npm - @atproto/oauth-provider - Versions diffs - 0.1.0 - Mend

@atproto/oauth-provider 0.1.0

Files changed (631) hide show

package/.postcssrc.yml +3 -0
package/CHANGELOG.md +19 -0
package/LICENSE.txt +7 -0
package/dist/access-token/access-token-type.d.ts +6 -0
package/dist/access-token/access-token-type.d.ts.map +1 -0
package/dist/access-token/access-token-type.js +10 -0
package/dist/access-token/access-token-type.js.map +1 -0
package/dist/account/account-manager.d.ts +14 -0
package/dist/account/account-manager.d.ts.map +1 -0
package/dist/account/account-manager.js +39 -0
package/dist/account/account-manager.js.map +1 -0
package/dist/account/account-store.d.ts +39 -0
package/dist/account/account-store.d.ts.map +1 -0
package/dist/account/account-store.js +19 -0
package/dist/account/account-store.js.map +1 -0
package/dist/account/account.d.ts +8 -0
package/dist/account/account.d.ts.map +1 -0
package/dist/account/account.js +3 -0
package/dist/account/account.js.map +1 -0
package/dist/assets/app/bundle-manifest.json +22 -0
package/dist/assets/app/main.css +3 -0
package/dist/assets/app/main.js +20 -0
package/dist/assets/app/main.js.map +1 -0
package/dist/assets/asset.d.ts +9 -0
package/dist/assets/asset.d.ts.map +1 -0
package/dist/assets/asset.js +3 -0
package/dist/assets/asset.js.map +1 -0
package/dist/assets/assets-middleware.d.ts +2 -0
package/dist/assets/assets-middleware.d.ts.map +1 -0
package/dist/assets/assets-middleware.js +30 -0
package/dist/assets/assets-middleware.js.map +1 -0
package/dist/assets/index.d.ts +4 -0
package/dist/assets/index.d.ts.map +1 -0
package/dist/assets/index.js +65 -0
package/dist/assets/index.js.map +1 -0
package/dist/client/client-auth.d.ts +13 -0
package/dist/client/client-auth.d.ts.map +1 -0
package/dist/client/client-auth.js +35 -0
package/dist/client/client-auth.js.map +1 -0
package/dist/client/client-data.d.ts +8 -0
package/dist/client/client-data.d.ts.map +1 -0
package/dist/client/client-data.js +3 -0
package/dist/client/client-data.js.map +1 -0
package/dist/client/client-id.d.ts +4 -0
package/dist/client/client-id.d.ts.map +1 -0
package/dist/client/client-id.js +6 -0
package/dist/client/client-id.js.map +1 -0
package/dist/client/client-info.d.ts +13 -0
package/dist/client/client-info.d.ts.map +1 -0
package/dist/client/client-info.js +3 -0
package/dist/client/client-info.js.map +1 -0
package/dist/client/client-manager.d.ts +38 -0
package/dist/client/client-manager.d.ts.map +1 -0
package/dist/client/client-manager.js +534 -0
package/dist/client/client-manager.js.map +1 -0
package/dist/client/client-store.d.ts +13 -0
package/dist/client/client-store.d.ts.map +1 -0
package/dist/client/client-store.js +39 -0
package/dist/client/client-store.js.map +1 -0
package/dist/client/client-utils.d.ts +6 -0
package/dist/client/client-utils.d.ts.map +1 -0
package/dist/client/client-utils.js +40 -0
package/dist/client/client-utils.js.map +1 -0
package/dist/client/client.d.ts +41 -0
package/dist/client/client.d.ts.map +1 -0
package/dist/client/client.js +163 -0
package/dist/client/client.js.map +1 -0
package/dist/constants.d.ts +42 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +53 -0
package/dist/constants.js.map +1 -0
package/dist/device/device-data.d.ts +20 -0
package/dist/device/device-data.d.ts.map +1 -0
package/dist/device/device-data.js +11 -0
package/dist/device/device-data.js.map +1 -0
