@atproto/oauth-client 0.5.5 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/dist/constants.js.map +1 -1
  3. package/dist/errors/auth-method-unsatisfiable-error.js.map +1 -1
  4. package/dist/errors/token-invalid-error.js.map +1 -1
  5. package/dist/errors/token-refresh-error.js.map +1 -1
  6. package/dist/errors/token-revoked-error.js.map +1 -1
  7. package/dist/fetch-dpop.js.map +1 -1
  8. package/dist/identity-resolver.js.map +1 -1
  9. package/dist/index.d.ts +1 -0
  10. package/dist/index.d.ts.map +1 -1
  11. package/dist/index.js +1 -0
  12. package/dist/index.js.map +1 -1
  13. package/dist/lock.js.map +1 -1
  14. package/dist/oauth-authorization-server-metadata-resolver.js.map +1 -1
  15. package/dist/oauth-callback-error.js.map +1 -1
  16. package/dist/oauth-client-auth.d.ts.map +1 -1
  17. package/dist/oauth-client-auth.js +3 -4
  18. package/dist/oauth-client-auth.js.map +1 -1
  19. package/dist/oauth-client.d.ts +167 -139
  20. package/dist/oauth-client.d.ts.map +1 -1
  21. package/dist/oauth-client.js +1 -4
  22. package/dist/oauth-client.js.map +1 -1
  23. package/dist/oauth-protected-resource-metadata-resolver.js.map +1 -1
  24. package/dist/oauth-resolver-error.js.map +1 -1
  25. package/dist/oauth-resolver.js.map +1 -1
  26. package/dist/oauth-response-error.js.map +1 -1
  27. package/dist/oauth-server-agent.d.ts +4 -4
  28. package/dist/oauth-server-agent.d.ts.map +1 -1
  29. package/dist/oauth-server-agent.js +12 -77
  30. package/dist/oauth-server-agent.js.map +1 -1
  31. package/dist/oauth-server-factory.js.map +1 -1
  32. package/dist/oauth-session.d.ts +3 -3
  33. package/dist/oauth-session.d.ts.map +1 -1
  34. package/dist/oauth-session.js.map +1 -1
  35. package/dist/runtime-implementation.js.map +1 -1
  36. package/dist/runtime.js.map +1 -1
  37. package/dist/session-getter.d.ts +1 -1
  38. package/dist/session-getter.d.ts.map +1 -1
  39. package/dist/session-getter.js +2 -2
  40. package/dist/session-getter.js.map +1 -1
  41. package/dist/state-store.js.map +1 -1
  42. package/dist/types.d.ts +164 -1102
  43. package/dist/types.d.ts.map +1 -1
  44. package/dist/types.js.map +1 -1
  45. package/dist/util.d.ts +0 -8
  46. package/dist/util.d.ts.map +1 -1
  47. package/dist/util.js +22 -71
  48. package/dist/util.js.map +1 -1
  49. package/dist/validate-client-metadata.d.ts.map +1 -1
  50. package/dist/validate-client-metadata.js +14 -7
  51. package/dist/validate-client-metadata.js.map +1 -1
  52. package/package.json +9 -8
  53. package/src/index.ts +2 -0
  54. package/src/oauth-client-auth.ts +3 -5
  55. package/src/oauth-client.ts +1 -4
  56. package/src/oauth-server-agent.ts +9 -12
  57. package/src/oauth-session.ts +6 -3
  58. package/src/session-getter.ts +3 -3
  59. package/src/util.ts +22 -107
  60. package/src/validate-client-metadata.ts +26 -9
  61. package/tsconfig.build.tsbuildinfo +1 -1
  62. package/dist/atproto-token-response.d.ts +0 -110
  63. package/dist/atproto-token-response.d.ts.map +0 -1
  64. package/dist/atproto-token-response.js +0 -20
  65. package/dist/atproto-token-response.js.map +0 -1
  66. package/src/atproto-token-response.ts +0 -21
package/dist/oauth-server-agent.d.ts CHANGED
@@ -1,18 +1,18 @@
1
1
  import { AtprotoDid } from '@atproto/did';
2
2
  import { Key, Keyset } from '@atproto/jwk';
3
- import { OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthEndpointName, OAuthParResponse, OAuthRedirectUri, OAuthTokenRequest } from '@atproto/oauth-types';
3
+ import { AtprotoOAuthScope, AtprotoOAuthTokenResponse, OAuthAuthorizationRequestPar, OAuthAuthorizationServerMetadata, OAuthEndpointName, OAuthParResponse, OAuthRedirectUri, OAuthTokenRequest } from '@atproto/oauth-types';
4
4
  import { Fetch, Json } from '@atproto-labs/fetch';
5
5
  import { SimpleStore } from '@atproto-labs/simple-store';
6
- import { AtprotoScope, AtprotoTokenResponse } from './atproto-token-response.js';
7
6
  import { ClientAuthMethod, ClientCredentialsFactory } from './oauth-client-auth.js';
8
7
  import { OAuthResolver } from './oauth-resolver.js';
9
8
  import { Runtime } from './runtime.js';
10
9
  import { ClientMetadata } from './types.js';
10
+ export type { AtprotoOAuthScope, AtprotoOAuthTokenResponse };
11
11
  export type TokenSet = {
12
12
  iss: string;
13
13
  sub: AtprotoDid;
14
14
  aud: string;
15
- scope: AtprotoScope;
15
+ scope: AtprotoOAuthScope;
16
16
  refresh_token?: string;
17
17
  access_token: string;
18
18
  token_type: 'DPoP';
@@ -50,6 +50,6 @@ export declare class OAuthServerAgent {
50
50
  * @returns The user's PDS URL (the resource server for the user)
51
51
  */
52
52
  protected verifyIssuer(sub: AtprotoDid): Promise<string>;
53
- request<Endpoint extends OAuthEndpointName>(endpoint: Endpoint, payload: Endpoint extends 'token' ? OAuthTokenRequest : Endpoint extends 'pushed_authorization_request' ? OAuthAuthorizationRequestPar : Record<string, unknown>): Promise<Endpoint extends 'token' ? AtprotoTokenResponse : Endpoint extends 'pushed_authorization_request' ? OAuthParResponse : Json>;
53
+ request<Endpoint extends OAuthEndpointName>(endpoint: Endpoint, payload: Endpoint extends 'token' ? OAuthTokenRequest : Endpoint extends 'pushed_authorization_request' ? OAuthAuthorizationRequestPar : Record<string, unknown>): Promise<Endpoint extends 'token' ? AtprotoOAuthTokenResponse : Endpoint extends 'pushed_authorization_request' ? OAuthParResponse : Json>;
54
54
  }
55
55
  //# sourceMappingURL=oauth-server-agent.d.ts.map
package/dist/oauth-server-agent.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EACL,4BAA4B,EAC5B,gCAAgC,EAChC,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EACL,YAAY,EACZ,oBAAoB,EAErB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EAEzB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAG3C,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,YAAY,CAAA;IAEnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAQzB,QAAQ,CAAC,UAAU,EAAE,gBAAgB;IACrC,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM;IAd1B,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;IACnC,SAAS,CAAC,wBAAwB,EAAE,wBAAwB,CAAA;IAE5D;;OAEG;gBAEQ,UAAU,EAAE,gBAAgB,EAC5B,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,YAAA,EACxB,KAAK,CAAC,EAAE,KAAK;IAoBf,IAAI,MAAM,oVAET;IAEK,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,gBAAgB,GAC7B,OAAO,CAAC,QAAQ,CAAC;IAyCd,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpD;;;;;;;;;OASG;cACa,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAmBxD,OAAO,CAAC,QAAQ,SAAS,iBAAiB,EAC9C,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,QAAQ,SAAS,OAAO,GAC7B,iBAAiB,GACjB,QAAQ,SAAS,8BAA8B,GAC7C,4BAA4B,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CACR,QAAQ,SAAS,OAAO,GACpB,oBAAoB,GACpB,QAAQ,SAAS,8BAA8B,GAC7C,gBAAgB,GAChB,IAAI,CACX;CAoCF"}
1
+ {"version":3,"file":"oauth-server-agent.d.ts","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,4BAA4B,EAC5B,gCAAgC,EAChC,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EAGlB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAiC,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAGxD,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EAEzB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3C,YAAY,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAA;AAE5D,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,iBAAiB,CAAA;IAExB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAExD,qBAAa,gBAAgB;IAQzB,QAAQ,CAAC,UAAU,EAAE,gBAAgB;IACrC,QAAQ,CAAC,OAAO,EAAE,GAAG;IACrB,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACzD,QAAQ,CAAC,cAAc,EAAE,cAAc;IACvC,QAAQ,CAAC,UAAU,EAAE,cAAc;IACnC,QAAQ,CAAC,aAAa,EAAE,aAAa;IACrC,QAAQ,CAAC,OAAO,EAAE,OAAO;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM;IAd1B,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;IACnC,SAAS,CAAC,wBAAwB,EAAE,wBAAwB,CAAA;IAE5D;;OAEG;gBAEQ,UAAU,EAAE,gBAAgB,EAC5B,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,gCAAgC,EAChD,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,MAAM,YAAA,EACxB,KAAK,CAAC,EAAE,KAAK;IAoBf,IAAI,MAAM,oVAET;IAEK,MAAM,CAAC,KAAK,EAAE,MAAM;IAQpB,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,gBAAgB,GAC7B,OAAO,CAAC,QAAQ,CAAC;IAyCd,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAuCpD;;;;;;;;;OASG;cACa,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAiBxD,OAAO,CAAC,QAAQ,SAAS,iBAAiB,EAC9C,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,QAAQ,SAAS,OAAO,GAC7B,iBAAiB,GACjB,QAAQ,SAAS,8BAA8B,GAC7C,4BAA4B,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CACR,QAAQ,SAAS,OAAO,GACpB,yBAAyB,GACzB,QAAQ,SAAS,8BAA8B,GAC7C,gBAAgB,GAChB,IAAI,CACX;CAoCF"}
package/dist/oauth-server-agent.js CHANGED
@@ -1,66 +1,12 @@
1
1
  "use strict";
2
- var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
