@atproto/oauth-provider-api 0.5.0-next.0 → 0.6.0

package/CHANGELOG.md

@@ -1,24 +1,28 @@
 # @atproto/oauth-provider-api
 
-## 0.5.0-next.0
+## 0.6.0
 
 ### Minor Changes
 
-- [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
+- [#4883](https://github.com/bluesky-social/atproto/pull/4883) [`64f5148`](https://github.com/bluesky-social/atproto/commit/64f5148ad8dcd669f77a9e022bd2622b2e594e0d) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add support for email verification and management in the account management interface
 
-- [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
+## 0.5.0
 
-  Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
+### Minor Changes
+
+- [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`f01c59f`](https://github.com/bluesky-social/atproto/commit/f01c59f5bd3f75fb8b47a9eecd4858b84033fb7c) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
 
-- [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0. Emitted `.d.ts` files now use TypeScript 6's stricter `Uint8Array<ArrayBuffer>` typing in places where Web/Node APIs require buffer-backed (not shared-memory) byte arrays. Consumers compiling against these types on older TypeScript should see no runtime impact, but may need to widen or cast in spots that previously relied on `Uint8Array` defaulting to `<ArrayBufferLike>`.
+- [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`c459153`](https://github.com/bluesky-social/atproto/commit/c459153395a30ce89e050892c8fab7dc98e019b9) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
+
+  Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
 
-  Internal: tsconfig `moduleResolution: "node"` is silenced via `ignoreDeprecations: "6.0"` for now; the proper migration to `node16`/`bundler` resolution is deferred.
+- [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`908bece`](https://github.com/bluesky-social/atproto/commit/908bece169258bff5ad121e5eec157d6ded6f705) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0.
 
 ### Patch Changes
 
-- Updated dependencies [[`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b), [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028), [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9)]:
-  - @atproto/jwk@0.7.0-next.0
-  - @atproto/oauth-types@0.7.0-next.0
+- Updated dependencies [[`f01c59f`](https://github.com/bluesky-social/atproto/commit/f01c59f5bd3f75fb8b47a9eecd4858b84033fb7c), [`c459153`](https://github.com/bluesky-social/atproto/commit/c459153395a30ce89e050892c8fab7dc98e019b9), [`908bece`](https://github.com/bluesky-social/atproto/commit/908bece169258bff5ad121e5eec157d6ded6f705)]:
+  - @atproto/jwk@0.7.0
+  - @atproto/oauth-types@0.7.0
 
 ## 0.4.0
 

package/dist/api-endpoints.d.ts

@@ -89,6 +89,32 @@ export type ApiEndpoints = {
             success: true;
         };
     };
+    '/update-email-request': {
+        method: 'POST';
+        input: InitiateEmailUpdateInput;
+        output: InitiateEmailUpdateOutput;
+    };
+    '/update-email-confirm': {
+        method: 'POST';
+        input: ConfirmEmailUpdateInput;
+        output: {
+            success: true;
+        };
+    };
+    '/verify-email-request': {
+        method: 'POST';
+        input: InitiateEmailVerificationInput;
+        output: {
+            success: true;
+        };
+    };
+    '/verify-email-confirm': {
+        method: 'POST';
+        input: ConfirmEmailVerificationInput;
+        output: {
+            success: true;
+        };
+    };
     '/consent': {
         method: 'POST';
         input: ConsentInput;
@@ -149,6 +175,28 @@ export type ConfirmResetPasswordInput = {
     token: string;
     password: string;
 };
+export type InitiateEmailUpdateInput = {
+    sub: string;
+    locale?: string;
+};
+export type InitiateEmailUpdateOutput = {
+    tokenRequired: boolean;
+};
+export type ConfirmEmailUpdateInput = {
+    sub: string;
+    token?: string;
+    email: string;
+    locale?: string;
+};
+export type InitiateEmailVerificationInput = {
+    sub: string;
+    locale?: string;
+};
+export type ConfirmEmailVerificationInput = {
+    sub: string;
+    token: string;
+    email: string;
+};
 export type VerifyHandleAvailabilityInput = {
     handle: string;
 };

package/dist/api-endpoints.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAKnB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
+{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAKnB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,wBAAwB,CAAA;QAC/B,MAAM,EAAE,yBAAyB,CAAA;KAClC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,8BAA8B,CAAA;QACrC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}

