@atproto/oauth-provider-api 0.7.2 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,20 @@
1
1
  # @atproto/oauth-provider-api
2
2
 
3
+ ## 0.7.3
4
+
5
+ ### Patch Changes
6
+
7
+ - [#5099](https://github.com/bluesky-social/atproto/pull/5099) [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update TypeScript build to rely on references to composite internal projects
8
+
9
+ - [#5099](https://github.com/bluesky-social/atproto/pull/5099) [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Bundle only necessary files in the NPM tarball, including the `CHANGELOG.md` and `README.md` files (if present).
10
+
11
+ - [#5099](https://github.com/bluesky-social/atproto/pull/5099) [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Build with `noImplicitAny` enabled
12
+
13
+ - Updated dependencies [[`28a0b58`](https://github.com/bluesky-social/atproto/commit/28a0b588147863eaef948cd2bb8fc0f19d08cda9), [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07), [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07), [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07), [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07)]:
14
+ - @atproto/syntax@0.6.4
15
+ - @atproto/oauth-types@0.7.4
16
+ - @atproto/jwk@0.7.3
17
+
3
18
  ## 0.7.2
4
19
 
5
20
  ### Patch Changes
package/package.json CHANGED
@@ -1,9 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/oauth-provider-api",
3
- "version": "0.7.2",
4
- "engines": {
5
- "node": ">=22"
6
- },
3
+ "version": "0.7.3",
7
4
  "license": "MIT",
8
5
  "description": "Shared data types for the @atproto/oauth-provider and @atproto/oauth-provider-ui packages",
9
6
  "keywords": [
@@ -18,6 +15,10 @@
18
15
  "url": "https://github.com/bluesky-social/atproto",
19
16
  "directory": "packages/oauth/oauth-provider-api"
20
17
  },
18
+ "files": [
19
+ "./dist",
20
+ "./CHANGELOG.md"
21
+ ],
21
22
  "type": "module",
22
23
  "exports": {
23
24
  ".": {
@@ -25,12 +26,14 @@
25
26
  "default": "./dist/index.js"
26
27
  }
27
28
  },
29
+ "engines": {
30
+ "node": ">=22"
31
+ },
28
32
  "dependencies": {
29
- "@atproto/oauth-types": "^0.7.3",
30
- "@atproto/syntax": "^0.6.3",
31
- "@atproto/jwk": "^0.7.2"
33
+ "@atproto/oauth-types": "^0.7.4",
34
+ "@atproto/syntax": "^0.6.4",
35
+ "@atproto/jwk": "^0.7.3"
32
36
  },
33
- "devDependencies": {},
34
37
  "scripts": {
35
38
  "build": "tsgo --build tsconfig.build.json"
36
39
  }
@@ -1,364 +0,0 @@
1
- import type { SignedJwt } from '@atproto/jwk'
2
- import type { OAuthClientMetadata } from '@atproto/oauth-types'
3
- import type { DatetimeString, DidString, HandleString } from '@atproto/syntax'
4
- import type {
5
- Account,
6
- DeviceMetadata,
7
- ISODateString,
8
- Session,
9
- } from './types.js'
10
-
11
- export type { DidString }
12
-
13
- // These are the endpoints implemented by the OAuth provider, for its UI to
14
- // call.
15
-
16
- export type ApiEndpoints = {
17
- '/verify-handle-availability': {
18
- method: 'POST'
19
- input: VerifyHandleAvailabilityInput
20
- output: { available: true }
21
- }
22
- '/sign-up': {
23
- method: 'POST'
24
- input: SignUpInput
25
- output: SignUpOutput
26
- }
27
- '/sign-in': {
28
- method: 'POST'
29
- input: SignInInput
30
- output: SignInOutput
31
- }
32
- '/reset-password-request': {
33
- method: 'POST'
34
- input: InitiatePasswordResetInput
35
- output: { success: true }
36
- }
37
- '/reset-password-confirm': {
38
- method: 'POST'
39
- input: ConfirmResetPasswordInput
40
- output: { success: true }
41
- }
42
- '/sign-out': {
43
- method: 'POST'
44
- input: SignOutInput
45
- output: { success: true }
46
- }
47
- /**
48
- * Lists all the accounts that are currently active, on the current device.
49
- */
50
- '/device-sessions': {
51
- method: 'GET'
52
- output: Session[]
53
- }
54
- /**
55
- * Lists all the active OAuth sessions (access/refresh tokens) that where
56
- * issued to OAuth clients (apps).
