@atproto/oauth-provider-api 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# @atproto/oauth-provider-api
|
|
2
2
|
|
|
3
|
+
## 0.7.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#5140](https://github.com/bluesky-social/atproto/pull/5140) [`0b165ca`](https://github.com/bluesky-social/atproto/commit/0b165ca96c460d3a30207f81e13eebfe9e8c7a1c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add `deleteAfter` field to account deactivation data
|
|
8
|
+
|
|
3
9
|
## 0.7.0
|
|
4
10
|
|
|
5
11
|
### Minor Changes
|
package/dist/api-endpoints.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk';
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types';
|
|
3
|
-
import type { DidString, HandleString } from '@atproto/syntax';
|
|
3
|
+
import type { DatetimeString, DidString, HandleString } from '@atproto/syntax';
|
|
4
4
|
import type { Account, DeviceMetadata, ISODateString, Session } from './types.js';
|
|
5
5
|
export type { DidString };
|
|
6
6
|
export type ApiEndpoints = {
|
|
@@ -261,6 +261,7 @@ export type UpdateHandleOutput = {
|
|
|
261
261
|
};
|
|
262
262
|
export type DeactivateAccountInput = {
|
|
263
263
|
did: DidString;
|
|
264
|
+
deleteAfter?: DatetimeString;
|
|
264
265
|
};
|
|
265
266
|
export type DeactivateAccountOutput = {
|
|
266
267
|
account: Account;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;
|
|
1
|
+
{"version":3,"file":"api-endpoints.d.ts","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,OAAO,EACR,MAAM,YAAY,CAAA;AAEnB,YAAY,EAAE,SAAS,EAAE,CAAA;AAKzB,MAAM,MAAM,YAAY,GAAG;IACzB,6BAA6B,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE;YAAE,SAAS,EAAE,IAAI,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE,YAAY,CAAA;KACrB,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,0BAA0B,CAAA;QACjC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;OAEG;IACH,kBAAkB,EAAE;QAClB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,OAAO,EAAE,CAAA;KAClB,CAAA;IACD;;;;;;;;;;;;;OAaG;IACH,iBAAiB,EAAE;QACjB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,kBAAkB,CAAA;QAC1B,MAAM,EAAE,mBAAmB,CAAA;KAC5B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;OAGG;IACH,mBAAmB,EAAE;QACnB,MAAM,EAAE,KAAK,CAAA;QACb,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,qBAAqB,CAAA;KAC9B,CAAA;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,yBAAyB,CAAA;QAChC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,wBAAwB,CAAA;QAC/B,MAAM,EAAE,yBAAyB,CAAA;KAClC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,uBAAuB,CAAA;QAC9B,MAAM,EAAE,wBAAwB,CAAA;KACjC,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,8BAA8B,CAAA;QACrC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,uBAAuB,EAAE;QACvB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,6BAA6B,CAAA;QACpC,MAAM,EAAE,8BAA8B,CAAA;KACvC,CAAA;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,iBAAiB,CAAA;QACxB,MAAM,EAAE,kBAAkB,CAAA;KAC3B,CAAA;IACD;;;;OAIG;IACH,qBAAqB,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,sBAAsB,CAAA;QAC7B,MAAM,EAAE,uBAAuB,CAAA;KAChC,CAAA;IACD;;;OAGG;IACH,qBAAqB,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,sBAAsB,CAAA;QAC7B,MAAM,EAAE,uBAAuB,CAAA;KAChC,CAAA;IACD;;;;;OAKG;IACH,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,4BAA4B,CAAA;QACnC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD;;;;OAIG;IACH,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,2BAA2B,CAAA;QAClC,MAAM,EAAE;YAAE,OAAO,EAAE,IAAI,CAAA;SAAE,CAAA;KAC1B,CAAA;IACD,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,YAAY,CAAA;QACnB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;IACD,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,WAAW,CAAA;QAClB,MAAM,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KACxB,CAAA;CACF,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,CAAA;AAEtC,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,SAAS,GAAG,SAAS,EAAE,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,YAAY,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,EAAE,YAAY,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,SAAS,CAAA;IACd,WAAW,CAAC,EAAE,cAAc,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,EAAE,SAAS,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG,kBAAkB,EAAE,CAAA;AAEtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,SAAS,CAAA;CACf,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,oBAAoB,EAAE,CAAA;AAE1D,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AAE/C;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,cAAc,CAAA;IAE9B,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IAEf,SAAS,EAAE,aAAa,CAAA;IACxB,SAAS,EAAE,aAAa,CAAA;IAExB,QAAQ,EAAE,MAAM,CAAA;IAChB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,mBAAmB,CAAA;IAEpC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type { DidString, HandleString } from '@atproto/syntax'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\nexport type { DidString }\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/update-email-request': {\n method: 'POST'\n input: InitiateEmailUpdateInput\n output: InitiateEmailUpdateOutput\n }\n '/update-email-confirm': {\n method: 'POST'\n input: ConfirmEmailUpdateInput\n output: ConfirmEmailUpdateOutput\n }\n '/verify-email-request': {\n method: 'POST'\n input: InitiateEmailVerificationInput\n output: { success: true }\n }\n '/verify-email-confirm': {\n method: 'POST'\n input: ConfirmEmailVerificationInput\n output: ConfirmEmailVerificationOutput\n }\n '/update-handle': {\n method: 'POST'\n input: UpdateHandleInput\n output: UpdateHandleOutput\n }\n /**\n * Marks the account as deactivated. The account remains recoverable — the\n * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.\n * Profile, posts, feeds and lists are hidden across the network until then.\n */\n '/deactivate-account': {\n method: 'POST'\n input: DeactivateAccountInput\n output: DeactivateAccountOutput\n }\n /**\n * Reactivates a previously-deactivated account. No-op when the account is\n * already active.\n */\n '/reactivate-account': {\n method: 'POST'\n input: ReactivateAccountInput\n output: ReactivateAccountOutput\n }\n /**\n * Initiates account deletion by sending a confirmation code to the account's\n * email address. The account is NOT deleted until\n * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching\n * token and the user's current password.\n */\n '/delete-account-request': {\n method: 'POST'\n input: InitiateAccountDeletionInput\n output: { success: true }\n }\n /**\n * Confirms and finalizes account deletion. Requires both the email\n * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}\n * and the user's current password. Deletion is irreversible.\n */\n '/delete-account-confirm': {\n method: 'POST'\n input: ConfirmAccountDeletionInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n did: DidString | DidString[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type InitiateEmailUpdateInput = {\n did: DidString\n locale?: string\n}\n\nexport type InitiateEmailUpdateOutput = {\n tokenRequired: boolean\n}\n\nexport type ConfirmEmailUpdateInput = {\n did: DidString\n token?: string\n email: string\n locale?: string\n}\n\nexport type ConfirmEmailUpdateOutput = {\n account: Account\n}\n\nexport type InitiateEmailVerificationInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmEmailVerificationInput = {\n did: DidString\n token: string\n email: string\n}\n\nexport type ConfirmEmailVerificationOutput = {\n account: Account\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: HandleString\n}\n\nexport type UpdateHandleInput = {\n did: DidString\n handle: HandleString\n}\n\nexport type UpdateHandleOutput = {\n account: Account\n}\n\nexport type DeactivateAccountInput = {\n did: DidString\n}\n\nexport type DeactivateAccountOutput = {\n account: Account\n}\n\nexport type ReactivateAccountInput = {\n did: DidString\n}\n\nexport type ReactivateAccountOutput = {\n account: Account\n}\n\nexport type InitiateAccountDeletionInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmAccountDeletionInput = {\n did: DidString\n token: string\n password: string\n}\n\nexport type RevokeAccountSessionInput = {\n did: DidString\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n did: DidString\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n did: DidString\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n did: DidString\n tokenId: string\n}\n\nexport type ConsentInput = {\n did: DidString\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
|
|
1
|
+