package/dist/api-endpoints.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {\n  Account,\n  DeviceMetadata,\n  ISODateString,\n  Session,\n} from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n  '/verify-handle-availability': {\n    method: 'POST'\n    input: VerifyHandleAvailabilityInput\n    output: { available: true }\n  }\n  '/sign-up': {\n    method: 'POST'\n    input: SignUpInput\n    output: SignUpOutput\n  }\n  '/sign-in': {\n    method: 'POST'\n    input: SignInInput\n    output: SignInOutput\n  }\n  '/reset-password-request': {\n    method: 'POST'\n    input: InitiatePasswordResetInput\n    output: { success: true }\n  }\n  '/reset-password-confirm': {\n    method: 'POST'\n    input: ConfirmResetPasswordInput\n    output: { success: true }\n  }\n  '/sign-out': {\n    method: 'POST'\n    input: SignOutInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the accounts that are currently active, on the current device.\n   */\n  '/device-sessions': {\n    method: 'GET'\n    output: Session[]\n  }\n  /**\n   * Lists all the active OAuth sessions (access/refresh tokens) that where\n   * issued to OAuth clients (apps).\n   *\n   * @NOTE can be revoked using the oauth revocation endpoint (json or form\n   * encoded)\n   *\n   * ```http\n   * POST /oauth/revoke\n   * Content-Type: application/x-www-form-urlencoded\n   *\n   * token=<tokenId>\n   * ```\n   */\n  '/oauth-sessions': {\n    method: 'GET'\n    params: OAuthSessionsInput\n    output: OAuthSessionsOutput\n  }\n  '/revoke-oauth-session': {\n    method: 'POST'\n    input: RevokeOAuthSessionInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the sessions that are currently active for a particular user, on\n   * other devices.\n   */\n  '/account-sessions': {\n    method: 'GET'\n    params: AccountSessionsInput\n    output: AccountSessionsOutput\n  }\n  '/revoke-account-session': {\n    method: 'POST'\n    input: RevokeAccountSessionInput\n    output: { success: true }\n  }\n  '/consent': {\n    method: 'POST'\n    input: ConsentInput\n    output: { url: string }\n  }\n  '/reject': {\n    method: 'POST'\n    input: RejectInput\n    output: { url: string }\n  }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n  locale: string\n  username: string\n  password: string\n  emailOtp?: string\n  remember?: boolean\n}\n\nexport type SignInOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n  consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n  locale: string\n  handle: string\n  email: string\n  password: string\n  inviteCode?: string\n  hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n  sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n  locale: string\n  email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n  token: string\n  password: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n  handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n  sub: string\n  deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n  sub: string\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n  sub: string\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n  sub: string\n  tokenId: string\n}\n\nexport type ConsentInput = {\n  sub: string\n  scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n  account: Account\n\n  /**\n   * The session is too old and the user must re-authenticate.\n   */\n  loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n  deviceId: string\n  deviceMetadata: DeviceMetadata\n\n  isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n  tokenId: string\n\n  createdAt: ISODateString\n  updatedAt: ISODateString\n\n  clientId: string\n  /** An \"undefined\" value means that the client metadata could not be fetched */\n  clientMetadata?: OAuthClientMetadata\n\n  scope?: string\n}\n"]}
+{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {\n  Account,\n  DeviceMetadata,\n  ISODateString,\n  Session,\n} from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n  '/verify-handle-availability': {\n    method: 'POST'\n    input: VerifyHandleAvailabilityInput\n    output: { available: true }\n  }\n  '/sign-up': {\n    method: 'POST'\n    input: SignUpInput\n    output: SignUpOutput\n  }\n  '/sign-in': {\n    method: 'POST'\n    input: SignInInput\n    output: SignInOutput\n  }\n  '/reset-password-request': {\n    method: 'POST'\n    input: InitiatePasswordResetInput\n    output: { success: true }\n  }\n  '/reset-password-confirm': {\n    method: 'POST'\n    input: ConfirmResetPasswordInput\n    output: { success: true }\n  }\n  '/sign-out': {\n    method: 'POST'\n    input: SignOutInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the accounts that are currently active, on the current device.\n   */\n  '/device-sessions': {\n    method: 'GET'\n    output: Session[]\n  }\n  /**\n   * Lists all the active OAuth sessions (access/refresh tokens) that where\n   * issued to OAuth clients (apps).\n   *\n   * @NOTE can be revoked using the oauth revocation endpoint (json or form\n   * encoded)\n   *\n   * ```http\n   * POST /oauth/revoke\n   * Content-Type: application/x-www-form-urlencoded\n   *\n   * token=<tokenId>\n   * ```\n   */\n  '/oauth-sessions': {\n    method: 'GET'\n    params: OAuthSessionsInput\n    output: OAuthSessionsOutput\n  }\n  '/revoke-oauth-session': {\n    method: 'POST'\n    input: RevokeOAuthSessionInput\n    output: { success: true }\n  }\n  /**\n   * Lists all the sessions that are currently active for a particular user, on\n   * other devices.\n   */\n  '/account-sessions': {\n    method: 'GET'\n    params: AccountSessionsInput\n    output: AccountSessionsOutput\n  }\n  '/revoke-account-session': {\n    method: 'POST'\n    input: RevokeAccountSessionInput\n    output: { success: true }\n  }\n  '/update-email-request': {\n    method: 'POST'\n    input: InitiateEmailUpdateInput\n    output: InitiateEmailUpdateOutput\n  }\n  '/update-email-confirm': {\n    method: 'POST'\n    input: ConfirmEmailUpdateInput\n    output: { success: true }\n  }\n  '/verify-email-request': {\n    method: 'POST'\n    input: InitiateEmailVerificationInput\n    output: { success: true }\n  }\n  '/verify-email-confirm': {\n    method: 'POST'\n    input: ConfirmEmailVerificationInput\n    output: { success: true }\n  }\n  '/consent': {\n    method: 'POST'\n    input: ConsentInput\n    output: { url: string }\n  }\n  '/reject': {\n    method: 'POST'\n    input: RejectInput\n    output: { url: string }\n  }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n  locale: string\n  username: string\n  password: string\n  emailOtp?: string\n  remember?: boolean\n}\n\nexport type SignInOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n  consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n  locale: string\n  handle: string\n  email: string\n  password: string\n  inviteCode?: string\n  hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n  account: Account\n  ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n  sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n  locale: string\n  email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n  token: string\n  password: string\n}\n\nexport type InitiateEmailUpdateInput = {\n  sub: string\n  locale?: string\n}\n\nexport type InitiateEmailUpdateOutput = {\n  tokenRequired: boolean\n}\n\nexport type ConfirmEmailUpdateInput = {\n  sub: string\n  token?: string\n  email: string\n  locale?: string\n}\n\nexport type InitiateEmailVerificationInput = {\n  sub: string\n  locale?: string\n}\n\nexport type ConfirmEmailVerificationInput = {\n  sub: string\n  token: string\n  email: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n  handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n  sub: string\n  deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n  sub: string\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n  sub: string\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n  sub: string\n  tokenId: string\n}\n\nexport type ConsentInput = {\n  sub: string\n  scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n  account: Account\n\n  /**\n   * The session is too old and the user must re-authenticate.\n   */\n  loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n  deviceId: string\n  deviceMetadata: DeviceMetadata\n\n  isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n  tokenId: string\n\n  createdAt: ISODateString\n  updatedAt: ISODateString\n\n  clientId: string\n  /** An \"undefined\" value means that the client metadata could not be fetched */\n  clientMetadata?: OAuthClientMetadata\n\n  scope?: string\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider-api",
-  "version": "0.5.0-next.0",
+  "version": "0.6.0",
   "engines": {
     "node": ">=22"
   },
@@ -26,8 +26,8 @@
     }
   },
   "dependencies": {
-    "@atproto/jwk": "^0.7.0-next.0",
-    "@atproto/oauth-types": "^0.7.0-next.0"
+    "@atproto/jwk": "^0.7.0",
+    "@atproto/oauth-types": "^0.7.0"
   },
   "devDependencies": {
     "typescript": "^6.0.3"

