@atproto/oauth-provider-api 0.2.1 → 0.3.1

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @atproto/oauth-provider-api
 
+## 0.3.1
+
+### Patch Changes
+
+- Updated dependencies [[`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3)]:
+  - @atproto/oauth-types@0.4.2
+  - @atproto/jwk@0.6.0
+
+## 0.3.0
+
+### Minor Changes
+
+- [`f4cb3e4d0`](https://github.com/bluesky-social/atproto/commit/f4cb3e4d0ac45e567fa14f79b99a84621fa89a56) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Adapt to UI to support permission set.
+
 ## 0.2.1
 
 ### Patch Changes

package/dist/api-endpoints.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":""}
+{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type { Account, DeviceMetadata, ISODateString } from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n  '/verify-handle-availability': {\n    method: 'POST'\n    input: VerifyHandleAvailabilityInput\n    output: { available: true }\n  }\n  '/sign-up': {\n    method: 'POST'\n    input: SignUpInput\n    output: SignUpOutput\n  }\n  '/sign-in': {\n    method: 'POST'\n    input: SignInInput\n    output: SignInOutput\n  }\n  '/reset-password-request': {\n    method: 'POST'\n    input: InitiatePasswordResetInput\n    output: { success: true }\n  }\n  '/reset-password-confirm': {\n    method: 'POST'\n    input: ConfirmResetPasswordInput\n    output: { success: true }\n  }\n  '/sign-out': {\n    method: 'POST'\n    input: SignOutInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the accounts that are currently active, on the current device.\n   */\n  '/device-sessions': {\n    method: 'GET'\n    output: ActiveDeviceSession[]\n  }\n  /**\n   * Lists all the active OAuth sessions (access/refresh tokens) that where\n   * issued to OAuth clients (apps).\n   *\n   * @NOTE can be revoked using the oauth revocation endpoint (json or form\n   * encoded)\n   *\n   * ```http\n   * POST /oauth/revoke\n   * Content-Type: application/x-www-form-urlencoded\n   *\n   * token=<tokenId>\n   * ```\n   */\n  '/oauth-sessions': {\n    method: 'GET'\n    params: { sub: string }\n    output: ActiveOAuthSession[]\n  }\n  '/revoke-oauth-session': {\n    method: 'POST'\n    input: RevokeOAuthSessionInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the sessions that are currently active for a particular user, on\n   * other devices.\n   */\n  '/account-sessions': {\n    method: 'GET'\n    params: { sub: string }\n    output: ActiveAccountSession[]\n  }\n  '/revoke-account-session': {\n    method: 'POST'\n    input: RevokeAccountSessionInput\n    output: { success: true }\n  }\n  '/consent': {\n    method: 'POST'\n    input: ConsentInput\n    output: { url: string }\n  }\n  '/reject': {\n    method: 'POST'\n    input: RejectInput\n    output: { url: string }\n  }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n  locale: string\n  username: string\n  password: string\n  emailOtp?: string\n  remember?: boolean\n}\n\nexport type SignInOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n  consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n  locale: string\n  handle: string\n  email: string\n  password: string\n  inviteCode?: string\n  hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n  sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n  locale: string\n  email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n  token: string\n  password: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n  handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n  sub: string\n  deviceId: string\n}\n\nexport type RevokeOAuthSessionInput = {\n  sub: string\n  tokenId: string\n}\n\nexport type ConsentInput = {\n  sub: string\n  scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n  account: Account\n\n  /**\n   * The session is too old and the user must re-authenticate.\n   */\n  loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n  deviceId: string\n  deviceMetadata: DeviceMetadata\n\n  isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n  tokenId: string\n\n  createdAt: ISODateString\n  updatedAt: ISODateString\n\n  clientId: string\n  /** An \"undefined\" value means that the client metadata could not be fetched */\n  clientMetadata?: OAuthClientMetadata\n\n  scope?: string\n}\n"]}

package/dist/contants.js.map

@@ -1 +1 @@
-{"version":3,"file":"contants.js","sourceRoot":"","sources":["../src/contants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,YAAY,CAAA;AAC/B,QAAA,gBAAgB,GAAG,cAAc,CAAA;AAEjC,QAAA,mBAAmB,GAAG,+BAA+B,CAAA"}
+{"version":3,"file":"contants.js","sourceRoot":"","sources":["../src/contants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,YAAY,CAAA;AAC/B,QAAA,gBAAgB,GAAG,cAAc,CAAA;AAEjC,QAAA,mBAAmB,GAAG,+BAA+B,CAAA","sourcesContent":["export const CSRF_COOKIE_NAME = 'csrf-token'\nexport const CSRF_HEADER_NAME = 'x-csrf-token'\n\nexport const API_ENDPOINT_PREFIX = '/@atproto/oauth-provider/~api'\n"]}

package/dist/{backend-types.d.ts → customization-data.d.ts}

@@ -7,4 +7,4 @@ export type CustomizationData = {
     logo?: string;
     links?: LinkDefinition[];
 };
-//# sourceMappingURL=backend-types.d.ts.map
+//# sourceMappingURL=customization-data.d.ts.map