3
- if (value !== null && value !== void 0) {
4
- if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
5
- var dispose, inner;
6
- if (async) {
7
- if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
8
- dispose = value[Symbol.asyncDispose];
9
- }
10
- if (dispose === void 0) {
11
- if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
12
- dispose = value[Symbol.dispose];
13
- if (async) inner = dispose;
14
- }
15
- if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
16
- if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
17
- env.stack.push({ value: value, dispose: dispose, async: async });
18
- }
19
- else if (async) {
20
- env.stack.push({ async: true });
21
- }
22
- return value;
23
- };
24
- var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
25
- return function (env) {
26
- function fail(e) {
27
- env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
28
- env.hasError = true;
29
- }
30
- var r, s = 0;
31
- function next() {
32
- while (r = env.stack.pop()) {
33
- try {
34
- if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
35
- if (r.dispose) {
36
- var result = r.dispose.call(r.value);
37
- if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
38
- }
39
- else s |= 1;
40
- }
41
- catch (e) {
42
- fail(e);
43
- }
44
- }
45
- if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
46
- if (env.hasError) throw env.error;
47
- }
48
- return next();
49
- };
50
- })(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
51
- var e = new Error(message);
52
- return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
53
- });
54
2
  Object.defineProperty(exports, "__esModule", { value: true });
55
3
  exports.OAuthServerAgent = void 0;
56
4
  const oauth_types_1 = require("@atproto/oauth-types");
57
5
  const fetch_1 = require("@atproto-labs/fetch");
58
- const atproto_token_response_js_1 = require("./atproto-token-response.js");
59
6
  const token_refresh_error_js_1 = require("./errors/token-refresh-error.js");
60
7
  const fetch_dpop_js_1 = require("./fetch-dpop.js");
61
8
  const oauth_client_auth_js_1 = require("./oauth-client-auth.js");
62
9
  const oauth_response_error_js_1 = require("./oauth-response-error.js");
63
- const util_js_1 = require("./util.js");
64
10
  class OAuthServerAgent {
65
11
  /**
66
12
  * @throws see {@link createClientCredentialsFactory}
@@ -223,29 +169,18 @@ class OAuthServerAgent {
223
169
  * @returns The user's PDS URL (the resource server for the user)
224
170
  */
225
171
  async verifyIssuer(sub) {
226
- const env_1 = { stack: [], error: void 0, hasError: false };
227
- try {
228
- const signal = __addDisposableResource(env_1, (0, util_js_1.timeoutSignal)(10e3), false);
229
- const resolved = await this.oauthResolver.resolveFromIdentity(sub, {
230
- noCache: true,
231
- allowStale: false,
232
- signal,
233
- });
234
- if (this.issuer !== resolved.metadata.issuer) {
235
- // Best case scenario; the user switched PDS. Worst case scenario; a bad
236
- // actor is trying to impersonate a user. In any case, we must not allow
237
- // this token to be used.
238
- throw new TypeError('Issuer mismatch');
239
- }
240
- return resolved.pds.href;
241
- }
242
- catch (e_1) {
243
- env_1.error = e_1;
244
- env_1.hasError = true;
245
- }
246
- finally {
247
- __disposeResources(env_1);
172
+ const resolved = await this.oauthResolver.resolveFromIdentity(sub, {
173
+ noCache: true,
174
+ allowStale: false,
175
+ signal: AbortSignal.timeout(10e3),
176
+ });
177
+ if (this.issuer !== resolved.metadata.issuer) {
178
+ // Best case scenario; the user switched PDS. Worst case scenario; a bad
179
+ // actor is trying to impersonate a user. In any case, we must not allow
180
+ // this token to be used.
181
+ throw new TypeError('Issuer mismatch');
248
182
  }
183
+ return resolved.pds.href;
249
184
  }
250
185
  async request(endpoint, payload) {
251
186
  const url = this.serverMetadata[`${endpoint}_endpoint`];
@@ -267,7 +202,7 @@ class OAuthServerAgent {
267
202
  if (response.ok) {
268
203
  switch (endpoint) {
269
204
  case 'token':
270
- return atproto_token_response_js_1.atprotoTokenResponseSchema.parse(json);
205
+ return oauth_types_1.atprotoOAuthTokenResponseSchema.parse(json);
271
206
  case 'pushed_authorization_request':
272
207
  return oauth_types_1.oauthParResponseSchema.parse(json);
273
208
  default:
package/dist/oauth-server-agent.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,sDAQ6B;AAC7B,+CAAgF;AAEhF,2EAIoC;AACpC,4EAAmE;AACnE,mDAAkD;AAClD,iEAI+B;AAE/B,uEAA8D;AAG9D,uCAAyC;AAiBzC,MAAa,gBAAgB;IAI3B;;OAEG;IACH,YACW,UAA4B,EAC5B,OAAY,EACZ,cAAgD,EAChD,cAA8B,EAC9B,UAA0B,EAC1B,aAA4B,EAC5B,OAAgB,EAChB,MAAe,EACxB,KAAa;QARb;;;;mBAAS,UAAU;WAAkB;QACrC;;;;mBAAS,OAAO;WAAK;QACrB;;;;mBAAS,cAAc;WAAkC;QACzD;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,UAAU;WAAgB;QACnC;;;;mBAAS,aAAa;WAAe;QACrC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,MAAM;WAAS;QAdhB;;;;;WAAyB;QACzB;;;;;WAAkD;QAgB1D,IAAI,CAAC,wBAAwB,GAAG,IAAA,qDAA8B,EAC5D,UAAU,EACV,cAAc,EACd,cAAc,EACd,OAAO,EACP,MAAM,CACP,CAAA;QAED,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,OAAO;YACZ,aAAa,EAAE,cAAc,CAAC,iCAAiC;YAC/D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,IAAY,EACZ,YAAqB,EACrB,WAA8B;QAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,oBAAoB;YAChC,wEAAwE;YACxE,oEAAoE;YACpE,YAAY,EAAE,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC;YACjE,IAAI;YACJ,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,oBAAoB;YACpB,EAAE;YACF,sEAAsE;YACtE,yDAAyD;YACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAEtD,OAAO;gBACL,GAAG;gBACH,GAAG,EAAE,aAAa,CAAC,GAAG;gBACtB,GAAG,EAAE,IAAI,CAAC,MAAM;gBAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,UAAU,EAAE,aAAa,CAAC,UAAU;gBAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBAC/D,CAAC,CAAC,SAAS;aAChB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;QACzE,CAAC;QAED,oBAAoB;QACpB,EAAE;QACF,0EAA0E;QAC1E,qEAAqE;QACrE,iDAAiD;QACjD,kCAAkC;QAClC,sEAAsE;QACtE,2EAA2E;QAC3E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QAEjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC,CAAA;QAEF,OAAO;YACL,GAAG;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,IAAI,CAAC,MAAM;YAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,UAAU,EAAE,aAAa,CAAC,UAAU;YAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;gBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;gBAC/D,CAAC,CAAC,SAAS;SAChB,CAAA;IACH,CAAC;IAED;;;;;;;;;OASG;IACO,KAAK,CAAC,YAAY,CAAC,GAAe;;;YAC1C,MAAM,MAAM,kCAAG,IAAA,uBAAa,EAAC,IAAI,CAAC,QAAA,CAAA;YAElC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE;gBACjE,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,KAAK;gBACjB,MAAM;aACP,CAAC,CAAA;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7C,wEAAwE;gBACxE,wEAAwE;gBACxE,yBAAyB;gBACzB,MAAM,IAAI,SAAS,CAAC,iBAAiB,CAAC,CAAA;YACxC,CAAC;YAED,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAA;;;;;;;;;KACzB;IAgBD,KAAK,CAAC,OAAO,CACX,QAA2B,EAC3B,OAAgC;QAEhC,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,qBAAqB,CAAC,CAAA;QAE9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAA;QAElD,+EAA+E;QAC/E,4DAA4D;QAC5D,4DAA4D;QAC5D,0DAA0D;QAC1D,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,GAAG,IAAI,CAAC,OAAO;gBACf,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,gBAAgB,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACxD,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAkB,GAAE,CAAC,CAAA;QAE7B,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,OAAO;oBACV,OAAO,sDAA0B,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC/C,KAAK,8BAA8B;oBACjC,OAAO,oCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC3C;oBACE,OAAO,IAAI,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;CACF;AAlND,4CAkNC;AAED,SAAS,gBAAgB,CAAC,OAA4C;IACpE,OAAO,IAAI,eAAe,CACxB,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;SACpB,MAAM,CAAC,oBAAoB,CAAC;SAC5B,GAAG,CAAC,mBAAmB,CAAC,CAC5B,CAAC,QAAQ,EAAE,CAAA;AACd,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAwB;IAExB,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAA;AAC/B,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAwB;IACnD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAEtB,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACtB,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;QAC9B,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YACjC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACzE,CAAC;YACD,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"oauth-server-agent.js","sourceRoot":"","sources":["../src/oauth-server-agent.ts"],"names":[],"mappings":";;;AAEA,sDAW6B;AAC7B,+CAAgF;AAEhF,4EAAmE;AACnE,mDAAkD;AAClD,iEAI+B;AAE/B,uEAA8D;AAqB9D,MAAa,gBAAgB;IAI3B;;OAEG;IACH,YACW,UAA4B,EAC5B,