package/dist/device/device-details.d.ts +17 -0
package/dist/device/device-details.d.ts.map +1 -0
package/dist/device/device-details.js +34 -0
package/dist/device/device-details.js.map +1 -0
package/dist/device/device-id.d.ts +6 -0
package/dist/device/device-id.d.ts.map +1 -0
package/dist/device/device-id.js +18 -0
package/dist/device/device-id.js.map +1 -0
package/dist/device/device-manager.d.ts +88 -0
package/dist/device/device-manager.d.ts.map +1 -0
package/dist/device/device-manager.js +206 -0
package/dist/device/device-manager.js.map +1 -0
package/dist/device/device-store.d.ts +15 -0
package/dist/device/device-store.d.ts.map +1 -0
package/dist/device/device-store.js +36 -0
package/dist/device/device-store.js.map +1 -0
package/dist/device/session-id.d.ts +6 -0
package/dist/device/session-id.d.ts.map +1 -0
package/dist/device/session-id.js +18 -0
package/dist/device/session-id.js.map +1 -0
package/dist/dpop/dpop-manager.d.ts +33 -0
package/dist/dpop/dpop-manager.d.ts.map +1 -0
package/dist/dpop/dpop-manager.js +115 -0
package/dist/dpop/dpop-manager.js.map +1 -0
package/dist/dpop/dpop-nonce.d.ts +13 -0
package/dist/dpop/dpop-nonce.d.ts.map +1 -0
package/dist/dpop/dpop-nonce.js +94 -0
package/dist/dpop/dpop-nonce.js.map +1 -0
package/dist/errors/access-denied-error.d.ts +8 -0
package/dist/errors/access-denied-error.d.ts.map +1 -0
package/dist/errors/access-denied-error.js +21 -0
package/dist/errors/access-denied-error.js.map +1 -0
package/dist/errors/account-selection-required-error.d.ts +6 -0
package/dist/errors/account-selection-required-error.d.ts.map +1 -0
package/dist/errors/account-selection-required-error.js +11 -0
package/dist/errors/account-selection-required-error.js.map +1 -0
package/dist/errors/consent-required-error.d.ts +6 -0
package/dist/errors/consent-required-error.d.ts.map +1 -0
package/dist/errors/consent-required-error.js +11 -0
package/dist/errors/consent-required-error.js.map +1 -0
package/dist/errors/invalid-authorization-details-error.d.ts +20 -0
package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -0
package/dist/errors/invalid-authorization-details-error.js +26 -0
package/dist/errors/invalid-authorization-details-error.js.map +1 -0
package/dist/errors/invalid-client-error.d.ts +18 -0
package/dist/errors/invalid-client-error.d.ts.map +1 -0
package/dist/errors/invalid-client-error.js +24 -0
package/dist/errors/invalid-client-error.js.map +1 -0
package/dist/errors/invalid-client-id-error.d.ts +13 -0
package/dist/errors/invalid-client-id-error.d.ts.map +1 -0
package/dist/errors/invalid-client-id-error.js +25 -0
package/dist/errors/invalid-client-id-error.js.map +1 -0
package/dist/errors/invalid-client-metadata-error.d.ts +13 -0
package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -0
package/dist/errors/invalid-client-metadata-error.js +23 -0
package/dist/errors/invalid-client-metadata-error.js.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts +12 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.js +20 -0
package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -0
package/dist/errors/invalid-dpop-proof-error.d.ts +5 -0
package/dist/errors/invalid-dpop-proof-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-proof-error.js +12 -0
package/dist/errors/invalid-dpop-proof-error.js.map +1 -0
package/dist/errors/invalid-grant-error.d.ts +14 -0
