@atproto/oauth-client 0.3.22 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/dist/errors/auth-method-unsatisfiable-error.d.ts +3 -0
  3. package/dist/errors/auth-method-unsatisfiable-error.d.ts.map +1 -0
  4. package/dist/errors/auth-method-unsatisfiable-error.js +7 -0
  5. package/dist/errors/auth-method-unsatisfiable-error.js.map +1 -0
  6. package/dist/index.d.ts +2 -0
  7. package/dist/index.d.ts.map +1 -1
  8. package/dist/index.js +2 -0
  9. package/dist/index.js.map +1 -1
  10. package/dist/oauth-client-auth.d.ts +23 -0
  11. package/dist/oauth-client-auth.d.ts.map +1 -0
  12. package/dist/oauth-client-auth.js +131 -0
  13. package/dist/oauth-client-auth.js.map +1 -0
  14. package/dist/oauth-client.d.ts +13 -8
  15. package/dist/oauth-client.d.ts.map +1 -1
  16. package/dist/oauth-client.js +39 -13
  17. package/dist/oauth-client.js.map +1 -1
  18. package/dist/oauth-resolver.d.ts +1 -1
  19. package/dist/oauth-server-agent.d.ts +8 -6
  20. package/dist/oauth-server-agent.d.ts.map +1 -1
  21. package/dist/oauth-server-agent.js +19 -50
  22. package/dist/oauth-server-agent.js.map +1 -1
  23. package/dist/oauth-server-factory.d.ts +15 -2
  24. package/dist/oauth-server-factory.d.ts.map +1 -1
  25. package/dist/oauth-server-factory.js +23 -4
  26. package/dist/oauth-server-factory.js.map +1 -1
  27. package/dist/session-getter.d.ts +5 -0
  28. package/dist/session-getter.d.ts.map +1 -1
  29. package/dist/session-getter.js +24 -11
  30. package/dist/session-getter.js.map +1 -1
  31. package/dist/state-store.d.ts +3 -0
  32. package/dist/state-store.d.ts.map +1 -1
  33. package/dist/types.d.ts +8 -8
  34. package/dist/types.d.ts.map +1 -1
  35. package/dist/validate-client-metadata.d.ts.map +1 -1
  36. package/dist/validate-client-metadata.js +32 -26
  37. package/dist/validate-client-metadata.js.map +1 -1
  38. package/package.json +7 -7
  39. package/src/errors/auth-method-unsatisfiable-error.ts +1 -0
  40. package/src/index.ts +2 -0
  41. package/src/oauth-client-auth.ts +182 -0
  42. package/src/oauth-client.ts +89 -33
  43. package/src/oauth-server-agent.ts +19 -71
  44. package/src/oauth-server-factory.ts +37 -2
  45. package/src/session-getter.ts +43 -10
  46. package/src/state-store.ts +3 -0
  47. package/src/validate-client-metadata.ts +40 -27
  48. package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,34 @@
1
1
  # @atproto/oauth-client
2
2
 
3
+ ## 0.4.1
4
+
5
+ ### Patch Changes
6
+
7
+ - [#3976](https://github.com/bluesky-social/atproto/pull/3976) [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Re-export all types & utilities needed to instantiate an OAuth client
8
+
9
+ - [#3976](https://github.com/bluesky-social/atproto/pull/3976) [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Allow `OAuthClient` to be instantiated with custom `didResolver` instance
10
+
11
+ - Updated dependencies [[`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee)]:
12
+ - @atproto-labs/handle-resolver@0.2.0
13
+ - @atproto-labs/did-resolver@0.2.0
14
+ - @atproto/jwk@0.4.0
15
+ - @atproto-labs/identity-resolver@0.1.19
16
+ - @atproto/oauth-types@0.3.1
17
+
18
+ ## 0.4.0
19
+
20
+ ### Minor Changes
21
+
22
+ - [#3847](https://github.com/bluesky-social/atproto/pull/3847) [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Bind the OAuth session to the kid that was used to authenticate the client (private_key_jwt)
23
+
24
+ ### Patch Changes
25
+
26
+ - [#3847](https://github.com/bluesky-social/atproto/pull/3847) [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add missing `exp` claim in client attestation JWT
27
+
28
+ - Updated dependencies [[`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6), [`349b59175`](https://github.com/bluesky-social/atproto/commit/349b59175e82ceb9500ae7c6a9a0b9b6aec9d1b6)]:
29
+ - @atproto/oauth-types@0.3.0
30
+ - @atproto/jwk@0.3.0
31
+
3
32
  ## 0.3.22
4
33
 
5
34
  ### Patch Changes
@@ -0,0 +1,3 @@
1
+ export declare class AuthMethodUnsatisfiableError extends Error {
2
+ }
3
+ //# sourceMappingURL=auth-method-unsatisfiable-error.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-method-unsatisfiable-error.d.ts","sourceRoot":"","sources":["../../src/errors/auth-method-unsatisfiable-error.ts"],"names":[],"mappings":"AAAA,qBAAa,4BAA6B,SAAQ,KAAK;CAAG"}
@@ -0,0 +1,7 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.AuthMethodUnsatisfiableError = void 0;
4
+ class AuthMethodUnsatisfiableError extends Error {
5
+ }
6
+ exports.AuthMethodUnsatisfiableError = AuthMethodUnsatisfiableError;
7
+ //# sourceMappingURL=auth-method-unsatisfiable-error.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-method-unsatisfiable-error.js","sourceRoot":"","sources":["../../src/errors/auth-method-unsatisfiable-error.ts"],"names":[],"mappings":";;;AAAA,MAAa,4BAA6B,SAAQ,KAAK;CAAG;AAA1D,oEAA0D"}
package/dist/index.d.ts CHANGED
@@ -2,7 +2,9 @@ export * from '@atproto-labs/did-resolver';
2
2
  export { FetchError, FetchRequestError, FetchResponseError, } from '@atproto-labs/fetch';
3
3
  export * from '@atproto-labs/handle-resolver';
4
4
  export * from '@atproto/did';
5
+ export * from '@atproto/jwk';
5
6
  export * from '@atproto/oauth-types';
7
+ export * from './lock.js';
6
8
  export * from './oauth-authorization-server-metadata-resolver.js';
7
9
  export * from './oauth-callback-error.js';
8
10
  export * from './oauth-client.js';
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAC5B,cAAc,+BAA+B,CAAA;AAE7C,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA;AAEpC,cAAc,mDAAmD,CAAA;AACjE,cAAc,2BAA2B,CAAA;AACzC,cAAc,mBAAmB,CAAA;AACjC,cAAc,iDAAiD,CAAA;AAC/D,cAAc,2BAA2B,CAAA;AACzC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,oBAAoB,CAAA;AAClC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,YAAY,CAAA;AAE1B,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAC5B,cAAc,+BAA+B,CAAA;AAE7C,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA;AAEpC,cAAc,WAAW,CAAA;AACzB,cAAc,mDAAmD,CAAA;AACjE,cAAc,2BAA2B,CAAA;AACzC,cAAc,mBAAmB,CAAA;AACjC,cAAc,iDAAiD,CAAA;AAC/D,cAAc,2BAA2B,CAAA;AACzC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,oBAAoB,CAAA;AAClC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,YAAY,CAAA;AAE1B,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA"}
package/dist/index.js CHANGED
@@ -22,7 +22,9 @@ Object.defineProperty(exports, "FetchRequestError", { enumerable: true, get: fun
22
22
