@atproto/oauth-provider-api 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,29 @@
1
1
  # @atproto/oauth-provider-api
2
2
 
3
+ ## 0.7.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#5053](https://github.com/bluesky-social/atproto/pull/5053) [`9acd39b`](https://github.com/bluesky-social/atproto/commit/9acd39b22ead6c0c56428297de425bd2b9a3c61f) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update `Account` properties to contain strongly typed `did`
8
+
9
+ - [#5053](https://github.com/bluesky-social/atproto/pull/5053) [`9acd39b`](https://github.com/bluesky-social/atproto/commit/9acd39b22ead6c0c56428297de425bd2b9a3c61f) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update interfaces to use did instead of sub
10
+
11
+ - [#5053](https://github.com/bluesky-social/atproto/pull/5053) [`9acd39b`](https://github.com/bluesky-social/atproto/commit/9acd39b22ead6c0c56428297de425bd2b9a3c61f) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add ability to deactivate and delete account from the account manager interface
12
+
13
+ ### Patch Changes
14
+
15
+ - [#5053](https://github.com/bluesky-social/atproto/pull/5053) [`9acd39b`](https://github.com/bluesky-social/atproto/commit/9acd39b22ead6c0c56428297de425bd2b9a3c61f) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove unused `consentRequired` logic from OAuth consent flow UI
16
+
17
+ ## 0.6.2
18
+
19
+ ### Patch Changes
20
+
21
+ - [#4967](https://github.com/bluesky-social/atproto/pull/4967) [`9fc720c`](https://github.com/bluesky-social/atproto/commit/9fc720ce75f3ee88a5e48a9be919b07c7647f6f5) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Use TypeScript 7 to build package
22
+
23
+ - Updated dependencies [[`9fc720c`](https://github.com/bluesky-social/atproto/commit/9fc720ce75f3ee88a5e48a9be919b07c7647f6f5)]:
24
+ - @atproto/oauth-types@0.7.2
25
+ - @atproto/jwk@0.7.1
26
+
3
27
  ## 0.6.1
4
28
 