package/src/api-endpoints.ts

@@ -86,6 +86,26 @@ export type ApiEndpoints = {
     input: RevokeAccountSessionInput
     output: { success: true }
   }
+  '/update-email-request': {
+    method: 'POST'
+    input: InitiateEmailUpdateInput
+    output: InitiateEmailUpdateOutput
+  }
+  '/update-email-confirm': {
+    method: 'POST'
+    input: ConfirmEmailUpdateInput
+    output: { success: true }
+  }
+  '/verify-email-request': {
+    method: 'POST'
+    input: InitiateEmailVerificationInput
+    output: { success: true }
+  }
+  '/verify-email-confirm': {
+    method: 'POST'
+    input: ConfirmEmailVerificationInput
+    output: { success: true }
+  }
   '/consent': {
     method: 'POST'
     input: ConsentInput
@@ -151,6 +171,33 @@ export type ConfirmResetPasswordInput = {
   password: string
 }
 
+export type InitiateEmailUpdateInput = {
+  sub: string
+  locale?: string
+}
+
+export type InitiateEmailUpdateOutput = {
+  tokenRequired: boolean
+}
+
+export type ConfirmEmailUpdateInput = {
+  sub: string
+  token?: string
+  email: string
+  locale?: string
+}
+
+export type InitiateEmailVerificationInput = {
+  sub: string
+  locale?: string
+}
+
+export type ConfirmEmailVerificationInput = {
+  sub: string
+  token: string
+  email: string
+}
+
 export type VerifyHandleAvailabilityInput = {
   handle: string
 }