1002
1000
  use?: "sig" | "enc" | undefined;
@@ -1093,7 +1091,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
1093
1091
  kty: "RSA";
1094
1092
  n: string;
1095
1093
  e: string;
1096
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
1094
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
1097
1095
  kid?: string | undefined;
1098
1096
  ext?: boolean | undefined;
1099
1097
  use?: "sig" | "enc" | undefined;
@@ -1190,7 +1188,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
1190
1188
  kty: "RSA";
1191
1189
  n: string;
1192
1190
  e: string;
1193
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
1191
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
1194
1192
  kid?: string | undefined;
1195
1193
  ext?: boolean | undefined;
1196
1194
  use?: "sig" | "enc" | undefined;
@@ -1320,7 +1318,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
1320
1318
  kty: "RSA";
1321
1319
  n: string;
1322
1320
  e: string;
1323
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
1321
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
1324
1322
  kid?: string | undefined;
1325
1323
  ext?: boolean | undefined;
1326
1324
  use?: "sig" | "enc" | undefined;
@@ -1447,7 +1445,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
1447
1445
  kty: "RSA";
1448
1446
  n: string;
1449
1447
  e: string;
1450
- alg?: "RS256" | "PS256" | "RS384" | "PS384" | "RS512" | "PS512" | undefined;
1448
+ alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
1451
1449
  kid?: string | undefined;
1452
1450
  ext?: boolean | undefined;
1453
1451
  use?: "sig" | "enc" | undefined;
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,OAAO,CAAC,MAAM,KAAK,CAAA;AAMnB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAA;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAA;IACxD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE/B,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,OAAO,CAAC,MAAM,KAAK,CAAA;AAMnB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAA;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,CAAA;IACxD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE/B,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAqBhB,QAAA,oBAAoB,GAAG,uCAAyB,CAAC,MAAM,CAAC;IACnE,SAAS,EAAE,iCAAmB,CAAC,GAAG,EAAE;CACrC,CAAC,CAAA"}
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAmBhB,QAAA,oBAAoB,GAAG,uCAAyB,CAAC,MAAM,CAAC;IACnE,SAAS,EAAE,iCAAmB,CAAC,GAAG,EAAE;CACrC,CAAC,CAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/oauth-client",
3
- "version": "0.1.7",
3
+ "version": "0.2.0",
4
4
  "license": "MIT",
5
5
  "description": "OAuth client for ATPROTO PDS. This package serves as common base for environment-specific implementations (NodeJS, Browser, React-Native).",
6
6
  "keywords": [
@@ -33,11 +33,10 @@
33
33
  "@atproto-labs/identity-resolver": "0.1.2",
34
34
  "@atproto-labs/simple-store": "0.1.1",
35
35
  "@atproto-labs/simple-store-memory": "0.1.1",
36
- "@atproto/api": "0.13.3",
37
36
  "@atproto/did": "0.1.1",
38
37
  "@atproto/jwk": "0.1.1",
39
- "@atproto/oauth-types": "0.1.3",
40
- "@atproto/xrpc": "0.6.0"
38
+ "@atproto/oauth-types": "0.1.4",
39
+ "@atproto/xrpc": "0.6.1"
41
40
  },
42
41
  "devDependencies": {
43
42
  "typescript": "^5.3.3"
package/src/index.ts CHANGED
@@ -9,8 +9,6 @@ export * from '@atproto-labs/handle-resolver'
9
9
  export * from '@atproto/did'
10
10
  export * from '@atproto/oauth-types'
11
11
 
12
- export * from './oauth-agent.js'
13
- export * from './oauth-atp-agent.js'
14
12
  export * from './oauth-authorization-server-metadata-resolver.js'
15
13
  export * from './oauth-callback-error.js'
16
14
  export * from './oauth-client.js'
@@ -19,6 +17,7 @@ export * from './oauth-resolver-error.js'
19
17
  export * from './oauth-response-error.js'
20
18
  export * from './oauth-server-agent.js'
21
19
  export * from './oauth-server-factory.js'
20
+ export * from './oauth-session.js'
22
21
  export * from './runtime-implementation.js'
23
22
  export * from './session-getter.js'
24
23
  export * from './state-store.js'
@@ -23,8 +23,6 @@ import {
23
23
 
24
24
  import { FALLBACK_ALG } from './constants.js'
25
25
  import { TokenRevokedError } from './errors/token-revoked-error.js'
26
- import { OAuthAgent } from './oauth-agent.js'
27
- import { OAuthAtpAgent } from './oauth-atp-agent.js'
28
26
  import {
29
27
  AuthorizationServerMetadataCache,
30
28
  OAuthAuthorizationServerMetadataResolver,
@@ -37,6 +35,7 @@ import {
37
35
  import { OAuthResolver } from './oauth-resolver.js'
38
36
  import { DpopNonceCache, OAuthServerAgent } from './oauth-server-agent.js'
39
37
  import { OAuthServerFactory } from './oauth-server-factory.js'
38
+ import { OAuthSession } from './oauth-session.js'
40
39
  import { RuntimeImplementation } from './runtime-implementation.js'
41
40
  import { Runtime } from './runtime.js'
42
41
  import {
@@ -262,7 +261,6 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
262
261
  options,
263
262
  )
264
263
 