OAAY,EACZ,cAAgD,EAChD,cAA8B,EAC9B,UAA0B,EAC1B,aAA4B,EAC5B,OAAgB,EAChB,MAAe,EACxB,KAAa;QARb;;;;mBAAS,UAAU;WAAkB;QACrC;;;;mBAAS,OAAO;WAAK;QACrB;;;;mBAAS,cAAc;WAAkC;QACzD;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,UAAU;WAAgB;QACnC;;;;mBAAS,aAAa;WAAe;QACrC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,MAAM;WAAS;QAdhB;;;;;WAAyB;QACzB;;;;;WAAkD;QAgB1D,IAAI,CAAC,wBAAwB,GAAG,IAAA,qDAA8B,EAC5D,UAAU,EACV,cAAc,EACd,cAAc,EACd,OAAO,EACP,MAAM,CACP,CAAA;QAED,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,OAAO;YACZ,aAAa,EAAE,cAAc,CAAC,iCAAiC;YAC/D,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,IAAY,EACZ,YAAqB,EACrB,WAA8B;QAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,oBAAoB;YAChC,wEAAwE;YACxE,oEAAoE;YACpE,YAAY,EAAE,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC;YACjE,IAAI;YACJ,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,oBAAoB;YACpB,EAAE;YACF,sEAAsE;YACtE,yDAAyD;YACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAEtD,OAAO;gBACL,GAAG;gBACH,GAAG,EAAE,aAAa,CAAC,GAAG;gBACtB,GAAG,EAAE,IAAI,CAAC,MAAM;gBAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,UAAU,EAAE,aAAa,CAAC,UAAU;gBAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBAC/D,CAAC,CAAC,SAAS;aAChB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAA;YAE7C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,0CAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;QACzE,CAAC;QAED,oBAAoB;QACpB,EAAE;QACF,0EAA0E;QAC1E,qEAAqE;QACrE,iDAAiD;QACjD,kCAAkC;QAClC,sEAAsE;QACtE,2EAA2E;QAC3E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QAEjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YAChD,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC,CAAC,CAAA;QAEF,OAAO;YACL,GAAG;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,IAAI,CAAC,MAAM;YAEhB,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,UAAU,EAAE,aAAa,CAAC,UAAU;YAEpC,UAAU,EACR,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;gBAC1C,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;gBAC/D,CAAC,CAAC,SAAS;SAChB,CAAA;IACH,CAAC;IAED;;;;;;;;;OASG;IACO,KAAK,CAAC,YAAY,CAAC,GAAe;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE;YACjE,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAA;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC7C,wEAAwE;YACxE,wEAAwE;YACxE,yBAAyB;YACzB,MAAM,IAAI,SAAS,CAAC,iBAAiB,CAAC,CAAA;QACxC,CAAC;QAED,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAA;IAC1B,CAAC;IAgBD,KAAK,CAAC,OAAO,CACX,QAA2B,EAC3B,OAAgC;QAEhC,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,qBAAqB,CAAC,CAAA;QAE9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAA;QAElD,+EAA+E;QAC/E,4DAA4D;QAC5D,4DAA4D;QAC5D,0DAA0D;QAC1D,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,GAAG,IAAI,CAAC,OAAO;gBACf,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,gBAAgB,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACxD,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAkB,GAAE,CAAC,CAAA;QAE7B,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,OAAO;oBACV,OAAO,6CAA+B,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBACpD,KAAK,8BAA8B;oBACjC,OAAO,oCAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC3C;oBACE,OAAO,IAAI,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4CAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;CACF;AAhND,4CAgNC;AAED,SAAS,gBAAgB,CAAC,OAA4C;IACpE,OAAO,IAAI,eAAe,CACxB,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;SACpB,MAAM,CAAC,oBAAoB,CAAC;SAC5B,GAAG,CAAC,mBAAmB,CAAC,CAC5B,CAAC,QAAQ,EAAE,CAAA;AACd,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAwB;IAExB,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAA;AAC/B,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAwB;IACnD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAEtB,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACtB,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;QAC9B,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YACjC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACzE,CAAC;YACD,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport { Key, Keyset } from '@atproto/jwk'\nimport {\n AtprotoOAuthScope,\n AtprotoOAuthTokenResponse,\n OAuthAuthorizationRequestPar,\n OAuthAuthorizationServerMetadata,\n OAuthEndpointName,\n OAuthParResponse,\n OAuthRedirectUri,\n OAuthTokenRequest,\n atprotoOAuthTokenResponseSchema,\n oauthParResponseSchema,\n} from '@atproto/oauth-types'\nimport { Fetch, Json, bindFetch, fetchJsonProcessor } from '@atproto-labs/fetch'\nimport { SimpleStore } from '@atproto-labs/simple-store'\nimport { TokenRefreshError } from './errors/token-refresh-error.js'\nimport { dpopFetchWrapper } from './fetch-dpop.js'\nimport {\n ClientAuthMethod,\n ClientCredentialsFactory,\n createClientCredentialsFactory,\n} from './oauth-client-auth.js'\nimport { OAuthResolver } from './oauth-resolver.js'\nimport { OAuthResponseError } from './oauth-response-error.js'\nimport { Runtime } from './runtime.js'\nimport { ClientMetadata } from './types.js'\n\nexport type { AtprotoOAuthScope, AtprotoOAuthTokenResponse }\n\nexport type TokenSet = {\n iss: string\n sub: AtprotoDid\n aud: string\n scope: AtprotoOAuthScope\n\n refresh_token?: string\n access_token: string\n token_type: 'DPoP'\n /** ISO Date */\n expires_at?: string\n}\n\nexport type DpopNonceCache = SimpleStore<string, string>\n\nexport class OAuthServerAgent {\n protected dpopFetch: Fetch<unknown>\n protected clientCredentialsFactory: ClientCredentialsFactory\n\n /**\n * @throws see {@link createClientCredentialsFactory}\n */\n constructor(\n readonly authMethod: ClientAuthMethod,\n readonly dpopKey: Key,\n readonly serverMetadata: OAuthAuthorizationServerMetadata,\n readonly clientMetadata: ClientMetadata,\n readonly dpopNonces: DpopNonceCache,\n readonly oauthResolver: OAuthResolver,\n readonly runtime: Runtime,\n readonly keyset?: Keyset,\n fetch?: Fetch,\n ) {\n this.clientCredentialsFactory = createClientCredentialsFactory(\n authMethod,\n serverMetadata,\n clientMetadata,\n runtime,\n keyset,\n )\n\n this.dpopFetch = dpopFetchWrapper<void>({\n fetch: bindFetch(fetch),\n key: dpopKey,\n supportedAlgs: serverMetadata.dpop_signing_alg_values_supported,\n sha256: async (v) => runtime.sha256(v),\n nonces: dpopNonces,\n isAuthServer: true,\n })\n }\n\n get issuer() {\n return this.serverMetadata.issuer\n }\n\n async revoke(token: string) {\n try {\n await this.request('revocation', { token })\n } catch {\n // Don't care\n }\n }\n\n async exchangeCode(\n code: string,\n codeVerifier?: string,\n redirectUri?: OAuthRedirectUri,\n ): Promise<TokenSet> {\n const now = Date.now()\n\n const tokenResponse = await this.request('token', {\n grant_type: 'authorization_code',\n // redirectUri should always be passed by the calling code, but if it is\n // not, default to the first redirect_uri registered for the client:\n redirect_uri: redirectUri ?? this.clientMetadata.redirect_uris[0],\n code,\n code_verifier: codeVerifier,\n })\n\n try {\n // /!\\ IMPORTANT /!\\\n //\n // The tokenResponse MUST always be valid before the \"sub\" it contains\n // can be trusted (see Atproto's OAuth spec for details).\n const aud = await this.verifyIssuer(tokenResponse.sub)\n\n return {\n aud,\n sub: tokenResponse.sub,\n iss: this.issuer,\n\n scope: tokenResponse.scope,\n refresh_token: tokenResponse.refresh_token,\n access_token: tokenResponse.access_token,\n token_type: tokenResponse.token_type,\n\n expires_at:\n typeof tokenResponse.expires_in === 'number'\n ? new Date(now + tokenResponse.expires_in * 1000).toISOString()\n : undefined,\n }\n } catch (err) {\n await this.revoke(tokenResponse.access_token)\n\n throw err\n }\n }\n\n async refresh(tokenSet: TokenSet): Promise<TokenSet> {\n if (!tokenSet.refresh_token) {\n throw new TokenRefreshError(tokenSet.sub, 'No refresh token available')\n }\n\n // /!\\ IMPORTANT /!\\\n //\n // The \"sub\" MUST be a DID, whose issuer authority is indeed the server we\n // are trying to obtain credentials from. Note that we are doing this\n // *before* we actually try to refresh the token:\n // 1) To avoid unnecessary refresh\n // 2) So that the refresh is the last async operation, ensuring as few\n // async operations happen before the result gets a chance to be stored.\n const aud = await this.verifyIssuer(tokenSet.sub)\n\n const now = Date.now()\n\n const tokenResponse = await this.request('token', {\n grant_type: 'refresh_token',\n refresh_token: tokenSet.refresh_token,\n })\n\n return {\n aud,\n sub: tokenSet.sub,\n iss: this.issuer,\n\n scope: tokenResponse.scope,\n refresh_token: tokenResponse.refresh_token,\n access_token: tokenResponse.access_token,\n token_type: tokenResponse.token_type,\n\n expires_at:\n typeof tokenResponse.expires_in === 'number'\n ? new Date(now + tokenResponse.expires_in * 1000).toISOString()\n : undefined,\n }\n }\n\n /**\n * VERY IMPORTANT ! Always call this to process token responses.