57
- *
58
- * @NOTE can be revoked using the oauth revocation endpoint (json or form
59
- * encoded)
60
- *
61
- * ```http
62
- * POST /oauth/revoke
63
- * Content-Type: application/x-www-form-urlencoded
64
- *
65
- * token=<tokenId>
66
- * ```
67
- */
68
- '/oauth-sessions': {
69
- method: 'GET'
70
- params: OAuthSessionsInput
71
- output: OAuthSessionsOutput
72
- }
73
- '/revoke-oauth-session': {
74
- method: 'POST'
75
- input: RevokeOAuthSessionInput
76
- output: { success: true }
77
- }
78
- /**
79
- * Lists all the sessions that are currently active for a particular user, on
80
- * other devices.
81
- */
82
- '/account-sessions': {
83
- method: 'GET'
84
- params: AccountSessionsInput
85
- output: AccountSessionsOutput
86
- }
87
- '/revoke-account-session': {
88
- method: 'POST'
89
- input: RevokeAccountSessionInput
90
- output: { success: true }
91
- }
92
- '/update-email-request': {
93
- method: 'POST'
94
- input: InitiateEmailUpdateInput
95
- output: InitiateEmailUpdateOutput
96
- }
97
- '/update-email-confirm': {
98
- method: 'POST'
99
- input: ConfirmEmailUpdateInput
100
- output: ConfirmEmailUpdateOutput
101
- }
102
- '/verify-email-request': {
103
- method: 'POST'
104
- input: InitiateEmailVerificationInput
105
- output: { success: true }
106
- }
107
- '/verify-email-confirm': {
108
- method: 'POST'
109
- input: ConfirmEmailVerificationInput
110
- output: ConfirmEmailVerificationOutput
111
- }
112
- '/update-handle': {
113
- method: 'POST'
114
- input: UpdateHandleInput
115
- output: UpdateHandleOutput
116
- }
117
- /**
118
- * Marks the account as deactivated. The account remains recoverable — the
119
- * user can sign back in to reactivate via {@link ApiEndpoints['/reactivate-account']}.
120
- * Profile, posts, feeds and lists are hidden across the network until then.
121
- */
122
- '/deactivate-account': {
123
- method: 'POST'
124
- input: DeactivateAccountInput
125
- output: DeactivateAccountOutput
126
- }
127
- /**
128
- * Reactivates a previously-deactivated account. No-op when the account is
129
- * already active.
130
- */
131
- '/reactivate-account': {
132
- method: 'POST'
133
- input: ReactivateAccountInput
134
- output: ReactivateAccountOutput
135
- }
136
- /**
137
- * Initiates account deletion by sending a confirmation code to the account's
138
- * email address. The account is NOT deleted until
139
- * {@link ApiEndpoints['/delete-account-confirm']} is called with the matching
140
- * token and the user's current password.
141
- */
142
- '/delete-account-request': {
143
- method: 'POST'
144
- input: InitiateAccountDeletionInput
145
- output: { success: true }
146
- }
147
- /**
148
- * Confirms and finalizes account deletion. Requires both the email
149
- * confirmation token issued by {@link ApiEndpoints['/delete-account-request']}
150
- * and the user's current password. Deletion is irreversible.
151
- */
152
- '/delete-account-confirm': {
153
- method: 'POST'
154
- input: ConfirmAccountDeletionInput
155
- output: { success: true }
156
- }
157
- '/consent': {
158
- method: 'POST'
159
- input: ConsentInput
160
- output: { url: string }
161
- }
162
- '/reject': {
163
- method: 'POST'
164
- input: RejectInput
165
- output: { url: string }
166
- }
167
- }
168
-
169
- /**
170
- * When a user signs in without the "remember me" option, the server returns an
171
- * ephemeral token. When used as `Bearer` authorization header, the token will
172
- * be used in order to authenticate the users in place of using the user's
173
- * cookie based session (which are only created when "remember me" is checked).
174
- *
175
- * Only include this token in the `Authorization` header when making requests to
176
- * the OAuth provider API, **FOR THE ACCOUNT IT WAS GENERATED FOR**.
