@atproto/oauth-client 0.3.21 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/dist/errors/auth-method-unsatisfiable-error.d.ts +3 -0
- package/dist/errors/auth-method-unsatisfiable-error.d.ts.map +1 -0
- package/dist/errors/auth-method-unsatisfiable-error.js +7 -0
- package/dist/errors/auth-method-unsatisfiable-error.js.map +1 -0
- package/dist/fetch-dpop.d.ts +1 -2
- package/dist/fetch-dpop.d.ts.map +1 -1
- package/dist/fetch-dpop.js +4 -5
- package/dist/fetch-dpop.js.map +1 -1
- package/dist/oauth-client-auth.d.ts +23 -0
- package/dist/oauth-client-auth.d.ts.map +1 -0
- package/dist/oauth-client-auth.js +131 -0
- package/dist/oauth-client-auth.js.map +1 -0
- package/dist/oauth-client.d.ts +4 -4
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/oauth-client.js +26 -13
- package/dist/oauth-client.js.map +1 -1
- package/dist/oauth-resolver.d.ts +1 -1
- package/dist/oauth-server-agent.d.ts +8 -6
- package/dist/oauth-server-agent.d.ts.map +1 -1
- package/dist/oauth-server-agent.js +19 -51
- package/dist/oauth-server-agent.js.map +1 -1
- package/dist/oauth-server-factory.d.ts +15 -2
- package/dist/oauth-server-factory.d.ts.map +1 -1
- package/dist/oauth-server-factory.js +23 -4
- package/dist/oauth-server-factory.js.map +1 -1
- package/dist/oauth-session.d.ts.map +1 -1
- package/dist/oauth-session.js +0 -1
- package/dist/oauth-session.js.map +1 -1
- package/dist/session-getter.d.ts +5 -0
- package/dist/session-getter.d.ts.map +1 -1
- package/dist/session-getter.js +24 -11
- package/dist/session-getter.js.map +1 -1
- package/dist/state-store.d.ts +3 -0
- package/dist/state-store.d.ts.map +1 -1
- package/dist/types.d.ts +8 -8
- package/dist/types.d.ts.map +1 -1
- package/dist/validate-client-metadata.d.ts.map +1 -1
- package/dist/validate-client-metadata.js +32 -26
- package/dist/validate-client-metadata.js.map +1 -1
- package/package.json +4 -4
- package/src/errors/auth-method-unsatisfiable-error.ts +1 -0
- package/src/fetch-dpop.ts +2 -6
- package/src/oauth-client-auth.ts +182 -0
- package/src/oauth-client.ts +50 -12
- package/src/oauth-server-agent.ts +19 -72
- package/src/oauth-server-factory.ts +37 -2
- package/src/oauth-session.ts +0 -1
- package/src/session-getter.ts +43 -10
- package/src/state-store.ts +3 -0
- package/src/validate-client-metadata.ts +40 -27
- package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,30 @@
|
|
|
1
1
|
# @atproto/oauth-client
|
|
2
2
|
|
|
3
|
+
## 0.4.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#3847](https://github.com/bluesky-social/atproto/pull/3847) [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Bind the OAuth session to the kid that was used to authenticate the client (private_key_jwt)
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- [#3847](https://github.com/bluesky-social/atproto/pull/3847) [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add missing `exp` claim in client attestation JWT
|
|
12
|
+
|
|
13
|
+
- Updated dependencies [[`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6)]:
|
|
14
|
+
- @atproto/oauth-types@0.3.0
|
|
15
|
+
- @atproto/jwk@0.3.0
|
|
16
|
+
|
|
17
|
+
## 0.3.22
|
|
18
|
+
|
|
19
|
+
### Patch Changes
|
|
20
|
+
|
|
21
|
+
- [#3933](https://github.com/bluesky-social/atproto/pull/3933) [`192f3ab89`](https://github.com/bluesky-social/atproto/commit/192f3ab89c943216683541f42cc1332e9c305eee) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Use resolved handle or did instead of raw input as "login_hint"
|
|
22
|
+
|
|
23
|
+
- [#3926](https://github.com/bluesky-social/atproto/pull/3926) [`4e96e2c7b`](https://github.com/bluesky-social/atproto/commit/4e96e2c7b7cc0231607d3065c95704069c4ca2a2) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove `iss` claim from DPoP proofs
|
|
24
|
+
|
|
25
|
+
- Updated dependencies [[`192f3ab89`](https://github.com/bluesky-social/atproto/commit/192f3ab89c943216683541f42cc1332e9c305eee)]:
|
|
26
|
+
- @atproto-labs/identity-resolver@0.1.18
|
|
27
|
+
|
|
3
28
|
## 0.3.21
|
|
4
29
|
|
|
5
30
|
### Patch Changes
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method-unsatisfiable-error.d.ts","sourceRoot":"","sources":["../../src/errors/auth-method-unsatisfiable-error.ts"],"names":[],"mappings":"AAAA,qBAAa,4BAA6B,SAAQ,KAAK;CAAG"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthMethodUnsatisfiableError = void 0;
|
|
4
|
+
class AuthMethodUnsatisfiableError extends Error {
|
|
5
|
+
}
|
|
6
|
+
exports.AuthMethodUnsatisfiableError = AuthMethodUnsatisfiableError;
|
|
7
|
+
