@atproto/oauth-client 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/README.md +12 -6
- package/dist/atproto-token-response.d.ts +110 -0
- package/dist/atproto-token-response.d.ts.map +1 -0
- package/dist/atproto-token-response.js +20 -0
- package/dist/atproto-token-response.js.map +1 -0
- package/dist/fetch-dpop.js +1 -2
- package/dist/fetch-dpop.js.map +1 -1
- package/dist/oauth-authorization-server-metadata-resolver.d.ts +6 -2
- package/dist/oauth-authorization-server-metadata-resolver.d.ts.map +1 -1
- package/dist/oauth-authorization-server-metadata-resolver.js +18 -9
- package/dist/oauth-authorization-server-metadata-resolver.js.map +1 -1
- package/dist/oauth-callback-error.d.ts.map +1 -1
- package/dist/oauth-client.d.ts +30 -15
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/oauth-client.js +22 -13
- package/dist/oauth-client.js.map +1 -1
- package/dist/oauth-protected-resource-metadata-resolver.d.ts +5 -1
- package/dist/oauth-protected-resource-metadata-resolver.d.ts.map +1 -1
- package/dist/oauth-protected-resource-metadata-resolver.js +18 -11
- package/dist/oauth-protected-resource-metadata-resolver.js.map +1 -1
- package/dist/oauth-resolver.d.ts +1 -1
- package/dist/oauth-server-agent.d.ts +14 -11
- package/dist/oauth-server-agent.d.ts.map +1 -1
- package/dist/oauth-server-agent.js +66 -47
- package/dist/oauth-server-agent.js.map +1 -1
- package/dist/oauth-session.d.ts +13 -8
- package/dist/oauth-session.d.ts.map +1 -1
- package/dist/oauth-session.js +12 -7
- package/dist/oauth-session.js.map +1 -1
- package/dist/runtime.d.ts +1 -1
- package/dist/runtime.js.map +1 -1
- package/dist/session-getter.d.ts +5 -4
- package/dist/session-getter.d.ts.map +1 -1
- package/dist/session-getter.js +52 -32
- package/dist/session-getter.js.map +1 -1
- package/dist/types.d.ts +98 -102
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/util.d.ts +6 -1
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +56 -2
- package/dist/util.js.map +1 -1
- package/dist/validate-client-metadata.js +1 -2
- package/dist/validate-client-metadata.js.map +1 -1
- package/package.json +7 -7
- package/src/atproto-token-response.ts +22 -0
- package/src/oauth-authorization-server-metadata-resolver.ts +22 -8
- package/src/oauth-client.ts +61 -27
- package/src/oauth-protected-resource-metadata-resolver.ts +22 -12
- package/src/oauth-server-agent.ts +87 -68
- package/src/oauth-session.ts +21 -13
- package/src/runtime.ts +1 -1
- package/src/session-getter.ts +53 -33
- package/src/types.ts +16 -11
- package/src/util.ts +78 -0
- package/tsconfig.build.tsbuildinfo +1 -0
package/dist/oauth-client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,6DAQmC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,sCAA0C;AAC1C,sDAO6B;AAE7B,iDAA6C;AAC7C,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAmEtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,SAAS,GAAG,KAAK,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAzCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACU;;;;;WAA4B;QAC5B;;;;;WAAsB;QA8BvC,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAC5D,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,EACL,EAAE,iBAAiB,EAAE,SAAS,EAAE,CACjC,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,EACL,EAAE,eAAe,EAAE,SAAS,EAAE,CAC/B,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,KAAuB,EAAE;QAE7C,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE;YACrE,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAwC;YACtD,GAAG,OAAO;YAEV,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ;gBAClB,CAAC,CAAC,KAAK,CAAC,wDAAwD;gBAChE,CAAC,CAAC,SAAS;YACb,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa,EAAE,MAAe;YAC9B,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK;SACnD,CAAA;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YACjE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG,EACb,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAEpE,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,GAAW,EACX,UAA4B,MAAM;QAElC,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE;YACxE,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,UAAU,EAAE,IAAI;SACjB,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACzE,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CACrB,MAAwB,EACxB,GAAe;QAEf,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AA9YD,kCA8YC"}
|
|
@@ -3,12 +3,16 @@ import { CachedGetter, GetCachedOptions, SimpleStore } from '@atproto-labs/simpl
|
|
|
3
3
|
import { OAuthProtectedResourceMetadata } from '@atproto/oauth-types';
|
|
4
4
|
export type { GetCachedOptions, OAuthProtectedResourceMetadata };
|
|
5
5
|
export type ProtectedResourceMetadataCache = SimpleStore<string, OAuthProtectedResourceMetadata>;
|
|
6
|
+
export type OAuthProtectedResourceMetadataResolverConfig = {
|
|
7
|
+
allowHttpResource?: boolean;
|
|
8
|
+
};
|
|
6
9
|
/**
|
|
7
10
|
* @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-05}
|
|
8
11
|
*/
|
|
9
12
|
export declare class OAuthProtectedResourceMetadataResolver extends CachedGetter<string, OAuthProtectedResourceMetadata> {