265
- const nonce = await this.runtime.generateNonce()
266
264
  const pkce = await this.runtime.generatePKCE()
267
265
  const dpopKey = await this.runtime.generateKey(
268
266
  metadata.dpop_signing_alg_values_supported || [FALLBACK_ALG],
@@ -273,17 +271,15 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
273
271
  await this.stateStore.set(state, {
274
272
  iss: metadata.issuer,
275
273
  dpopKey,
276
- nonce,
277
- verifier: pkce?.verifier,
274
+ verifier: pkce.verifier,
278
275
  appState: options?.state,
279
276
  })
280
277
 
281
278
  const parameters = {
282
279
  client_id: this.clientMetadata.client_id,
283
280
  redirect_uri: redirectUri,
284
- code_challenge: pkce?.challenge,
285
- code_challenge_method: pkce?.method,
286
- nonce,
281
+ code_challenge: pkce.challenge,
282
+ code_challenge_method: pkce.method,
287
283
  state,
288
284
  login_hint: identity
289
285
  ? input // If input is a handle or a DID, use it as a login_hint
@@ -296,13 +292,8 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
296
292
  ) ?? 'code',
297
293
 
298
294
  display: options?.display,
299
- id_token_hint: options?.id_token_hint,
300
- max_age: options?.max_age, // this.clientMetadata.default_max_age
301
295
  prompt: options?.prompt,
302
- scope: options?.scope
303
- ?.split(' ')
304
- .filter((s) => metadata.scopes_supported?.includes(s))
305
- .join(' '),
296
+ scope: options?.scope || undefined,
306
297
  ui_locales: options?.ui_locales,
307
298
  }
308
299
 
@@ -362,7 +353,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
362
353
  }
363
354
 
364
355
  async callback(params: URLSearchParams): Promise<{
365
- agent: OAuthAtpAgent
356
+ session: OAuthSession
366
357
  state: string | null
367
358
  }> {
368
359
  const responseJwt = params.get('response')
@@ -435,26 +426,14 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
435
426
 
436
427
  const tokenSet = await server.exchangeCode(codeParam, stateData.verifier)
437
428
  try {
438
- if (tokenSet.id_token) {
439
- await this.runtime.validateIdTokenClaims(
440
- tokenSet.id_token,
441
- stateParam,
442
- stateData.nonce,
443
- codeParam,
444
- tokenSet.access_token,
445
- )
446
- }
447
-
448
- const { sub } = tokenSet
449
-
450
- await this.sessionGetter.setStored(sub, {
429
+ await this.sessionGetter.setStored(tokenSet.sub, {
451
430
  dpopKey: stateData.dpopKey,
452
431
  tokenSet,
453
432
  })
454
433
 
455
- const agent = this.createAgent(server, sub)
434
+ const session = this.createSession(server, tokenSet.sub)
456
435
 
457
- return { agent, state: stateData.appState ?? null }
436
+ return { session, state: stateData.appState ?? null }
458
437
  } catch (err) {
459
438
  await server.revoke(tokenSet.access_token)
460
439
 
@@ -468,12 +447,12 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
468
447
  }
469
448
 
470
449
  /**
471
- * Build an agent from a stored session. This will refresh the token only if
472
- * needed (about to expire) by default.
450
+ * Load a stored session. This will refresh the token only if needed (about to
451
+ * expire) by default.
473
452
  *
474
453
  * @param refresh See {@link SessionGetter.getSession}
475
454
  */
476
- async restore(sub: string, refresh?: boolean): Promise<OAuthAtpAgent> {
455
+ async restore(sub: string, refresh?: boolean): Promise<OAuthSession> {
477
456
  const { dpopKey, tokenSet } = await this.sessionGetter.getSession(
478
457
  sub,
479
458
  refresh,
@@ -484,7 +463,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
484
463
  allowStale: refresh === false,
485
464
  })
486
465
 
487
- return this.createAgent(server, sub)
466
+ return this.createSession(server, sub)
488
467
  }
489
468
 
490
469
  async revoke(sub: string) {
@@ -504,14 +483,7 @@ export class OAuthClient extends CustomEventTarget<OAuthClientEventMap> {
504
483
  }
505
484
  }
506
485
 
507
- createAgent(server: OAuthServerAgent, sub: string): OAuthAtpAgent {
508
- const oauthAgent = new OAuthAgent(
509
- server,
510
- sub,
511
- this.sessionGetter,
512
- this.fetch,
513
- )
514
-
515
- return new OAuthAtpAgent(oauthAgent)
486
+ protected createSession(server: OAuthServerAgent, sub: string): OAuthSession {
487
+ return new OAuthSession(server, sub, this.sessionGetter, this.fetch)
516
488
  }
517
489
  }