177
- */
178
- export type EphemeralToken = SignedJwt
179
-
180
- export type SignInInput = {
181
- locale: string
182
- username: string
183
- password: string
184
- emailOtp?: string
185
- remember?: boolean
186
- }
187
-
188
- export type SignInOutput = {
189
- account: Account
190
- ephemeralToken?: EphemeralToken
191
- }
192
-
193
- export type SignUpInput = {
194
- locale: string
195
- handle: string
196
- email: string
197
- password: string
198
- inviteCode?: string
199
- hcaptchaToken?: string
200
- }
201
-
202
- export type SignUpOutput = {
203
- account: Account
204
- ephemeralToken?: EphemeralToken
205
- }
206
-
207
- export type SignOutInput = {
208
- did: DidString | DidString[]
209
- }
210
-
211
- export type InitiatePasswordResetInput = {
212
- locale: string
213
- email: string
214
- }
215
-
216
- export type ConfirmResetPasswordInput = {
217
- token: string
218
- password: string
219
- }
220
-
221
- export type InitiateEmailUpdateInput = {
222
- did: DidString
223
- locale?: string
224
- }
225
-
226
- export type InitiateEmailUpdateOutput = {
227
- tokenRequired: boolean
228
- }
229
-
230
- export type ConfirmEmailUpdateInput = {
231
- did: DidString
232
- token?: string
233
- email: string
234
- locale?: string
235
- }
236
-
237
- export type ConfirmEmailUpdateOutput = {
238
- account: Account
239
- }
240
-
241
- export type InitiateEmailVerificationInput = {
242
- did: DidString
243
- locale?: string
244
- }
245
-
246
- export type ConfirmEmailVerificationInput = {
247
- did: DidString
248
- token: string
249
- email: string
250
- }
251
-
252
- export type ConfirmEmailVerificationOutput = {
253
- account: Account
254
- }
255
-
256
- export type VerifyHandleAvailabilityInput = {
257
- handle: HandleString
258
- }
259
-
260
- export type UpdateHandleInput = {
261
- did: DidString
262
- handle: HandleString
263
- }
264
-
265
- export type UpdateHandleOutput = {
266
- account: Account
267
- }
268
-
269
- export type DeactivateAccountInput = {
270
- did: DidString
271
- deleteAfter?: DatetimeString
272
- }
273
-
274
- export type DeactivateAccountOutput = {
275
- account: Account
276
- }
277
-
278
- export type ReactivateAccountInput = {
279
- did: DidString
280
- }
281
-
282
- export type ReactivateAccountOutput = {
283
- account: Account
284
- }
285
-
286
- export type InitiateAccountDeletionInput = {
287
- did: DidString
288
- locale?: string
289
- }
290
-
291
- export type ConfirmAccountDeletionInput = {
292
- did: DidString
293
- token: string
294
- password: string
295
- }
296
-
297
- export type RevokeAccountSessionInput = {
298
- did: DidString
299
- deviceId: string
300
- }
301
-
302
- export type OAuthSessionsInput = {
303
- did: DidString
304
- }
305
-
306
- export type OAuthSessionsOutput = ActiveOAuthSession[]
307
-
308
- export type AccountSessionsInput = {
309
- did: DidString
310
- }
311
-
312
- export type AccountSessionsOutput = ActiveAccountSession[]
313
-
314
- export type RevokeOAuthSessionInput = {
315
- did: DidString
316
- tokenId: string
317
- }
318
-
319
- export type ConsentInput = {
320
- did: DidString
321
- scope?: string
322
- }
323
-
324
- export type RejectInput = Record<string, never>
325
-
326
- /**
327
- * Represents an account that is currently signed-in to the Authorization
328
- * Server. If the session was created too long ago, the user may be required to
329
- * re-authenticate ({@link ActiveDeviceSession.loginRequired}).
330
- */
331
- export type ActiveDeviceSession = {
332
- account: Account
333
-
334
- /**
335
- * The session is too old and the user must re-authenticate.
336
- */
337
- loginRequired: boolean
338
- }
339
-
340
- /**
341
- * Represents another device on which an account is currently signed-in.
342
- */
343
- export type ActiveAccountSession = {
344
- deviceId: string
345
- deviceMetadata: DeviceMetadata
346
-
347
- isCurrentDevice: boolean
348
- }
349
-
350
- /**
351
- * Represents an active OAuth session (access token).