//# sourceMappingURL=auth-method-unsatisfiable-error.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method-unsatisfiable-error.js","sourceRoot":"","sources":["../../src/errors/auth-method-unsatisfiable-error.ts"],"names":[],"mappings":";;;AAAA,MAAa,4BAA6B,SAAQ,KAAK;CAAG;AAA1D,oEAA0D"}
|
package/dist/fetch-dpop.d.ts
CHANGED
|
@@ -3,7 +3,6 @@ import { Fetch, FetchContext } from '@atproto-labs/fetch';
|
|
|
3
3
|
import { SimpleStore } from '@atproto-labs/simple-store';
|
|
4
4
|
export type DpopFetchWrapperOptions<C = FetchContext> = {
|
|
5
5
|
key: Key;
|
|
6
|
-
iss: string;
|
|
7
6
|
nonces: SimpleStore<string, string>;
|
|
8
7
|
supportedAlgs?: string[];
|
|
9
8
|
sha256?: (input: string) => Promise<string>;
|
|
@@ -17,5 +16,5 @@ export type DpopFetchWrapperOptions<C = FetchContext> = {
|
|
|
17
16
|
isAuthServer?: boolean;
|
|
18
17
|
fetch?: Fetch<C>;
|
|
19
18
|
};
|
|
20
|
-
export declare function dpopFetchWrapper<C = FetchContext>({ key,
|
|
19
|
+
export declare function dpopFetchWrapper<C = FetchContext>({ key, supportedAlgs, nonces, sha256, isAuthServer, fetch, }: DpopFetchWrapperOptions<C>): Fetch<C>;
|
|
21
20
|
//# sourceMappingURL=fetch-dpop.d.ts.map
|
package/dist/fetch-dpop.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch-dpop.d.ts","sourceRoot":"","sources":["../src/fetch-dpop.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAwB,MAAM,qBAAqB,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AASxD,MAAM,MAAM,uBAAuB,CAAC,CAAC,GAAG,YAAY,IAAI;IACtD,GAAG,EAAE,GAAG,CAAA;IACR,
|
|
1
|
+
{"version":3,"file":"fetch-dpop.d.ts","sourceRoot":"","sources":["../src/fetch-dpop.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAwB,MAAM,qBAAqB,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AASxD,MAAM,MAAM,uBAAuB,CAAC,CAAC,GAAG,YAAY,IAAI;IACtD,GAAG,EAAE,GAAG,CAAA;IACR,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAE3C;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAA;CACjB,CAAA;AAED,wBAAgB,gBAAgB,CAAC,CAAC,GAAG,YAAY,EAAE,EACjD,GAAG,EAEH,aAAa,EACb,MAAM,EACN,MAAiE,EACjE,YAAY,EACZ,KAAwB,GACzB,EAAE,uBAAuB,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAsGvC"}
|
package/dist/fetch-dpop.js
CHANGED
|
@@ -6,7 +6,7 @@ const fetch_1 = require("@atproto-labs/fetch");
|
|
|
6
6
|
// "undefined" in non https environments or environments without crypto
|
|
7
7
|
const subtle = globalThis.crypto?.subtle;
|
|
8
8
|
const ReadableStream = globalThis.ReadableStream;
|
|
9
|
-
function dpopFetchWrapper({ key,
|
|
9
|
+
function dpopFetchWrapper({ key,
|
|
10
10
|
// @TODO we should provide a default based on specs
|
|
11
11
|
supportedAlgs, nonces, sha256 = typeof subtle !== 'undefined' ? subtleSha256 : undefined, isAuthServer, fetch = globalThis.fetch, }) {
|
|
12
12
|
if (!sha256) {
|
|
@@ -32,7 +32,7 @@ supportedAlgs, nonces, sha256 = typeof subtle !== 'undefined' ? subtleSha256 : u
|
|
|
32
32
|
catch {
|
|
33
33
|
// Ignore get errors, we will just not send a nonce
|
|
34
34
|
}
|
|
35
|
-
const initProof = await buildProof(key, alg,
|
|
35
|
+
const initProof = await buildProof(key, alg, htm, htu, initNonce, ath);
|
|
36
36
|
request.headers.set('DPoP', initProof);
|
|
37
37
|
const initResponse = await fetch.call(this, request);
|
|
38
38
|
// Make sure the response body is consumed. Either by the caller (when the
|
|
@@ -70,7 +70,7 @@ supportedAlgs, nonces, sha256 = typeof subtle !== 'undefined' ? subtleSha256 : u
|
|
|
70
70
|
// We will now retry the request with the fresh nonce.
|
|
71
71
|
// The initial response body must be consumed (see cancelBody's doc).
|
|
72
72
|
await (0, fetch_1.cancelBody)(initResponse, 'log');
|
|
73
|
-
const nextProof = await buildProof(key, alg,
|
|
73
|
+
const nextProof = await buildProof(key, alg, htm, htu, nextNonce, ath);
|
|
74
74
|
const nextRequest = new Request(input, init);
|
|
75
75
|
nextRequest.headers.set('DPoP', nextProof);
|
|
76
76
|
const retryRequest = await fetch.call(this, nextRequest);
|
|
@@ -105,7 +105,7 @@ function buildHtu(url) {
|
|
|
105
105
|
: Math.min(fragmentIndex, queryIndex);
|
|
106
106
|
return end === -1 ? url : url.slice(0, end);
|
|
107
107
|
}
|
|
108
|
-
async function buildProof(key, alg,
|
|
108
|
+
async function buildProof(key, alg, htm, htu, nonce, ath) {
|
|
109
109
|
const jwk = key.bareJwk;
|
|
110
110
|
if (!jwk) {
|
|
111
111
|
throw new Error('Only asymmetric keys can be used as DPoP proofs');
|
|
@@ -118,7 +118,6 @@ async function buildProof(key, alg, iss, htm, htu, nonce, ath) {
|
|
|
118
118
|
typ: 'dpop+jwt',
|
|
119
119
|
jwk,
|
|
120
120
|
}, {
|
|
121
|
-
iss,
|
|
122
121
|
iat: now,
|
|
123
122
|
// Any collision will cause the request to be rejected by the server. no biggie.