{"version":3,"file":"api-endpoints.js","sourceRoot":"","sources":["../src/api-endpoints.ts"],"names":[],"mappings":"","sourcesContent":["import type { SignedJwt } from '@atproto/jwk'\nimport type { OAuthClientMetadata } from '@atproto/oauth-types'\nimport type { DatetimeString, DidString, HandleString } from '@atproto/syntax'\nimport type {\n Account,\n DeviceMetadata,\n ISODateString,\n Session,\n} from './types.js'\n\nexport type { DidString }\n\n// These are the endpoints implemented by the OAuth provider, for its UI to\n// call.\n\nexport type ApiEndpoints = {\n '/verify-handle-availability': {\n method: 'POST'\n input: VerifyHandleAvailabilityInput\n output: { available: true }\n }\n '/sign-up': {\n method: 'POST'\n input: SignUpInput\n output: SignUpOutput\n }\n '/sign-in': {\n method: 'POST'\n input: SignInInput\n output: SignInOutput\n }\n '/reset-password-request': {\n method: 'POST'\n input: InitiatePasswordResetInput\n output: { success: true }\n }\n '/reset-password-confirm': {\n method: 'POST'\n input: ConfirmResetPasswordInput\n output: { success: true }\n }\n '/sign-out': {\n method: 'POST'\n input: SignOutInput\n output: { success: true }\n }\n /**\n * Lists all the accounts that are currently active, on the current device.\n */\n '/device-sessions': {\n method: 'GET'\n output: Session[]\n }\n /**\n * Lists all the active OAuth sessions (access/refresh tokens) that where\n * issued to OAuth clients (apps).\n *\n * @NOTE can be revoked using the oauth revocation endpoint (json or form\n * encoded)\n *\n * ```http\n * POST /oauth/revoke\n * Content-Type: application/x-www-form-urlencoded\n *\n * token=<tokenId>\n * ```\n */\n '/oauth-sessions': {\n method: 'GET'\n params: OAuthSessionsInput\n output: OAuthSessionsOutput\n }\n '/revoke-oauth-session': {\n method: 'POST'\n input: RevokeOAuthSessionInput\n output: { success: true }\n }\n /**\n * Lists all the sessions that are currently active for a particular user, on\n * other devices.\n */\n '/account-sessions': {\n method: 'GET'\n params: AccountSessionsInput\n output: AccountSessionsOutput\n }\n '/revoke-account-session': {\n method: 'POST'\n input: RevokeAccountSessionInput\n output: { success: true }\n }\n '/update-email-request': {\n method: 'POST'\n input: InitiateEmailUpdateInput\n output: InitiateEmailUpdateOutput\n }\n '/update-email-confirm': {\n method: 'POST'\n input: ConfirmEmailUpdateInput\n output: ConfirmEmailUpdateOutput\n }\n '/verify-email-request': {\n method: 'POST'\n input: InitiateEmailVerificationInput\n output: { success: true }\n }\n '/verify-email-confirm': {\n method: 'POST'\n input: ConfirmEmailVerificationInput\n output: ConfirmEmailVerificationOutput\n }\n '/update-handle': {\n method: 'POST'\n input: UpdateHandleInput\n output: UpdateHandleOutput\n }\n /**\n * Marks the account as deactivated. The account remains recoverable — the\n * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.\n * Profile, posts, feeds and lists are hidden across the network until then.\n */\n '/deactivate-account': {\n method: 'POST'\n input: DeactivateAccountInput\n output: DeactivateAccountOutput\n }\n /**\n * Reactivates a previously-deactivated account. No-op when the account is\n * already active.\n */\n '/reactivate-account': {\n method: 'POST'\n input: ReactivateAccountInput\n output: ReactivateAccountOutput\n }\n /**\n * Initiates account deletion by sending a confirmation code to the account's\n * email address. The account is NOT deleted until\n * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching\n * token and the user's current password.\n */\n '/delete-account-request': {\n method: 'POST'\n input: InitiateAccountDeletionInput\n output: { success: true }\n }\n /**\n * Confirms and finalizes account deletion. Requires both the email\n * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}\n * and the user's current password. Deletion is irreversible.\n */\n '/delete-account-confirm': {\n method: 'POST'\n input: ConfirmAccountDeletionInput\n output: { success: true }\n }\n '/consent': {\n method: 'POST'\n input: ConsentInput\n output: { url: string }\n }\n '/reject': {\n method: 'POST'\n input: RejectInput\n output: { url: string }\n }\n}\n\n/**\n * When a user signs in without the \"remember me\" option, the server returns an\n * ephemeral token. When used as `Bearer` authorization header, the token will\n * be used in order to authenticate the users in place of using the user's\n * cookie based session (which are only created when \"remember me\" is checked).\n *\n * Only include this token in the `Authorization` header when making requests to\n * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.