5
29
  ### Patch Changes
@@ -1,6 +1,8 @@
1
1
  import type { SignedJwt } from '@atproto/jwk';
2
2
  import type { OAuthClientMetadata } from '@atproto/oauth-types';
3
+ import type { DidString, HandleString } from '@atproto/syntax';
3
4
  import type { Account, DeviceMetadata, ISODateString, Session } from './types.js';
5
+ export type { DidString };
4
6
  export type ApiEndpoints = {
5
7
  '/verify-handle-availability': {
6
8
  method: 'POST';
@@ -97,9 +99,7 @@ export type ApiEndpoints = {
97
99
  '/update-email-confirm': {
98
100
  method: 'POST';
99
101
  input: ConfirmEmailUpdateInput;
100
- output: {
101
- success: true;
102
- };
102
+ output: ConfirmEmailUpdateOutput;
103
103
  };
104
104
  '/verify-email-request': {
105
105
  method: 'POST';
@@ -111,13 +111,53 @@ export type ApiEndpoints = {
111
111
  '/verify-email-confirm': {
112
112
  method: 'POST';
113
113
  input: ConfirmEmailVerificationInput;
114
+ output: ConfirmEmailVerificationOutput;
115
+ };
116
+ '/update-handle': {
117
+ method: 'POST';
118
+ input: UpdateHandleInput;
119
+ output: UpdateHandleOutput;
120
+ };
121
+ /**
122
+ * Marks the account as deactivated. The account remains recoverable — the
123
+ * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.
124
+ * Profile, posts, feeds and lists are hidden across the network until then.
125
+ */
126
+ '/deactivate-account': {
127
+ method: 'POST';
128
+ input: DeactivateAccountInput;
129
+ output: DeactivateAccountOutput;
130
+ };
131
+ /**
132
+ * Reactivates a previously-deactivated account. No-op when the account is
133
+ * already active.
134
+ */
135
+ '/reactivate-account': {
136
+ method: 'POST';
137
+ input: ReactivateAccountInput;
138
+ output: ReactivateAccountOutput;
139
+ };
140
+ /**
141
+ * Initiates account deletion by sending a confirmation code to the account's
142
+ * email address. The account is NOT deleted until
143
+ * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching
144
+ * token and the user's current password.
145
+ */
146
+ '/delete-account-request': {
147
+ method: 'POST';
148
+ input: InitiateAccountDeletionInput;
114
149
  output: {
115
150
  success: true;
116
151
  };
117
152
  };
118
- '/update-handle': {
153
+ /**
154
+ * Confirms and finalizes account deletion. Requires both the email
155
+ * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}
156
+ * and the user's current password. Deletion is irreversible.
157
+ */
158
+ '/delete-account-confirm': {
119
159
  method: 'POST';
120
- input: UpdateHandleInput;
160
+ input: ConfirmAccountDeletionInput;
121
161
  output: {
122
162
  success: true;
123
163
  };
@@ -157,7 +197,6 @@ export type SignInInput = {
157
197
  export type SignInOutput = {
158
198
  account: Account;
159
199
  ephemeralToken?: EphemeralToken;
160
- consentRequired?: boolean;
161
200
  };
162
201
  export type SignUpInput = {
163
202
  locale: string;
@@ -172,7 +211,7 @@ export type SignUpOutput = {
172
211
  ephemeralToken?: EphemeralToken;
173
212
  };
174
213
  export type SignOutInput = {
175
- sub: string | string[];
214
+ did: DidString | DidString[];
176
215
  };
177
216
  export type InitiatePasswordResetInput = {
178
217
  locale: string;
@@ -183,52 +222,82 @@ export type ConfirmResetPasswordInput = {
183
222
  password: string;
184
223
  };
185
224
  export type InitiateEmailUpdateInput = {
186
- sub: string;
225
+ did: DidString;
187
226
  locale?: string;
188
227
  };
189
228
  export type InitiateEmailUpdateOutput = {
190
229
  tokenRequired: boolean;
191
230
  };
192
231
  export type ConfirmEmailUpdateInput = {
193
- sub: string;
232
+ did: DidString;
194
233
  token?: string;
195
234
  email: string;
196
235
  locale?: string;
197
236
  };
237
+ export type ConfirmEmailUpdateOutput = {
238
+ account: Account;
239
+ };
198
240
  export type InitiateEmailVerificationInput = {
199
- sub: string;
241
+ did: DidString;
200
242
  locale?: string;
201
243
  };
202
244
  export type ConfirmEmailVerificationInput = {
203
- sub: string;
245
+ did: DidString;
204
246
  token: string;
205
247
  email: string;
206
248
  };
249
+ export type ConfirmEmailVerificationOutput = {
250
+ account: Account;
251
+ };
207
252
  export type VerifyHandleAvailabilityInput = {
208
- handle: string;
253
+ handle: HandleString;
209
254
  };
210
255
  export type UpdateHandleInput = {
211
- sub: string;
212
- handle: string;
256
+ did: DidString;
257
+ handle: HandleString;
258
+ };
259
+ export type UpdateHandleOutput = {
260
+ account: Account;
261
+ };
262
+ export type DeactivateAccountInput = {
263
+ did: DidString;
264
+ };
265
+ export type DeactivateAccountOutput = {
266
+ account: Account;
267
+ };
268
+ export type ReactivateAccountInput = {
269
+ did: DidString;
270
+ };
271
+ export type ReactivateAccountOutput = {
272
+ account: Account;
273
+ };
274
+ export type InitiateAccountDeletionInput = {
275
+ did: DidString;
276
+ locale?: string;
277
+ };
278
+ export type ConfirmAccountDeletionInput = {
279
+ did: DidString;
280
+ token: string;
281
+ password: string;
213
282
  };
214
283
  export type RevokeAccountSessionInput = {
215
- sub: string;
284
+ did: DidString;
216
285
  deviceId: string;
217
286
  };
218
287
  export type OAuthSessionsInput = {
219
- sub: string;
288
+ did: DidString;
220
289
  };
221
290
  export type OAuthSessionsOutput = ActiveOAuthSession[];
222
291
  export type AccountSessionsInput = {
223
- sub: string;
292
+ did: DidString;
224
293
  };
225
294
  export type AccountSessionsOutput = ActiveAccountSession[];
226
295
  export type RevokeOAuthSessionInput = {
227
- sub: string;
296
+ did: DidString;
228
297
  tokenId: string;
229
298
  };
230
299
  export type ConsentInput = {
231
- sub: string;
300
+ did: DidString;
232
301
  scope?: string;
233
302
  };
234
303
  export type RejectInput = Record<string, never>;
@@ -1 +1 @@
1