|
|
124
123
|
jti: Math.random().toString(36).slice(2),
|
package/dist/fetch-dpop.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch-dpop.js","sourceRoot":"","sources":["../src/fetch-dpop.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"fetch-dpop.js","sourceRoot":"","sources":["../src/fetch-dpop.ts"],"names":[],"mappings":";;AA6BA,4CA8GC;AA3ID,sDAAqD;AAErD,+CAA+E;AAG/E,uEAAuE;AACvE,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,MAAkC,CAAA;AAEpE,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAmBb,SAAgB,gBAAgB,CAAmB,EACjD,GAAG;AACH,mDAAmD;AACnD,aAAa,EACb,MAAM,EACN,MAAM,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,EACjE,YAAY,EACZ,KAAK,GAAG,UAAU,CAAC,KAAK,GACG;IAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CACjB,uFAAuF,CACxF,CAAA;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAE5C,OAAO,KAAK,WAAoB,KAAK,EAAE,IAAI;QACzC,MAAM,OAAO,GACX,IAAI,IAAI,IAAI,IAAI,KAAK,YAAY,OAAO;YACtC,CAAC,CAAC,KAAK;YACP,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QAE9B,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;QAChE,MAAM,GAAG,GAAG,mBAAmB,EAAE,UAAU,CAAC,OAAO,CAAC;YAClD,CAAC,CAAC,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEvC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAA;QAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEjC,IAAI,SAA6B,CAAA;QACjC,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;QACtE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QAEtC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAEpD,0EAA0E;QAC1E,iEAAiE;QAEjE,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QACxD,IAAI,CAAC,SAAS,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC1C,yEAAyE;YACzE,gDAAgD;YAChD,OAAO,YAAY,CAAA;QACrB,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;QACzE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,6DAA6D;YAC7D,OAAO,YAAY,CAAA;QACrB,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,2EAA2E;QAC3E,6EAA6E;QAE7E,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YACtB,oEAAoE;YACpE,OAAO,YAAY,CAAA;QACrB,CAAC;QAED,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,2DAA2D;YAC3D,OAAO,YAAY,CAAA;QACrB,CAAC;QAED,sDAAsD;QAEtD,qEAAqE;QACrE,MAAM,IAAA,kBAAU,EAAC,YAAY,EAAE,KAAK,CAAC,CAAA;QAErC,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;QACtE,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QAC5C,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QAE1C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACxD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QACzD,IAAI,CAAC,UAAU,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC5C,yEAAyE;YACzE,gDAAgD;YAChD,OAAO,YAAY,CAAA;QACrB,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;QAED,OAAO,YAAY,CAAA;IACrB,CAAC,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACtC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,MAAM,GAAG,GACP,aAAa,KAAK,CAAC,CAAC;QAClB,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;IAE3C,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;AAC7C,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,GAAQ,EACR,GAAW,EACX,GAAW,EACX,GAAW,EACX,KAAc,EACd,GAAY;IAEZ,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAA;IACvB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;IACpE,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAA;IAExC,OAAO,GAAG,CAAC,SAAS;IAClB,4DAA4D;IAC5D;QACE,GAAG;QACH,GAAG,EAAE,UAAU;QACf,GAAG;KACJ,EACD;QACE,GAAG,EAAE,GAAG;QACR,gFAAgF;QAChF,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACxC,GAAG;QACH,GAAG;QACH,KAAK;QACL,GAAG;KACJ,CACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,QAAkB,EAClB,YAAsB;IAEtB,0DAA0D;IAC1D,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;YACxD,IAAI,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,OAAO,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAA;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QACxD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAA,gBAAQ,EAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,CAAC,CAAA;gBAChD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,gBAAgB,CAAA;YACzE,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;gBAClE,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,YAAY,CAAC,GAAQ,EAAE,aAAmC;IACjE,IAAI,aAAa,EAAE,CAAC;QAClB,2CAA2C;QAC3C,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;QACjE,IAAI,GAAG;YAAE,OAAO,GAAG,CAAA;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,UAAU,CAAA;QAC5B,IAAI,GAAG;YAAE,OAAO,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAA;AACvE,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAa;IACvC,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAA;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;IACpD,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,OAAO,kBAAS,CAAC,UAAU,CAAC,WAAW,CAAC,CAAA;AAC1C,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { Keyset } from '@atproto/jwk';
|
|
2
|
+
import { OAuthAuthorizationServerMetadata, OAuthClientCredentials } from '@atproto/oauth-types';
|
|
3
|
+
import { Runtime } from './runtime.js';
|
|
4
|
+
import { ClientMetadata } from './types.js';
|
|
5
|
+
import { Awaitable } from './util.js';
|
|
6
|
+
export type ClientAuthMethod = {
|
|
7
|
+
method: 'none';
|
|
8
|
+
} | {
|
|
9
|
+
method: 'private_key_jwt';
|
|
10
|
+
kid: string;
|
|
11
|
+
};
|
|
12
|
+
export declare function negotiateClientAuthMethod(serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, keyset?: Keyset): ClientAuthMethod;
|
|
13
|
+
export type ClientCredentialsFactory = () => Awaitable<{
|
|
14
|
+
headers?: Record<string, string>;
|
|
15
|
+
payload?: OAuthClientCredentials;
|
|
16
|
+
}>;
|
|
17
|
+
/**
|
|
18
|
+
* @throws {AuthMethodUnsatisfiableError} if the authentication method is no
|
|
19
|
+
* long usable (either because the AS changed, of because the key is no longer
|
|
20
|
+
* available in the keyset).
|
|
21
|
+
*/
|
|
22
|
+
export declare function createClientCredentialsFactory(authMethod: ClientAuthMethod, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, runtime: Runtime, keyset?: Keyset): ClientCredentialsFactory;
|
|
23
|
+
//# sourceMappingURL=oauth-client-auth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-client-auth.d.ts","sourceRoot":"","sources":["../src/oauth-client-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAEL,gCAAgC,EAChC,sBAAsB,EACvB,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IAAE,MAAM,EAAE,iBAAiB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAE9C,wBAAgB,yBAAyB,CACvC,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,MAAM,CAAC,EAAE,MAAM,GACd,gBAAgB,CAoDlB;AAED,MAAM,MAAM,wBAAwB,GAAG,MAAM,SAAS,CAAC;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,OAAO,CAAC,EAAE,sBAAsB,CAAA;CACjC,CAAC,CAAA;AAEF;;;;GAIG;AACH,wBAAgB,8BAA8B,CAC5C,UAAU,EAAE,gBAAgB,EAC5B,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,GACd,wBAAwB,CAwE1B"}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.negotiateClientAuthMethod = negotiateClientAuthMethod;
|
|
4
|
+
exports.createClientCredentialsFactory = createClientCredentialsFactory;
|
|
5
|
+
const oauth_types_1 = require("@atproto/oauth-types");
|
|
6
|
+
const constants_js_1 = require("./constants.js");
|
|
7
|
+
const auth_method_unsatisfiable_error_js_1 = require("./errors/auth-method-unsatisfiable-error.js");
|
|
8
|
+
function negotiateClientAuthMethod(serverMetadata, clientMetadata, keyset) {
|
|
9
|
+
const method = clientMetadata.token_endpoint_auth_method;
|
|
10
|
+
// @NOTE ATproto spec requires that AS support both "none" and
|
|
11
|
+
// "private_key_jwt", and that clients use one of the other. The following
|
|
12
|
+
// check ensures that the AS is indeed compliant with this client's
|
|
13
|
+
// configuration.
|
|
14
|
+
const methods = supportedMethods(serverMetadata);
|
|
15
|
+
if (!methods.includes(method)) {
|
|
16
|
+
throw new Error(`The server does not support "${method}" authentication. Supported methods are: ${methods.join(', ')}.`);
|
|
17
|
+
}
|
|
18
|
+
if (method === 'private_key_jwt') {
|
|
19
|
+
// Invalid client configuration. This should not happen as
|
|
20
|
+
// "validateClientMetadata" already check this.
|
|
21
|
+
if (!keyset)
|
|
22
|
+
throw new Error('A keyset is required for private_key_jwt');
|
|
23
|
+
const alg = supportedAlgs(serverMetadata);
|
|
24
|
+
// @NOTE we can't use `keyset.findPrivateKey` here because we can't enforce
|
|
25
|
+
// that the returned key contains a "kid". The following implementation is
|
|
26
|
+
// more robust against keysets containing keys without a "kid" property.
|
|
27
|
+
for (const key of keyset.list({ use: 'sig', alg })) {
|
|
28
|
+
// Return the first key from the key set that matches the server's
|
|
29
|
+
// supported algorithms.
