@atproto/oauth-provider-api 0.3.6 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/LICENSE.txt +1 -1
- package/dist/api-endpoints.d.ts +14 -10
- package/dist/api-endpoints.d.ts.map +1 -1
- package/dist/api-endpoints.js.map +1 -1
- package/dist/types.d.ts +7 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +3 -3
- package/src/api-endpoints.ts +23 -6
- package/src/types.ts +7 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# @atproto/oauth-provider-api
|
|
2
2
|
|
|
3
|
+
## 0.4.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#4820](https://github.com/bluesky-social/atproto/pull/4820) [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Unify account management and authorization pages into a signle package
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- [#4820](https://github.com/bluesky-social/atproto/pull/4820) [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Account management interface improvements
|
|
12
|
+
|
|
13
|
+
## 0.3.7
|
|
14
|
+
|
|
15
|
+
### Patch Changes
|
|
16
|
+
|
|
17
|
+
- Updated dependencies []:
|
|
18
|
+
- @atproto/oauth-types@0.6.2
|
|
19
|
+
|
|
3
20
|
## 0.3.6
|
|
4
21
|
|
|
5
22
|
### Patch Changes
|
package/LICENSE.txt
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Dual MIT/Apache-2.0 License
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2022-
|
|
3
|
+
Copyright (c) 2022-2026 Bluesky Social PBC, and Contributors
|
|
4
4
|
|
|
5
5
|
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
6
|
|
package/dist/api-endpoints.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk';
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types';
|
|
3
|
-
import type { Account, DeviceMetadata, ISODateString } from './types.js';
|
|
3
|
+
import type { Account, DeviceMetadata, ISODateString, Session } from './types.js';
|
|
4
4
|
export type ApiEndpoints = {
|
|
5
5
|
'/verify-handle-availability': {
|
|
6
6
|
method: 'POST';
|
|
@@ -45,7 +45,7 @@ export type ApiEndpoints = {
|
|
|
45
45
|
*/
|
|
46
46
|
'/device-sessions': {
|
|
47
47
|
method: 'GET';
|
|
48
|
-
output:
|
|
48
|
+
output: Session[];
|
|
49
49
|
};
|
|
50
50
|
/**
|
|
51
51
|
* Lists all the active OAuth sessions (access/refresh tokens) that where
|
|
@@ -63,10 +63,8 @@ export type ApiEndpoints = {
|
|
|
63
63
|
*/
|
|
64
64
|
'/oauth-sessions': {
|
|
65
65
|
method: 'GET';
|
|
66
|
-
params:
|
|
67
|
-
|
|
68
|
-
};
|
|
69
|
-
output: ActiveOAuthSession[];
|
|
66
|
+
params: OAuthSessionsInput;
|
|
67
|
+
output: OAuthSessionsOutput;
|
|
70
68
|
};
|
|
71
69
|
'/revoke-oauth-session': {
|
|
72
70
|
method: 'POST';
|
|
@@ -81,10 +79,8 @@ export type ApiEndpoints = {
|
|
|
81
79
|
*/
|
|
82
80
|
'/account-sessions': {
|
|
83
81
|
method: 'GET';
|
|
84
|
-
params:
|
|
85
|
-
|
|
86
|
-
};
|
|
87
|
-
output: ActiveAccountSession[];
|
|
82
|
+
params: AccountSessionsInput;
|
|
83
|
+
output: AccountSessionsOutput;
|
|
88
84
|
};
|
|
89
85
|
'/revoke-account-session': {
|
|
90
86
|
method: 'POST';
|
|
@@ -160,6 +156,14 @@ export type RevokeAccountSessionInput = {
|
|
|
160
156
|
sub: string;
|
|
161
157
|
deviceId: string;
|
|
162
158
|
};
|
|
159
|
+
export type OAuthSessionsInput = {
|
|
160
|
+
sub: string;
|
|
161
|
+
};
|
|
162
|
+
export type OAuthSessionsOutput = ActiveOAuthSession[];
|
|
163
|
+
export type AccountSessionsInput = {
|
|
164
|
+
sub: string;
|
|
165
|
+
};
|
|
166
|
+
export type AccountSessionsOutput = ActiveAccountSession[];
|
|
163
167
|
export type RevokeOAuthSessionInput = {
|
|
164
168
|
sub: string;
|
|
165
169
|
tokenId: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAKnB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {
|
|
1
|
+
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n sub: string\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n sub: string\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n sub: string\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n sub: string\n tokenId: string\n}\n\nexport type ConsentInput = {\n sub: string\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,18 +1,23 @@
|
|
|
1
1
|
export type Account = {
|
|
2
2
|
sub: string;
|
|
3
3
|
aud: string | [string, ...string[]];
|
|
4
|
+
locale?: string;
|
|
4
5
|
email?: string;
|
|
5
6
|
email_verified?: boolean;
|
|
6
7
|
name?: string;
|
|
7
8
|
preferred_username?: string;
|
|
8
9
|
picture?: string;
|
|
9
10
|
};
|
|
11
|
+
/**
|
|
12
|
+
* Represents an account that is currently signed-in to the Authorization
|
|
13
|
+
* Server. If the session was created too long ago, the user may be required to
|
|
14
|
+
* re-authenticate ({@link Session.loginRequired}).