|
|
10
13
|
private readonly fetch;
|
|
11
|
-
|
|
14
|
+
private readonly allowHttpResource;
|
|
15
|
+
constructor(cache: ProtectedResourceMetadataCache, fetch?: Fetch, config?: OAuthProtectedResourceMetadataResolverConfig);
|
|
12
16
|
get(resource: string | URL, options?: GetCachedOptions): Promise<OAuthProtectedResourceMetadata>;
|
|
13
17
|
private fetchMetadata;
|
|
14
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-protected-resource-metadata-resolver.d.ts","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EAIN,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,
|
|
1
|
+
{"version":3,"file":"oauth-protected-resource-metadata-resolver.d.ts","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EAIN,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,EACL,8BAA8B,EAE/B,MAAM,sBAAsB,CAAA;AAG7B,YAAY,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,CAAA;AAEhE,MAAM,MAAM,8BAA8B,GAAG,WAAW,CACtD,MAAM,EACN,8BAA8B,CAC/B,CAAA;AAED,MAAM,MAAM,4CAA4C,GAAG;IACzD,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B,CAAA;AAED;;GAEG;AACH,qBAAa,sCAAuC,SAAQ,YAAY,CACtE,MAAM,EACN,8BAA8B,CAC/B;IACC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgB;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;gBAGzC,KAAK,EAAE,8BAA8B,EACrC,KAAK,GAAE,KAAwB,EAC/B,MAAM,CAAC,EAAE,4CAA4C;IAQjD,GAAG,CACP,QAAQ,EAAE,MAAM,GAAG,GAAG,EACtB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,8BAA8B,CAAC;YAkB5B,aAAa;CA8C5B"}
|
|
@@ -4,12 +4,12 @@ exports.OAuthProtectedResourceMetadataResolver = void 0;
|
|
|
4
4
|
const fetch_1 = require("@atproto-labs/fetch");
|
|
5
5
|
const simple_store_1 = require("@atproto-labs/simple-store");
|
|
6
6
|
const oauth_types_1 = require("@atproto/oauth-types");
|
|
7
|
-
const
|
|
7
|
+
const util_js_1 = require("./util.js");
|
|
8
8
|
/**
|
|
9
9
|
* @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-05}
|
|
10
10
|
*/
|
|
11
11
|
class OAuthProtectedResourceMetadataResolver extends simple_store_1.CachedGetter {
|
|
12
|
-
constructor(cache, fetch = globalThis.fetch) {
|
|
12
|
+
constructor(cache, fetch = globalThis.fetch, config) {
|
|
13
13
|
super(async (origin, options) => this.fetchMetadata(origin, options), cache);
|
|
14
14
|
Object.defineProperty(this, "fetch", {
|
|
15
15
|
enumerable: true,
|
|
@@ -17,24 +17,31 @@ class OAuthProtectedResourceMetadataResolver extends simple_store_1.CachedGetter
|
|
|
17
17
|
writable: true,
|
|
18
18
|
value: void 0
|
|
19
19
|
});
|
|
20
|
+
Object.defineProperty(this, "allowHttpResource", {
|
|
21
|
+
enumerable: true,
|
|
22
|
+
configurable: true,
|
|
23
|
+
writable: true,
|
|
24
|
+
value: void 0
|
|
25
|
+
});
|
|
20
26
|
this.fetch = (0, fetch_1.bindFetch)(fetch);
|
|
27
|
+
this.allowHttpResource = config?.allowHttpResource === true;
|
|
21
28
|
}
|
|
22
29
|
async get(resource, options) {
|
|
23
30
|
const { protocol, origin } = new URL(resource);
|
|
24
|
-
if (protocol
|
|
25
|
-
(
|
|
26
|
-
|
|
31
|
+
if (protocol !== 'https:' && protocol !== 'http:') {
|
|
32
|
+
throw new TypeError(`Invalid protected resource metadata URL protocol: ${protocol}`);
|
|
33
|
+
}
|
|
34
|
+
if (protocol === 'http:' && !this.allowHttpResource) {
|
|
35
|
+
throw new TypeError(`Unsecure resource metadata URL (${protocol}) only allowed in development and test environments`);
|
|
27
36
|
}
|
|
28
|
-
|
|
37
|
+
return super.get(origin, options);
|
|
29
38
|
}
|
|
30
39
|
async fetchMetadata(origin, options) {
|
|
31
|
-
const headers = new Headers([['accept', 'application/json']]);
|
|
32
|
-
if (options?.noCache)
|
|
33
|
-
headers.set('cache-control', 'no-cache');
|
|
34
40
|
const url = new URL(`/.well-known/oauth-protected-resource`, origin);
|
|
35
41
|
const request = new Request(url, {
|
|
36
42
|
signal: options?.signal,
|
|
37
|
-
headers,
|
|
43
|
+
headers: { accept: 'application/json' },
|
|
44
|
+
cache: options?.noCache ? 'no-cache' : undefined,
|
|
38
45
|
redirect: 'manual', // response must be 200 OK
|
|
39
46
|
});
|
|
40
47
|
const response = await this.fetch(request);
|
|
@@ -43,7 +50,7 @@ class OAuthProtectedResourceMetadataResolver extends simple_store_1.CachedGetter
|
|
|
43
50
|
await (0, fetch_1.cancelBody)(response, 'log');
|
|
44
51
|
throw await fetch_1.FetchResponseError.from(response, `Unexpected status code ${response.status} for "${url}"`, undefined, { cause: request });
|
|
45
52
|
}
|
|
46
|
-
if ((0,
|
|
53
|
+
if ((0, util_js_1.contentMime)(response.headers) !== 'application/json') {
|
|
47
54
|
await (0, fetch_1.cancelBody)(response, 'log');
|
|
48
55
|
throw await fetch_1.FetchResponseError.from(response, `Unexpected content type for "${url}"`, undefined, { cause: request });
|
|
49
56
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-protected-resource-metadata-resolver.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata-resolver.ts"],"names":[],"mappings":";;;AAAA,+CAK4B;AAC5B,6DAImC;AACnC,
|
|
1
|
+