- {"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAKnB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,wBAAwB,CAAA;QAC/B,MAAM,EAAE,yBAAyB,CAAA;KAClC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,8BAA8B,CAAA;QACrC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,iBAAiB,CAAA;QACxB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
1
+ {"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9D,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAEnB,YAAY,EAAE,SAAS,EAAE,CAAA;AAKzB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,wBAAwB,CAAA;QAC/B,MAAM,EAAE,yBAAyB,CAAA;KAClC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE,wBAAwB,CAAA;KACjC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,8BAA8B,CAAA;QACrC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE,8BAA8B,CAAA;KACvC,CAAA;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,iBAAiB,CAAA;QACxB,MAAM,EAAE,kBAAkB,CAAA;KAC3B,CAAA;IACD;;;;OAIG;IACH,qBAAqB,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,sBAAsB,CAAA;QAC7B,MAAM,EAAE,uBAAuB,CAAA;KAChC,CAAA;IACD;;;OAGG;IACH,qBAAqB,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,sBAAsB,CAAA;QAC7B,MAAM,EAAE,uBAAuB,CAAA;KAChC,CAAA;IACD;;;;;OAKG;IACH,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,4BAA4B,CAAA;QACnC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;;OAIG;IACH,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,2BAA2B,CAAA;QAClC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,SAAS,GAAG,SAAS,EAAE,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,YAAY,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,EAAE,YAAY,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,SAAS,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
@@ -1 +1 @@
1
- {"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/update-email-request': {\n method: 'POST'\n input: InitiateEmailUpdateInput\n output: InitiateEmailUpdateOutput\n }\n '/update-email-confirm': {\n method: 'POST'\n input: ConfirmEmailUpdateInput\n output: { success: true }\n }\n '/verify-email-request': {\n method: 'POST'\n input: InitiateEmailVerificationInput\n output: { success: true }\n }\n '/verify-email-confirm': {\n method: 'POST'\n input: ConfirmEmailVerificationInput\n output: { success: true }\n }\n '/update-handle': {\n method: 'POST'\n input: UpdateHandleInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n consentRequired?: boolean\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n sub: string | string[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type InitiateEmailUpdateInput = {\n sub: string\n locale?: string\n}\n\nexport type InitiateEmailUpdateOutput = {\n tokenRequired: boolean\n}\n\nexport type ConfirmEmailUpdateInput = {\n sub: string\n token?: string\n email: string\n locale?: string\n}\n\nexport type InitiateEmailVerificationInput = {\n sub: string\n locale?: string\n}\n\nexport type ConfirmEmailVerificationInput = {\n sub: string\n token: string\n email: string\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: string\n}\n\nexport type UpdateHandleInput = {\n sub: string\n handle: string\n}\n\nexport type RevokeAccountSessionInput = {\n sub: string\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n sub: string\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n sub: string\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n sub: string\n tokenId: string\n}\n\nexport type ConsentInput = {\n sub: string\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
1
+ {"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type { DidString, HandleString } from '@atproto/syntax'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\nexport type { DidString }\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/update-email-request': {\n method: 'POST'\n input: InitiateEmailUpdateInput\n output: InitiateEmailUpdateOutput\n }\n '/update-email-confirm': {\n method: 'POST'\n input: ConfirmEmailUpdateInput\n output: ConfirmEmailUpdateOutput\n }\n '/verify-email-request': {\n method: 'POST'\n input: InitiateEmailVerificationInput\n output: { success: true }\n }\n '/verify-email-confirm': {\n method: 'POST'\n input: ConfirmEmailVerificationInput\n output: ConfirmEmailVerificationOutput\n }\n '/update-handle': {\n method: 'POST'\n input: UpdateHandleInput\n output: UpdateHandleOutput\n }\n /**\n * Marks the account as deactivated. The account remains recoverable — the\n * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.\n * Profile, posts, feeds and lists are hidden across the network until then.\n */\n '/deactivate-account': {\n method: 'POST'\n input: DeactivateAccountInput\n output: DeactivateAccountOutput\n }\n /**\n * Reactivates a previously-deactivated account. No-op when the account is\n * already active.\n */\n '/reactivate-account': {\n method: 'POST'\n input: ReactivateAccountInput\n output: ReactivateAccountOutput\n }\n /**\n * Initiates account deletion by sending a confirmation code to the account's\n * email address. The account is NOT deleted until\n * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching\n * token and the user's current password.\n */\n '/delete-account-request': {\n method: 'POST'\n input: InitiateAccountDeletionInput\n output: { success: true }\n }\n /**\n * Confirms and finalizes account deletion. Requires both the email\n * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}\n * and the user's current password. Deletion is irreversible.