|
|
15
|
+
*/
|
|
10
16
|
export type Session = {
|
|
11
17
|
account: Account;
|
|
12
18
|
info?: never;
|
|
13
|
-
selected: boolean;
|
|
14
19
|
loginRequired: boolean;
|
|
15
|
-
consentRequired
|
|
20
|
+
consentRequired?: boolean;
|
|
16
21
|
};
|
|
17
22
|
export type MultiLangString = Record<string, string | undefined>;
|
|
18
23
|
export type LinkDefinition = {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,GAAG,eAAe,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n sub: string\n aud: string | [string, ...string[]]\n\n email?: string\n email_verified?: boolean\n name?: string\n preferred_username?: string\n picture?: string\n}\n\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n sub: string\n aud: string | [string, ...string[]]\n\n locale?: string\n email?: string\n email_verified?: boolean\n name?: string\n preferred_username?: string\n picture?: string\n}\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link Session.loginRequired}).\n */\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n loginRequired: boolean\n consentRequired?: boolean\n}\n\nexport type MultiLangString = Record<string, string | undefined>\n\nexport type LinkDefinition = {\n title: string | MultiLangString\n href: string\n rel?: string\n}\n\nexport type DeviceMetadata = {\n userAgent: string | null\n ipAddress: string\n lastSeenAt: ISODateString\n}\n\nexport type ISODateString = `${string}T${string}Z`\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider-api",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Shared data types for the @atproto/oauth-provider and @atproto/oauth-provider-ui packages",
|
|
6
6
|
"keywords": [
|
|
@@ -25,8 +25,8 @@
|
|
|
25
25
|
}
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
|
-
"@atproto/jwk": "0.6.0",
|
|
29
|
-
"@atproto/oauth-types": "0.6.
|
|
28
|
+
"@atproto/jwk": "^0.6.0",
|
|
29
|
+
"@atproto/oauth-types": "^0.6.3"
|
|
30
30
|
},
|
|
31
31
|
"devDependencies": {
|
|
32
32
|
"typescript": "^5.6.3"
|
package/src/api-endpoints.ts
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk'
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types'
|
|
3
|
-
import type {
|
|
3
|
+
import type {
|
|
4
|
+
Account,
|
|
5
|
+
DeviceMetadata,
|
|
6
|
+
ISODateString,
|
|
7
|
+
Session,
|
|
8
|
+
} from './types.js'
|
|
4
9
|
|
|
5
10
|
// These are the endpoints implemented by the OAuth provider, for its UI to
|
|
6
11
|
// call.
|
|
@@ -41,7 +46,7 @@ export type ApiEndpoints = {
|
|
|
41
46
|
*/
|
|
42
47
|
'/device-sessions': {
|
|
43
48
|
method: 'GET'
|
|
44
|
-
output:
|
|
49
|
+
output: Session[]
|
|
45
50
|
}
|
|
46
51
|
/**
|
|
47
52
|
* Lists all the active OAuth sessions (access/refresh tokens) that where
|
|
@@ -59,8 +64,8 @@ export type ApiEndpoints = {
|
|
|
59
64
|
*/
|
|
60
65
|
'/oauth-sessions': {
|
|
61
66
|
method: 'GET'
|
|
62
|
-
params:
|
|
63
|
-
output:
|
|
67
|
+
params: OAuthSessionsInput
|
|
68
|
+
output: OAuthSessionsOutput
|
|
64
69
|
}
|
|
65
70
|
'/revoke-oauth-session': {
|
|
66
71
|
method: 'POST'
|
|
@@ -73,8 +78,8 @@ export type ApiEndpoints = {
|
|
|
73
78
|
*/
|
|
74
79
|
'/account-sessions': {
|
|
75
80
|
method: 'GET'
|
|
76
|
-
params:
|
|
77
|
-
output:
|
|
81
|
+
params: AccountSessionsInput
|
|
82
|
+
output: AccountSessionsOutput
|
|
78
83
|
}
|
|
79
84
|
'/revoke-account-session': {
|
|
80
85
|
method: 'POST'
|
|
@@ -155,6 +160,18 @@ export type RevokeAccountSessionInput = {
|
|
|
155
160
|
deviceId: string
|
|
156
161
|
}
|
|
157
162
|
|
|
163
|
+
export type OAuthSessionsInput = {
|
|
164
|
+
sub: string
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
export type OAuthSessionsOutput = ActiveOAuthSession[]
|
|
168
|
+
|
|
169
|
+
export type AccountSessionsInput = {
|
|
170
|
+
sub: string
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
export type AccountSessionsOutput = ActiveAccountSession[]
|
|
174
|
+
|
|
158
175
|
export type RevokeOAuthSessionInput = {
|
|
159
176
|
sub: string
|
|
160
177
|
tokenId: string
|
package/src/types.ts
CHANGED
|
@@ -3,6 +3,7 @@ export type Account = {
|
|
|
3
3
|
sub: string
|
|
4
4
|
aud: string | [string, ...string[]]
|
|
5
5
|
|
|
6
|
+
locale?: string
|
|
6
7
|
email?: string
|
|
7
8
|
email_verified?: boolean
|
|
8
9
|
name?: string
|
|
@@ -10,13 +11,17 @@ export type Account = {
|
|
|
10
11
|
picture?: string
|
|
11
12
|
}
|
|
12
13
|
|
|
14
|
+
/**
|
|
15
|
+
* Represents an account that is currently signed-in to the Authorization
|
|
16
|
+
* Server. If the session was created too long ago, the user may be required to
|
|
17
|
+
* re-authenticate ({@link Session.loginRequired}).
|
|
18
|
+
*/
|
|
13
19
|
export type Session = {
|
|
14
20
|
account: Account
|
|
15
21
|
info?: never // Prevent relying on this in the frontend
|
|
16
22
|
|
|
17
|
-
selected: boolean
|
|
18
23
|
loginRequired: boolean
|
|
19
|
-
consentRequired
|
|
24
|
+
consentRequired?: boolean
|
|
20
25
|
}
|
|
21
26
|
|
|
22
27
|
export type MultiLangString = Record<string, string | undefined>
|