352
- */
353
- export type ActiveOAuthSession = {
354
- tokenId: string
355
-
356
- createdAt: ISODateString
357
- updatedAt: ISODateString
358
-
359
- clientId: string
360
- /** An "undefined" value means that the client metadata could not be fetched */
361
- clientMetadata?: OAuthClientMetadata
362
-
363
- scope?: string
364
- }
package/src/contants.ts DELETED
@@ -1,4 +0,0 @@
1
- export const CSRF_COOKIE_NAME = 'csrf-token'
2
- export const CSRF_HEADER_NAME = 'x-csrf-token'
3
-
4
- export const API_ENDPOINT_PREFIX = '/@atproto/oauth-provider/~api'
@@ -1,17 +0,0 @@
1
- import type { LinkDefinition } from './types.js'
2
-
3
- // These are the types of the variables that are injected into the HTML by the
4
- // backend. They are used to configure the frontend.
5
-
6
- export type CustomizationData = {
7
- // Functional customization
8
- hcaptchaSiteKey?: string
9
- inviteCodeRequired?: boolean
10
- availableUserDomains?: string[]
11
- show2FaWarningOnEmailUpdate?: boolean
12
-
13
- // Aesthetic customization
14
- name?: string
15
- logo?: string
16
- links?: LinkDefinition[]
17
- }
package/src/errors.ts DELETED
@@ -1,21 +0,0 @@
1
- export const HANDLE_UNAVAILABLE_REASON = Object.freeze([
2
- 'syntax',
3
- 'domain',
4
- 'slur',
5
- 'taken',
6
- 'reserved',
7
- 'resolution',
8
- 'unsupported',
9
- ] as const)
10
-
11
- export type HandleUnavailableReason = (typeof HANDLE_UNAVAILABLE_REASON)[number]
12
-
13
- export const isHandleUnavailableReason = (
14
- value: unknown,
15
- ): value is HandleUnavailableReason => {
16
- return (HANDLE_UNAVAILABLE_REASON as readonly unknown[]).includes(value)
17
- }
18
-
19
- // @TODO consider moving JsonErrorResponse & sub-classes here (or only the
20
- // schemas?), allowing the same code to be used on both the server and client
21
- // for error handling/parsing/formatting.
package/src/index.ts DELETED
@@ -1,6 +0,0 @@
1
- export type * from './api-endpoints.js'
2
- export type * from './customization-data.js'
3
- export type * from './types.js'
4
-
5
- export * from './contants.js'
6
- export * from './errors.js'
package/src/types.ts DELETED
@@ -1,43 +0,0 @@
1
- import type { DidString, HandleString } from '@atproto/syntax'
2
-
3
- export type { DidString }
4
-
5
- export type Account = {
6
- did: DidString
7
- pds: DidString
8
- deactivated: boolean
9
- locale?: string
10
- email?: string
11
- emailVerified?: boolean
12
- name?: string
13
- handle?: HandleString
14
- picture?: string
15
- }
16
-
17
- /**
18
- * Represents an account that is currently signed-in to the Authorization
19
- * Server. If the session was created too long ago, the user may be required to
20
- * re-authenticate ({@link Session.loginRequired}).
21
- */
22
- export type Session = {
23
- account: Account
24
- info?: never // Prevent relying on this in the frontend
25
-
26
- loginRequired: boolean
27
- }
28
-
29
- export type MultiLangString = Record<string, string | undefined>
30
-
31
- export type LinkDefinition = {
32
- title: string | MultiLangString
33
- href: string
34
- rel?: string
35
- }
36
-
37
- export type DeviceMetadata = {
38
- userAgent: string | null
39
- ipAddress: string
40
- lastSeenAt: ISODateString
41
- }
42
-
43
- export type ISODateString = `${string}T${string}Z`
@@ -1,8 +0,0 @@
1
- {
2
- "extends": "../../../tsconfig/isomorphic.json",
3
- "compilerOptions": {
4
- "rootDir": "./src",
5
- "outDir": "./dist",
6
- },
7
- "include": ["./src"],
8
- }
@@ -1 +0,0 @@
1
- {"version":"7.0.0-dev.20260614.1","root":["./src/api-endpoints.ts","./src/contants.ts","./src/customization-data.ts","./src/errors.ts","./src/index.ts","./src/types.ts"]}
package/tsconfig.json DELETED
@@ -1,4 +0,0 @@
1
- {
2
- "include": [],
3
- "references": [{ "path": "./tsconfig.build.json" }],
4
- }