package/dist/errors/invalid-grant-error.d.ts.map +1 -0
package/dist/errors/invalid-grant-error.js +20 -0
package/dist/errors/invalid-grant-error.js.map +1 -0
package/dist/errors/invalid-parameters-error.d.ts +6 -0
package/dist/errors/invalid-parameters-error.d.ts.map +1 -0
package/dist/errors/invalid-parameters-error.js +11 -0
package/dist/errors/invalid-parameters-error.js.map +1 -0
package/dist/errors/invalid-redirect-uri-error.d.ts +11 -0
package/dist/errors/invalid-redirect-uri-error.d.ts.map +1 -0
package/dist/errors/invalid-redirect-uri-error.js +21 -0
package/dist/errors/invalid-redirect-uri-error.js.map +1 -0
package/dist/errors/invalid-request-error.d.ts +28 -0
package/dist/errors/invalid-request-error.d.ts.map +1 -0
package/dist/errors/invalid-request-error.js +34 -0
package/dist/errors/invalid-request-error.js.map +1 -0
package/dist/errors/invalid-token-error.d.ts +16 -0
package/dist/errors/invalid-token-error.d.ts.map +1 -0
package/dist/errors/invalid-token-error.js +45 -0
package/dist/errors/invalid-token-error.js.map +1 -0
package/dist/errors/login-required-error.d.ts +6 -0
package/dist/errors/login-required-error.d.ts.map +1 -0
package/dist/errors/login-required-error.js +11 -0
package/dist/errors/login-required-error.js.map +1 -0
package/dist/errors/oauth-error.d.ts +13 -0
package/dist/errors/oauth-error.d.ts.map +1 -0
package/dist/errors/oauth-error.js +29 -0
package/dist/errors/oauth-error.js.map +1 -0
package/dist/errors/unauthorized-client-error.d.ts +18 -0
package/dist/errors/unauthorized-client-error.d.ts.map +1 -0
package/dist/errors/unauthorized-client-error.js +24 -0
package/dist/errors/unauthorized-client-error.js.map +1 -0
package/dist/errors/use-dpop-nonce-error.d.ts +18 -0
package/dist/errors/use-dpop-nonce-error.d.ts.map +1 -0
package/dist/errors/use-dpop-nonce-error.js +27 -0
package/dist/errors/use-dpop-nonce-error.js.map +1 -0
package/dist/errors/www-authenticate-error.d.ts +9 -0
package/dist/errors/www-authenticate-error.d.ts.map +1 -0
package/dist/errors/www-authenticate-error.js +46 -0
package/dist/errors/www-authenticate-error.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/lib/html/build-document.d.ts +32 -0
package/dist/lib/html/build-document.d.ts.map +1 -0
package/dist/lib/html/build-document.js +61 -0
package/dist/lib/html/build-document.js.map +1 -0
package/dist/lib/html/escapers.d.ts +9 -0
package/dist/lib/html/escapers.d.ts.map +1 -0
package/dist/lib/html/escapers.js +66 -0
package/dist/lib/html/escapers.js.map +1 -0
package/dist/lib/html/html.d.ts +13 -0
package/dist/lib/html/html.d.ts.map +1 -0
package/dist/lib/html/html.js +53 -0
package/dist/lib/html/html.js.map +1 -0
package/dist/lib/html/index.d.ts +4 -0
package/dist/lib/html/index.d.ts.map +1 -0
package/dist/lib/html/index.js +21 -0
package/dist/lib/html/index.js.map +1 -0
package/dist/lib/html/tags.d.ts +34 -0
package/dist/lib/html/tags.d.ts.map +1 -0
package/dist/lib/html/tags.js +47 -0
package/dist/lib/html/tags.js.map +1 -0
package/dist/lib/html/util.d.ts +4 -0
package/dist/lib/html/util.d.ts.map +1 -0
package/dist/lib/html/util.js +20 -0
package/dist/lib/html/util.js.map +1 -0
package/dist/lib/http/accept.d.ts +29 -0
package/dist/lib/http/accept.d.ts.map +1 -0
package/dist/lib/http/accept.js +67 -0
package/dist/lib/http/accept.js.map +1 -0
package/dist/lib/http/context.d.ts +5 -0
package/dist/lib/http/context.d.ts.map +1 -0