  Object.defineProperty(exports, "FetchResponseError", { enumerable: true, get: function () { return fetch_1.FetchResponseError; } });
23
23
  __exportStar(require("@atproto-labs/handle-resolver"), exports);
24
24
  __exportStar(require("@atproto/did"), exports);
25
+ __exportStar(require("@atproto/jwk"), exports);
25
26
  __exportStar(require("@atproto/oauth-types"), exports);
27
+ __exportStar(require("./lock.js"), exports);
26
28
  __exportStar(require("./oauth-authorization-server-metadata-resolver.js"), exports);
27
29
  __exportStar(require("./oauth-callback-error.js"), exports);
28
30
  __exportStar(require("./oauth-client.js"), exports);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAA0C;AAC1C,6CAI4B;AAH1B,mGAAA,UAAU,OAAA;AACV,0GAAA,iBAAiB,OAAA;AACjB,2GAAA,kBAAkB,OAAA;AAEpB,gEAA6C;AAE7C,+CAA4B;AAC5B,uDAAoC;AAEpC,oFAAiE;AACjE,4DAAyC;AACzC,oDAAiC;AACjC,kFAA+D;AAC/D,4DAAyC;AACzC,4DAAyC;AACzC,0DAAuC;AACvC,4DAAyC;AACzC,qDAAkC;AAClC,8DAA2C;AAC3C,sDAAmC;AACnC,mDAAgC;AAChC,6CAA0B;AAE1B,kEAA+C;AAC/C,kEAA+C;AAC/C,kEAA+C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,6DAA0C;AAC1C,6CAI4B;AAH1B,mGAAA,UAAU,OAAA;AACV,0GAAA,iBAAiB,OAAA;AACjB,2GAAA,kBAAkB,OAAA;AAEpB,gEAA6C;AAE7C,+CAA4B;AAC5B,+CAA4B;AAC5B,uDAAoC;AAEpC,4CAAyB;AACzB,oFAAiE;AACjE,4DAAyC;AACzC,oDAAiC;AACjC,kFAA+D;AAC/D,4DAAyC;AACzC,4DAAyC;AACzC,0DAAuC;AACvC,4DAAyC;AACzC,qDAAkC;AAClC,8DAA2C;AAC3C,sDAAmC;AACnC,mDAAgC;AAChC,6CAA0B;AAE1B,kEAA+C;AAC/C,kEAA+C;AAC/C,kEAA+C"}
@@ -0,0 +1,23 @@
1
+ import { Keyset } from '@atproto/jwk';
2
+ import { OAuthAuthorizationServerMetadata, OAuthClientCredentials } from '@atproto/oauth-types';
3
+ import { Runtime } from './runtime.js';
4
+ import { ClientMetadata } from './types.js';
5
+ import { Awaitable } from './util.js';
6
+ export type ClientAuthMethod = {
7
+ method: 'none';
8
+ } | {
9
+ method: 'private_key_jwt';
10
+ kid: string;
11
+ };
12
+ export declare function negotiateClientAuthMethod(serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, keyset?: Keyset): ClientAuthMethod;
13
+ export type ClientCredentialsFactory = () => Awaitable<{
14
+ headers?: Record<string, string>;
15
+ payload?: OAuthClientCredentials;
16
+ }>;
17
+ /**
18
+ * @throws {AuthMethodUnsatisfiableError} if the authentication method is no
19
+ * long usable (either because the AS changed, of because the key is no longer
20
+ * available in the keyset).
21
+ */
22
+ export declare function createClientCredentialsFactory(authMethod: ClientAuthMethod, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, runtime: Runtime, keyset?: Keyset): ClientCredentialsFactory;
23
+ //# sourceMappingURL=oauth-client-auth.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-client-auth.d.ts","sourceRoot":"","sources":["../src/oauth-client-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAEL,gCAAgC,EAChC,sBAAsB,EACvB,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IAAE,MAAM,EAAE,iBAAiB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAE9C,wBAAgB,yBAAyB,CACvC,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,MAAM,CAAC,EAAE,MAAM,GACd,gBAAgB,CAoDlB;AAED,MAAM,MAAM,wBAAwB,GAAG,MAAM,SAAS,CAAC;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,OAAO,CAAC,EAAE,sBAAsB,CAAA;CACjC,CAAC,CAAA;AAEF;;;;GAIG;AACH,wBAAgB,8BAA8B,CAC5C,UAAU,EAAE,gBAAgB,EAC5B,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,GACd,wBAAwB,CAwE1B"}
@@ -0,0 +1,131 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.negotiateClientAuthMethod = negotiateClientAuthMethod;
4
+ exports.createClientCredentialsFactory = createClientCredentialsFactory;
5
+ const oauth_types_1 = require("@atproto/oauth-types");
6
+ const constants_js_1 = require("./constants.js");
7
+ const auth_method_unsatisfiable_error_js_1 = require("./errors/auth-method-unsatisfiable-error.js");
8
+ function negotiateClientAuthMethod(serverMetadata, clientMetadata, keyset) {
9
+ const method = clientMetadata.token_endpoint_auth_method;
10
+ // @NOTE ATproto spec requires that AS support both "none" and
11
+ // "private_key_jwt", and that clients use one of the other. The following
12
+ // check ensures that the AS is indeed compliant with this client's
13
+ // configuration.
14
+ const methods = supportedMethods(serverMetadata);
15
+ if (!methods.includes(method)) {
16
+ throw new Error(`The server does not support "${method}" authentication. Supported methods are: ${methods.join(', ')}.`);
17
+ }
18
+ if (method === 'private_key_jwt') {
19
+ // Invalid client configuration. This should not happen as
20
+ // "validateClientMetadata" already check this.
21
+ if (!keyset)
22
+ throw new Error('A keyset is required for private_key_jwt');
23
+ const alg = supportedAlgs(serverMetadata);
24
+ // @NOTE we can't use `keyset.findPrivateKey` here because we can't enforce
25
+ // that the returned key contains a "kid". The following implementation is
26
+ // more robust against keysets containing keys without a "kid" property.
27
+ for (const key of keyset.list({ use: 'sig', alg })) {
28
+ // Return the first key from the key set that matches the server's
29
+ // supported algorithms.
30
+ if (key.isPrivate && key.kid) {
31
+ return { method: 'private_key_jwt', kid: key.kid };
32
+ }
33
+ }
34
+ throw new Error(alg.includes(constants_js_1.FALLBACK_ALG)
35
+ ? `Client authentication method "${method}" requires at least one "${constants_js_1.FALLBACK_ALG}" signing key with a "kid" property`
36
+ : // AS is not compliant with the ATproto OAuth spec.
37
+ `Authorization server requires "${method}" authentication method, but does not support "${constants_js_1.FALLBACK_ALG}" algorithm.`);
38
+ }
39
+ if (method === 'none') {
40
+ return { method: 'none' };
41
+ }
42
+ throw new Error(`The ATProto OAuth spec requires that client use either "none" or "private_key_jwt" authentication method.` +
43
+ (method === 'client_secret_basic'
44
+ ? ' You might want to explicitly set "token_endpoint_auth_method" to one of those values in the client metadata document.'
45
+ : ` You set "${method}" which is not allowed.`));
46
+ }
47
+ /**
48
+ * @throws {AuthMethodUnsatisfiableError} if the authentication method is no
49
+ * long usable (either because the AS changed, of because the key is no longer
50
+ * available in the keyset).
51
+ */
52
+ function createClientCredentialsFactory(authMethod, serverMetadata, clientMetadata, runtime, keyset) {
53
+ // Ensure the AS still supports the auth method.
