@atproto/oauth-provider-api 0.3.7 → 0.5.0-next.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -0
- package/dist/api-endpoints.d.ts +14 -10
- package/dist/api-endpoints.d.ts.map +1 -1
- package/dist/api-endpoints.js +1 -2
- package/dist/api-endpoints.js.map +1 -1
- package/dist/contants.js +3 -6
- package/dist/contants.js.map +1 -1
- package/dist/customization-data.js +1 -2
- package/dist/index.js +1 -17
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +7 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +1 -2
- package/dist/types.js.map +1 -1
- package/package.json +8 -7
- package/src/api-endpoints.ts +23 -6
- package/src/types.ts +7 -2
- package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,35 @@
|
|
|
1
1
|
# @atproto/oauth-provider-api
|
|
2
2
|
|
|
3
|
+
## 0.5.0-next.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
|
|
8
|
+
|
|
9
|
+
- [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
|
|
10
|
+
|
|
11
|
+
Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
|
|
12
|
+
|
|
13
|
+
- [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0. Emitted `.d.ts` files now use TypeScript 6's stricter `Uint8Array<ArrayBuffer>` typing in places where Web/Node APIs require buffer-backed (not shared-memory) byte arrays. Consumers compiling against these types on older TypeScript should see no runtime impact, but may need to widen or cast in spots that previously relied on `Uint8Array` defaulting to `<ArrayBufferLike>`.
|
|
14
|
+
|
|
15
|
+
Internal: tsconfig `moduleResolution: "node"` is silenced via `ignoreDeprecations: "6.0"` for now; the proper migration to `node16`/`bundler` resolution is deferred.
|
|
16
|
+
|
|
17
|
+
### Patch Changes
|
|
18
|
+
|
|
19
|
+
- Updated dependencies [[`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b), [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028), [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9)]:
|
|
20
|
+
- @atproto/jwk@0.7.0-next.0
|
|
21
|
+
- @atproto/oauth-types@0.7.0-next.0
|
|
22
|
+
|
|
23
|
+
## 0.4.0
|
|
24
|
+
|
|
25
|
+
### Minor Changes
|
|
26
|
+
|
|
27
|
+
- [#4820](https://github.com/bluesky-social/atproto/pull/4820) [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Unify account management and authorization pages into a signle package
|
|
28
|
+
|
|
29
|
+
### Patch Changes
|
|
30
|
+
|
|
31
|
+
- [#4820](https://github.com/bluesky-social/atproto/pull/4820) [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Account management interface improvements
|
|
32
|
+
|
|
3
33
|
## 0.3.7
|
|
4
34
|
|
|
5
35
|
### Patch Changes
|
package/dist/api-endpoints.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk';
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types';
|
|
3
|
-
import type { Account, DeviceMetadata, ISODateString } from './types.js';
|
|
3
|
+
import type { Account, DeviceMetadata, ISODateString, Session } from './types.js';
|
|
4
4
|
export type ApiEndpoints = {
|
|
5
5
|
'/verify-handle-availability': {
|
|
6
6
|
method: 'POST';
|
|
@@ -45,7 +45,7 @@ export type ApiEndpoints = {
|
|
|
45
45
|
*/
|
|
46
46
|
'/device-sessions': {
|
|
47
47
|
method: 'GET';
|
|
48
|
-
output:
|
|
48
|
+
output: Session[];
|
|
49
49
|
};
|
|
50
50
|
/**
|
|
51
51
|
* Lists all the active OAuth sessions (access/refresh tokens) that where
|
|
@@ -63,10 +63,8 @@ export type ApiEndpoints = {
|
|
|
63
63
|
*/
|
|
64
64
|
'/oauth-sessions': {
|
|
65
65
|
method: 'GET';
|
|
66
|
-
params:
|
|
67
|
-
|
|
68
|
-
};
|
|
69
|
-
output: ActiveOAuthSession[];
|
|
66
|
+
params: OAuthSessionsInput;
|
|
67
|
+
output: OAuthSessionsOutput;
|
|
70
68
|
};
|
|
71
69
|
'/revoke-oauth-session': {
|
|
72
70
|
method: 'POST';