{"version":3,"file":"oauth-protected-resource-metadata-resolver.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata-resolver.ts"],"names":[],"mappings":";;;AAAA,+CAK4B;AAC5B,6DAImC;AACnC,sDAG6B;AAC7B,uCAAuC;AAavC;;GAEG;AACH,MAAa,sCAAuC,SAAQ,2BAG3D;IAIC,YACE,KAAqC,EACrC,QAAe,UAAU,CAAC,KAAK,EAC/B,MAAqD;QAErD,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,CAAA;QAR7D;;;;;WAAqB;QACrB;;;;;WAA0B;QASzC,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;QAC7B,IAAI,CAAC,iBAAiB,GAAG,MAAM,EAAE,iBAAiB,KAAK,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,GAAG,CACP,QAAsB,EACtB,OAA0B;QAE1B,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAA;QAE9C,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAClD,MAAM,IAAI,SAAS,CACjB,qDAAqD,QAAQ,EAAE,CAChE,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACpD,MAAM,IAAI,SAAS,CACjB,mCAAmC,QAAQ,qDAAqD,CACjG,CAAA;QACH,CAAC;QAED,OAAO,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,MAAc,EACd,OAA0B;QAE1B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,uCAAuC,EAAE,MAAM,CAAC,CAAA;QACpE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;YAC/B,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;YACvC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YAChD,QAAQ,EAAE,QAAQ,EAAE,0BAA0B;SAC/C,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAE1C,0FAA0F;QAC1F,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAA,kBAAU,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YACjC,MAAM,MAAM,0BAAkB,CAAC,IAAI,CACjC,QAAQ,EACR,0BAA0B,QAAQ,CAAC,MAAM,SAAS,GAAG,GAAG,EACxD,SAAS,EACT,EAAE,KAAK,EAAE,OAAO,EAAE,CACnB,CAAA;QACH,CAAC;QAED,IAAI,IAAA,qBAAW,EAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACzD,MAAM,IAAA,kBAAU,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YACjC,MAAM,MAAM,0BAAkB,CAAC,IAAI,CACjC,QAAQ,EACR,gCAAgC,GAAG,GAAG,EACtC,SAAS,EACT,EAAE,KAAK,EAAE,OAAO,EAAE,CACnB,CAAA;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,kDAAoC,CAAC,KAAK,CACzD,MAAM,QAAQ,CAAC,IAAI,EAAE,CACtB,CAAA;QAED,0FAA0F;QAC1F,IAAI,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CAAC,kBAAkB,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC5D,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;CACF;AArFD,wFAqFC"}
|
package/dist/oauth-resolver.d.ts
CHANGED
|
@@ -30,7 +30,7 @@ export declare class OAuthResolver {
|
|
|
30
30
|
resolveIdentity(input: string, options?: ResolveIdentityOptions): Promise<ResolvedIdentity>;
|
|
31
31
|
getAuthorizationServerMetadata(issuer: string, options?: GetCachedOptions): Promise<OAuthAuthorizationServerMetadata>;
|
|
32
32
|
getResourceServerMetadata(pdsUrl: string | URL, options?: GetCachedOptions): Promise<{
|
|
33
|
-
issuer: string
|
|
33
|
+
issuer: `http://${string}` | `https://${string}`;
|
|
34
34
|
authorization_endpoint: string;
|
|
35
35
|
token_endpoint: string;
|
|
36
36
|
jwks_uri?: string | undefined;
|
|
@@ -1,18 +1,20 @@
|
|
|
1
1
|
import { Fetch, Json } from '@atproto-labs/fetch';
|
|
2
2
|
import { SimpleStore } from '@atproto-labs/simple-store';
|
|
3
|
+
import { AtprotoDid } from '@atproto/did';
|
|
3
4
|
import { Key, Keyset } from '@atproto/jwk';
|
|
4
|
-
import { OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthEndpointName, OAuthParResponse,
|
|
5
|
+
import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthEndpointName, OAuthParResponse, OAuthTokenRequest } from '@atproto/oauth-types';
|
|
6
|
+
import { AtprotoScope, AtprotoTokenResponse } from './atproto-token-response.js';
|
|
5
7
|
import { OAuthResolver } from './oauth-resolver.js';
|
|
6
8
|
import { Runtime } from './runtime.js';
|
|
7
9
|
import { ClientMetadata } from './types.js';
|
|
8
10
|
export type TokenSet = {
|
|
9
11
|
iss: string;
|
|
10
|
-
sub:
|
|
12
|
+
sub: AtprotoDid;
|
|
11
13
|
aud: string;
|
|
12
|
-
scope:
|
|
14
|
+
scope: AtprotoScope;
|
|
13
15
|
refresh_token?: string;
|
|
14
16
|
access_token: string;
|
|
15
|
-
token_type:
|
|
17
|
+
token_type: 'DPoP';
|
|
16
18
|
/** ISO Date */
|
|
17
19
|
expires_at?: string;
|
|
18
20
|
};
|
|
@@ -24,11 +26,12 @@ export declare class OAuthServerAgent {
|
|
|
24
26
|
readonly dpopNonces: DpopNonceCache;
|
|
25
27
|
readonly oauthResolver: OAuthResolver;
|
|
26
28
|
readonly runtime: Runtime;
|
|
27
|
-
readonly keyset?: Keyset
|
|
29
|
+
readonly keyset?: Keyset | undefined;
|
|
28
30
|
protected dpopFetch: Fetch<unknown>;
|
|
29
|
-
constructor(dpopKey: Key, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, dpopNonces: DpopNonceCache, oauthResolver: OAuthResolver, runtime: Runtime, keyset?: Keyset
|
|
31
|
+
constructor(dpopKey: Key, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, dpopNonces: DpopNonceCache, oauthResolver: OAuthResolver, runtime: Runtime, keyset?: Keyset | undefined, fetch?: Fetch);
|
|
32
|
+
get issuer(): `http://${string}` | `https://${string}`;
|
|
30
33
|
revoke(token: string): Promise<void>;
|
|
31
|
-
exchangeCode(code: string,
|
|
34
|
+
exchangeCode(code: string, codeVerifier?: string): Promise<TokenSet>;
|
|
32
35
|
refresh(tokenSet: TokenSet): Promise<TokenSet>;
|
|
33
36
|
/**
|
|
34
37
|
* VERY IMPORTANT ! Always call this to process token responses.