\n */\n '/delete-account-confirm': {\n method: 'POST'\n input: ConfirmAccountDeletionInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n did: DidString | DidString[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type InitiateEmailUpdateInput = {\n did: DidString\n locale?: string\n}\n\nexport type InitiateEmailUpdateOutput = {\n tokenRequired: boolean\n}\n\nexport type ConfirmEmailUpdateInput = {\n did: DidString\n token?: string\n email: string\n locale?: string\n}\n\nexport type ConfirmEmailUpdateOutput = {\n account: Account\n}\n\nexport type InitiateEmailVerificationInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmEmailVerificationInput = {\n did: DidString\n token: string\n email: string\n}\n\nexport type ConfirmEmailVerificationOutput = {\n account: Account\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: HandleString\n}\n\nexport type UpdateHandleInput = {\n did: DidString\n handle: HandleString\n}\n\nexport type UpdateHandleOutput = {\n account: Account\n}\n\nexport type DeactivateAccountInput = {\n did: DidString\n}\n\nexport type DeactivateAccountOutput = {\n account: Account\n}\n\nexport type ReactivateAccountInput = {\n did: DidString\n}\n\nexport type ReactivateAccountOutput = {\n account: Account\n}\n\nexport type InitiateAccountDeletionInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmAccountDeletionInput = {\n did: DidString\n token: string\n password: string\n}\n\nexport type RevokeAccountSessionInput = {\n did: DidString\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n did: DidString\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n did: DidString\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n did: DidString\n tokenId: string\n}\n\nexport type ConsentInput = {\n did: DidString\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
@@ -1 +1 @@
1
- {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,yFAQ3B,CAAA;AAEX,MAAM,MAAM,uBAAuB,GAAG,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEhF,eAAO,MAAM,yBAAyB,GACpC,OAAO,OAAO,KACb,KAAK,IAAI,uBAEX,CAAA"}
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,yFAQ3B,CAAA;AAEX,MAAM,MAAM,uBAAuB,GAAG,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEhF,eAAO,MAAM,yBAAyB,UAC7B,OAAO,KACb,KAAK,IAAI,uBAEX,CAAA"}
package/dist/types.d.ts CHANGED
@@ -1,11 +1,14 @@
1
+ import type { DidString, HandleString } from '@atproto/syntax';
2
+ export type { DidString };
1
3
  export type Account = {
2
- sub: string;
3
- aud: string | [string, ...string[]];
4
+ did: DidString;
5
+ pds: DidString;
6
+ deactivated: boolean;
4
7
  locale?: string;
5
8
  email?: string;
6
- email_verified?: boolean;
9
+ emailVerified?: boolean;
7
10
  name?: string;
8
- preferred_username?: string;
11
+ handle?: HandleString;
9
12
  picture?: string;
10
13
  };
11
14
  /**
@@ -17,7 +20,6 @@ export type Session = {
17
20
  account: Account;
18
21
  info?: never;
19
22
  loginRequired: boolean;
20
- consentRequired?: boolean;
21
23
  };
22
24
  export type MultiLangString = Record<string, string | undefined>;
23
25
  export type LinkDefinition = {
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAEnC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,GAAG,eAAe,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAE9D,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,SAAS,CAAA;IACd,GAAG,EAAE,SAAS,CAAA;IACd,WAAW,EAAE,OAAO,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,YAAY,CAAA;IACrB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,MAAM,GAAG,eAAe,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,aAAa,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,MAAM,IAAI,MAAM,GAAG,CAAA"}
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["// @TODO replace with OidcUserinfo\nexport type Account = {\n sub: string\n aud: string | [string, ...string[]]\n\n locale?: string\n email?: string\n email_verified?: boolean\n name?: string\n preferred_username?: string\n picture?: string\n}\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link Session.loginRequired}).\n */\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n loginRequired: boolean\n consentRequired?: boolean\n}\n\nexport type MultiLangString = Record<string, string | undefined>\n\nexport type LinkDefinition = {\n title: string | MultiLangString\n href: string\n rel?: string\n}\n\nexport type DeviceMetadata = {\n userAgent: string | null\n ipAddress: string\n lastSeenAt: ISODateString\n}\n\nexport type ISODateString = `${string}T${string}Z`\n"]}
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { DidString, HandleString } from '@atproto/syntax'\n\nexport type { DidString }\n\nexport type Account = {\n did: DidString\n pds: DidString\n deactivated: boolean\n locale?: string\n email?: string\n emailVerified?: boolean\n name?: string\n handle?: HandleString\n picture?: string\n}\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link Session.loginRequired}).\n */\nexport type Session = {\n account: Account\n info?: never // Prevent relying on this in the frontend\n\n loginRequired: boolean\n}\n\nexport type MultiLangString = Record<string, string | undefined>\n\nexport type LinkDefinition = {\n title: string | MultiLangString\n href: string\n rel?: string\n}\n\nexport type DeviceMetadata = {\n userAgent: string | null\n ipAddress: string\n lastSeenAt: ISODateString\n}\n\nexport type ISODateString = `${string}T${string}Z`\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/oauth-provider-api",
3
- "version": "0.6.1",
3
+ "version": "0.7.0",
4
4
  "engines": {
5
5
  "node": ">=22"
6
6
  },
@@ -26,13 +26,12 @@
26
26
  }
27
27
  },
28
28
  "dependencies": {
29
- "@atproto/jwk": "^0.7.0",
30
- "@atproto/oauth-types": "^0.7.1"
31
- },
32
- "devDependencies": {
33
- "typescript": "^6.0.3"
29
+ "@atproto/jwk": "^0.7.1",
30
+ "@atproto/oauth-types": "^0.7.2",
31
+ "@atproto/syntax": "^0.6.2"
34
32
  },
33
+ "devDependencies": {},
35
34
  "scripts": {
36
- "build": "tsc --build tsconfig.build.json"
35
+ "build": "tsgo --build tsconfig.build.json"
37
36
  }
38
37
  }
@@ -1,5 +1,6 @@
1
1
  import type { SignedJwt } from '@atproto/jwk'
2
2
  import type { OAuthClientMetadata } from '@atproto/oauth-types'
3
+ import type { DidString, HandleString } from '@atproto/syntax'
3
4
  import type {
4
5
  Account,
5
6
  DeviceMetadata,
@@ -7,6 +8,8 @@ import type {
7
8
  Session,
8
9
  } from './types.js'
9
10
 