\n *\n * Whenever an OAuth token response is received, we **MUST** verify that the\n * \"sub\" is a DID, whose issuer authority is indeed the server we just\n * obtained credentials from. This check is a critical step to actually be\n * able to use the \"sub\" (DID) as being the actual user's identifier.\n *\n * @returns The user's PDS URL (the resource server for the user)\n */\n protected async verifyIssuer(sub: AtprotoDid): Promise<string> {\n const resolved = await this.oauthResolver.resolveFromIdentity(sub, {\n noCache: true,\n allowStale: false,\n signal: AbortSignal.timeout(10e3),\n })\n\n if (this.issuer !== resolved.metadata.issuer) {\n // Best case scenario; the user switched PDS. Worst case scenario; a bad\n // actor is trying to impersonate a user. In any case, we must not allow\n // this token to be used.\n throw new TypeError('Issuer mismatch')\n }\n\n return resolved.pds.href\n }\n\n async request<Endpoint extends OAuthEndpointName>(\n endpoint: Endpoint,\n payload: Endpoint extends 'token'\n ? OAuthTokenRequest\n : Endpoint extends 'pushed_authorization_request'\n ? OAuthAuthorizationRequestPar\n : Record<string, unknown>,\n ): Promise<\n Endpoint extends 'token'\n ? AtprotoOAuthTokenResponse\n : Endpoint extends 'pushed_authorization_request'\n ? OAuthParResponse\n : Json\n >\n async request(\n endpoint: OAuthEndpointName,\n payload: Record<string, unknown>,\n ): Promise<unknown> {\n const url = this.serverMetadata[`${endpoint}_endpoint`]\n if (!url) throw new Error(`No ${endpoint} endpoint available`)\n\n const auth = await this.clientCredentialsFactory()\n\n // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13#section-3.2.2\n // https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n // https://datatracker.ietf.org/doc/html/rfc7662#section-2.1\n // https://datatracker.ietf.org/doc/html/rfc9126#section-2\n const { response, json } = await this.dpopFetch(url, {\n method: 'POST',\n headers: {\n ...auth.headers,\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: wwwFormUrlEncode({ ...payload, ...auth.payload }),\n }).then(fetchJsonProcessor())\n\n if (response.ok) {\n switch (endpoint) {\n case 'token':\n return atprotoOAuthTokenResponseSchema.parse(json)\n case 'pushed_authorization_request':\n return oauthParResponseSchema.parse(json)\n default:\n return json\n }\n } else {\n throw new OAuthResponseError(response, json)\n }\n }\n}\n\nfunction wwwFormUrlEncode(payload: Record<string, undefined | unknown>) {\n return new URLSearchParams(\n Object.entries(payload)\n .filter(entryHasDefinedValue)\n .map(stringifyEntryValue),\n ).toString()\n}\n\nfunction entryHasDefinedValue(\n entry: [string, unknown],\n): entry is [string, null | NonNullable<unknown>] {\n return entry[1] !== undefined\n}\n\nfunction stringifyEntryValue(entry: [string, unknown]): [string, string] {\n const name = entry[0]\n const value = entry[1]\n\n switch (typeof value) {\n case 'string':\n return [name, value]\n case 'number':\n case 'boolean':\n return [name, String(value)]\n default: {\n const enc = JSON.stringify(value)\n if (enc === undefined) {\n throw new Error(`Unsupported value type for ${name}: ${String(value)}`)\n }\n return [name, enc]\n }\n }\n}\n"]}
package/dist/oauth-server-factory.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-server-factory.js","sourceRoot":"","sources":["../src/oauth-server-factory.ts"],"names":[],"mappings":";;;AAIA,iEAG+B;AAE/B,mEAA0E;AAI1E,MAAa,kBAAkB;IAC7B,YACW,cAA8B,EAC9B,OAAgB,EAChB,QAAuB,EACvB,KAAY,EACZ,MAA0B,EAC1B,cAA8B;QALvC;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,QAAQ;WAAe;QAChC;;;;mBAAS,KAAK;WAAO;QACrB;;;;mBAAS,MAAM;WAAoB;QACnC;;;;mBAAS,cAAc;WAAgB;IACtC,CAAC;IAEJ;;;;;;;;OAQG;IACH,KAAK,CAAC,UAAU,CACd,MAAc,EACd,UAAuC,EACvC,OAAY,EACZ,OAA0B;QAE1B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CACvE,MAAM,EACN,OAAO,CACR,CAAA;QAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC5B,qEAAqE;YACrE,oEAAoE;YACpE,qBAAqB;YACrB,UAAU,GAAG,IAAA,gDAAyB,EACpC,cAAc,EACd,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,MAAM,CACZ,CAAA;QACH,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,cAAgD,EAChD,UAA4B,EAC5B,OAAY;QAEZ,OAAO,IAAI,wCAAgB,CACzB,UAAU,EACV,OAAO,EACP,cAAc,EACd,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,KAAK,CACX,CAAA;IACH,CAAC;CACF;AAhED,gDAgEC"}
1
+ {"version":3,"file":"oauth-server-factory.js","sourceRoot":"","sources":["../src/oauth-server-factory.ts"],"names":[],"mappings":";;;AAIA,iEAG+B;AAE/B,mEAA0E;AAI1E,MAAa,kBAAkB;IAC7B,YACW,cAA8B,EAC9B,OAAgB,EAChB,QAAuB,EACvB,KAAY,EACZ,MAA0B,EAC1B,cAA8B;QALvC;;;;mBAAS,cAAc;WAAgB;QACvC;;;;mBAAS,OAAO;WAAS;QACzB;;;;mBAAS,QAAQ;WAAe;QAChC;;;;mBAAS,KAAK;WAAO;QACrB;;;;mBAAS,MAAM;WAAoB;QACnC;;;;mBAAS,cAAc;WAAgB;IACtC,CAAC;IAEJ;;;;;;;;OAQG;IACH,KAAK,CAAC,UAAU,CACd,MAAc,EACd,UAAuC,EACvC,OAAY,EACZ,OAA0B;QAE1B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CACvE,MAAM,EACN,OAAO,CACR,CAAA;QAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC5B,qEAAqE;YACrE,oEAAoE;YACpE,qBAAqB;YACrB,UAAU,GAAG,IAAA,gDAAyB,EACpC,cAAc,EACd,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,MAAM,CACZ,CAAA;QACH,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,cAAgD,EAChD,UAA4B,EAC5B,OAAY;QAEZ,OAAO,IAAI,wCAAgB,CACzB,UAAU,EACV,OAAO,EACP,cAAc,EACd,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,KAAK,CACX,CAAA;IACH,CAAC;CACF;AAhED,gDAgEC","sourcesContent":["import { Key, Keyset } from '@atproto/jwk'\nimport { OAuthAuthorizationServerMetadata } from '@atproto/oauth-types'\nimport { Fetch } from '@atproto-labs/fetch'\nimport { GetCachedOptions } from './oauth-authorization-server-metadata-resolver.js'\nimport {\n ClientAuthMethod,\n negotiateClientAuthMethod,\n} from './oauth-client-auth.js'\nimport { OAuthResolver } from './oauth-resolver.js'\nimport { DpopNonceCache, OAuthServerAgent } from './oauth-server-agent.js'\nimport { Runtime } from './runtime.js'\nimport { ClientMetadata } from './types.js'\n\nexport class OAuthServerFactory {\n constructor(\n readonly clientMetadata: ClientMetadata,\n readonly runtime: Runtime,\n readonly resolver: OAuthResolver,\n readonly fetch: Fetch,\n readonly keyset: Keyset | undefined,\n readonly dpopNonceCache: DpopNonceCache,\n ) {}\n\n /**\n * @param authMethod `undefined` means that we are restoring a session that\n * was created before we started storing the `authMethod` in the session. In\n * that case, we will use the first key from the keyset.\n *\n * Support for this might be removed in the future.\n *\n * @throws see {@link OAuthServerFactory.fromMetadata}\n */\n async fromIssuer(\n issuer: string,\n authMethod: 'legacy' | ClientAuthMethod,\n dpopKey: Key,\n options?: GetCachedOptions,\n ) {\n const serverMetadata = await this.resolver.getAuthorizationServerMetadata(\n issuer,\n options,\n )\n\n if (authMethod === 'legacy') {\n // @NOTE Because we were previously not storing the authMethod in the\n // session data, we provide a backwards compatible implementation by\n // computing it here.\n authMethod = negotiateClientAuthMethod(\n serverMetadata,\n this.clientMetadata,\n this.keyset,\n )\n }\n\n return this.fromMetadata(serverMetadata, authMethod, dpopKey)\n }\n\n /**\n * @throws see {@link OAuthServerAgent}\n */\n async fromMetadata(\n serverMetadata: OAuthAuthorizationServerMetadata,\n authMethod: ClientAuthMethod,\n dpopKey: Key,\n ) {\n return new OAuthServerAgent(\n authMethod,\n dpopKey,\n serverMetadata,\n this.clientMetadata,\n this.dpopNonceCache,\n this.resolver,\n this.runtime,\n this.keyset,\n this.fetch,\n )\n }\n}\n"]}
package/dist/oauth-session.d.ts CHANGED
@@ -1,13 +1,13 @@
1
1
  import { AtprotoDid } from '@atproto/did';
2
- import { OAuthAuthorizationServerMetadata } from '@atproto/oauth-types';
2
+ import { AtprotoOAuthScope, OAuthAuthorizationServerMetadata } from '@atproto/oauth-types';
3
3
  import { Fetch } from '@atproto-labs/fetch';
4
- import { AtprotoScope } from './atproto-token-response.js';
5
4
  import { OAuthServerAgent, TokenSet } from './oauth-server-agent.js';
6
5
  import { SessionGetter } from './session-getter.js';
6
+ export type { AtprotoDid, AtprotoOAuthScope };
7
7
  export type TokenInfo = {
8
8
  expiresAt?: Date;
9
9
  expired?: boolean;
10
- scope: AtprotoScope;
10
+ scope: AtprotoOAuthScope;
11
11
  iss: string;
12
12
  aud: string;
13
13
  sub: AtprotoDid;