package/dist/customization-data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"customization-data.d.ts","sourceRoot":"","sources":["../src/customization-data.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAKhD,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;IAG/B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;CACzB,CAAA"}

package/dist/{backend-types.js → customization-data.js}

@@ -1,3 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=backend-types.js.map
+//# sourceMappingURL=customization-data.js.map

package/dist/customization-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"customization-data.js","sourceRoot":"","sources":["../src/customization-data.ts"],"names":[],"mappings":"","sourcesContent":["import type { LinkDefinition } from './types.js'\n\n// These are the types of the variables that are injected into the HTML by the\n// backend. They are used to configure the frontend.\n\nexport type CustomizationData = {\n  // Functional customization\n  hcaptchaSiteKey?: string\n  inviteCodeRequired?: boolean\n  availableUserDomains?: string[]\n\n  // Aesthetic customization\n  name?: string\n  logo?: string\n  links?: LinkDefinition[]\n}\n"]}

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export type * from './api-endpoints.js';
-export type * from './backend-types.js';
+export type * from './customization-data.js';
 export type * from './types.js';
 export * from './contants.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,oBAAoB,CAAA;AACvC,mBAAmB,oBAAoB,CAAA;AACvC,mBAAmB,YAAY,CAAA;AAE/B,cAAc,eAAe,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,oBAAoB,CAAA;AACvC,mBAAmB,yBAAyB,CAAA;AAC5C,mBAAmB,YAAY,CAAA;AAE/B,cAAc,eAAe,CAAA"}

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAIA,gDAA6B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAIA,gDAA6B","sourcesContent":["export type * from './api-endpoints.js'\nexport type * from './customization-data.js'\nexport type * from './types.js'\n\nexport * from './contants.js'\n"]}

package/dist/types.d.ts

@@ -14,12 +14,9 @@ export type Session = {
     loginRequired: boolean;
     consentRequired: boolean;
 };
-export type MultiLangString = {
-    en: string;
-} & Record<string, string | undefined>;
-export type LocalizedString = string | MultiLangString;
+export type MultiLangString = Record<string, string | undefined>;
 export type LinkDefinition = {
-    title: LocalizedString;
+    title: string | MultiLangString;
     href: string;
     rel?: string;
 };

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,QAAQ,EAAE,OAAO,CAAA;IACjB,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CACnD,MAAM,EACN,MAAM,GAAG,SAAS,CACnB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,eAAe,CAAA;AAEtD,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,eAAe,CAAA;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,QAAQ,EAAE,OAAO,CAAA;IACjB,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,GAAG,eAAe,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n  sub: string\n  aud: string | [string, ...string[]]\n\n  email?: string\n  email_verified?: boolean\n  name?: string\n  preferred_username?: string\n  picture?: string\n}\n\nexport type Session = {\n  account: Account\n  info?: never // Prevent relying on this in the frontend\n\n  selected: boolean\n  loginRequired: boolean\n  consentRequired: boolean\n}\n\nexport type MultiLangString = Record<string, string | undefined>\n\nexport type LinkDefinition = {\n  title: string | MultiLangString\n  href: string\n  rel?: string\n}\n\nexport type DeviceMetadata = {\n  userAgent: string | null\n  ipAddress: string\n  lastSeenAt: ISODateString\n}\n\nexport type ISODateString = `${string}T${string}Z`\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider-api",
-  "version": "0.2.1",
+  "version": "0.3.1",
   "license": "MIT",
   "description": "Shared data types for the @atproto/oauth-provider and @atproto/oauth-provider-ui packages",
   "keywords": [
@@ -25,8 +25,8 @@
     }
   },
   "dependencies": {
-    "@atproto/jwk": "0.5.0",
-    "@atproto/oauth-types": "0.4.1"
+    "@atproto/jwk": "0.6.0",
+    "@atproto/oauth-types": "0.4.2"
   },
   "devDependencies": {
     "typescript": "^5.6.3"

package/src/index.ts

@@ -1,5 +1,5 @@
 export type * from './api-endpoints.js'
-export type * from './backend-types.js'
+export type * from './customization-data.js'
 export type * from './types.js'
 
 export * from './contants.js'

package/src/types.ts

@@ -19,15 +19,10 @@ export type Session = {
   consentRequired: boolean
 }
 
-export type MultiLangString = { en: string } & Record<
-  string,
-  string | undefined
->
-
-export type LocalizedString = string | MultiLangString
+export type MultiLangString = Record<string, string | undefined>
 
 export type LinkDefinition = {
-  title: LocalizedString
+  title: string | MultiLangString
   href: string
   rel?: string
 }

package/tsconfig.build.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/api-endpoints.ts","./src/backend-types.ts","./src/contants.ts","./src/index.ts","./src/types.ts"],"version":"5.8.2"}
+{"root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/index.ts","./src/types.ts"],"version":"5.8.2"}

package/dist/backend-types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"backend-types.d.ts","sourceRoot":"","sources":["../src/backend-types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAKhD,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;IAG/B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;CACzB,CAAA"}

package/dist/backend-types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"backend-types.js","sourceRoot":"","sources":["../src/backend-types.ts"],"names":[],"mappings":""}