11
+ export type { DidString }
12
+
10
13
  // These are the endpoints implemented by the OAuth provider, for its UI to
11
14
  // call.
12
15
 
@@ -94,7 +97,7 @@ export type ApiEndpoints = {
94
97
  '/update-email-confirm': {
95
98
  method: 'POST'
96
99
  input: ConfirmEmailUpdateInput
97
- output: { success: true }
100
+ output: ConfirmEmailUpdateOutput
98
101
  }
99
102
  '/verify-email-request': {
100
103
  method: 'POST'
@@ -104,11 +107,51 @@ export type ApiEndpoints = {
104
107
  '/verify-email-confirm': {
105
108
  method: 'POST'
106
109
  input: ConfirmEmailVerificationInput
107
- output: { success: true }
110
+ output: ConfirmEmailVerificationOutput
108
111
  }
109
112
  '/update-handle': {
110
113
  method: 'POST'
111
114
  input: UpdateHandleInput
115
+ output: UpdateHandleOutput
116
+ }
117
+ /**
118
+ * Marks the account as deactivated. The account remains recoverable — the
119
+ * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.
120
+ * Profile, posts, feeds and lists are hidden across the network until then.
121
+ */
122
+ '/deactivate-account': {
123
+ method: 'POST'
124
+ input: DeactivateAccountInput
125
+ output: DeactivateAccountOutput
126
+ }
127
+ /**
128
+ * Reactivates a previously-deactivated account. No-op when the account is
129
+ * already active.
130
+ */
131
+ '/reactivate-account': {
132
+ method: 'POST'
133
+ input: ReactivateAccountInput
134
+ output: ReactivateAccountOutput
135
+ }
136
+ /**
137
+ * Initiates account deletion by sending a confirmation code to the account's
138
+ * email address. The account is NOT deleted until
139
+ * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching
140
+ * token and the user's current password.
141
+ */
142
+ '/delete-account-request': {
143
+ method: 'POST'
144
+ input: InitiateAccountDeletionInput
145
+ output: { success: true }
146
+ }
147
+ /**
148
+ * Confirms and finalizes account deletion. Requires both the email
149
+ * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}
150
+ * and the user's current password. Deletion is irreversible.
151
+ */
152
+ '/delete-account-confirm': {
153
+ method: 'POST'
154
+ input: ConfirmAccountDeletionInput
112
155
  output: { success: true }
113
156
  }
114
157
  '/consent': {
@@ -145,7 +188,6 @@ export type SignInInput = {
145
188
  export type SignInOutput = {
146
189
  account: Account
147
190
  ephemeralToken?: EphemeralToken
148
- consentRequired?: boolean
149
191
  }
150
192
 