package/dist/oauth-session.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AACvE,OAAO,EAAE,KAAK,EAAa,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAI1D,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;CAChB,CAAA;AAED,qBAAa,YAAY;aAIL,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,UAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,EACd,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAYjC,IAAI,GAAG,IAAI,UAAU,CAEpB;IAED,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAED;;;;;OAKG;cACa,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IASnE,YAAY,CAAC,OAAO,GAAE,OAAO,GAAG,MAAe,GAAG,OAAO,CAAC,SAAS,CAAC;IAmBpE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2D5E"}
1
+ {"version":3,"file":"oauth-session.d.ts","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EACL,iBAAiB,EACjB,gCAAgC,EACjC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAa,MAAM,qBAAqB,CAAA;AAItD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,CAAA;AAC7C,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,iBAAiB,CAAA;IACxB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,UAAU,CAAA;CAChB,CAAA;AAED,qBAAa,YAAY;aAIL,MAAM,EAAE,gBAAgB;aACxB,GAAG,EAAE,UAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IALhC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;gBAGjB,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,UAAU,EACd,aAAa,EAAE,aAAa,EAC7C,KAAK,GAAE,KAAwB;IAYjC,IAAI,GAAG,IAAI,UAAU,CAEpB;IAED,IAAI,cAAc,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAE/D;IAED;;;;;OAKG;cACa,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IASnE,YAAY,CAAC,OAAO,GAAE,OAAO,GAAG,MAAe,GAAG,OAAO,CAAC,SAAS,CAAC;IAmBpE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAYxB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CA2D5E"}
package/dist/oauth-session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAEA,+CAAsD;AAEtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAWb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAe,EACd,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAY;QAC/B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,WAAW,CAAC,OAAyB;QACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE;YAC1D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAA4B,MAAM;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAoB,CAAC,CAAA;QACnE,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AApID,oCAoIC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAKA,+CAAsD;AACtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAYb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAe,EACd,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAY;QAC/B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,WAAW,CAAC,OAAyB;QACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE;YAC1D,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAA4B,MAAM;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAoB,CAAC,CAAA;QACnE,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AApID,oCAoIC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport {\n AtprotoOAuthScope,\n OAuthAuthorizationServerMetadata,\n} from '@atproto/oauth-types'\nimport { Fetch, bindFetch } from '@atproto-labs/fetch'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { dpopFetchWrapper } from './fetch-dpop.js'\nimport { OAuthServerAgent, TokenSet } from './oauth-server-agent.js'\nimport { SessionGetter } from './session-getter.js'\n\nconst ReadableStream = globalThis.ReadableStream as\n | typeof globalThis.ReadableStream\n | undefined\n\nexport type { AtprotoDid, AtprotoOAuthScope }\nexport type TokenInfo = {\n expiresAt?: Date\n expired?: boolean\n scope: AtprotoOAuthScope\n iss: string\n aud: string\n sub: AtprotoDid\n}\n\nexport class OAuthSession {\n protected dpopFetch: Fetch<unknown>\n\n constructor(\n public readonly server: OAuthServerAgent,\n public readonly sub: AtprotoDid,\n private readonly sessionGetter: SessionGetter,\n fetch: Fetch = globalThis.fetch,\n ) {\n this.dpopFetch = dpopFetchWrapper<void>({\n fetch: bindFetch(fetch),\n key: server.dpopKey,\n supportedAlgs: server.serverMetadata.dpop_signing_alg_values_supported,\n sha256: async (v) => server.runtime.sha256(v),\n nonces: server.dpopNonces,\n isAuthServer: false,\n })\n }\n\n get did(): AtprotoDid {\n return this.sub\n }\n\n get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata> {\n return this.server.serverMetadata\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n protected async getTokenSet(refresh: boolean | 'auto'): Promise<TokenSet> {\n const { tokenSet } = await this.sessionGetter.get(this.sub, {\n noCache: refresh === true,\n allowStale: refresh === false,\n })\n\n return tokenSet\n }\n\n async getTokenInfo(refresh: boolean | 'auto' = 'auto'): Promise<TokenInfo> {\n const tokenSet = await this.getTokenSet(refresh)\n const expiresAt =\n tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at)\n\n return {\n expiresAt,\n get expired() {\n return expiresAt == null\n ? undefined\n : expiresAt.getTime() < Date.now() - 5e3\n },\n scope: tokenSet.scope,\n iss: tokenSet.iss,\n aud: tokenSet.aud,\n sub: tokenSet.sub,\n }\n }\n\n async signOut(): Promise<void> {\n try {\n const tokenSet = await this.getTokenSet(false)\n await this.server.revoke(tokenSet.access_token)\n } finally {\n await this.sessionGetter.delStored(\n this.sub,\n new TokenRevokedError(this.sub),\n )\n }\n }\n\n async fetchHandler(pathname: string, init?: RequestInit): Promise<Response> {\n // This will try and refresh the token if it is known to be expired\n const tokenSet = await this.getTokenSet('auto')\n\n const initialUrl = new URL(pathname, tokenSet.aud satisfies string)\n const initialAuth = `${tokenSet.token_type} ${tokenSet.access_token}`\n\n const headers = new Headers(init?.headers)\n headers.set('Authorization', initialAuth)\n\n const initialResponse = await this.dpopFetch(initialUrl, {\n ...init,\n headers,\n })\n\n // If the token is not expired, we don't need to refresh it\n if (!isInvalidTokenResponse(initialResponse)) {\n return initialResponse\n }\n\n let tokenSetFresh: TokenSet\n try {\n // Force a refresh\n tokenSetFresh = await this.getTokenSet(true)\n } catch (err) {\n return initialResponse\n }\n\n // The stream was already consumed. We cannot retry the request. A solution\n // would be to tee() the input stream but that would bufferize the entire\n // stream in memory which can lead to memory starvation. Instead, we will\n // return the original response and let the calling code handle retries.\n if (ReadableStream && init?.body instanceof ReadableStream) {\n return initialResponse\n }\n\n const finalAuth = `${tokenSetFresh.token_type} ${tokenSetFresh.access_token}`\n const finalUrl = new URL(pathname, tokenSetFresh.aud)\n\n headers.set('Authorization', finalAuth)\n\n const finalResponse = await this.dpopFetch(finalUrl, { ...init, headers })\n\n // The token was successfully refreshed, but is still not accepted by the\n // resource server. This might be due to the resource server not accepting\n // credentials from the authorization server (e.g. because some migration\n // occurred). Any ways, there is no point in keeping the session.\n if (isInvalidTokenResponse(finalResponse)) {\n // @TODO Is there a \"softer\" way to handle this, e.g. by marking the\n // session as \"expired\" in the session store, allowing the user to trigger\n // a new login (using login_hint)?\n await this.sessionGetter.delStored(\n this.sub,\n new TokenInvalidError(this.sub),\n )\n }\n\n return finalResponse\n }\n}\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}\n */\nfunction isInvalidTokenResponse(response: Response) {\n if (response.status !== 401) return false\n const wwwAuth = response.headers.get('WWW-Authenticate')\n return (\n wwwAuth != null &&\n (wwwAuth.startsWith('Bearer ') || wwwAuth.startsWith('DPoP ')) &&\n wwwAuth.includes('error=\"invalid_token\"')\n )\n}\n"]}
package/dist/runtime-implementation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime-implementation.js","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"runtime-implementation.js","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":"","sourcesContent":["import { Key } from '@atproto/jwk'\nimport { Awaitable } from './util.js'\n\nexport type { Key }\nexport type RuntimeKeyFactory = (algs: string[]) => Key | PromiseLike<Key>\n\nexport type RuntimeRandomValues = (length: number) => Awaitable<Uint8Array>\n\nexport type DigestAlgorithm = { name: 'sha256' | 'sha384' | 'sha512' }\nexport type RuntimeDigest = (\n data: Uint8Array,\n alg: DigestAlgorithm,\n) => Awaitable<Uint8Array>\n\nexport type RuntimeLock = <T>(\n name: string,\n fn: () => Awaitable<T>,\n) => Awaitable<T>\n\nexport interface RuntimeImplementation {\n createKey: RuntimeKeyFactory\n getRandomValues: RuntimeRandomValues\n digest: RuntimeDigest\n requestLock?: RuntimeLock\n}\n"]}