54
+ if (!supportedMethods(serverMetadata).includes(authMethod.method)) {
55
+ throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError(`Client authentication method "${authMethod.method}" no longer supported`);
56
+ }
57
+ if (authMethod.method === 'none') {
58
+ return () => ({
59
+ payload: {
60
+ client_id: clientMetadata.client_id,
61
+ },
62
+ });
63
+ }
64
+ if (authMethod.method === 'private_key_jwt') {
65
+ try {
66
+ // The client used to be a confidential client but no longer has a keyset.
67
+ if (!keyset)
68
+ throw new Error('A keyset is required for private_key_jwt');
69
+ // @NOTE throws if no matching key can be found
70
+ const { key, alg } = keyset.findPrivateKey({
71
+ use: 'sig',
72
+ kid: authMethod.kid,
73
+ alg: supportedAlgs(serverMetadata),
74
+ });
75
+ // https://www.rfc-editor.org/rfc/rfc7523.html#section-3
76
+ return async () => ({
77
+ payload: {
78
+ client_id: clientMetadata.client_id,
79
+ client_assertion_type: oauth_types_1.CLIENT_ASSERTION_TYPE_JWT_BEARER,
80
+ client_assertion: await key.createJwt({ alg }, {
81
+ // > The JWT MUST contain an "iss" (issuer) claim that contains a
82
+ // > unique identifier for the entity that issued the JWT.
83
+ iss: clientMetadata.client_id,
84
+ // > For client authentication, the subject MUST be the
85
+ // > "client_id" of the OAuth client.
86
+ sub: clientMetadata.client_id,
87
+ // > The JWT MUST contain an "aud" (audience) claim containing a value
88
+ // > that identifies the authorization server as an intended audience.
89
+ // > The token endpoint URL of the authorization server MAY be used as a
90
+ // > value for an "aud" element to identify the authorization server as an
91
+ // > intended audience of the JWT.
92
+ aud: serverMetadata.issuer,
93
+ // > The JWT MAY contain a "jti" (JWT ID) claim that provides a
94
+ // > unique identifier for the token.
95
+ jti: await runtime.generateNonce(),
96
+ // > The JWT MAY contain an "iat" (issued at) claim that
97
+ // > identifies the time at which the JWT was issued.
98
+ iat: Math.floor(Date.now() / 1000),
99
+ // > The JWT MUST contain an "exp" (expiration time) claim that
100
+ // > limits the time window during which the JWT can be used.
101
+ exp: Math.floor(Date.now() / 1000) + 60, // 1 minute
102
+ }),
103
+ },
104
+ });
105
+ }
106
+ catch (cause) {
107
+ throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError('Failed to load private key', {
108
+ cause,
109
+ });
110
+ }
111
+ }
112
+ throw new auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError(
113
+ // @ts-expect-error
114
+ `Unsupported auth method ${authMethod.method}`);
115
+ }
116
+ function supportedMethods(serverMetadata) {
117
+ return serverMetadata['token_endpoint_auth_methods_supported'];
118
+ }
119
+ function supportedAlgs(serverMetadata) {
120
+ return (serverMetadata['token_endpoint_auth_signing_alg_values_supported'] ?? [
121
+ // @NOTE If not specified, assume that the server supports the ES256
122
+ // algorithm, as prescribed by the spec:
123
+ //
124
+ // > Clients and Authorization Servers currently must support the ES256
125
+ // > cryptographic system [for client authentication].
126
+ //
127
+ // https://atproto.com/specs/oauth#confidential-client-authentication
128
+ constants_js_1.FALLBACK_ALG,
129
+ ]);
130
+ }
131
+ //# sourceMappingURL=oauth-client-auth.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-client-auth.js","sourceRoot":"","sources":["../src/oauth-client-auth.ts"],"names":[],"mappings":";;AAgBA,8DAwDC;AAYD,wEA8EC;AAjKD,sDAI6B;AAC7B,iDAA6C;AAC7C,oGAA0F;AAS1F,SAAgB,yBAAyB,CACvC,cAAgD,EAChD,cAA8B,EAC9B,MAAe;IAEf,MAAM,MAAM,GAAG,cAAc,CAAC,0BAA0B,CAAA;IAExD,8DAA8D;IAC9D,0EAA0E;IAC1E,mEAAmE;IACnE,iBAAiB;IACjB,MAAM,OAAO,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAA;IAChD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4CAA4C,OAAO,CAAC,IAAI,CAC5F,IAAI,CACL,GAAG,CACL,CAAA;IACH,CAAC;IAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACjC,0DAA0D;QAC1D,+CAA+C;QAC/C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;QAExE,MAAM,GAAG,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;QAEzC,2EAA2E;QAC3E,0EAA0E;QAC1E,wEAAwE;QACxE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YACnD,kEAAkE;YAClE,wBAAwB;YACxB,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;gBAC7B,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;YACpD,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,GAAG,CAAC,QAAQ,CAAC,2BAAY,CAAC;YACxB,CAAC,CAAC,iCAAiC,MAAM,4BAA4B,2BAAY,qCAAqC;YACtH,CAAC,CAAC,mDAAmD;gBACnD,kCAAkC,MAAM,kDAAkD,2BAAY,cAAc,CACzH,CAAA;IACH,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;IAC3B,CAAC;IAED,MAAM,IAAI,KAAK,CACb,2GAA2G;QACzG,CAAC,MAAM,KAAK,qBAAqB;YAC/B,CAAC,CAAC,wHAAwH;YAC1H,CAAC,CAAC,aAAa,MAAM,yBAAyB,CAAC,CACpD,CAAA;AACH,CAAC;AAOD;;;;GAIG;AACH,SAAgB,8BAA8B,CAC5C,UAA4B,EAC5B,cAAgD,EAChD,cAA8B,EAC9B,OAAgB,EAChB,MAAe;IAEf,gDAAgD;IAChD,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,iEAA4B,CACpC,iCAAiC,UAAU,CAAC,MAAM,uBAAuB,CAC1E,CAAA;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACjC,OAAO,GAAG,EAAE,CAAC,CAAC;YACZ,OAAO,EAAE;gBACP,SAAS,EAAE,cAAc,CAAC,SAAS;aACpC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;QAC5C,IAAI,CAAC;YACH,0EAA0E;YAC1E,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;YAExE,+CAA+C;YAC/C,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,cAAc,CAAC;gBACzC,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,UAAU,CAAC,GAAG;gBACnB,GAAG,EAAE,aAAa,CAAC,cAAc,CAAC;aACnC,CAAC,CAAA;YAEF,wDAAwD;YACxD,OAAO,KAAK,IAAI,EAAE,CAAC,CAAC;gBAClB,OAAO,EAAE;oBACP,SAAS,EAAE,cAAc,CAAC,SAAS;oBACnC,qBAAqB,EAAE,8CAAgC;oBACvD,gBAAgB,EAAE,MAAM,GAAG,CAAC,SAAS,CACnC,EAAE,GAAG,EAAE,EACP;wBACE,iEAAiE;wBACjE,0DAA0D;wBAC1D,GAAG,EAAE,cAAc,CAAC,SAAS;wBAC7B,uDAAuD;wBACvD,qCAAqC;wBACrC,GAAG,EAAE,cAAc,CAAC,SAAS;wBAC7B,sEAAsE;wBACtE,sEAAsE;wBACtE,wEAAwE;wBACxE,0EAA0E;wBAC1E,kCAAkC;wBAClC,GAAG,EAAE,cAAc,CAAC,MAAM;wBAC1B,+DAA+D;wBAC/D,qCAAqC;wBACrC,GAAG,EAAE,MAAM,OAAO,CAAC,aAAa,EAAE;wBAClC,wDAAwD;wBACxD,qDAAqD;wBACrD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;wBAClC,+DAA+D;wBAC/D,6DAA6D;wBAC7D,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,WAAW;qBACrD,CACF;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,iEAA4B,CAAC,4BAA4B,EAAE;gBACnE,KAAK;aACN,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,iEAA4B;IACpC,mBAAmB;IACnB,2BAA2B,UAAU,CAAC,MAAM,EAAE,CAC/C,CAAA;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,cAAgD;IACxE,OAAO,cAAc,CAAC,uCAAuC,CAAC,CAAA;AAChE,CAAC;AAED,SAAS,aAAa,CAAC,cAAgD;IACrE,OAAO,CACL,cAAc,CAAC,kDAAkD,CAAC,IAAI;QACpE,oEAAoE;QACpE,wCAAwC;QACxC,EAAE;QACF,uEAAuE;QACvE,sDAAsD;QACtD,EAAE;QACF,qEAAqE;QACrE,2BAAY;KACb,CACF,CAAA;AACH,CAAC"}
@@ -1,6 +1,6 @@
1
1
  import { Key, Keyset } from '@atproto/jwk';
2
2
  import { OAuthClientIdDiscoverable, OAuthClientMetadata, OAuthClientMetadataInput, OAuthResponseMode } from '@atproto/oauth-types';