|
|
30
|
+
if (key.isPrivate && key.kid) {
|
|
31
|
+
return { method: 'private_key_jwt', kid: key.kid };
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
throw new Error(alg.includes(constants_js_1.FALLBACK_ALG)
|
|
35
|
+
? `Client authentication method "${method}" requires at least one "${constants_js_1.FALLBACK_ALG}" signing key with a "kid" property`
|
|
36
|
+
: // AS is not compliant with the ATproto OAuth spec.
|
|
37
|
+
`Authorization server requires "${method}" authentication method, but does not support "${constants_js_1.FALLBACK_ALG}" algorithm.`);
|
|
38
|
+
}
|
|
39
|
+
if (method === 'none') {
|
|
40
|
+
return { method: 'none' };
|
|
41
|
+
}
|
|
42
|
+
throw new Error(`The ATProto OAuth spec requires that client use either "none" or "private_key_jwt" authentication method.` +
|
|
43
|
+
(method === 'client_secret_basic'
|
|
44
|
+
? ' You might want to explicitly set "token_endpoint_auth_method" to one of those values in the client metadata document.'
|
|
45
|
+
: ` You set "${method}" which is not allowed.`));
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* @throws {AuthMethodUnsatisfiableError} if the authentication method is no
|
|
49
|
+
* long usable (either because the AS changed, of because the key is no longer
|
|
50
|
+
* available in the keyset).
|
|
51
|
+
*/
|
|
52
|
+
function createClientCredentialsFactory(authMethod, serverMetadata, clientMetadata, runtime, keyset) {
|
|
53
|
+
// Ensure the AS still supports the auth method.
|
|
54
|
+
if (!supportedMethods(serverMetadata).includes(authMethod.method)) {
|
|
55
|
+
throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError(`Client authentication method "${authMethod.method}" no longer supported`);
|
|
56
|
+
}
|
|
57
|
+
if (authMethod.method === 'none') {
|
|
58
|
+
return () => ({
|
|
59
|
+
payload: {
|
|
60
|
+
client_id: clientMetadata.client_id,
|
|
61
|
+
},
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
if (authMethod.method === 'private_key_jwt') {
|
|
65
|
+
try {
|
|
66
|
+
// The client used to be a confidential client but no longer has a keyset.
|
|
67
|
+
if (!keyset)
|
|
68
|
+
throw new Error('A keyset is required for private_key_jwt');
|
|
69
|
+
// @NOTE throws if no matching key can be found
|
|
70
|
+
const [key, alg] = keyset.findPrivateKey({
|
|
71
|
+
use: 'sig',
|
|
72
|
+
kid: authMethod.kid,
|
|
73
|
+
alg: supportedAlgs(serverMetadata),
|
|
74
|
+
});
|
|
75
|
+
// https://www.rfc-editor.org/rfc/rfc7523.html#section-3
|
|
76
|
+
return async () => ({
|
|
77
|
+
payload: {
|
|
78
|
+
client_id: clientMetadata.client_id,
|
|
79
|
+
client_assertion_type: oauth_types_1.CLIENT_ASSERTION_TYPE_JWT_BEARER,
|
|
80
|
+
client_assertion: await key.createJwt({ alg }, {
|
|
81
|
+
// > The JWT MUST contain an "iss" (issuer) claim that contains a
|
|
82
|
+
// > unique identifier for the entity that issued the JWT.
|
|
83
|
+
iss: clientMetadata.client_id,
|
|
84
|
+
// > For client authentication, the subject MUST be the
|
|
85
|
+
// > "client_id" of the OAuth client.
|
|
86
|
+
sub: clientMetadata.client_id,
|
|
87
|
+
// > The JWT MUST contain an "aud" (audience) claim containing a value
|
|
88
|
+
// > that identifies the authorization server as an intended audience.
|
|
89
|
+
// > The token endpoint URL of the authorization server MAY be used as a
|
|
90
|
+
// > value for an "aud" element to identify the authorization server as an
|
|
91
|
+
// > intended audience of the JWT.
|
|
92
|
+
aud: serverMetadata.issuer,
|
|
93
|
+
// > The JWT MAY contain a "jti" (JWT ID) claim that provides a
|
|
94
|
+
// > unique identifier for the token.
|
|
95
|
+
jti: await runtime.generateNonce(),
|
|
96
|
+
// > The JWT MAY contain an "iat" (issued at) claim that
|
|
97
|
+
// > identifies the time at which the JWT was issued.
|
|
98
|
+
iat: Math.floor(Date.now() / 1000),
|
|
99
|
+
// > The JWT MUST contain an "exp" (expiration time) claim that
|
|
100
|
+
// > limits the time window during which the JWT can be used.
|
|
101
|
+
exp: Math.floor(Date.now() / 1000) + 60, // 1 minute
|
|
102
|
+
}),
|
|
103
|
+
},
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
catch (cause) {
|
|
107
|
+
throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError('Failed to load private key', {
|
|
108
|
+
cause,
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError(
|
|
113
|
+
// @ts-expect-error
|
|
114
|
+
`Unsupported auth method ${authMethod.method}`);
|
|
115
|
+
}
|
|
116
|
+
function supportedMethods(serverMetadata) {
|
|
117
|
+
return serverMetadata['token_endpoint_auth_methods_supported'];
|
|
118
|
+
}
|
|
119
|
+
function supportedAlgs(serverMetadata) {
|
|
120
|
+
return (serverMetadata['token_endpoint_auth_signing_alg_values_supported'] ?? [
|
|
121
|
+
// @NOTE If not specified, assume that the server supports the ES256
|
|
122
|
+
// algorithm, as prescribed by the spec:
|
|
123
|
+
//
|
|
124
|
+
// > Clients and Authorization Servers currently must support the ES256
|
|
125
|
+
// > cryptographic system [for client authentication].