151
193
  export type SignUpInput = {
@@ -163,7 +205,7 @@ export type SignUpOutput = {
163
205
  }
164
206
 
165
207
  export type SignOutInput = {
166
- sub: string | string[]
208
+ did: DidString | DidString[]
167
209
  }
168
210
 
169
211
  export type InitiatePasswordResetInput = {
@@ -177,7 +219,7 @@ export type ConfirmResetPasswordInput = {
177
219
  }
178
220
 
179
221
  export type InitiateEmailUpdateInput = {
180
- sub: string
222
+ did: DidString
181
223
  locale?: string
182
224
  }
183
225
 
@@ -186,56 +228,95 @@ export type InitiateEmailUpdateOutput = {
186
228
  }
187
229
 
188
230
  export type ConfirmEmailUpdateInput = {
189
- sub: string
231
+ did: DidString
190
232
  token?: string
191
233
  email: string
192
234
  locale?: string
193
235
  }
194
236
 
237
+ export type ConfirmEmailUpdateOutput = {
238
+ account: Account
239
+ }
240
+
195
241
  export type InitiateEmailVerificationInput = {
196
- sub: string
242
+ did: DidString
197
243
  locale?: string
198
244
  }
199
245
 
200
246
  export type ConfirmEmailVerificationInput = {
201
- sub: string
247
+ did: DidString
202
248
  token: string
203
249
  email: string
204
250
  }
205
251
 