package/dist/runtime.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AAAA,sDAAqD;AAErD,uCAA4C;AAG5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAe;SACxB,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AA3DD,0BA2DC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC"}
1
+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AAAA,sDAAqD;AAErD,uCAA4C;AAG5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAe;SACxB,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AA3DD,0BA2DC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["import { base64url } from 'multiformats/bases/base64'\nimport { Key } from '@atproto/jwk'\nimport { requestLocalLock } from './lock.js'\nimport { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js'\n\nexport class Runtime {\n readonly hasImplementationLock: boolean\n readonly usingLock: RuntimeLock\n\n constructor(protected implementation: RuntimeImplementation) {\n const { requestLock } = implementation\n\n this.hasImplementationLock = requestLock != null\n this.usingLock =\n requestLock?.bind(implementation) ||\n // Falling back to a local lock\n requestLocalLock\n }\n\n public async generateKey(algs: string[]): Promise<Key> {\n const algsSorted = Array.from(algs).sort(compareAlgos)\n return this.implementation.createKey(algsSorted)\n }\n\n public async sha256(text: string): Promise<string> {\n const bytes = new TextEncoder().encode(text)\n const digest = await this.implementation.digest(bytes, { name: 'sha256' })\n return base64url.baseEncode(digest)\n }\n\n public async generateNonce(length = 16): Promise<string> {\n const bytes = await this.implementation.getRandomValues(length)\n return base64url.baseEncode(bytes)\n }\n\n public async generatePKCE(byteLength?: number) {\n const verifier = await this.generateVerifier(byteLength)\n return {\n verifier,\n challenge: await this.sha256(verifier),\n method: 'S256' as const,\n }\n }\n\n public async calculateJwkThumbprint(jwk) {\n const components = extractJktComponents(jwk)\n const data = JSON.stringify(components)\n return this.sha256(data)\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1}\n * @note It is RECOMMENDED that the output of a suitable random number generator\n * be used to create a 32-octet sequence. The octet sequence is then\n * base64url-encoded to produce a 43-octet URL safe string to use as the code\n * verifier.\n */\n protected async generateVerifier(byteLength = 32) {\n if (byteLength < 32 || byteLength > 96) {\n throw new TypeError('Invalid code_verifier length')\n }\n const bytes = await this.implementation.getRandomValues(byteLength)\n return base64url.baseEncode(bytes)\n }\n}\n\nfunction extractJktComponents(jwk) {\n const get = (field) => {\n const value = jwk[field]\n if (typeof value !== 'string' || !value) {\n throw new TypeError(`\"${field}\" Parameter missing or invalid`)\n }\n return value\n }\n\n switch (jwk.kty) {\n case 'EC':\n return { crv: get('crv'), kty: get('kty'), x: get('x'), y: get('y') }\n case 'OKP':\n return { crv: get('crv'), kty: get('kty'), x: get('x') }\n case 'RSA':\n return { e: get('e'), kty: get('kty'), n: get('n') }\n case 'oct':\n return { k: get('k'), kty: get('kty') }\n default:\n throw new TypeError('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n}\n\n/**\n * 256K > ES (256 > 384 > 512) > PS (256 > 384 > 512) > RS (256 > 384 > 512) > other (in original order)\n */\nfunction compareAlgos(a: string, b: string): number {\n if (a === 'ES256K') return -1\n if (b === 'ES256K') return 1\n\n for (const prefix of ['ES', 'PS', 'RS']) {\n if (a.startsWith(prefix)) {\n if (b.startsWith(prefix)) {\n const aLen = parseInt(a.slice(2, 5))\n const bLen = parseInt(b.slice(2, 5))\n\n // Prefer shorter key lengths\n return aLen - bLen\n }\n return -1\n } else if (b.startsWith(prefix)) {\n return 1\n }\n }\n\n // Don't know how to compare, keep original order\n return 0\n}\n"]}
package/dist/session-getter.d.ts CHANGED
@@ -49,7 +49,7 @@ export declare class SessionGetter extends CachedGetter<AtprotoDid, Session> {
49
49
  * if they are expired. When `undefined`, the credentials will be refreshed
50
50
  * if, and only if, they are (about to be) expired. Defaults to `undefined`.
51
51
  */
52
- getSession(sub: AtprotoDid, refresh?: boolean): Promise<Session>;
52
+ getSession(sub: AtprotoDid, refresh?: boolean | 'auto'): Promise<Session>;
53
53
  get(sub: AtprotoDid, options?: GetCachedOptions): Promise<Session>;
54
54
  }
55
55
  //# sourceMappingURL=session-getter.d.ts.map
package/dist/session-getter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-getter.d.ts","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACZ,MAAM,4BAA4B,CAAA;AAEnC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAEzD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAGtC,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,GAAG,CAAA;IACZ;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAA;IAC7B,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEvD,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE;QACP,GAAG,EAAE,MAAM,CAAA;KACZ,GAAG,OAAO,CAAA;IACX,OAAO,EAAE;QACP,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,OAAO,CAAA;KAC3E,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,CAC9B,CAAC,SAAS,MAAM,eAAe,GAAG,MAAM,eAAe,IACrD,CAAC,KAAK,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAA;AAEpD;;;;;;GAMG;AACH,qBAAa,aAAc,SAAQ,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC;IAMhE,OAAO,CAAC,QAAQ,CAAC,OAAO;IAL1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA2C;gBAGrE,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,kBAAkB,EAChB,OAAO,EAAE,OAAO;IAuKnC,gBAAgB,CAAC,CAAC,SAAS,MAAM,eAAe,EAC9C,IAAI,EAAE,CAAC,EACP,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,EACjC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO;IAK7C,mBAAmB,CAAC,CAAC,SAAS,MAAM,eAAe,EACjD,IAAI,EAAE,CAAC,EACP,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,EACjC,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO;IAK1C,aAAa,CAAC,CAAC,SAAS,MAAM,eAAe,EAC3C,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,GACzB,OAAO;IAIJ,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IAS9B,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAKzE;;;;;OAKG;IACG,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,OAAO;IAO7C,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAwBzE"}
1
+ {"version":3,"file":"session-getter.d.ts","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACZ,MAAM,4BAA4B,CAAA;AAEnC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAEzD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAGtC,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,GAAG,CAAA;IACZ;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAA;IAC7B,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEvD,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE;QACP,GAAG,EAAE,MAAM,CAAA;KACZ,GAAG,OAAO,CAAA;IACX,OAAO,EAAE;QACP,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,OAAO,CAAA;KAC3E,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,CAC9B,CAAC,SAAS,MAAM,eAAe,GAAG,MAAM,eAAe,IACrD,CAAC,KAAK,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAA;AAEpD;;;;;;GAMG;AACH,qBAAa,aAAc,SAAQ,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC;IAMhE,OAAO,CAAC,QAAQ,CAAC,OAAO;IAL1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA2C;gBAGrE,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,kBAAkB,EAChB,OAAO,EAAE,OAAO;IAuKnC,gBAAgB,CAAC,CAAC,SAAS,MAAM,eAAe,EAC9C,IAAI,EAAE,CAAC,EACP,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,EACjC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO;IAK7C,mBAAmB,CAAC,CAAC,SAAS,MAAM,eAAe,EACjD,IAAI,EAAE,CAAC,EACP,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,EACjC,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO;IAK1C,aAAa,CAAC,CAAC,SAAS,MAAM,eAAe,EAC3C,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,GACzB,OAAO;IAIJ,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IAS9B,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAKzE;;;;;OAKG;IACG,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,GAAE,OAAO,GAAG,MAAe;IAO9D,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAwBzE"}
package/dist/session-getter.js CHANGED
@@ -236,7 +236,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
236
236
  * if they are expired. When `undefined`, the credentials will be refreshed
237
237
  * if, and only if, they are (about to be) expired. Defaults to `undefined`.
238
238
  */
239
- async getSession(sub, refresh) {
239
+ async getSession(sub, refresh = 'auto') {
240
240
  return this.get(sub, {
241
241
  noCache: refresh === true,
242
242
  allowStale: refresh === false,
@@ -248,7 +248,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
248
248
  try {
249
249
  // Make sure, even if there is no signal in the options, that the
250
250
  // request will be cancelled after at most 30 seconds.