3
- import { AtprotoDid, DidCache } from '@atproto-labs/did-resolver';
3
+ import { AtprotoDid, DidCache, DidResolver } from '@atproto-labs/did-resolver';
4
4
  import { Fetch } from '@atproto-labs/fetch';
5
5
  import { HandleCache, HandleResolver } from '@atproto-labs/handle-resolver';
6
6
  import { IdentityResolver } from '@atproto-labs/identity-resolver';
@@ -16,7 +16,7 @@ import { SessionEventMap, SessionGetter, SessionStore } from './session-getter.j
16
16
  import { InternalStateData, StateStore } from './state-store.js';
17
17
  import { AuthorizeOptions, ClientMetadata } from './types.js';
18
18
  import { CustomEventTarget } from './util.js';
19
- export type { AuthorizationServerMetadataCache, DidCache, DpopNonceCache, Fetch, HandleCache, HandleResolver, InternalStateData, Key, Keyset, OAuthClientMetadata, OAuthClientMetadataInput, OAuthResponseMode, ProtectedResourceMetadataCache, RuntimeImplementation, SessionStore, StateStore, };
19
+ export { type AuthorizationServerMetadataCache, type DidCache, type DpopNonceCache, type Fetch, type HandleCache, type HandleResolver, type InternalStateData, Key, Keyset, type OAuthClientMetadata, type OAuthClientMetadataInput, type OAuthResponseMode, type ProtectedResourceMetadataCache, type RuntimeImplementation, type SessionStore, type StateStore, };
20
20
  export type OAuthClientOptions = {
21
21
  responseMode: OAuthResponseMode;
22
22
  clientMetadata: Readonly<OAuthClientMetadataInput>;
@@ -43,7 +43,12 @@ export type OAuthClientOptions = {
43
43
  authorizationServerMetadataCache?: AuthorizationServerMetadataCache;
44
44
  protectedResourceMetadataCache?: ProtectedResourceMetadataCache;
45
45
  dpopNonceCache?: DpopNonceCache;
46
+ didResolver?: DidResolver<'plc' | 'web'>;
46
47
  handleResolver: HandleResolver | URL | string;
48
+ /**
49
+ * Used to instantiate the {@link OAuthClientOptions.didResolver} if none
50
+ * is provided.
51
+ */
47
52
  plcDirectoryUrl?: URL | string;
48
53
  runtimeImplementation: RuntimeImplementation;
49
54
  fetch?: Fetch;
@@ -59,8 +64,11 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
59
64
  redirect_uris: [`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, ...(`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`)[]];
60
65
  response_types: ["code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token", ...("code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token")[]];
61
66
  grant_types: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]];
67
+ token_endpoint_auth_method: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth";
68
+ application_type: "web" | "native";
69
+ subject_type: "public" | "pairwise";
70
+ authorization_signed_response_alg: string;
62
71
  scope?: string | undefined;
63
- token_endpoint_auth_method?: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined;
64
72
  token_endpoint_auth_signing_alg?: string | undefined;
65
73
  userinfo_signed_response_alg?: string | undefined;
66
74
  userinfo_encrypted_response_alg?: string | undefined;
@@ -163,11 +171,8 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
163
171
  x5u?: string | undefined;
164
172
  })[];
165
173
  } | undefined;
166
- application_type?: "web" | "native" | undefined;
167
- subject_type?: "public" | "pairwise" | undefined;
168
174
  request_object_signing_alg?: string | undefined;
169
175
  id_token_signed_response_alg?: string | undefined;
170
- authorization_signed_response_alg?: string | undefined;
171
176
  authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined;
172
177
  authorization_encrypted_response_alg?: string | undefined;
173
178
  client_id?: string | undefined;
@@ -192,9 +197,9 @@ export declare class OAuthClient extends CustomEventTarget<OAuthClientEventMap>
192
197
  readonly serverFactory: OAuthServerFactory;
193
198
  protected readonly sessionGetter: SessionGetter;
194
199
  protected readonly stateStore: StateStore;
195
- constructor({ fetch, allowHttp, stateStore, sessionStore, didCache, dpopNonceCache, handleCache, authorizationServerMetadataCache, protectedResourceMetadataCache, responseMode, clientMetadata, handleResolver, plcDirectoryUrl, runtimeImplementation, keyset, }: OAuthClientOptions);
200
+ constructor({ fetch, allowHttp, stateStore, sessionStore, didCache, dpopNonceCache, handleCache, authorizationServerMetadataCache, protectedResourceMetadataCache, responseMode, clientMetadata, didResolver, handleResolver, plcDirectoryUrl, runtimeImplementation, keyset, }: OAuthClientOptions);
196
201
  get identityResolver(): IdentityResolver;
197
- get didResolver(): import("@atproto-labs/did-resolver").DidResolver<import("@atproto-labs/did-resolver").AtprotoIdentityDidMethods>;
202
+ get didResolver(): DidResolver<import("@atproto-labs/did-resolver").AtprotoIdentityDidMethods>;
198
203
  get handleResolver(): HandleResolver;
199
204
  get jwks(): {
200
205
  readonly keys: readonly ({
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,QAAQ,EAMT,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAGL,WAAW,EACX,cAAc,EACf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAIlE,OAAO,EACL,gCAAgC,EAEjC,MAAM,mDAAmD,CAAA;AAE1D,OAAO,EAEL,8BAA8B,EAC/B,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,YAAY,EACb,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAI7C,YAAY,EACV,gCAAgC,EAChC,QAAQ,EACR,cAAc,EACd,KAAK,EACL,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,GAAG,EACH,MAAM,EACN,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EACjB,8BAA8B,EAC9B,qBAAqB,EACrB,YAAY,EACZ,UAAU,GACX,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAE/B,YAAY,EAAE,iBAAiB,CAAA;IAC/B,cAAc,EAAE,QAAQ,CAAC,wBAAwB,CAAC,CAAA;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAC1D;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAGnB,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,YAAY,CAAA;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gCAAgC,CAAC,EAAE,gCAAgC,CAAA;IACnE,8BAA8B,CAAC,EAAE,8BAA8B,CAAA;IAC/D,cAAc,CAAC,EAAE,cAAc,CAAA;IAG/B,cAAc,EAAE,cAAc,GAAG,GAAG,GAAG,MAAM,CAAA;IAC7C,eAAe,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;IAC9B,qBAAqB,EAAE,qBAAqB,CAAA;IAC5C,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,eAAe,CAAA;AAEjD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,QAAQ,EAAE,yBAAyB,CAAA;IACnC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CAAA;AAED,qBAAa,WAAY,SAAQ,iBAAiB,CAAC,mBAAmB,CAAC;WACxD,aAAa,CAAC,EACzB,QAAQ,EACR,KAAwB,EACxB,MAAM,GACP,EAAE,+BAA+B;;;;;;;;;;;;;;;mBAmZ475C,CAAC;mBAAwF,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;mBAAqC,CAAC;qBAAsB,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;qBAA2D,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;;;;;;mBAAoM,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;;mBAAsJ,CAAC;mBAAuC