|
|
@@ -37,11 +40,11 @@ export declare class OAuthServerAgent {
|
|
|
37
40
|
* "sub" is a DID, whose issuer authority is indeed the server we just
|
|
38
41
|
* obtained credentials from. This check is a critical step to actually be
|
|
39
42
|
* able to use the "sub" (DID) as being the actual user's identifier.
|
|
43
|
+
*
|
|
44
|
+
* @returns The user's PDS URL (the resource server for the user)
|
|
40
45
|
*/
|
|
41
|
-
|
|
42
|
-
request(endpoint: 'token'
|
|
43
|
-
request(endpoint: 'pushed_authorization_request', payload: Record<string, unknown>): Promise<OAuthParResponse>;
|
|
44
|
-
request(endpoint: OAuthEndpointName, payload: Record<string, unknown>): Promise<Json>;
|
|
46
|
+
protected verifyIssuer(sub: AtprotoDid): Promise<string>;
|
|
47
|
+
request<Endpoint extends OAuthEndpointName>(endpoint: Endpoint, payload: Endpoint extends 'token' ? OAuthTokenRequest : Endpoint extends 'pushed_authorization_request' ? OAuthAuthorizationRequestPar : Record<string, unknown>): Promise<Endpoint extends 'token' ? AtprotoTokenResponse : Endpoint extends 'pushed_authorization_request' ? OAuthParResponse : Json>;
|
|
45
48
|
buildClientAuth(endpoint: OAuthEndpointName): Promise<{
|
|
46
49
|
headers?: Record<string, string>;
|
|
47
50
|
payload: OAuthClientCredentials;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,gCAAgC,EAChC,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,EAChB,
|
|
1
|
+
{"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,4BAA4B,EAC5B,gCAAgC,EAChC,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EACL,YAAY,EACZ,oBAAoB,EAErB,MAAM,6BAA6B,CAAA;AAIpC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAG3C,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,YAAY,CAAA;IAEnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAIzB,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM;IAT1B,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGxB,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,YAAA,EACxB,KAAK,CAAC,EAAE,KAAK;IAaf,IAAI,MAAM,6CAET;IAEK,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpE,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpD;;;;;;;;;OASG;cACa,YAAY,CAAC,GAAG,EAAE,UAAU;IAmBtC,OAAO,CAAC,QAAQ,SAAS,iBAAiB,EAC9C,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,QAAQ,SAAS,OAAO,GAC7B,iBAAiB,GACjB,QAAQ,SAAS,8BAA8B,GAC7C,4BAA4B,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CACR,QAAQ,SAAS,OAAO,GACpB,oBAAoB,GACpB,QAAQ,SAAS,8BAA8B,GAC7C,gBAAgB,GAChB,IAAI,CACX;IA8BK,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAC1D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAChC,OAAO,EAAE,sBAAsB,CAAA;KAChC,CAAC;CA+DH"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
3
3
|
if (value !== null && value !== void 0) {
|
|
4
4
|
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
5
|
-
var dispose;
|
|
5
|
+
var dispose, inner;
|
|
6
6
|
if (async) {
|
|
7
7
|
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
8
8
|
dispose = value[Symbol.asyncDispose];
|
|
@@ -10,8 +10,10 @@ var __addDisposableResource = (this && this.__addDisposableResource) || function
|
|
|
10
10
|
if (dispose === void 0) {
|
|
11
11
|
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
12
12
|
dispose = value[Symbol.dispose];
|
|
13
|
+
if (async) inner = dispose;
|
|
13
14
|
}
|
|
14
15
|
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
16
|
+
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
15
17
|
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
16
18
|
}
|
|
17
19
|
else if (async) {
|
|
@@ -25,17 +27,22 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
|
|
|
25
27
|
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
26
28
|
env.hasError = true;
|
|
27
29
|
}
|
|
30
|
+
var r, s = 0;
|
|
28
31
|
function next() {
|
|
29
|
-
while (env.stack.