251
- const signal = __addDisposableResource(env_1, (0, util_js_1.timeoutSignal)(30e3, options), false);
251
+ const signal = AbortSignal.timeout(30e3);
252
252
  const abortController = __addDisposableResource(env_1, (0, util_js_1.combineSignals)([options?.signal, signal]), false);
253
253
  return await super.get(sub, {
254
254
  ...options,
package/dist/session-getter.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-getter.js","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,6DAImC;AACnC,oGAA0F;AAC1F,4EAAmE;AACnE,4EAAmE;AACnE,4EAAmE;AAEnE,uEAA8D;AAI9D,uCAA4E;AA2B5E;;;;;;GAMG;AACH,MAAa,aAAc,SAAQ,2BAAiC;IAGlE,YACE,YAA0B,EAC1B,aAAiC,EAChB,OAAgB;QAEjC,KAAK,CACH,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE;YACpC,iEAAiE;YACjE,uEAAuE;YACvE,+BAA+B;YAC/B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,iEAAiE;gBACjE,iEAAiE;gBACjE,mEAAmE;gBACnE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,4CAA4C,CAAA;gBACxD,MAAM,KAAK,GAAG,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7C,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;gBAC7C,MAAM,KAAK,CAAA;YACb,CAAC;YAED,uEAAuE;YACvE,6DAA6D;YAC7D,uEAAuE;YACvE,oEAAoE;YACpE,8BAA8B;YAE9B,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,QAAQ,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAA;YAElE,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACzB,uDAAuD;gBACvD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC5B,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;YAChE,CAAC;YAED,gEAAgE;YAChE,mEAAmE;YACnE,uEAAuE;YACvE,kEAAkE;YAClE,oEAAoE;YACpE,wEAAwE;YACxE,wEAAwE;YACxE,sEAAsE;YACtE,uDAAuD;YAEvD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YAED,oEAAoE;YACpE,sEAAsE;YACtE,6DAA6D;YAC7D,8DAA8D;YAC9D,8DAA8D;YAC9D,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;YAEjC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;gBAElD,IAAI,GAAG,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBAC5B,iEAAiE;oBACjE,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,wBAAwB,CAAC,CAAA;gBAC5D,CAAC;gBAED,OAAO;oBACL,OAAO;oBACP,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAA;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,6DAA6D;gBAC7D,sEAAsE;gBACtE,uBAAuB;gBACvB,IACE,KAAK,YAAY,4CAAkB;oBACnC,KAAK,CAAC,MAAM,KAAK,GAAG;oBACpB,KAAK,CAAC,KAAK,KAAK,eAAe,EAC/B,CAAC;oBACD,kEAAkE;oBAClE,iEAAiE;oBACjE,kEAAkE;oBAClE,8DAA8D;oBAC9D,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;wBACnC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;wBAE7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;wBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;4BACzB,6DAA6D;4BAC7D,sDAAsD;4BAEtD,sDAAsD;4BACtD,0DAA0D;4BAC1D,+CAA+C;4BAC/C,MAAM,GAAG,GAAG,4CAA4C,CAAA;4BACxD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;wBAClD,CAAC;6BAAM,IACL,MAAM,CAAC,QAAQ,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY;4BACtD,MAAM,CAAC,QAAQ,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EACxD,CAAC;4BACD,6DAA6D;4BAC7D,OAAO,MAAM,CAAA;wBACf,CAAC;6BAAM,CAAC;4BACN,0DAA0D;4BAC1D,0BAA0B;wBAC5B,CAAC;oBACH,CAAC;oBAED,oDAAoD;oBACpD,MAAM,GAAG,GAAG,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAA;oBAC/D,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;gBAClD,CAAC;gBAED,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC,EACD,YAAY,EACZ;YACE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAC7B,OAAO,CACL,QAAQ,CAAC,UAAU,IAAI,IAAI;oBAC3B,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;wBACrC,IAAI,CAAC,GAAG,EAAE;4BACR,8DAA8D;4BAC9D,sBAAsB;4BACtB,IAAI;4BACJ,wDAAwD;4BACxD,qDAAqD;4BACrD,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,CACzB,CAAA;YACH,CAAC;YACD,YAAY,EAAE,KAAK,EACjB,GAAG,EACH,GAAG,EACH,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,GAAG,QAAiB,EAAE,EACrD,EAAE;gBACF,IAAI,CAAC,CAAC,GAAG,YAAY,iEAA4B,CAAC,EAAE,CAAC;oBACnD,gEAAgE;oBAChE,wCAAwC;oBACxC,IAAI,CAAC;wBACH,sDAAsD;wBACtD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;wBACD,MAAM,MAAM,CAAC,MAAM,CACjB,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAChD,CAAA;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,mCAAmC;oBACrC,CAAC;gBACH,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC;YACD,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAC3B,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,iEAA4B;SAC9C,CACF,CAAA;QApKD;;;;mBAAiB,OAAO;WAAS;QALlB;;;;mBAAc,IAAI,2BAAiB,EAAmB;WAAA;IA0KvE,CAAC;IAED,gBAAgB,CACd,IAAO,EACP,QAAiC,EACjC,OAA2C;QAE3C,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;IAC5D,CAAC;IAED,mBAAmB,CACjB,IAAO,EACP,QAAiC,EACjC,OAAwC;QAExC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED,aAAa,CACX,IAAO,EACP,MAA0B;QAE1B,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,OAAgB;QAC3C,0CAA0C;QAC1C,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC,CAAA;IACpD,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,KAAe;QACvD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACjC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;IAC/C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,GAAe,EAAE,OAAiB;QACjD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACnB,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAe,EAAE,OAA0B;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAC1C,yBAAyB,GAAG,EAAE,EAC9B,KAAK,IAAI,EAAE;;;gBACT,iEAAiE;gBACjE,sDAAsD;gBACtD,MAAM,MAAM,kCAAG,IAAA,uBAAa,EAAC,IAAI,EAAE,OAAO,CAAC,QAAA,CAAA;gBAE3C,MAAM,eAAe,kCAAG,IAAA,wBAAc,EAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAA,CAAA;gBAEjE,OAAO,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;oBAC1B,GAAG,OAAO;oBACV,MAAM,EAAE,eAAe,CAAC,MAAM;iBAC/B,CAAC,CAAA;;;;;;;;;SACH,CACF,CAAA;QAED,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,uDAAuD;YACvD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAvPD,sCAuPC"}
1
+ {"version":3,"file":"session-getter.js","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,6DAImC;AACnC,oGAA0F;AAC1F,4EAAmE;AACnE,4EAAmE;AACnE,4EAAmE;AAEnE,uEAA8D;AAI9D,uCAA6D;AA2B7D;;;;;;GAMG;AACH,MAAa,aAAc,SAAQ,2BAAiC;IAGlE,YACE,YAA0B,EAC1B,aAAiC,EAChB,OAAgB;QAEjC,KAAK,CACH,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE;YACpC,iEAAiE;YACjE,uEAAuE;YACvE,+BAA+B;YAC/B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,iEAAiE;gBACjE,iEAAiE;gBACjE,mEAAmE;gBACnE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,4CAA4C,CAAA;gBACxD,MAAM,KAAK,GAAG,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7C,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;gBAC7C,MAAM,KAAK,CAAA;YACb,CAAC;YAED,uEAAuE;YACvE,6DAA6D;YAC7D,uEAAuE;YACvE,oEAAoE;YACpE,8BAA8B;YAE9B,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,QAAQ,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAA;YAElE,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACzB,uDAAuD;gBACvD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC5B,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;YAChE,CAAC;YAED,gEAAgE;YAChE,mEAAmE;YACnE,uEAAuE;YACvE,kEAAkE;YAClE,oEAAoE;YACpE,wEAAwE;YACxE,wEAAwE;YACxE,sEAAsE;YACtE,uDAAuD;YAEvD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YAED,oEAAoE;YACpE,sEAAsE;YACtE,6DAA6D;YAC7D,8DAA8D;YAC9D,8DAA8D;YAC9D,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;YAEjC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;gBAElD,IAAI,GAAG,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBAC5B,iEAAiE;oBACjE,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,wBAAwB,CAAC,CAAA;gBAC5D,CAAC;gBAED,OAAO;oBACL,OAAO;oBACP,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAA;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,6DAA6D;gBAC7D,sEAAsE;gBACtE,uBAAuB;gBACvB,IACE,KAAK,YAAY,4CAAkB;oBACnC,KAAK,CAAC,MAAM,KAAK,GAAG;oBACpB,KAAK,CAAC,KAAK,KAAK,eAAe,EAC/B,CAAC;oBACD,kEAAkE;oBAClE,iEAAiE;oBACjE,kEAAkE;oBAClE,8DAA8D;oBAC9D,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;wBACnC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;wBAE7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;wBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;4BACzB,6DAA6D;4BAC7D,sDAAsD;4BAEtD,sDAAsD;4BACtD,0DAA0D;4BAC1D,+CAA+C;4BAC/C,MAAM,GAAG,GAAG,4CAA4C,CAAA;4BACxD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;wBAClD,CAAC;6BAAM,IACL,MAAM,CAAC,QAAQ,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY;4BACtD,MAAM,CAAC,QAAQ,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EACxD,CAAC;4BACD,6DAA6D;4BAC7D,OAAO,MAAM,CAAA;wBACf,CAAC;6BAAM,CAAC;4BACN,0DAA0D;4BAC1D,0BAA0B;wBAC5B,CAAC;oBACH,CAAC;oBAED,oDAAoD;oBACpD,MAAM,GAAG,GAAG,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAA;oBAC/D,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;gBAClD,CAAC;gBAED,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC,EACD,YAAY,EACZ;YACE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAC7B,OAAO,CACL,QAAQ,CAAC,UAAU,IAAI,IAAI;oBAC3B,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;wBACrC,IAAI,CAAC,GAAG,EAAE;4BACR,8DAA8D;4BAC9D,sBAAsB;4BACtB,IAAI;4BACJ,wDAAwD;4BACxD,qDAAqD;4BACrD,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,CACzB,CAAA;YACH,CAAC;YACD,YAAY,EAAE,KAAK,EACjB,GAAG,EACH,GAAG,EACH,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,GAAG,QAAiB,EAAE,EACrD,EAAE;gBACF,IAAI,CAAC,CAAC,GAAG,YAAY,iEAA4B,CAAC,EAAE,CAAC;oBACnD,gEAAgE;oBAChE,wCAAwC;oBACxC,IAAI,CAAC;wBACH,sDAAsD;wBACtD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;wBACD,MAAM,MAAM,CAAC,MAAM,CACjB,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAChD,CAAA;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,mCAAmC;oBACrC,CAAC;gBACH,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC;YACD,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAC3B,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,0CAAiB;gBAChC,GAAG,YAAY,iEAA4B;SAC9C,CACF,CAAA;QApKD;;;;mBAAiB,OAAO;WAAS;QALlB;;;;mBAAc,IAAI,2BAAiB,EAAmB;WAAA;IA0KvE,CAAC;IAED,gBAAgB,CACd,IAAO,EACP,QAAiC,EACjC,OAA2C;QAE3C,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;IAC5D,CAAC;IAED,mBAAmB,CACjB,IAAO,EACP,QAAiC,EACjC,OAAwC;QAExC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED,aAAa,CACX,IAAO,EACP,MAA0B;QAE1B,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,OAAgB;QAC3C,0CAA0C;QAC1C,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC,CAAA;IACpD,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,KAAe;QACvD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACjC,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;IAC/C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,GAAe,EAAE,UAA4B,MAAM;QAClE,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACnB,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAe,EAAE,OAA0B;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAC1C,yBAAyB,GAAG,EAAE,EAC9B,KAAK,IAAI,EAAE;;;gBACT,iEAAiE;gBACjE,sDAAsD;gBACtD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;gBAExC,MAAM,eAAe,kCAAG,IAAA,wBAAc,EAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAA,CAAA;gBAEjE,OAAO,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;oBAC1B,GAAG,OAAO;oBACV,MAAM,EAAE,eAAe,CAAC,MAAM;iBAC/B,CAAC,CAAA;;;;;;;;;SACH,CACF,CAAA;QAED,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,uDAAuD;YACvD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAvPD,sCAuPC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport { Key } from '@atproto/jwk'\nimport {\n CachedGetter,\n GetCachedOptions,\n SimpleStore,\n} from '@atproto-labs/simple-store'\nimport { AuthMethodUnsatisfiableError } from './errors/auth-method-unsatisfiable-error.js'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRefreshError } from './errors/token-refresh-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { ClientAuthMethod } from './oauth-client-auth.js'\nimport { OAuthResponseError } from './oauth-response-error.js'\nimport { TokenSet } from './oauth-server-agent.js'\nimport { OAuthServerFactory } from './oauth-server-factory.js'\nimport { Runtime } from './runtime.js'\nimport { CustomEventTarget, combineSignals } from './util.js'\n\nexport type Session = {\n dpopKey: Key\n /**\n * Previous implementation of this lib did not define an `authMethod`\n */\n authMethod?: ClientAuthMethod\n tokenSet: TokenSet\n}\n\nexport type SessionStore = SimpleStore<string, Session>\n\nexport type SessionEventMap = {\n updated: {\n sub: string\n } & Session\n deleted: {\n sub: string\n cause: TokenRefreshError | TokenRevokedError | TokenInvalidError | unknown\n }\n}\n\nexport type SessionEventListener<\n T extends keyof SessionEventMap = keyof SessionEventMap,\n> = (event: CustomEvent<SessionEventMap[T]>) => void\n\n/**\n * There are several advantages to wrapping the sessionStore in a (single)\n * CachedGetter, the main of which is that the cached getter will ensure that at\n * most one fresh call is ever being made. Another advantage, is that it\n * contains the logic for reading from the cache which, if the cache is based on\n * localStorage/indexedDB, will sync across multiple tabs (for a given sub).\n */\nexport class SessionGetter extends CachedGetter<AtprotoDid, Session> {\n private readonly eventTarget = new CustomEventTarget<SessionEventMap>()\n\n constructor(\n sessionStore: SessionStore,\n serverFactory: OAuthServerFactory,\n private readonly runtime: Runtime,\n ) {\n super(\n async (sub, options, storedSession) => {\n // There needs to be a previous session to be able to refresh. If\n // storedSession is undefined, it means that the store does not contain\n // a session for the given sub.\n if (storedSession === undefined) {\n // Because the session is not in the store, this.delStored() method\n // will not be called by the CachedGetter class (because there is\n // nothing to delete). This would typically happen if there is no\n // synchronization mechanism between instances of this class. Let's\n // make sure an event is dispatched here if this occurs.\n const msg = 'The session was deleted by another process'\n const cause = new TokenRefreshError(sub, msg)\n this.dispatchEvent('deleted', { sub, cause })\n throw cause\n }\n\n // From this point forward, throwing a TokenRefreshError will result in\n // this.delStored() being called, resulting in an event being\n // dispatched, even if the session was removed from the store through a\n // concurrent access (which, normally, should not happen if a proper\n // runtime lock was provided).\n\n const { dpopKey, authMethod = 'legacy', tokenSet } = storedSession\n\n if (sub !== tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new TokenRefreshError(sub, 'Stored session sub mismatch')\n }\n\n if (!tokenSet.refresh_token) {\n throw new TokenRefreshError(sub, 'No refresh token available')\n }\n\n // Since refresh tokens can only be used once, we might run into\n // concurrency issues if multiple instances (e.g. browser tabs) are\n // trying to refresh the same token simultaneously. The chances of this\n // happening when multiple instances are started simultaneously is\n // reduced by randomizing the expiry time (see isStale() below). The\n // best solution is to use a mutex/lock to ensure that only one instance\n // is refreshing the token at a time (runtime.usingLock) but that is not\n // always possible. If no lock implementation is provided, we will use\n // the store to check if a concurrent refresh occurred.\n\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n\n // Because refresh tokens can only be used once, we must not use the\n // \"signal\" to abort the refresh, or throw any abort error beyond this\n // point. Any thrown error beyond this point will prevent the\n // TokenGetter from obtaining, and storing, the new token set,\n // effectively rendering the currently saved session unusable.\n options?.signal?.throwIfAborted()\n\n try {\n const newTokenSet = await server.refresh(tokenSet)\n\n if (sub !== newTokenSet.sub) {\n // The server returned another sub. Was the tokenSet manipulated?\n throw new TokenRefreshError(sub, 'Token set sub mismatch')\n }\n\n return {\n dpopKey,\n tokenSet: newTokenSet,\n authMethod: server.authMethod,\n }\n } catch (cause) {\n // If the refresh token is invalid, let's try to recover from\n // concurrency issues, or make sure the session is deleted by throwing\n // a TokenRefreshError.\n if (\n cause instanceof OAuthResponseError &&\n cause.status === 400 &&\n cause.error === 'invalid_grant'\n ) {\n // In case there is no lock implementation in the runtime, we will\n // wait for a short time to give the other concurrent instances a\n // chance to finish their refreshing of the token. If a concurrent\n // refresh did occur, we will pretend that this one succeeded.\n if (!runtime.hasImplementationLock) {\n await new Promise((r) => setTimeout(r, 1000))\n\n const stored = await this.getStored(sub)\n if (stored === undefined) {\n // A concurrent refresh occurred and caused the session to be\n // deleted (for a reason we can't know at this point).\n\n // Using a distinct error message mainly for debugging\n // purposes. Also, throwing a TokenRefreshError to trigger\n // deletion through the deleteOnError callback.\n const msg = 'The session was deleted by another process'\n throw new TokenRefreshError(sub, msg, { cause })\n } else if (\n stored.tokenSet.access_token !== tokenSet.access_token ||\n stored.tokenSet.refresh_token !== tokenSet.refresh_token\n ) {\n // A concurrent refresh occurred. Pretend this one succeeded.\n return stored\n } else {\n // There were no concurrent refresh. The token is (likely)\n // simply no longer valid.\n }\n }\n\n // Make sure the session gets deleted from the store\n const msg = cause.errorDescription ?? 'The session was revoked'\n throw new TokenRefreshError(sub, msg, { cause })\n }\n\n throw cause\n }\n },\n sessionStore,\n {\n isStale: (sub, { tokenSet }) => {\n return (\n tokenSet.expires_at != null &&\n new Date(tokenSet.expires_at).getTime() <\n Date.now() +\n // Add some lee way to ensure the token is not expired when it\n // reaches the server.\n 10e3 +\n // Add some randomness to reduce the chances of multiple\n // instances trying to refresh the token at the same.\n 30e3 * Math.random()\n )\n },\n onStoreError: async (\n err,\n sub,\n { tokenSet, dpopKey, authMethod = 'legacy' as const },\n ) => {\n if (!(err instanceof AuthMethodUnsatisfiableError)) {\n // If the error was an AuthMethodUnsatisfiableError, there is no\n // point in trying to call `fromIssuer`.\n try {\n // If the token data cannot be stored, let's revoke it\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n await server.revoke(\n tokenSet.refresh_token ?? tokenSet.access_token,\n )\n } catch {\n // Let the original error propagate\n }\n }\n\n throw err\n },\n deleteOnError: async (err) =>\n err instanceof TokenRefreshError ||\n err instanceof TokenRevokedError ||\n err instanceof TokenInvalidError ||\n err instanceof AuthMethodUnsatisfiableError,\n },\n )\n }\n\n addEventListener<T extends keyof SessionEventMap>(\n type: T,\n callback: SessionEventListener<T>,\n options?: AddEventListenerOptions | boolean,\n ) {\n this.eventTarget.addEventListener(type, callback, options)\n }\n\n removeEventListener<T extends keyof SessionEventMap>(\n type: T,\n callback: SessionEventListener<T>,\n options?: EventListenerOptions | boolean,\n ) {\n this.eventTarget.removeEventListener(type, callback, options)\n }\n\n dispatchEvent<T extends keyof SessionEventMap>(\n type: T,\n detail: SessionEventMap[T],\n ): boolean {\n return this.eventTarget.dispatchCustomEvent(type, detail)\n }\n\n async setStored(sub: string, session: Session) {\n // Prevent tampering with the stored value\n if (sub !== session.tokenSet.sub) {\n throw new TypeError('Token set does not match the expected sub')\n }\n await super.setStored(sub, session)\n this.dispatchEvent('updated', { sub, ...session })\n }\n\n override async delStored(sub: AtprotoDid, cause?: unknown): Promise<void> {\n await super.delStored(sub, cause)\n this.dispatchEvent('deleted', { sub, cause })\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n async getSession(sub: AtprotoDid, refresh: boolean | 'auto' = 'auto') {\n return this.get(sub, {\n noCache: refresh === true,\n allowStale: refresh === false,\n })\n }\n\n async get(sub: AtprotoDid, options?: GetCachedOptions): Promise<Session> {\n const session = await this.runtime.usingLock(\n `@atproto-oauth-client-${sub}`,\n async () => {\n // Make sure, even if there is no signal in the options, that the\n // request will be cancelled after at most 30 seconds.\n const signal = AbortSignal.timeout(30e3)\n\n using abortController = combineSignals([options?.signal, signal])\n\n return await super.get(sub, {\n ...options,\n signal: abortController.signal,\n })\n },\n )\n\n if (sub !== session.tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new Error('Token set does not match the expected sub')\n }\n\n return session\n }\n}\n"]}
package/dist/state-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"state-store.js","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"state-store.js","sourceRoot":"","sources":["../src/state-store.ts"],"names":[],"mappings":"","sourcesContent":["import { Key } from '@atproto/jwk'\nimport { SimpleStore } from '@atproto-labs/simple-store'\nimport { ClientAuthMethod } from './oauth-client-auth.js'\n\nexport type InternalStateData = {\n iss: string\n dpopKey: Key\n /** @note optional for legacy reasons */\n authMethod?: ClientAuthMethod\n verifier?: string\n appState?: string\n}\n\nexport type StateStore = SimpleStore<string, InternalStateData>\n"]}