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;mBAAwI,CAAC;mBAAsC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;mBAAkG,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;mBAA4E,CAAC;mBAAqC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;;;;;;;;;;;;;;;;;;;;;IAtXtwhD,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAGxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAA;IACrB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,kBAAkB,CAAA;IAG1C,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;gBAE7B,EACV,KAAwB,EACxB,SAAiB,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAoB,EACpB,cAA+D,EAC/D,WAAuB,EACvB,gCAGE,EACF,8BAGE,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACP,EAAE,kBAAkB;IA8DrB,IAAI,gBAAgB,qBAEnB;IAGD,IAAI,WAAW,qHAEd;IAGD,IAAI,cAAc,mBAEjB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAEK,SAAS,CACb,KAAK,EAAE,MAAM,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,GAAE,gBAAqB,GAC5C,OAAO,CAAC,GAAG,CAAC;IA0Ff;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,GAAG;IAY9B,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC;QAC/C,OAAO,EAAE,YAAY,CAAA;QACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,CAAC;IA2FF;;;;;OAKG;IACG,OAAO,CACX,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,OAAO,GAAG,MAAe,GACjC,OAAO,CAAC,YAAY,CAAC;IAiBlB,MAAM,CAAC,GAAG,EAAE,MAAM;IAmBxB,SAAS,CAAC,aAAa,CACrB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,GACd,YAAY;CAGhB"}
1
+ {"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAEL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,EACxB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,QAAQ,EACR,WAAW,EAMZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAEL,WAAW,EACX,cAAc,EAEf,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAKlE,OAAO,EACL,gCAAgC,EAEjC,MAAM,mDAAmD,CAAA;AAG1D,OAAO,EAEL,8BAA8B,EAC/B,MAAM,iDAAiD,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,YAAY,EACb,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAI7C,OAAO,EACL,KAAK,gCAAgC,EACrC,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,KAAK,EACV,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,GAAG,EACH,MAAM,EACN,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,iBAAiB,EACtB,KAAK,8BAA8B,EACnC,KAAK,qBAAqB,EAC1B,KAAK,YAAY,EACjB,KAAK,UAAU,GAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAE/B,YAAY,EAAE,iBAAiB,CAAA;IAC/B,cAAc,EAAE,QAAQ,CAAC,wBAAwB,CAAC,CAAA;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAC1D;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAGnB,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,YAAY,CAAA;IAC1B,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,gCAAgC,CAAC,EAAE,gCAAgC,CAAA;IACnE,8BAA8B,CAAC,EAAE,8BAA8B,CAAA;IAC/D,cAAc,CAAC,EAAE,cAAc,CAAA;IAG/B,WAAW,CAAC,EAAE,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC,CAAA;IACxC,cAAc,EAAE,cAAc,GAAG,GAAG,GAAG,MAAM,CAAA;IAC7C;;;OAGG;IACH,eAAe,CAAC,EAAE,GAAG,GAAG,MAAM,CAAA;IAC9B,qBAAqB,EAAE,qBAAqB,CAAA;IAC5C,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,eAAe,CAAA;AAEjD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,QAAQ,EAAE,yBAAyB,CAAA;IACnC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CAAA;AAED,qBAAa,WAAY,SAAQ,iBAAiB,CAAC,mBAAmB,CAAC;WACxD,aAAa,CAAC,EACzB,QAAQ,EACR,KAAwB,EACxB,MAAM,GACP,EAAE,+BAA+B;;;;;;;;;;;;;;;;;;mBAmc072C,CAAC;mBAAwF,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;kBAAoC,CAAC;mBAAqC,CAAC;qBAAsB,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;qBAA2D,CAAC;qBAAuC,CAAC;qBAAuC,CAAC;;;;;;;mBAAoM,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;;mBAAsJ,CAAC;mBAAuC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;;mBAAwI,CAAC;mBAAsC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;iBAAmC,CAAC;;;;mBAAkG,CAAC;mBAA0D,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;mBAA4E,CAAC;mBAAqC,CAAC;mBAAqC,CAAC;mBAAsC,CAAC;uBAAgD,CAAC;mBAAmI,CAAC;mBAAuC,CAAC;0BAA4C,CAAC;mBAAqC,CAAC;;;;;;;;;;;;;;;;;;;;IAtapw+C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAGxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAA;IACrB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,kBAAkB,CAAA;IAG1C,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;gBAE7B,EACV,KAAwB,EACxB,SAAiB,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAoB,EACpB,cAA+D,EAC/D,WAAuB,EACvB,gCAGE,EACF,8BAGE,EAEF,YAAY,EACZ,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACP,EAAE,kBAAkB;IAuErB,IAAI,gBAAgB,qBAEnB;IAGD,IAAI,WAAW,gFAEd;IAGD,IAAI,cAAc,mBAEjB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAEK,SAAS,CACb,KAAK,EAAE,MAAM,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,GAAE,gBAAqB,GAC5C,OAAO,CAAC,GAAG,CAAC;IAoGf;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,GAAG;IAY9B,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC;QAC/C,OAAO,EAAE,YAAY,CAAA;QACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,CAAC;IA8FF;;;;;OAKG;IACG,OAAO,CACX,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,OAAO,GAAG,MAAe,GACjC,OAAO,CAAC,YAAY,CAAC;IAkClB,MAAM,CAAC,GAAG,EAAE,MAAM;IA2BxB,SAAS,CAAC,aAAa,CACrB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,GACd,YAAY;CAGhB"}
@@ -1,16 +1,20 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthClient = void 0;
3
+ exports.OAuthClient = exports.Keyset = exports.Key = void 0;
4
4
  const jwk_1 = require("@atproto/jwk");
5
+ Object.defineProperty(exports, "Key", { enumerable: true, get: function () { return jwk_1.Key; } });
6
+ Object.defineProperty(exports, "Keyset", { enumerable: true, get: function () { return jwk_1.Keyset; } });
5
7
  const oauth_types_1 = require("@atproto/oauth-types");
6
8
  const did_resolver_1 = require("@atproto-labs/did-resolver");
7
9
  const handle_resolver_1 = require("@atproto-labs/handle-resolver");
8
10
  const identity_resolver_1 = require("@atproto-labs/identity-resolver");
9
11
  const simple_store_memory_1 = require("@atproto-labs/simple-store-memory");
10
12
  const constants_js_1 = require("./constants.js");
13
+ const auth_method_unsatisfiable_error_js_1 = require("./errors/auth-method-unsatisfiable-error.js");
11
14
  const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
12
15
  const oauth_authorization_server_metadata_resolver_js_1 = require("./oauth-authorization-server-metadata-resolver.js");
13
16
  const oauth_callback_error_js_1 = require("./oauth-callback-error.js");
17
+ const oauth_client_auth_js_1 = require("./oauth-client-auth.js");
14
18
  const oauth_protected_resource_metadata_resolver_js_1 = require("./oauth-protected-resource-metadata-resolver.js");
15
19
  const oauth_resolver_js_1 = require("./oauth-resolver.js");
16
20
  const oauth_server_factory_js_1 = require("./oauth-server-factory.js");
@@ -47,7 +51,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
47
51
  }), protectedResourceMetadataCache = new simple_store_memory_1.SimpleStoreMemory({
48
52
  ttl: 60e3,
49
53
  max: 100,