|
|
@@ -81,10 +79,8 @@ export type ApiEndpoints = {
|
|
|
81
79
|
*/
|
|
82
80
|
'/account-sessions': {
|
|
83
81
|
method: 'GET';
|
|
84
|
-
params:
|
|
85
|
-
|
|
86
|
-
};
|
|
87
|
-
output: ActiveAccountSession[];
|
|
82
|
+
params: AccountSessionsInput;
|
|
83
|
+
output: AccountSessionsOutput;
|
|
88
84
|
};
|
|
89
85
|
'/revoke-account-session': {
|
|
90
86
|
method: 'POST';
|
|
@@ -160,6 +156,14 @@ export type RevokeAccountSessionInput = {
|
|
|
160
156
|
sub: string;
|
|
161
157
|
deviceId: string;
|
|
162
158
|
};
|
|
159
|
+
export type OAuthSessionsInput = {
|
|
160
|
+
sub: string;
|
|
161
|
+
};
|
|
162
|
+
export type OAuthSessionsOutput = ActiveOAuthSession[];
|
|
163
|
+
export type AccountSessionsInput = {
|
|
164
|
+
sub: string;
|
|
165
|
+
};
|
|
166
|
+
export type AccountSessionsOutput = ActiveAccountSession[];
|
|
163
167
|
export type RevokeOAuthSessionInput = {
|
|
164
168
|
sub: string;
|
|
165
169
|
tokenId: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAKnB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
|
package/dist/api-endpoints.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {
|
|
1
|
+
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n sub: string\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n sub: string\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n sub: string\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n sub: string\n tokenId: string\n}\n\nexport type ConsentInput = {\n sub: string\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
|
package/dist/contants.js
CHANGED
|
@@ -1,7 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
exports.CSRF_COOKIE_NAME = 'csrf-token';
|
|
5
|
-
exports.CSRF_HEADER_NAME = 'x-csrf-token';
|
|
6
|
-
exports.API_ENDPOINT_PREFIX = '/@atproto/oauth-provider/~api';
|
|
1
|
+
export const CSRF_COOKIE_NAME = 'csrf-token';
|
|
2
|
+
export const CSRF_HEADER_NAME = 'x-csrf-token';
|
|
3
|
+
export const API_ENDPOINT_PREFIX = '/@atproto/oauth-provider/~api';
|
|
7
4
|
//# sourceMappingURL=contants.js.map
|
package/dist/contants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contants.js","sourceRoot":"","sources":["../src/contants.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"contants.js","sourceRoot":"","sources":["../src/contants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG,YAAY,CAAA;AAC5C,MAAM,CAAC,MAAM,gBAAgB,GAAG,cAAc,CAAA;AAE9C,MAAM,CAAC,MAAM,mBAAmB,GAAG,+BAA+B,CAAA","sourcesContent":["export const CSRF_COOKIE_NAME = 'csrf-token'\nexport const CSRF_HEADER_NAME = 'x-csrf-token'\n\nexport const API_ENDPOINT_PREFIX = '/@atproto/oauth-provider/~api'\n"]}
|
package/dist/index.js
CHANGED
|
@@ -1,18 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./contants.js"), exports);
|
|
1
|
+
export * from './contants.js';
|
|
18
2
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,cAAc,eAAe,CAAA","sourcesContent":["export type * from './api-endpoints.js'\nexport type * from './customization-data.js'\nexport type * from './types.js'\n\nexport * from './contants.js'\n"]}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,18 +1,23 @@
|
|
|
1
1
|
export type Account = {
|
|
2
2
|
sub: string;
|
|
3
3
|
aud: string | [string, ...string[]];
|
|
4
|
+
locale?: string;
|
|
4
5
|
email?: string;
|
|
5
6
|
email_verified?: boolean;
|
|
6
7
|
name?: string;
|
|
7
8
|
preferred_username?: string;
|
|
8
9
|
picture?: string;
|
|
9
10
|
};
|
|
11
|
+
/**
|
|
12
|
+
* Represents an account that is currently signed-in to the Authorization
|
|
13
|
+
* Server. If the session was created too long ago, the user may be required to
|
|
14
|
+
* re-authenticate ({@link Session.loginRequired}).