|
|
30
|
-
var rec = env.stack.pop();
|
|
32
|
+
while (r = env.stack.pop()) {
|
|
31
33
|
try {
|
|
32
|
-
|
|
33
|
-
if (
|
|
34
|
+
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
35
|
+
if (r.dispose) {
|
|
36
|
+
var result = r.dispose.call(r.value);
|
|
37
|
+
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
38
|
+
}
|
|
39
|
+
else s |= 1;
|
|
34
40
|
}
|
|
35
41
|
catch (e) {
|
|
36
42
|
fail(e);
|
|
37
43
|
}
|
|
38
44
|
}
|
|
45
|
+
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
39
46
|
if (env.hasError) throw env.error;
|
|
40
47
|
}
|
|
41
48
|
return next();
|
|
@@ -48,6 +55,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
48
55
|
exports.OAuthServerAgent = void 0;
|
|
49
56
|
const fetch_1 = require("@atproto-labs/fetch");
|
|
50
57
|
const oauth_types_1 = require("@atproto/oauth-types");
|
|
58
|
+
const atproto_token_response_js_1 = require("./atproto-token-response.js");
|
|
51
59
|
const constants_js_1 = require("./constants.js");
|
|
52
60
|
const token_refresh_error_js_1 = require("./errors/token-refresh-error.js");
|
|
53
61
|
const fetch_dpop_js_1 = require("./fetch-dpop.js");
|
|
@@ -113,6 +121,9 @@ class OAuthServerAgent {
|
|
|
113
121
|
isAuthServer: true,
|
|
114
122
|
});
|
|
115
123
|
}
|
|
124
|
+
get issuer() {
|
|
125
|
+
return this.serverMetadata.issuer;
|
|
126
|
+
}
|
|
116
127
|
async revoke(token) {
|
|
117
128
|
try {
|
|
118
129
|
await this.request('revocation', { token });
|
|
@@ -121,15 +132,32 @@ class OAuthServerAgent {
|
|
|
121
132
|
// Don't care
|
|
122
133
|
}
|
|
123
134
|
}
|
|
124
|
-
async exchangeCode(code,
|
|
135
|
+
async exchangeCode(code, codeVerifier) {
|
|
136
|
+
const now = Date.now();
|
|
125
137
|
const tokenResponse = await this.request('token', {
|
|
126
138
|
grant_type: 'authorization_code',
|
|
127
139
|
redirect_uri: this.clientMetadata.redirect_uris[0],
|
|
128
140
|
code,
|
|
129
|
-
code_verifier:
|
|
141
|
+
code_verifier: codeVerifier,
|
|
130
142
|
});
|
|
131
143
|
try {
|
|
132
|
-
|
|
144
|
+
// /!\ IMPORTANT /!\
|
|
145
|
+
//
|
|
146
|
+
// The tokenResponse MUST always be valid before the "sub" it contains
|
|
147
|
+
// can be trusted (see Atproto's OAuth spec for details).
|
|
148
|
+
const aud = await this.verifyIssuer(tokenResponse.sub);
|
|
149
|
+
return {
|
|
150
|
+
aud,
|
|
151
|
+
sub: tokenResponse.sub,
|
|
152
|
+
iss: this.issuer,
|
|
153
|
+
scope: tokenResponse.scope,
|
|
154
|
+
refresh_token: tokenResponse.refresh_token,
|
|
155
|
+
access_token: tokenResponse.access_token,
|
|
156
|
+
token_type: tokenResponse.token_type,
|
|
157
|
+
expires_at: typeof tokenResponse.expires_in === 'number'
|
|
158
|
+
? new Date(now + tokenResponse.expires_in * 1000).toISOString()
|
|
159
|
+
: undefined,
|
|
160
|
+
};
|
|
133
161
|
}
|
|
134
162
|
catch (err) {
|
|
135
163
|
await this.revoke(tokenResponse.access_token);
|
|
@@ -140,23 +168,32 @@ class OAuthServerAgent {
|
|
|
140
168
|
if (!tokenSet.refresh_token) {
|
|
141
169
|
throw new token_refresh_error_js_1.TokenRefreshError(tokenSet.sub, 'No refresh token available');
|
|
142
170
|
}
|
|
171
|
+
// /!\ IMPORTANT /!\
|
|
172
|
+
//
|
|
173
|
+
// The "sub" MUST be a DID, whose issuer authority is indeed the server we
|
|
174
|
+
// are trying to obtain credentials from. Note that we are doing this
|
|
175
|
+
// *before* we actually try to refresh the token:
|
|
176
|
+
// 1) To avoid unnecessary refresh
|
|
177
|
+
// 2) So that the refresh is the last async operation, ensuring as few
|
|
178
|
+
// async operations happen before the result gets a chance to be stored.