50
- }), responseMode, clientMetadata, handleResolver, plcDirectoryUrl, runtimeImplementation, keyset, }) {
54
+ }), responseMode, clientMetadata, didResolver, handleResolver, plcDirectoryUrl, runtimeImplementation, keyset, }) {
51
55
  super();
52
56
  // Config
53
57
  Object.defineProperty(this, "clientMetadata", {
@@ -115,7 +119,16 @@ class OAuthClient extends util_js_1.CustomEventTarget {
115
119
  this.responseMode = responseMode;
116
120
  this.runtime = new runtime_js_1.Runtime(runtimeImplementation);
117
121
  this.fetch = fetch;
118
- this.oauthResolver = new oauth_resolver_js_1.OAuthResolver(new identity_resolver_1.IdentityResolver(new did_resolver_1.DidResolverCached(new did_resolver_1.DidResolverCommon({ fetch, plcDirectoryUrl, allowHttp }), didCache), new handle_resolver_1.CachedHandleResolver(handle_resolver_1.AppViewHandleResolver.from(handleResolver, { fetch }), handleCache)), new oauth_protected_resource_metadata_resolver_js_1.OAuthProtectedResourceMetadataResolver(protectedResourceMetadataCache, fetch, { allowHttpResource: allowHttp }), new oauth_authorization_server_metadata_resolver_js_1.OAuthAuthorizationServerMetadataResolver(authorizationServerMetadataCache, fetch, { allowHttpIssuer: allowHttp }));
122
+ this.oauthResolver = new oauth_resolver_js_1.OAuthResolver(new identity_resolver_1.IdentityResolver(didResolver instanceof did_resolver_1.DidResolverCached && !didCache
123
+ ? didResolver
124
+ : new did_resolver_1.DidResolverCached(didResolver != null
125
+ ? didResolver
126
+ : new did_resolver_1.DidResolverCommon({ fetch, plcDirectoryUrl, allowHttp }), didCache), handleResolver instanceof handle_resolver_1.CachedHandleResolver && !handleCache
127
+ ? handleResolver
128
+ : new handle_resolver_1.CachedHandleResolver(typeof handleResolver === 'string' ||
129
+ handleResolver instanceof URL
130
+ ? new handle_resolver_1.XrpcHandleResolver(handleResolver, { fetch })
131
+ : handleResolver, handleCache)), new oauth_protected_resource_metadata_resolver_js_1.OAuthProtectedResourceMetadataResolver(protectedResourceMetadataCache, fetch, { allowHttpResource: allowHttp }), new oauth_authorization_server_metadata_resolver_js_1.OAuthAuthorizationServerMetadataResolver(authorizationServerMetadataCache, fetch, { allowHttpIssuer: allowHttp }));
119
132
  this.serverFactory = new oauth_server_factory_js_1.OAuthServerFactory(this.clientMetadata, this.runtime, this.oauthResolver, this.fetch, this.keyset, dpopNonceCache);
120
133
  this.sessionGetter = new session_getter_js_1.SessionGetter(sessionStore, this.serverFactory, this.runtime);
121
134
  this.stateStore = stateStore;
@@ -154,10 +167,12 @@ class OAuthClient extends util_js_1.CustomEventTarget {
154
167
  });
155
168
  const pkce = await this.runtime.generatePKCE();
156
169
  const dpopKey = await this.runtime.generateKey(metadata.dpop_signing_alg_values_supported || [constants_js_1.FALLBACK_ALG]);
170
+ const authMethod = (0, oauth_client_auth_js_1.negotiateClientAuthMethod)(metadata, this.clientMetadata, this.keyset);
157
171
  const state = await this.runtime.generateNonce();
158
172
  await this.stateStore.set(state, {
159
173
  iss: metadata.issuer,
160
174
  dpopKey,
175
+ authMethod,
161
176
  verifier: pkce.verifier,
162
177
  appState: options?.state,
163
178
  });
@@ -181,7 +196,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
181
196
  throw new TypeError(`Invalid authorization endpoint protocol: ${authorizationUrl.protocol}`);
182
197
  }
183
198
  if (metadata.pushed_authorization_request_endpoint) {
184
- const server = await this.serverFactory.fromMetadata(metadata, dpopKey);
199
+ const server = await this.serverFactory.fromMetadata(metadata, authMethod, dpopKey);
185
200
  const parResponse = await server.request('pushed_authorization_request', parameters);
186
201
  authorizationUrl.searchParams.set('client_id', this.clientMetadata.client_id);
187
202
  authorizationUrl.searchParams.set('request_uri', parResponse.request_uri);
@@ -248,7 +263,9 @@ class OAuthClient extends util_js_1.CustomEventTarget {
248
263
  if (!codeParam) {
249
264
  throw new oauth_callback_error_js_1.OAuthCallbackError(params, 'Missing "code" query param', stateData.appState);
250
265
  }
251
- const server = await this.serverFactory.fromIssuer(stateData.iss, stateData.dpopKey);
266
+ const server = await this.serverFactory.fromIssuer(stateData.iss,
267
+ // Using the literal 'legacy' if the authMethod is not defined (because stateData was created through an old version of this lib)
268
+ stateData.authMethod ?? 'legacy', stateData.dpopKey);
252
269
  if (issuerParam != null) {
253
270
  if (!server.issuer) {
254
271
  throw new oauth_callback_error_js_1.OAuthCallbackError(params, 'Issuer not found in metadata', stateData.appState);
@@ -264,6 +281,7 @@ class OAuthClient extends util_js_1.CustomEventTarget {
264
281
  try {
265
282
  await this.sessionGetter.setStored(tokenSet.sub, {
266
283
  dpopKey: stateData.dpopKey,
284
+ authMethod: server.authMethod,
267
285
  tokenSet,
268
286
  });
269
287
  const session = this.createSession(server, tokenSet.sub);
@@ -289,27 +307,35 @@ class OAuthClient extends util_js_1.CustomEventTarget {
289
307
  async restore(sub, refresh = 'auto') {
290
308
  // sub arg is lightly typed for convenience of library user
291
309
  (0, did_resolver_1.assertAtprotoDid)(sub);
292
- const { dpopKey, tokenSet } = await this.sessionGetter.get(sub, {
310
+ const { dpopKey, authMethod = 'legacy', tokenSet, } = await this.sessionGetter.get(sub, {
293
311
  noCache: refresh === true,
294
312
  allowStale: refresh === false,
295
313
  });
296
- const server = await this.serverFactory.fromIssuer(tokenSet.iss, dpopKey, {
297
- noCache: refresh === true,
298
- allowStale: refresh === false,
299
- });
300
- return this.createSession(server, sub);
314
+ try {
315
+ const server = await this.serverFactory.fromIssuer(tokenSet.iss, authMethod, dpopKey, {
316
+ noCache: refresh === true,
317
+ allowStale: refresh === false,
318
+ });
319
+ return this.createSession(server, sub);
320
+ }
321
+ catch (err) {
322
+ if (err instanceof auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError) {
323
+ await this.sessionGetter.delStored(sub, err);
324
+ }
325
+ throw err;
326
+ }
301
327
  }
302
328
  async revoke(sub) {
303
329
  // sub arg is lightly typed for convenience of library user
304
330
  (0, did_resolver_1.assertAtprotoDid)(sub);
305
- const { dpopKey, tokenSet } = await this.sessionGetter.get(sub, {
331
+ const { dpopKey, authMethod = 'legacy', tokenSet, } = await this.sessionGetter.get(sub, {
306
332
  allowStale: true,
307
333
  });
308
334
  // NOT using `;(await this.restore(sub, false)).signOut()` because we want
309
335
  // the tokens to be deleted even if it was not possible to fetch the issuer
310
336
  // data.