|
|
15
|
+
*/
|
|
10
16
|
export type Session = {
|
|
11
17
|
account: Account;
|
|
12
18
|
info?: never;
|
|
13
|
-
selected: boolean;
|
|
14
19
|
loginRequired: boolean;
|
|
15
|
-
consentRequired
|
|
20
|
+
consentRequired?: boolean;
|
|
16
21
|
};
|
|
17
22
|
export type MultiLangString = Record<string, string | undefined>;
|
|
18
23
|
export type LinkDefinition = {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,GAAG,eAAe,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}
|
package/dist/types.js
CHANGED
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n sub: string\n aud: string | [string, ...string[]]\n\n email?: string\n email_verified?: boolean\n name?: string\n preferred_username?: string\n picture?: string\n}\n\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n sub: string\n aud: string | [string, ...string[]]\n\n locale?: string\n email?: string\n email_verified?: boolean\n name?: string\n preferred_username?: string\n picture?: string\n}\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link Session.loginRequired}).\n */\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n loginRequired: boolean\n consentRequired?: boolean\n}\n\nexport type MultiLangString = Record<string, string | undefined>\n\nexport type LinkDefinition = {\n title: string | MultiLangString\n href: string\n rel?: string\n}\n\nexport type DeviceMetadata = {\n userAgent: string | null\n ipAddress: string\n lastSeenAt: ISODateString\n}\n\nexport type ISODateString = `${string}T${string}Z`\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider-api",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0-next.0",
|
|
4
|
+
"engines": {
|
|
5
|
+
"node": ">=22"
|
|
6
|
+
},
|
|
4
7
|
"license": "MIT",
|
|
5
8
|
"description": "Shared data types for the @atproto/oauth-provider and @atproto/oauth-provider-ui packages",
|
|
6
9
|
"keywords": [
|
|
@@ -15,9 +18,7 @@
|
|
|
15
18
|
"url": "https://github.com/bluesky-social/atproto",
|
|
16
19
|
"directory": "packages/oauth/oauth-provider-api"
|
|
17
20
|
},
|
|
18
|
-
"type": "
|
|
19
|
-
"main": "dist/index.js",
|
|
20
|
-
"types": "dist/index.d.ts",
|
|
21
|
+
"type": "module",
|
|
21
22
|
"exports": {
|
|
22
23
|
".": {
|
|
23
24
|
"types": "./dist/index.d.ts",
|
|
@@ -25,11 +26,11 @@
|
|
|
25
26
|
}
|
|
26
27
|
},
|
|
27
28
|
"dependencies": {
|
|
28
|
-
"@atproto/jwk": "0.
|
|
29
|
-
"@atproto/oauth-types": "0.
|
|
29
|
+
"@atproto/jwk": "^0.7.0-next.0",
|
|
30
|
+
"@atproto/oauth-types": "^0.7.0-next.0"
|
|
30
31
|
},
|
|
31
32
|
"devDependencies": {
|
|
32
|
-
"typescript": "^
|
|
33
|
+
"typescript": "^6.0.3"
|
|
33
34
|
},
|
|
34
35
|
"scripts": {
|
|
35
36
|
"build": "tsc --build tsconfig.build.json"
|
package/src/api-endpoints.ts
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk'
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types'
|
|
3
|
-
import type {
|
|
3
|
+
import type {
|
|
4
|
+
Account,
|
|
5
|
+
DeviceMetadata,
|
|
6
|
+
ISODateString,
|
|
7
|
+
Session,
|
|
8
|
+
} from './types.js'
|
|
4
9
|
|
|
5
10
|
// These are the endpoints implemented by the OAuth provider, for its UI to
|
|
6
11
|
// call.