|
|
179
|
+
const aud = await this.verifyIssuer(tokenSet.sub);
|
|
180
|
+
const now = Date.now();
|
|
143
181
|
const tokenResponse = await this.request('token', {
|
|
144
182
|
grant_type: 'refresh_token',
|
|
145
183
|
refresh_token: tokenSet.refresh_token,
|
|
146
184
|
});
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
}
|
|
185
|
+
return {
|
|
186
|
+
aud,
|
|
187
|
+
sub: tokenSet.sub,
|
|
188
|
+
iss: this.issuer,
|
|
189
|
+
scope: tokenResponse.scope,
|
|
190
|
+
refresh_token: tokenResponse.refresh_token,
|
|
191
|
+
access_token: tokenResponse.access_token,
|
|
192
|
+
token_type: tokenResponse.token_type,
|
|
193
|
+
expires_at: typeof tokenResponse.expires_in === 'number'
|
|
194
|
+
? new Date(now + tokenResponse.expires_in * 1000).toISOString()
|
|
195
|
+
: undefined,
|
|
196
|
+
};
|
|
160
197
|
}
|
|
161
198
|
/**
|
|
162
199
|
* VERY IMPORTANT ! Always call this to process token responses.
|
|
@@ -165,43 +202,25 @@ class OAuthServerAgent {
|
|
|
165
202
|
* "sub" is a DID, whose issuer authority is indeed the server we just
|
|
166
203
|
* obtained credentials from. This check is a critical step to actually be
|
|
167
204
|
* able to use the "sub" (DID) as being the actual user's identifier.
|
|
205
|
+
*
|
|
206
|
+
* @returns The user's PDS URL (the resource server for the user)
|
|
168
207
|
*/
|
|
169
|
-
async
|
|
208
|
+
async verifyIssuer(sub) {
|
|
170
209
|
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
171
210
|
try {
|
|
172
|
-
const { sub } = tokenResponse;
|
|
173
|
-
if (!sub || typeof sub !== 'string') {
|
|
174
|
-
throw new TypeError(`Unexpected ${typeof sub} "sub" in token response`);
|
|
175
|
-
}
|
|
176
|
-
// Using an array to check for the presence of the "atproto" scope (we don't
|
|
177
|
-
// want atproto to be a substring of another scope)
|
|
178
|
-
const scopes = tokenResponse.scope?.split(' ');
|
|
179
|
-
if (!scopes?.includes('atproto')) {
|
|
180
|
-
throw new TypeError('Missing "atproto" scope in token response');
|
|
181
|
-
}
|
|
182
|
-
// @TODO (?) make timeout configurable
|
|
183
211
|
const signal = __addDisposableResource(env_1, (0, util_js_1.timeoutSignal)(10e3), false);
|
|
184
212
|
const resolved = await this.oauthResolver.resolveFromIdentity(sub, {
|
|
213
|
+
noCache: true,
|
|
214
|
+
allowStale: false,
|
|
185
215
|
signal,
|
|
186
216
|
});
|
|
187
|
-
if (this.
|
|
217
|
+
if (this.issuer !== resolved.metadata.issuer) {
|
|
188
218
|
// Best case scenario; the user switched PDS. Worst case scenario; a bad
|
|
189
219
|
// actor is trying to impersonate a user. In any case, we must not allow
|
|
190
220
|
// this token to be used.
|
|
191
221
|
throw new TypeError('Issuer mismatch');
|
|
192
222
|
}
|
|
193
|
-
return
|
|
194
|
-
aud: resolved.identity.pds.href,
|
|
195
|
-
iss: resolved.metadata.issuer,
|
|
196
|
-
sub,
|
|
197
|
-
scope: tokenResponse.scope,
|
|
198
|
-
refresh_token: tokenResponse.refresh_token,
|
|
199
|
-
access_token: tokenResponse.access_token,
|
|
200
|
-
token_type: tokenResponse.token_type ?? 'Bearer',
|
|
201
|
-
expires_at: typeof tokenResponse.expires_in === 'number'
|
|
202
|
-
? new Date(Date.now() + tokenResponse.expires_in * 1000).toISOString()
|
|
203
|
-
: undefined,
|
|
204
|
-
};
|
|
223
|
+
return resolved.identity.pds.href;
|
|
205
224
|
}
|
|
206
225
|
catch (e_1) {
|
|
207
226
|
env_1.error = e_1;
|
|
@@ -224,7 +243,7 @@ class OAuthServerAgent {
|
|
|
224
243
|
if (response.ok) {
|
|
225
244
|
switch (endpoint) {
|
|
226
245
|
case 'token':
|
|
227
|
-
return
|
|
246
|
+
return atproto_token_response_js_1.atprotoTokenResponseSchema.parse(json);
|
|
228
247
|
case 'pushed_authorization_request':
|
|
229
248
|
return oauth_types_1.oauthParResponseSchema.parse(json);
|
|
230
249
|
default:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAgF;AAIhF,sDAS6B;AAE7B,2EAIoC;AACpC,iDAA6C;AAC7C,4EAAmE;AACnE,mDAAkD;AAElD,uEAA8D;AAG9D,uCAAyC;AAiBzC,MAAa,gBAAgB;IAG3B,YACW,OAAY,EACZ,cAAgD,EAChD,cAA8B,EAC9B,UAA0B,EAC1B,aAA4B,EAC5B,OAAgB,EAChB,MAAe,EACxB,KAAa;QAPb;;;;mBAAS,OAAO;WAAK;QACrB;;;;mBAAS,cAAc;WAAkC;QACzD;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,UAAU;WAAgB;QACnC;;;;mBAAS,aAAa;WAAe;QACrC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,MAAM;WAAS;QAThB;;;;;WAAyB;QAYjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,cAAc,CAAC,SAAS;YAC7B,GAAG,EAAE,OAAO;YACZ,aAAa,EAAE,cAAc,CAAC,iCAAiC;YAC/D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,YAAqB;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAE;YACnD,IAAI;YACJ,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,oBAAoB;YACpB,EAAE;YACF,sEAAsE;YACtE,yDAAyD;YACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAEtD,OAAO;gBACL,GAAG;gBACH,GAAG,EAAE,aAAa,CAAC,GAAG;gBACtB,GAAG,EAAE,IAAI,CAAC,MAAM;gBAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,UAAU,EAAE,aAAa,CAAC,UAAU;gBAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBAC/D,CAAC,CAAC,SAAS;aAChB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;QACzE,CAAC;QAED,oBAAoB;QACpB,EAAE;QACF,0EAA0E;QAC1E,qEAAqE;QACrE,iDAAiD;QACjD,kCAAkC;QAClC,sEAAsE;QACtE,2EAA2E;QAC3E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QAEjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC,CAAA;QAEF,OAAO;YACL,GAAG;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,IAAI,CAAC,MAAM;YAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,UAAU,EAAE,aAAa,CAAC,UAAU;YAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;gBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;gBAC/D,CAAC,CAAC,SAAS;SAChB,CAAA;IACH,CAAC;IAED;;;;;;;;;OASG;IACO,KAAK,CAAC,YAAY,CAAC,GAAe;;;YAC1C,MAAM,MAAM,kCAAG,IAAA,uBAAa,EAAC,IAAI,CAAC,QAAA,CAAA;YAElC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE;gBACjE,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,KAAK;gBACjB,MAAM;aACP,CAAC,CAAA;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7C,wEAAwE;gBACxE,wEAAwE;gBACxE,yBAAyB;gBACzB,MAAM,IAAI,SAAS,CAAC,iBAAiB,CAAC,CAAA;YACxC,CAAC;YAED,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAA;;;;;;;;;KAClC;IAgBD,KAAK,CAAC,OAAO,CACX,QAA2B,EAC3B,OAAgC;QAEhC,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,qBAAqB,CAAC,CAAA;QAE9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QAEjD,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtD,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAkB,GAAE,CAAC,CAAA;QAE7B,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,OAAO;oBACV,OAAO,sDAA0B,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC/C,KAAK,8BAA8B;oBACjC,OAAO,oCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC3C;oBACE,OAAO,IAAI,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAA2B;QAI/C,MAAM,eAAe,GACnB,IAAI,CAAC,cAAc,CAAC,uCAAuC,CAAC,CAAA;QAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAA;QAEhE,IACE,MAAM,KAAK,iBAAiB;YAC5B,CAAC,IAAI,CAAC,MAAM;gBACV,CAAC,MAAM;gBACP,CAAC,eAAe,EAAE,QAAQ,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,CAAC,EAC1D,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;YAExD,IAAI,CAAC;gBACH,MAAM,GAAG,GACP,IAAI,CAAC,cAAc,CACjB,kDAAkD,CACnD,IAAI,2BAAY,CAAA;gBAEnB,wEAAwE;gBACxE,wEAAwE;gBACxE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI;qBACvC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC;qBACrB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAA;gBAEpD,OAAO;oBACL,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;wBACxC,qBAAqB,EAAE,8CAAgC;wBACvD,gBAAgB,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAC3C,EAAE,GAAG,EAAE,GAAG,EAAE,EACZ;4BACE,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;4BAClC,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM;4BAC/B,GAAG,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;4BACvC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;yBACnC,CACF;qBACF;iBACF,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,MAAM,KAAK,iBAAiB;oBAAE,MAAM,GAAG,CAAA;gBAE3C,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,IACE,MAAM,KAAK,MAAM;YACjB,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,EACxD,CAAC;YACD,OAAO;gBACL,OAAO,EAAE;oBACP,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;iBACzC;aACF,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,eAAe,QAAQ,wBAAwB,CAAC,CAAA;IAClE,CAAC;CACF;AA5PD,4CA4PC"}
|
package/dist/oauth-session.d.ts
CHANGED
|
@@ -1,28 +1,33 @@
|
|
|
1
1
|
import { Fetch } from '@atproto-labs/fetch';
|
|
2
|
+
import { AtprotoDid } from '@atproto/did';
|
|
2
3
|
import { OAuthAuthorizationServerMetadata } from '@atproto/oauth-types';
|
|
4
|
+
import { AtprotoScope } from './atproto-token-response.js';
|
|
3
5
|
import { OAuthServerAgent, TokenSet } from './oauth-server-agent.js';
|
|
4
6
|
import { SessionGetter } from './session-getter.js';
|
|
5
7
|
export type TokenInfo = {
|
|
6
8
|
expiresAt?: Date;
|
|
7
9
|
expired?: boolean;
|
|
8
|
-
scope
|
|
10
|
+
scope: AtprotoScope;
|
|
9
11
|
iss: string;
|
|
10
12
|
aud: string;
|
|
11
|
-
sub:
|
|
13
|
+
sub: AtprotoDid;
|
|
12
14
|
};
|
|
13
15
|
export declare class OAuthSession {
|
|
14
16
|
readonly server: OAuthServerAgent;
|
|
15
|
-
readonly sub:
|
|
17
|
+
readonly sub: AtprotoDid;
|
|
16
18
|
private readonly sessionGetter;
|
|
17
19
|
protected dpopFetch: Fetch<unknown>;
|
|
18
|
-
constructor(server: OAuthServerAgent, sub:
|
|
19
|
-
get did():
|
|
20
|
+
constructor(server: OAuthServerAgent, sub: AtprotoDid, sessionGetter: SessionGetter, fetch?: Fetch);
|
|
21
|
+
get did(): AtprotoDid;
|
|
20
22
|
get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata>;
|
|
21
23
|
/**
|
|
22
|
-
* @param refresh
|
|
24
|
+
* @param refresh When `true`, the credentials will be refreshed even if they
|
|
25
|
+
* are not expired. When `false`, the credentials will not be refreshed even
|
|
26
|
+
* if they are expired. When `undefined`, the credentials will be refreshed
|
|
27
|
+
* if, and only if, they are (about to be) expired. Defaults to `undefined`.