|
|
126
|
+
//
|
|
127
|
+
// https://atproto.com/specs/oauth#confidential-client-authentication
|
|
128
|
+
constants_js_1.FALLBACK_ALG,
|
|
129
|
+
]);
|
|
130
|
+
}
|
|
131
|
+
//# sourceMappingURL=oauth-client-auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-client-auth.js","sourceRoot":"","sources":["../src/oauth-client-auth.ts"],"names":[],"mappings":";;AAgBA,8DAwDC;AAYD,wEA8EC;AAjKD,sDAI6B;AAC7B,iDAA6C;AAC7C,oGAA0F;AAS1F,SAAgB,yBAAyB,CACvC,cAAgD,EAChD,cAA8B,EAC9B,MAAe;IAEf,MAAM,MAAM,GAAG,cAAc,CAAC,0BAA0B,CAAA;IAExD,8DAA8D;IAC9D,0EAA0E;IAC1E,mEAAmE;IACnE,iBAAiB;IACjB,MAAM,OAAO,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAA;IAChD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4CAA4C,OAAO,CAAC,IAAI,CAC5F,IAAI,CACL,GAAG,CACL,CAAA;IACH,CAAC;IAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACjC,0DAA0D;QAC1D,+CAA+C;QAC/C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;QAExE,MAAM,GAAG,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;QAEzC,2EAA2E;QAC3E,0EAA0E;QAC1E,wEAAwE;QACxE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YACnD,kEAAkE;YAClE,wBAAwB;YACxB,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;gBAC7B,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;YACpD,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,GAAG,CAAC,QAAQ,CAAC,2BAAY,CAAC;YACxB,CAAC,CAAC,iCAAiC,MAAM,4BAA4B,2BAAY,qCAAqC;YACtH,CAAC,CAAC,mDAAmD;gBACnD,kCAAkC,MAAM,kDAAkD,2BAAY,cAAc,CACzH,CAAA;IACH,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;IAC3B,CAAC;IAED,MAAM,IAAI,KAAK,CACb,2GAA2G;QACzG,CAAC,MAAM,KAAK,qBAAqB;YAC/B,CAAC,CAAC,wHAAwH;YAC1H,CAAC,CAAC,aAAa,MAAM,yBAAyB,CAAC,CACpD,CAAA;AACH,CAAC;AAOD;;;;GAIG;AACH,SAAgB,8BAA8B,CAC5C,UAA4B,EAC5B,cAAgD,EAChD,cAA8B,EAC9B,OAAgB,EAChB,MAAe;IAEf,gDAAgD;IAChD,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,iEAA4B,CACpC,iCAAiC,UAAU,CAAC,MAAM,uBAAuB,CAC1E,CAAA;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACjC,OAAO,GAAG,EAAE,CAAC,CAAC;YACZ,OAAO,EAAE;gBACP,SAAS,EAAE,cAAc,CAAC,SAAS;aACpC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;QAC5C,IAAI,CAAC;YACH,0EAA0E;YAC1E,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;YAExE,+CAA+C;YAC/C,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC;gBACvC,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,UAAU,CAAC,GAAG;gBACnB,GAAG,EAAE,aAAa,CAAC,cAAc,CAAC;aACnC,CAAC,CAAA;YAEF,wDAAwD;YACxD,OAAO,KAAK,IAAI,EAAE,CAAC,CAAC;gBAClB,OAAO,EAAE;oBACP,SAAS,EAAE,cAAc,CAAC,SAAS;oBACnC,qBAAqB,EAAE,8CAAgC;oBACvD,gBAAgB,EAAE,MAAM,GAAG,CAAC,SAAS,CACnC,EAAE,GAAG,EAAE,EACP;wBACE,iEAAiE;wBACjE,0DAA0D;wBAC1D,GAAG,EAAE,cAAc,CAAC,SAAS;wBAC7B,uDAAuD;wBACvD,qCAAqC;wBACrC,GAAG,EAAE,cAAc,CAAC,SAAS;wBAC7B,sEAAsE;wBACtE,sEAAsE;wBACtE,wEAAwE;wBACxE,0EAA0E;wBAC1E,kCAAkC;wBAClC,GAAG,EAAE,cAAc,CAAC,MAAM;wBAC1B,+DAA+D;wBAC/D,qCAAqC;wBACrC,GAAG,EAAE,MAAM,OAAO,CAAC,aAAa,EAAE;wBAClC,wDAAwD;wBACxD,qDAAqD;wBACrD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;wBAClC,+DAA+D;wBAC/D,6DAA6D;wBAC7D,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,WAAW;qBACrD,CACF;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,iEAA4B,CAAC,4BAA4B,EAAE;gBACnE,KAAK;aACN,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,iEAA4B;IACpC,mBAAmB;IACnB,2BAA2B,UAAU,CAAC,MAAM,EAAE,CAC/C,CAAA;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,cAAgD;IACxE,OAAO,cAAc,CAAC,uCAAuC,CAAC,CAAA;AAChE,CAAC;AAED,SAAS,aAAa,CAAC,cAAgD;IACrE,OAAO,CACL,cAAc,CAAC,kDAAkD,CAAC,IAAI;QACpE,oEAAoE;QACpE,wCAAwC;QACxC,EAAE;QACF,uEAAuE;QACvE,sDAAsD;QACtD,EAAE;QACF,qEAAqE;QACrE,2BAAY;KACb,CACF,CAAA;AACH,CAAC"}
|
package/dist/oauth-client.d.ts
CHANGED
|
@@ -59,8 +59,11 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
|
|
|
59
59
|
redirect_uris: [`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, ...(`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`)[]];
|
|
60
60
|
response_types: ["code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token", ...("code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token")[]];
|
|
61
61
|
grant_types: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]];
|
|
62
|
+
token_endpoint_auth_method: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth";
|
|
63
|
+
application_type: "web" | "native";
|
|
64
|
+
subject_type: "public" | "pairwise";
|
|
65
|
+
authorization_signed_response_alg: string;
|
|
62
66
|
scope?: string | undefined;
|
|
63
|
-
token_endpoint_auth_method?: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined;
|
|
64
67
|
token_endpoint_auth_signing_alg?: string | undefined;
|
|
65
68
|
userinfo_signed_response_alg?: string | undefined;
|
|
66
69
|
userinfo_encrypted_response_alg?: string | undefined;
|
|
@@ -163,11 +166,8 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
|
|
|
163
166
|
x5u?: string | undefined;
|
|
164
167
|
})[];
|
|
165
168
|
} | undefined;
|
|
166
|
-
application_type?: "web" | "native" | undefined;
|
|
167
|
-
subject_type?: "public" | "pairwise" | undefined;
|
|
168
169
|
request_object_signing_alg?: string | undefined;
|
|
169
170
|
id_token_signed_response_alg?: string | undefined;
|
|
170
|
-
authorization_signed_response_alg?: string | undefined;
|
|
171
171
|
authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined;
|
|
172
172
|
authorization_encrypted_response_alg?: string | undefined;
|
|
173
173
|
client_id?: string | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,QAAQ,EAMT,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAGL,WAAW,EACX,cAAc,EACf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,QAAQ,EAMT,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAGL,WAAW,EACX,cAAc,EACf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAKlE,OAAO,EACL,gCAAgC,EAEjC,MAAM,mDAAmD,CAAA;AAG1D,OAAO,EAEL,8BAA8B,EAC/B,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,YAAY,EACb,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAI7C,YAAY,EACV,gCAAgC,EAChC,QAAQ,EACR,cAAc,EACd,KAAK,EACL,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,GAAG,EACH,MAAM,EACN,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EACjB,8BAA8B,EAC9B,qBAAqB,EACrB,YAAY,EACZ,UAAU,GACX,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAE/B,YAAY,EAAE,iBAAiB,CAAA;IAC/B,cAAc,EAAE,QAAQ,CAAC,wBAAwB,CAAC,CAAA;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAC1D;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAGnB,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,YAAY,CAAA;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gCAAgC,CAAC,EAAE,gCAAgC,CAAA;IACnE,8BAA8B,CAAC,EAAE,8BAA8B,CAAA;IAC/D,cAAc,CAAC,EAAE,cAAc,CAAA;IAG/B,cAAc,EAAE,cAAc,GAAG,GAAG,GAAG,MAAM,CAAA;IAC7C,eAAe,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;IAC9B,qBAAqB,EAAE,qBAAqB,CAAA;IAC5C,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,eAAe,CAAA;AAEjD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,QAAQ,EAAE,yBAAyB,CAAA;IACnC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CAAA;AAED,qBAAa,WAAY,SAAQ,iBAAiB,CAAC,mBAAmB,CAAC;WACxD,aAAa,CAAC,EACzB,QAAQ,EACR,KAAwB,EACxB,MAAM,GACP,EAAE,+BAA+B;;;;;;;;;;;;;;;;;;mBAyb0k4C,CAAC;mBAAwF,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;mBAAqC,CAAC;qBAAsB,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;qBAA2D,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;;;;;;mBAAoM,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;;mBAAsJ,CAAC;mBAAuC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;mBAAwI,CAAC;mBAAsC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;mBAAkG,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;mBAA4E,CAAC;mBAAqC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;;;;;;;;;;;;;;;;;;IA5Zp5/C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAGxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAA;IACrB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,kBAAkB,CAAA;IAG1C,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;gBAE7B,EACV,KAAwB,EACxB,SAAiB,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAoB,EACpB,cAA+D,EAC/D,WAAuB,EACvB,gCAGE,EACF,8BAGE,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACP,EAAE,kBAAkB;IA8DrB,IAAI,gBAAgB,qBAEnB;IAGD,IAAI,WAAW,qHAEd;IAGD,IAAI,cAAc,mBAEjB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAEK,SAAS,CACb,KAAK,EAAE,MAAM,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,GAAE,gBAAqB,GAC5C,OAAO,CAAC,GAAG,CAAC;IAoGf;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,GAAG;IAY9B,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC;QAC/C,OAAO,EAAE,YAAY,CAAA;QACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,CAAC;IA8FF;;;;;OAKG;IACG,OAAO,CACX,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,OAAO,GAAG,MAAe,GACjC,OAAO,CAAC,YAAY,CAAC;IAkClB,MAAM,CAAC,GAAG,EAAE,MAAM;IA2BxB,SAAS,CAAC,aAAa,CACrB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,GACd,YAAY;CAGhB"}
|
package/dist/oauth-client.js
CHANGED
|
@@ -8,9 +8,11 @@ const handle_resolver_1 = require("@atproto-labs/handle-resolver");
|
|
|
8
8
|
const identity_resolver_1 = require("@atproto-labs/identity-resolver");
|
|
9
9
|
const simple_store_memory_1 = require("@atproto-labs/simple-store-memory");
|
|
10
10
|
const constants_js_1 = require("./constants.js");
|
|
11
|
+
const auth_method_unsatisfiable_error_js_1 = require("./errors/auth-method-unsatisfiable-error.js");
|
|
11
12
|
const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
|
|
12
13
|
const oauth_authorization_server_metadata_resolver_js_1 = require("./oauth-authorization-server-metadata-resolver.js");
|
|
13
14
|
const oauth_callback_error_js_1 = require("./oauth-callback-error.js");
|
|
15
|
+
const oauth_client_auth_js_1 = require("./oauth-client-auth.js");
|
|
14
16
|
const oauth_protected_resource_metadata_resolver_js_1 = require("./oauth-protected-resource-metadata-resolver.js");
|
|
15
17
|
const oauth_resolver_js_1 = require("./oauth-resolver.js");
|
|
16
18
|
const oauth_server_factory_js_1 = require("./oauth-server-factory.js");
|
|
@@ -154,10 +156,12 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
154
156
|
});
|
|
155
157
|
const pkce = await this.runtime.generatePKCE();
|
|
156
158
|
const dpopKey = await this.runtime.generateKey(metadata.dpop_signing_alg_values_supported || [constants_js_1.FALLBACK_ALG]);
|
|
159
|
+
const authMethod = (0, oauth_client_auth_js_1.negotiateClientAuthMethod)(metadata, this.clientMetadata, this.keyset);
|
|
157
160
|
const state = await this.runtime.generateNonce();
|
|
158
161
|
await this.stateStore.set(state, {
|
|
159
162
|
iss: metadata.issuer,
|
|
160
163
|
dpopKey,
|
|
164
|
+
authMethod,
|
|
161
165
|
verifier: pkce.verifier,
|
|
162
166
|
appState: options?.state,
|
|
163
167
|
});
|
|
@@ -168,9 +172,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
168
172
|
code_challenge: pkce.challenge,
|
|
169
173
|
code_challenge_method: pkce.method,
|
|
170
174
|
state,
|
|
171
|
-
login_hint: identity
|
|
172
|
-
? input // If input is a handle or a DID, use it as a login_hint
|
|
173
|
-
: undefined,
|
|
175
|
+
login_hint: identity?.handle ?? identity?.did,
|
|
174
176
|
response_mode: this.responseMode,
|
|
175
177
|
response_type: 'code',
|
|
176
178
|
scope: options?.scope ?? this.clientMetadata.scope,
|
|
@@ -183,7 +185,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
183
185
|
throw new TypeError(`Invalid authorization endpoint protocol: ${authorizationUrl.protocol}`);
|
|
184
186
|
}
|
|
185
187
|
if (metadata.pushed_authorization_request_endpoint) {
|
|
186
|
-
const server = await this.serverFactory.fromMetadata(metadata, dpopKey);
|
|
188
|
+
const server = await this.serverFactory.fromMetadata(metadata, authMethod, dpopKey);
|
|
187
189
|
const parResponse = await server.request('pushed_authorization_request', parameters);
|
|
188
190
|
authorizationUrl.searchParams.set('client_id', this.clientMetadata.client_id);
|
|
189
191
|
authorizationUrl.searchParams.set('request_uri', parResponse.request_uri);
|
|
@@ -250,7 +252,9 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
250
252
|
if (!codeParam) {
|
|
251
253
|
throw new oauth_callback_error_js_1.OAuthCallbackError(params, 'Missing "code" query param', stateData.appState);
|
|
252
254
|
}
|
|
253
|
-
const server = await this.serverFactory.fromIssuer(stateData.iss,
|
|
255
|
+
const server = await this.serverFactory.fromIssuer(stateData.iss,
|
|
256
|
+
// Using the literal 'legacy' if the authMethod is not defined (because stateData was created through an old version of this lib)
|
|
257
|
+
stateData.authMethod ?? 'legacy', stateData.dpopKey);
|
|
254