|
|
@@ -41,7 +46,7 @@ export type ApiEndpoints = {
|
|
|
41
46
|
*/
|
|
42
47
|
'/device-sessions': {
|
|
43
48
|
method: 'GET'
|
|
44
|
-
output:
|
|
49
|
+
output: Session[]
|
|
45
50
|
}
|
|
46
51
|
/**
|
|
47
52
|
* Lists all the active OAuth sessions (access/refresh tokens) that where
|
|
@@ -59,8 +64,8 @@ export type ApiEndpoints = {
|
|
|
59
64
|
*/
|
|
60
65
|
'/oauth-sessions': {
|
|
61
66
|
method: 'GET'
|
|
62
|
-
params:
|
|
63
|
-
output:
|
|
67
|
+
params: OAuthSessionsInput
|
|
68
|
+
output: OAuthSessionsOutput
|
|
64
69
|
}
|
|
65
70
|
'/revoke-oauth-session': {
|
|
66
71
|
method: 'POST'
|
|
@@ -73,8 +78,8 @@ export type ApiEndpoints = {
|
|
|
73
78
|
*/
|
|
74
79
|
'/account-sessions': {
|
|
75
80
|
method: 'GET'
|
|
76
|
-
params:
|
|
77
|
-
output:
|
|
81
|
+
params: AccountSessionsInput
|
|
82
|
+
output: AccountSessionsOutput
|
|
78
83
|
}
|
|
79
84
|
'/revoke-account-session': {
|
|
80
85
|
method: 'POST'
|
|
@@ -155,6 +160,18 @@ export type RevokeAccountSessionInput = {
|
|
|
155
160
|
deviceId: string
|
|
156
161
|
}
|
|
157
162
|
|
|
163
|
+
export type OAuthSessionsInput = {
|
|
164
|
+
sub: string
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
export type OAuthSessionsOutput = ActiveOAuthSession[]
|
|
168
|
+
|
|
169
|
+
export type AccountSessionsInput = {
|
|
170
|
+
sub: string
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
export type AccountSessionsOutput = ActiveAccountSession[]
|
|
174
|
+
|
|
158
175
|
export type RevokeOAuthSessionInput = {
|
|
159
176
|
sub: string
|
|
160
177
|
tokenId: string
|
package/src/types.ts
CHANGED
|
@@ -3,6 +3,7 @@ export type Account = {
|
|
|
3
3
|
sub: string
|
|
4
4
|
aud: string | [string, ...string[]]
|
|
5
5
|
|
|
6
|
+
locale?: string
|
|
6
7
|
email?: string
|
|
7
8
|
email_verified?: boolean
|
|
8
9
|
name?: string
|
|
@@ -10,13 +11,17 @@ export type Account = {
|
|
|
10
11
|
picture?: string
|
|
11
12
|
}
|
|
12
13
|
|
|
14
|
+
/**
|
|
15
|
+
* Represents an account that is currently signed-in to the Authorization
|
|
16
|
+
* Server. If the session was created too long ago, the user may be required to
|
|
17
|
+
* re-authenticate ({@link Session.loginRequired}).
|
|
18
|
+
*/
|
|
13
19
|
export type Session = {
|
|
14
20
|
account: Account
|
|
15
21
|
info?: never // Prevent relying on this in the frontend
|
|
16
22
|
|
|
17
|
-
selected: boolean
|
|
18
23
|
loginRequired: boolean
|
|
19
|
-
consentRequired
|
|
24
|
+
consentRequired?: boolean
|
|
20
25
|
}
|
|
21
26
|
|
|
22
27
|
export type MultiLangString = Record<string, string | undefined>
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/index.ts","./src/types.ts"],"version":"
|
|
1
|
+
{"root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/index.ts","./src/types.ts"],"version":"6.0.3"}
|