311
337
  try {
312
- const server = await this.serverFactory.fromIssuer(tokenSet.iss, dpopKey);
338
+ const server = await this.serverFactory.fromIssuer(tokenSet.iss, authMethod, dpopKey);
313
339
  await server.revoke(tokenSet.access_token);
314
340
  }
315
341
  finally {
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,sCAA0C;AAC1C,sDAO6B;AAC7B,6DAQmC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,iDAA6C;AAC7C,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAmEtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,SAAS,GAAG,KAAK,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QAzCT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACU;;;;;WAA4B;QAC5B;;;;;WAAsB;QA8BvC,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,IAAI,gCAAiB,CACnB,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAC5D,QAAQ,CACT,EACD,IAAI,sCAAoB,CACtB,uCAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,EACrD,WAAW,CACZ,CACF,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,EACL,EAAE,iBAAiB,EAAE,SAAS,EAAE,CACjC,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,EACL,EAAE,eAAe,EAAE,SAAS,EAAE,CAC/B,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,KAAuB,EAAE;QAE7C,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE;YACrE,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAwC;YACtD,GAAG,OAAO;YAEV,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ,EAAE,MAAM,IAAI,QAAQ,EAAE,GAAG;YAC7C,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa,EAAE,MAAe;YAC9B,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK;SACnD,CAAA;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,yDAAyD;QACzD,IACE,gBAAgB,CAAC,QAAQ,KAAK,QAAQ;YACtC,gBAAgB,CAAC,QAAQ,KAAK,OAAO,EACrC,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,4CAA4C,gBAAgB,CAAC,QAAQ,EAAE,CACxE,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YACvE,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG,EACb,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAEpE,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,GAAW,EACX,UAA4B,MAAM;QAElC,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE;YACxE,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YAC9D,UAAU,EAAE,IAAI;SACjB,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACzE,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CACrB,MAAwB,EACxB,GAAe;QAEf,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AAvZD,kCAuZC"}
1
+ {"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;AAAA,sCAA0C;AAkExC,oFAlEO,SAAG,OAkEP;AACH,uFAnEY,YAAM,OAmEZ;AAlER,sDAO6B;AAC7B,6DASmC;AAEnC,mEAKsC;AACtC,uEAAkE;AAClE,2EAAqE;AACrE,iDAA6C;AAC7C,oGAA0F;AAC1F,4EAAmE;AACnE,uHAG0D;AAC1D,uEAA8D;AAC9D,iEAAkE;AAClE,mHAGwD;AACxD,2DAAmD;AAEnD,uEAA8D;AAC9D,yDAAiD;AAEjD,6CAAsC;AACtC,2DAI4B;AAG5B,uCAA6C;AAC7C,+EAAsE;AAwEtE,MAAa,WAAY,SAAQ,2BAAsC;IACrE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EACzB,QAAQ,EACR,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,MAAM,GAC0B;QAChC,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,MAAM;SACf,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,8IAA8I;QAC9I,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACvE,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACzB,MAAM,IAAI,SAAS,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE3C,MAAM,EAAE,cAAc,EAAE,CAAA;QAExB,OAAO,uCAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAiBD,YAAY,EACV,KAAK,GAAG,UAAU,CAAC,KAAK,EACxB,SAAS,GAAG,KAAK,EAEjB,UAAU,EACV,YAAY,EAEZ,QAAQ,GAAG,SAAS,EACpB,cAAc,GAAG,IAAI,uCAAiB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAC/D,WAAW,GAAG,SAAS,EACvB,gCAAgC,GAAG,IAAI,uCAAiB,CAAC;QACvD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EACF,8BAA8B,GAAG,IAAI,uCAAiB,CAAC;QACrD,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,GAAG;KACT,CAAC,EAEF,YAAY,EACZ,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,MAAM,GACa;QACnB,KAAK,EAAE,CAAA;QA1CT,SAAS;QACA;;;;;WAA8B;QAC9B;;;;;WAA+B;QAC/B;;;;;WAAe;QAExB,WAAW;QACF;;;;;WAAgB;QAChB;;;;;WAAY;QACZ;;;;;WAA4B;QAC5B;;;;;WAAiC;QAE1C,SAAS;QACU;;;;;WAA4B;QAC5B;;;;;WAAsB;QA+BvC,IAAI,CAAC,MAAM,GAAG,MAAM;YAClB,CAAC,CAAC,MAAM,YAAY,YAAM;gBACxB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,SAAS,CAAA;QACb,IAAI,CAAC,cAAc,GAAG,IAAA,oDAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;QACzE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAEhC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAO,CAAC,qBAAqB,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,IAAI,oCAAgB,CAClB,WAAW,YAAY,gCAAiB,IAAI,CAAC,QAAQ;YACnD,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,IAAI,gCAAiB,CACnB,WAAW,IAAI,IAAI;gBACjB,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,IAAI,gCAAiB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAChE,QAAQ,CACT,EACL,cAAc,YAAY,sCAAoB,IAAI,CAAC,WAAW;YAC5D,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,IAAI,sCAAoB,CACtB,OAAO,cAAc,KAAK,QAAQ;gBAClC,cAAc,YAAY,GAAG;gBAC3B,CAAC,CAAC,IAAI,oCAAkB,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC;gBACnD,CAAC,CAAC,cAAc,EAClB,WAAW,CACZ,CACN,EACD,IAAI,sFAAsC,CACxC,8BAA8B,EAC9B,KAAK,EACL,EAAE,iBAAiB,EAAE,SAAS,EAAE,CACjC,EACD,IAAI,0FAAwC,CAC1C,gCAAgC,EAChC,KAAK,EACL,EAAE,eAAe,EAAE,SAAS,EAAE,CAC/B,CACF,CAAA;QACD,IAAI,CAAC,aAAa,GAAG,IAAI,4CAAkB,CACzC,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,cAAc,CACf,CAAA;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CACpC,YAAY,EACZ,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAA;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,SAAS,CAAU,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;gBAClD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClD,KAAK,CAAC,cAAc,EAAE,CAAA;gBACxB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAA;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAA;IAC7C,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,MAAM,EAAE,UAAU,IAAK,EAAE,IAAI,EAAE,EAAW,EAAY,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,EAAE,MAAM,EAAE,GAAG,OAAO,KAAuB,EAAE;QAE7C,MAAM,WAAW,GACf,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,yDAAyD;YACzD,MAAM,IAAI,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE;YACrE,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAC5C,QAAQ,CAAC,iCAAiC,IAAI,CAAC,2BAAY,CAAC,CAC7D,CAAA;QAED,MAAM,UAAU,GAAG,IAAA,gDAAyB,EAC1C,QAAQ,EACR,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,MAAM,CACZ,CAAA;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;QAEhD,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YAC/B,GAAG,EAAE,QAAQ,CAAC,MAAM;YACpB,OAAO;YACP,UAAU;YACV,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,OAAO,EAAE,KAAK;SACzB,CAAC,CAAA;QAEF,MAAM,UAAU,GAAwC;YACtD,GAAG,OAAO;YAEV,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;YACxC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,IAAI,CAAC,SAAS;YAC9B,qBAAqB,EAAE,IAAI,CAAC,MAAM;YAClC,KAAK;YACL,UAAU,EAAE,QAAQ,EAAE,MAAM,IAAI,QAAQ,EAAE,GAAG;YAC7C,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,aAAa,EAAE,MAAe;YAC9B,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK;SACnD,CAAA;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,yDAAyD;QACzD,IACE,gBAAgB,CAAC,QAAQ,KAAK,QAAQ;YACtC,gBAAgB,CAAC,QAAQ,KAAK,OAAO,EACrC,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,4CAA4C,gBAAgB,CAAC,QAAQ,EAAE,CACxE,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAClD,QAAQ,EACR,UAAU,EACV,OAAO,CACR,CAAA;YACD,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