|
|
23
28
|
*/
|
|
24
|
-
getTokenSet(refresh
|
|
25
|
-
getTokenInfo(refresh?: boolean): Promise<TokenInfo>;
|
|
29
|
+
protected getTokenSet(refresh: boolean | 'auto'): Promise<TokenSet>;
|
|
30
|
+
getTokenInfo(refresh?: boolean | 'auto'): Promise<TokenInfo>;
|
|
26
31
|
signOut(): Promise<void>;
|
|
27
32
|
fetchHandler(pathname: string, init?: RequestInit): Promise<Response>;
|
|
28
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AAEvE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAI1D,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;CAChB,CAAA;AAED,qBAAa,YAAY;aAIL,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,UAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,EACd,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAajC,IAAI,GAAG,IAAI,UAAU,CAEpB;IAED,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAED;;;;;OAKG;cACa,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IASnE,YAAY,CAAC,OAAO,GAAE,OAAO,GAAG,MAAe,GAAG,OAAO,CAAC,SAAS,CAAC;IAmBpE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2D5E"}
|
package/dist/oauth-session.js
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.OAuthSession = void 0;
|
|
4
|
-
const did_1 = require("@atproto/did");
|
|
5
4
|
const fetch_1 = require("@atproto-labs/fetch");
|
|
6
5
|
const token_invalid_error_js_1 = require("./errors/token-invalid-error.js");
|
|
7
6
|
const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
|
|
@@ -44,19 +43,25 @@ class OAuthSession {
|
|
|
44
43
|
});
|
|
45
44
|
}
|
|
46
45
|
get did() {
|
|
47
|
-
return
|
|
46
|
+
return this.sub;
|
|
48
47
|
}
|
|
49
48
|
get serverMetadata() {
|
|
50
49
|
return this.server.serverMetadata;
|
|
51
50
|
}
|
|
52
51
|
/**
|
|
53
|
-
* @param refresh
|
|
52
|
+
* @param refresh When `true`, the credentials will be refreshed even if they
|
|
53
|
+
* are not expired. When `false`, the credentials will not be refreshed even
|
|
54
|
+
* if they are expired. When `undefined`, the credentials will be refreshed
|
|
55
|
+
* if, and only if, they are (about to be) expired. Defaults to `undefined`.
|
|
54
56
|
*/
|
|
55
57
|
async getTokenSet(refresh) {
|
|
56
|
-
const { tokenSet } = await this.sessionGetter.
|
|
58
|
+
const { tokenSet } = await this.sessionGetter.get(this.sub, {
|
|
59
|
+
noCache: refresh === true,
|
|
60
|
+
allowStale: refresh === false,
|
|
61
|
+
});
|
|
57
62
|
return tokenSet;
|
|
58
63
|
}
|
|
59
|
-
async getTokenInfo(refresh) {
|
|
64
|
+
async getTokenInfo(refresh = 'auto') {
|
|
60
65
|
const tokenSet = await this.getTokenSet(refresh);
|
|
61
66
|
const expiresAt = tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at);
|
|
62
67
|
return {
|
|
@@ -74,7 +79,7 @@ class OAuthSession {
|
|
|
74
79
|
}
|
|
75
80
|
async signOut() {
|
|
76
81
|
try {
|
|
77
|
-
const
|
|
82
|
+
const tokenSet = await this.getTokenSet(false);
|
|
78
83
|
await this.server.revoke(tokenSet.access_token);
|
|
79
84
|
}
|
|
80
85
|
finally {
|
|
@@ -83,7 +88,7 @@ class OAuthSession {
|
|
|
83
88
|
}
|
|
84
89
|
async fetchHandler(pathname, init) {
|
|
85
90
|
// This will try and refresh the token if it is known to be expired
|
|
86
|
-
const tokenSet = await this.getTokenSet(
|
|
91
|
+
const tokenSet = await this.getTokenSet('auto');
|
|
87
92
|
const initialUrl = new URL(pathname, tokenSet.aud);
|
|
88
93
|
const initialAuth = `${tokenSet.token_type} ${tokenSet.access_token}`;
|
|
89
94
|
const headers = new Headers(init?.headers);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAAA
|
|
1
|
+
{"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAAA,+CAAsD;AAKtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAWb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAe,EACd,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAY;QAC/B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,SAAS;YACpC,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,WAAW,CAAC,OAAyB;QACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE;YAC1D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAA4B,MAAM;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AArID,oCAqIC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC"}
|
package/dist/runtime.d.ts
CHANGED