258
|
if (issuerParam != null) {
|
|
255
259
|
if (!server.issuer) {
|
|
256
260
|
throw new oauth_callback_error_js_1.OAuthCallbackError(params, 'Issuer not found in metadata', stateData.appState);
|
|
@@ -266,6 +270,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
266
270
|
try {
|
|
267
271
|
await this.sessionGetter.setStored(tokenSet.sub, {
|
|
268
272
|
dpopKey: stateData.dpopKey,
|
|
273
|
+
authMethod: server.authMethod,
|
|
269
274
|
tokenSet,
|
|
270
275
|
});
|
|
271
276
|
const session = this.createSession(server, tokenSet.sub);
|
|
@@ -291,27 +296,35 @@ class OAuthClient extends util_js_1.CustomEventTarget {
|
|
|
291
296
|
async restore(sub, refresh = 'auto') {
|
|
292
297
|
// sub arg is lightly typed for convenience of library user
|
|
293
298
|
(0, did_resolver_1.assertAtprotoDid)(sub);
|
|
294
|
-
const { dpopKey, tokenSet } = await this.sessionGetter.get(sub, {
|
|
299
|
+
const { dpopKey, authMethod = 'legacy', tokenSet, } = await this.sessionGetter.get(sub, {
|
|
295
300
|
noCache: refresh === true,
|
|
296
301
|
allowStale: refresh === false,
|
|
297
302
|
});
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
+
try {
|
|
304
|
+
const server = await this.serverFactory.fromIssuer(tokenSet.iss, authMethod, dpopKey, {
|
|
305
|
+
noCache: refresh === true,
|
|
306
|
+
allowStale: refresh === false,
|
|
307
|
+
});
|
|
308
|
+
return this.createSession(server, sub);
|
|
309
|
+
}
|
|
310
|
+
catch (err) {
|
|
311
|
+
if (err instanceof auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError) {
|
|
312
|
+
await this.sessionGetter.delStored(sub, err);
|
|
313
|
+
}
|
|
314
|
+
throw err;
|
|
315
|
+
}
|
|
303
316
|
}
|
|
304
317
|
async revoke(sub) {
|
|
305
318
|
// sub arg is lightly typed for convenience of library user
|
|
306
319
|
(0, did_resolver_1.assertAtprotoDid)(sub);
|
|
307
|
-
const { dpopKey, tokenSet } = await this.sessionGetter.get(sub, {
|
|
320
|
+
const { dpopKey, authMethod = 'legacy', tokenSet, } = await this.sessionGetter.get(sub, {
|
|
308
321
|
allowStale: true,
|
|
309
322
|
});
|
|
310
323
|
// NOT using `;(await this.restore(sub, false)).signOut()` because we want
|
|
311
324
|
// the tokens to be deleted even if it was not possible to fetch the issuer
|
|
312
325
|
// data.
|
|
313
326
|
try {
|
|
314
|
-
const server = await this.serverFactory.fromIssuer(tokenSet.iss, dpopKey);
|
|
327
|
+
const server = await this.serverFactory.fromIssuer(tokenSet.iss, authMethod, dpopKey);
|
|
315
328
|
await server.revoke(tokenSet.access_token);
|
|
316
329
|
}
|
|
317
330
|
finally {
|
package/dist/oauth-client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,sCAA0C;AAC1C,sDAO6B;AAC7B,6DAQmC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,iDAA6C;AAC7C,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAmEtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,SAAS,GAAG,KAAK,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAzCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACU;;;;;WAA4B;QAC5B;;;;;WAAsB;QA8BvC,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAC5D,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,EACL,EAAE,iBAAiB,EAAE,SAAS,EAAE,CACjC,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,EACL,EAAE,eAAe,EAAE,SAAS,EAAE,CAC/B,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,KAAuB,EAAE;QAE7C,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE;YACrE,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAwC;YACtD,GAAG,OAAO;YAEV,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ;gBAClB,CAAC,CAAC,KAAK,CAAC,wDAAwD;gBAChE,CAAC,CAAC,SAAS;YACb,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa,EAAE,MAAe;YAC9B,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK;SACnD,CAAA;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,yDAAyD;QACzD,IACE,gBAAgB,CAAC,QAAQ,KAAK,QAAQ;YACtC,gBAAgB,CAAC,QAAQ,KAAK,OAAO,EACrC,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,4CAA4C,gBAAgB,CAAC,QAAQ,EAAE,CACxE,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG,EACb,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAEpE,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,GAAW,EACX,UAA4B,MAAM;QAElC,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE;YACxE,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,UAAU,EAAE,IAAI;SACjB,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACzE,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CACrB,MAAwB,EACxB,GAAe;QAEf,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AAzZD,kCAyZC"}
|
|
1
|
+
{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,sCAA0C;AAC1C,sDAO6B;AAC7B,6DAQmC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,iDAA6C;AAC7C,oGAA0F;AAC1F,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,iEAAkE;AAClE,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAmEtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,SAAS,GAAG,KAAK,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAzCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACU;;;;;WAA4B;QAC5B;;;;;WAAsB;QA8BvC,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAC5D,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,EACL,EAAE,iBAAiB,EAAE,SAAS,EAAE,CACjC,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,EACL,EAAE,eAAe,EAAE,SAAS,EAAE,CAC/B,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,KAAuB,EAAE;QAE7C,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE;YACrE,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,UAAU,GAAG,IAAA,gDAAyB,EAC1C,QAAQ,EACR,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,MAAM,CACZ,CAAA;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,UAAU;YACV,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAwC;YACtD,GAAG,OAAO;YAEV,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ,EAAE,MAAM,IAAI,QAAQ,EAAE,GAAG;YAC7C,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa,EAAE,MAAe;YAC9B,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK;SACnD,CAAA;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,yDAAyD;QACzD,IACE,gBAAgB,CAAC,QAAQ,KAAK,QAAQ;YACtC,gBAAgB,CAAC,QAAQ,KAAK,OAAO,EACrC,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,4CAA4C,gBAAgB,CAAC,QAAQ,EAAE,CACxE,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAClD,QAAQ,EACR,UAAU,EACV,OAAO,CACR,CAAA;YACD,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG;YACb,iIAAiI;YACjI,SAAS,CAAC,UAAU,IAAI,QAAQ,EAChC,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAEpE,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,GAAW,EACX,UAA4B,MAAM;QAElC,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EACJ,OAAO,EACP,UAAU,GAAG,QAAQ,EACrB,QAAQ,GACT,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YACpC,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,EACP;gBACE,OAAO,EAAE,OAAO,KAAK,IAAI;gBACzB,UAAU,EAAE,OAAO,KAAK,KAAK;aAC9B,CACF,CAAA;YAED,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iEAA4B,EAAE,CAAC;gBAChD,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9C,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EACJ,OAAO,EACP,UAAU,GAAG,QAAQ,EACrB,QAAQ,GACT,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YACpC,UAAU,EAAE,IAAI;SACjB,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YACD,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CACrB,MAAwB,EACxB,GAAe;QAEf,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AA7bD,kCA6bC"}
|
package/dist/oauth-resolver.d.ts
CHANGED
|
@@ -33,6 +33,7 @@ export declare class OAuthResolver {
|
|
|
33
33
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
34
34
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
35
35
|
token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
36
|
+
token_endpoint_auth_methods_supported: string[];
|
|
36
37
|
jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
37
38
|
claims_supported?: string[] | undefined;
|
|
38
39
|
claims_locales_supported?: string[] | undefined;
|
|
@@ -54,7 +55,6 @@ export declare class OAuthResolver {
|
|
|
54
55
|
authorization_details_types_supported?: string[] | undefined;
|
|
55
56
|
request_object_encryption_alg_values_supported?: string[] | undefined;
|
|
56
57
|
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
57
|
-
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
58
58
|
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
59
59
|
revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
60
60
|
introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { AtprotoDid } from '@atproto/did';
|
|
2
2
|
import { Key, Keyset } from '@atproto/jwk';
|
|
3
|
-
import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata,
|
|
3
|
+
import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthEndpointName, OAuthParResponse, OAuthTokenRequest } from '@atproto/oauth-types';
|
|
4
4
|
import { Fetch, Json } from '@atproto-labs/fetch';
|
|
5
5
|
import { SimpleStore } from '@atproto-labs/simple-store';
|
|
6
6
|
import { AtprotoScope, AtprotoTokenResponse } from './atproto-token-response.js';
|
|
7
|
+
import { ClientAuthMethod, ClientCredentialsFactory } from './oauth-client-auth.js';
|
|
7
8
|
import { OAuthResolver } from './oauth-resolver.js';
|
|
8
9
|
import { Runtime } from './runtime.js';
|
|
9
10
|
import { ClientMetadata } from './types.js';
|
|
@@ -20,6 +21,7 @@ export type TokenSet = {
|
|
|
20
21
|
};
|
|
21
22
|
export type DpopNonceCache = SimpleStore<string, string>;
|
|
22
23
|
export declare class OAuthServerAgent {
|
|
24
|
+
readonly authMethod: ClientAuthMethod;
|
|
23
25
|
readonly dpopKey: Key;
|
|
24
26
|
readonly serverMetadata: OAuthAuthorizationServerMetadata;
|
|
25
27
|
readonly clientMetadata: ClientMetadata;
|
|
@@ -28,7 +30,11 @@ export declare class OAuthServerAgent {
|
|
|
28
30
|
readonly runtime: Runtime;
|
|
29
31
|
readonly keyset?: Keyset | undefined;
|
|
30
32
|
protected dpopFetch: Fetch<unknown>;
|
|
31
|
-
|
|
33
|
+
protected clientCredentialsFactory: ClientCredentialsFactory;
|
|
34
|
+
/**
|
|
35
|
+
* @throws see {@link createClientCredentialsFactory}
|
|
36
|
+
*/
|
|
37
|
+
constructor(authMethod: ClientAuthMethod, dpopKey: Key, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, dpopNonces: DpopNonceCache, oauthResolver: OAuthResolver, runtime: Runtime, keyset?: Keyset | undefined, fetch?: Fetch);
|
|
32
38
|
get issuer(): `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
33
39
|
revoke(token: string): Promise<void>;
|
|
34
40
|
exchangeCode(code: string, codeVerifier?: string): Promise<TokenSet>;
|
|
@@ -45,9 +51,5 @@ export declare class OAuthServerAgent {
|
|
|
45
51
|
*/
|
|
46
52
|
protected verifyIssuer(sub: AtprotoDid): Promise<string>;
|
|
47
53
|
request<Endpoint extends OAuthEndpointName>(endpoint: Endpoint, payload: Endpoint extends 'token' ? OAuthTokenRequest : Endpoint extends 'pushed_authorization_request' ? OAuthAuthorizationRequestPar : Record<string, unknown>): Promise<Endpoint extends 'token' ? AtprotoTokenResponse : Endpoint extends 'pushed_authorization_request' ? OAuthParResponse : Json>;
|
|
48
|
-
buildClientAuth(endpoint: OAuthEndpointName): Promise<{
|
|
49
|
-
headers?: Record<string, string>;
|
|
50
|
-
payload: OAuthClientCredentials;
|
|
51
|
-
}>;
|
|
52
54
|
}
|
|
53
55
|
//# sourceMappingURL=oauth-server-agent.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,
|
|
1
|
+
{"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EACL,4BAA4B,EAC5B,gCAAgC,EAChC,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EACL,YAAY,EACZ,oBAAoB,EAErB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EAEzB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAG3C,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,YAAY,CAAA;IAEnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAQzB,QAAQ,CAAC,UAAU,EAAE,gBAAgB;IACrC,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM;IAd1B,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;IACnC,SAAS,CAAC,wBAAwB,EAAE,wBAAwB,CAAA;IAE5D;;OAEG;gBAEQ,UAAU,EAAE,gBAAgB,EAC5B,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,YAAA,EACxB,KAAK,CAAC,EAAE,KAAK;IAoBf,IAAI,MAAM,oVAET;IAEK,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpE,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpD;;;;;;;;;OASG;cACa,YAAY,CAAC,GAAG,EAAE,UAAU;IAmBtC,OAAO,CAAC,QAAQ,SAAS,iBAAiB,EAC9C,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,QAAQ,SAAS,OAAO,GAC7B,iBAAiB,GACjB,QAAQ,SAAS,8BAA8B,GAC7C,4BAA4B,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CACR,QAAQ,SAAS,OAAO,GACpB,oBAAoB,GACpB,QAAQ,SAAS,8BAA8B,GAC7C,gBAAgB,GAChB,IAAI,CACX;CAoCF"}
|