252
+ export type ConfirmEmailVerificationOutput = {
253
+ account: Account
254
+ }
255
+
206
256
  export type VerifyHandleAvailabilityInput = {
207
- handle: string
257
+ handle: HandleString
208
258
  }
209
259
 
210
260
  export type UpdateHandleInput = {
211
- sub: string
212
- handle: string
261
+ did: DidString
262
+ handle: HandleString
263
+ }
264
+
265
+ export type UpdateHandleOutput = {
266
+ account: Account
267
+ }
268
+
269
+ export type DeactivateAccountInput = {
270
+ did: DidString
271
+ }
272
+
273
+ export type DeactivateAccountOutput = {
274
+ account: Account
275
+ }
276
+
277
+ export type ReactivateAccountInput = {
278
+ did: DidString
279
+ }
280
+
281
+ export type ReactivateAccountOutput = {
282
+ account: Account
283
+ }
284
+
285
+ export type InitiateAccountDeletionInput = {
286
+ did: DidString
287
+ locale?: string
288
+ }
289
+
290
+ export type ConfirmAccountDeletionInput = {
291
+ did: DidString
292
+ token: string
293
+ password: string
213
294
  }
214
295
 
215
296
  export type RevokeAccountSessionInput = {
216
- sub: string
297
+ did: DidString
217
298
  deviceId: string
218
299
  }
219
300
 
220
301
  export type OAuthSessionsInput = {
221
- sub: string
302
+ did: DidString
222
303
  }
223
304
 
224
305
  export type OAuthSessionsOutput = ActiveOAuthSession[]
225
306
 
226
307
  export type AccountSessionsInput = {
227
- sub: string
308
+ did: DidString
228
309
  }
229
310
 
230
311
  export type AccountSessionsOutput = ActiveAccountSession[]
231
312
 
232
313
  export type RevokeOAuthSessionInput = {
233
- sub: string
314
+ did: DidString
234
315
  tokenId: string
235
316
  }
236
317
 
237
318
  export type ConsentInput = {
238
- sub: string
319
+ did: DidString
239
320
  scope?: string
240
321
  }
241
322
 
package/src/types.ts CHANGED
@@ -1,13 +1,16 @@
1
- // @TODO replace with OidcUserinfo
2
- export type Account = {
3
- sub: string
4
- aud: string | [string, ...string[]]
1
+ import type { DidString, HandleString } from '@atproto/syntax'
2
+
3
+ export type { DidString }
5
4
 
5
+ export type Account = {
6
+ did: DidString
7
+ pds: DidString
8
+ deactivated: boolean
6
9
  locale?: string
7
10
  email?: string
8
- email_verified?: boolean
11
+ emailVerified?: boolean
9
12
  name?: string
10
- preferred_username?: string
13
+ handle?: HandleString
11
14
  picture?: string
12
15
  }
13
16
 
@@ -21,7 +24,6 @@ export type Session = {
21
24
  info?: never // Prevent relying on this in the frontend
22
25
 
23
26
  loginRequired: boolean
24
- consentRequired?: boolean
25
27
  }
26
28
 
27
29
  export type MultiLangString = Record<string, string | undefined>
@@ -2,7 +2,7 @@
2
2
  "extends": "../../../tsconfig/isomorphic.json",
3
3
  "compilerOptions": {
4
4
  "rootDir": "./src",
5
- "outDir": "./dist"
5
+ "outDir": "./dist",
6
6
  },
7
- "include": ["./src"]
7
+ "include": ["./src"],
8
8
  }
@@ -1 +1 @@
1
- {"root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/errors.ts","./src/index.ts","./src/types.ts"],"version":"6.0.3"}
1
+ {"version":"7.0.0-dev.20260614.1","root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/errors.ts","./src/index.ts","./src/types.ts"]}
package/tsconfig.json CHANGED
@@ -1,4 +1,4 @@
1
1
  {
2
2
  "include": [],
3
- "references": [{ "path": "./tsconfig.build.json" }]
3
+ "references": [{ "path": "./tsconfig.build.json" }],
4
4
  }