\n */\nexport type EphemeralToken = SignedJwt\n\nexport type SignInInput = {\n locale: string\n username: string\n password: string\n emailOtp?: string\n remember?: boolean\n}\n\nexport type SignInOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignUpInput = {\n locale: string\n handle: string\n email: string\n password: string\n inviteCode?: string\n hcaptchaToken?: string\n}\n\nexport type SignUpOutput = {\n account: Account\n ephemeralToken?: EphemeralToken\n}\n\nexport type SignOutInput = {\n did: DidString | DidString[]\n}\n\nexport type InitiatePasswordResetInput = {\n locale: string\n email: string\n}\n\nexport type ConfirmResetPasswordInput = {\n token: string\n password: string\n}\n\nexport type InitiateEmailUpdateInput = {\n did: DidString\n locale?: string\n}\n\nexport type InitiateEmailUpdateOutput = {\n tokenRequired: boolean\n}\n\nexport type ConfirmEmailUpdateInput = {\n did: DidString\n token?: string\n email: string\n locale?: string\n}\n\nexport type ConfirmEmailUpdateOutput = {\n account: Account\n}\n\nexport type InitiateEmailVerificationInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmEmailVerificationInput = {\n did: DidString\n token: string\n email: string\n}\n\nexport type ConfirmEmailVerificationOutput = {\n account: Account\n}\n\nexport type VerifyHandleAvailabilityInput = {\n handle: HandleString\n}\n\nexport type UpdateHandleInput = {\n did: DidString\n handle: HandleString\n}\n\nexport type UpdateHandleOutput = {\n account: Account\n}\n\nexport type DeactivateAccountInput = {\n did: DidString\n deleteAfter?: DatetimeString\n}\n\nexport type DeactivateAccountOutput = {\n account: Account\n}\n\nexport type ReactivateAccountInput = {\n did: DidString\n}\n\nexport type ReactivateAccountOutput = {\n account: Account\n}\n\nexport type InitiateAccountDeletionInput = {\n did: DidString\n locale?: string\n}\n\nexport type ConfirmAccountDeletionInput = {\n did: DidString\n token: string\n password: string\n}\n\nexport type RevokeAccountSessionInput = {\n did: DidString\n deviceId: string\n}\n\nexport type OAuthSessionsInput = {\n did: DidString\n}\n\nexport type OAuthSessionsOutput = ActiveOAuthSession[]\n\nexport type AccountSessionsInput = {\n did: DidString\n}\n\nexport type AccountSessionsOutput = ActiveAccountSession[]\n\nexport type RevokeOAuthSessionInput = {\n did: DidString\n tokenId: string\n}\n\nexport type ConsentInput = {\n did: DidString\n scope?: string\n}\n\nexport type RejectInput = Record<string, never>\n\n/**\n * Represents an account that is currently signed-in to the Authorization\n * Server. If the session was created too long ago, the user may be required to\n * re-authenticate ({@link ActiveDeviceSession.loginRequired}).\n */\nexport type ActiveDeviceSession = {\n account: Account\n\n /**\n * The session is too old and the user must re-authenticate.\n */\n loginRequired: boolean\n}\n\n/**\n * Represents another device on which an account is currently signed-in.\n */\nexport type ActiveAccountSession = {\n deviceId: string\n deviceMetadata: DeviceMetadata\n\n isCurrentDevice: boolean\n}\n\n/**\n * Represents an active OAuth session (access token).\n */\nexport type ActiveOAuthSession = {\n tokenId: string\n\n createdAt: ISODateString\n updatedAt: ISODateString\n\n clientId: string\n /** An \"undefined\" value means that the client metadata could not be fetched */\n clientMetadata?: OAuthClientMetadata\n\n scope?: string\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider-api",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"engines": {
|
|
5
5
|
"node": ">=22"
|
|
6
6
|
},
|
|
@@ -27,8 +27,8 @@
|
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
29
|
"@atproto/jwk": "^0.7.1",
|
|
30
|
-
"@atproto/
|
|
31
|
-
"@atproto/
|
|
30
|
+
"@atproto/syntax": "^0.6.2",
|
|
31
|
+
"@atproto/oauth-types": "^0.7.2"
|
|
32
32
|
},
|
|
33
33
|
"devDependencies": {},
|
|
34
34
|
"scripts": {
|
package/src/api-endpoints.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { SignedJwt } from '@atproto/jwk'
|
|
2
2
|
import type { OAuthClientMetadata } from '@atproto/oauth-types'
|
|
3
|
-
import type { DidString, HandleString } from '@atproto/syntax'
|
|
3
|
+
import type { DatetimeString, DidString, HandleString } from '@atproto/syntax'
|
|
4
4
|
import type {
|
|
5
5
|
Account,
|
|
6
6
|
DeviceMetadata,
|
|
@@ -268,6 +268,7 @@ export type UpdateHandleOutput = {
|
|
|
268
268
|
|
|
269
269
|
export type DeactivateAccountInput = {
|
|
270
270
|
did: DidString
|
|
271
|
+
deleteAfter?: DatetimeString
|
|
271
272
|
}
|
|
272
273
|
|
|
273
274
|
export type DeactivateAccountOutput = {
|