CACtC,8BAA8B,EAC9B,UAAU,CACX,CAAA;YAED,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,WAAW,EACX,IAAI,CAAC,cAAc,CAAC,SAAS,CAC9B,CAAA;YACD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;YACzE,OAAO,gBAAgB,CAAA;QACzB,CAAC;aAAM,IAAI,QAAQ,CAAC,qCAAqC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAA;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK;oBAAE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;YAClE,CAAC;YAED,oDAAoD;YACpD,MAAM,SAAS,GACb,gBAAgB,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAA;YACnE,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAA;YACzB,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACvC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAiB;QAClC,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU;YAAE,OAAM;QAEvB,2EAA2E;QAC3E,4EAA4E;QAC5E,uEAAuE;QACvE,8CAA8C;QAE9C,mEAAmE;IACrE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAuB;QAIpC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC1C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;YACxB,8CAA8C;YAC9C,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,6BAA6B;YAC7B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,kCAAkC,UAAU,GAAG,CAChD,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,4CAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACrE,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,4BAA4B,EAC5B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,SAAS,CAAC,GAAG;YACb,iIAAiI;YACjI,SAAS,CAAC,UAAU,IAAI,QAAQ,EAChC,SAAS,CAAC,OAAO,CAClB,CAAA;YAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,8BAA8B,EAC9B,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;oBAClC,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,iBAAiB,EACjB,SAAS,CAAC,QAAQ,CACnB,CAAA;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,MAAM,CAAC,cAAc,CAAC,8CAA8C,EACpE,CAAC;gBACD,MAAM,IAAI,4CAAkB,CAC1B,MAAM,EACN,+BAA+B,EAC/B,SAAS,CAAC,QAAQ,CACnB,CAAA;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;YACzE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAA;gBAExD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAA;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAEpE,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,gCAAgC;YAChC,MAAM,4CAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,GAAW,EACX,UAA4B,MAAM;QAElC,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EACJ,OAAO,EACP,UAAU,GAAG,QAAQ,EACrB,QAAQ,GACT,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YACpC,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,EACP;gBACE,OAAO,EAAE,OAAO,KAAK,IAAI;gBACzB,UAAU,EAAE,OAAO,KAAK,KAAK;aAC9B,CACF,CAAA;YAED,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iEAA4B,EAAE,CAAC;gBAChD,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9C,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,2DAA2D;QAC3D,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAA;QAErB,MAAM,EACJ,OAAO,EACP,UAAU,GAAG,QAAQ,EACrB,QAAQ,GACT,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;YACpC,UAAU,EAAE,IAAI;SACjB,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,QAAQ;QACR,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YACD,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,0CAAiB,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAES,aAAa,CACrB,MAAwB,EACxB,GAAe;QAEf,OAAO,IAAI,+BAAY,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;CACF;AAvcD,kCAucC"}
@@ -33,6 +33,7 @@ export declare class OAuthResolver {
33
33
  issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
34
34
  authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
35
35
  token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
36
+ token_endpoint_auth_methods_supported: string[];
36
37
  jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
37
38
  claims_supported?: string[] | undefined;
38
39
  claims_locales_supported?: string[] | undefined;
@@ -54,7 +55,6 @@ export declare class OAuthResolver {
54
55
  authorization_details_types_supported?: string[] | undefined;
55
56
  request_object_encryption_alg_values_supported?: string[] | undefined;
56
57
  request_object_encryption_enc_values_supported?: string[] | undefined;
57
- token_endpoint_auth_methods_supported?: string[] | undefined;
58
58
  token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
59
59
  revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
60
60
  introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
@@ -1,9 +1,10 @@
1
1
  import { AtprotoDid } from '@atproto/did';
2
2
  import { Key, Keyset } from '@atproto/jwk';
3
- import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthEndpointName, OAuthParResponse, OAuthTokenRequest } from '@atproto/oauth-types';
3
+ import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthEndpointName, OAuthParResponse, OAuthTokenRequest } from '@atproto/oauth-types';
4
4
  import { Fetch, Json } from '@atproto-labs/fetch';
5
5
  import { SimpleStore } from '@atproto-labs/simple-store';
6
6
  import { AtprotoScope, AtprotoTokenResponse } from './atproto-token-response.js';
7
+ import { ClientAuthMethod, ClientCredentialsFactory } from './oauth-client-auth.js';
7
8
  import { OAuthResolver } from './oauth-resolver.js';
8
9
  import { Runtime } from './runtime.js';
9
10
  import { ClientMetadata } from './types.js';
@@ -20,6 +21,7 @@ export type TokenSet = {
20
21
  };
21
22
  export type DpopNonceCache = SimpleStore<string, string>;
22
23
  export declare class OAuthServerAgent {
24
+ readonly authMethod: ClientAuthMethod;
23
25
  readonly dpopKey: Key;
24
26
  readonly serverMetadata: OAuthAuthorizationServerMetadata;
25
27
  readonly clientMetadata: ClientMetadata;
@@ -28,7 +30,11 @@ export declare class OAuthServerAgent {
28
30
  readonly runtime: Runtime;
29
31
  readonly keyset?: Keyset | undefined;
30
32
  protected dpopFetch: Fetch<unknown>;
31
- constructor(dpopKey: Key, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, dpopNonces: DpopNonceCache, oauthResolver: OAuthResolver, runtime: Runtime, keyset?: Keyset | undefined, fetch?: Fetch);
33
+ protected clientCredentialsFactory: ClientCredentialsFactory;
34
+ /**
35
+ * @throws see {@link createClientCredentialsFactory}
36
+ */
37
+ constructor(authMethod: ClientAuthMethod, dpopKey: Key, serverMetadata: OAuthAuthorizationServerMetadata, clientMetadata: ClientMetadata, dpopNonces: DpopNonceCache, oauthResolver: OAuthResolver, runtime: Runtime, keyset?: Keyset | undefined, fetch?: Fetch);
32
38
  get issuer(): `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
33
39
  revoke(token: string): Promise<void>;
34
40
  exchangeCode(code: string, codeVerifier?: string): Promise<TokenSet>;
@@ -45,9 +51,5 @@ export declare class OAuthServerAgent {
45
51
  */
46
52
  protected verifyIssuer(sub: AtprotoDid): Promise<string>;
47
53
  request<Endpoint extends OAuthEndpointName>(endpoint: Endpoint, payload: Endpoint extends 'token' ? OAuthTokenRequest : Endpoint extends 'pushed_authorization_request' ? OAuthAuthorizationRequestPar : Record<string, unknown>): Promise<Endpoint extends 'token' ? AtprotoTokenResponse : Endpoint extends 'pushed_authorization_request' ? OAuthParResponse : Json>;
48
- buildClientAuth(endpoint: OAuthEndpointName): Promise<{
49
- headers?: Record<string, string>;
50
- payload: OAuthClientCredentials;
51
- }>;
52
54
  }
53
55
  //# sourceMappingURL=oauth-server-agent.d.ts.map