package/dist/lib/http/context.js +10 -0
package/dist/lib/http/context.js.map +1 -0
package/dist/lib/http/index.d.ts +10 -0
package/dist/lib/http/index.d.ts.map +1 -0
package/dist/lib/http/index.js +26 -0
package/dist/lib/http/index.js.map +1 -0
package/dist/lib/http/method.d.ts +6 -0
package/dist/lib/http/method.d.ts.map +1 -0
package/dist/lib/http/method.js +19 -0
package/dist/lib/http/method.js.map +1 -0
package/dist/lib/http/middleware.d.ts +18 -0
package/dist/lib/http/middleware.d.ts.map +1 -0
package/dist/lib/http/middleware.js +118 -0
package/dist/lib/http/middleware.js.map +1 -0
package/dist/lib/http/parser.d.ts +33 -0
package/dist/lib/http/parser.d.ts.map +1 -0
package/dist/lib/http/parser.js +48 -0
package/dist/lib/http/parser.js.map +1 -0
package/dist/lib/http/path.d.ts +9 -0
package/dist/lib/http/path.d.ts.map +1 -0
package/dist/lib/http/path.js +54 -0
package/dist/lib/http/path.js.map +1 -0
package/dist/lib/http/request.d.ts +33 -0
package/dist/lib/http/request.d.ts.map +1 -0
package/dist/lib/http/request.js +86 -0
package/dist/lib/http/request.js.map +1 -0
package/dist/lib/http/response.d.ts +13 -0
package/dist/lib/http/response.d.ts.map +1 -0
package/dist/lib/http/response.js +98 -0
package/dist/lib/http/response.js.map +1 -0
package/dist/lib/http/route.d.ts +25 -0
package/dist/lib/http/route.d.ts.map +1 -0
package/dist/lib/http/route.js +39 -0
package/dist/lib/http/route.js.map +1 -0
package/dist/lib/http/router.d.ts +32 -0
package/dist/lib/http/router.d.ts.map +1 -0
package/dist/lib/http/router.js +74 -0
package/dist/lib/http/router.js.map +1 -0
package/dist/lib/http/stream.d.ts +13 -0
package/dist/lib/http/stream.d.ts.map +1 -0
package/dist/lib/http/stream.js +46 -0
package/dist/lib/http/stream.js.map +1 -0
package/dist/lib/http/types.d.ts +7 -0
package/dist/lib/http/types.d.ts.map +1 -0
package/dist/lib/http/types.js +3 -0
package/dist/lib/http/types.js.map +1 -0
package/dist/lib/http/url.d.ts +8 -0
package/dist/lib/http/url.d.ts.map +1 -0
package/dist/lib/http/url.js +22 -0
package/dist/lib/http/url.js.map +1 -0
package/dist/lib/redis.d.ts +5 -0
package/dist/lib/redis.d.ts.map +1 -0
package/dist/lib/redis.js +22 -0
package/dist/lib/redis.js.map +1 -0
package/dist/lib/util/authorization-header.d.ts +4 -0
package/dist/lib/util/authorization-header.d.ts.map +1 -0
package/dist/lib/util/authorization-header.js +23 -0
package/dist/lib/util/authorization-header.js.map +1 -0
package/dist/lib/util/cast.d.ts +2 -0
package/dist/lib/util/cast.d.ts.map +1 -0
package/dist/lib/util/cast.js +10 -0
package/dist/lib/util/cast.js.map +1 -0
package/dist/lib/util/crypto.d.ts +3 -0
package/dist/lib/util/crypto.d.ts.map +1 -0
package/dist/lib/util/crypto.js +29 -0
package/dist/lib/util/crypto.js.map +1 -0
package/dist/lib/util/date.d.ts +3 -0
package/dist/lib/util/date.d.ts.map +1 -0
package/dist/lib/util/date.js +12 -0
package/dist/lib/util/date.js.map +1 -0
package/dist/lib/util/hostname.d.ts +6 -0
package/dist/lib/util/hostname.d.ts.map +1 -0
package/dist/lib/util/hostname.js +24 -0
package/dist/lib/util/hostname.js.map +1 -0
package/dist/lib/util/redirect-uri.d.ts +7 -0
package/dist/lib/util/redirect-uri.d.ts.map +1 -0
package/dist/lib/util/redirect-uri.js +44 -0
package/dist/lib/util/redirect-uri.js.map +1 -0
package/dist/lib/util/time.d.ts +6 -0
package/dist/lib/util/time.d.ts.map +1 -0
package/dist/lib/util/time.js +28 -0
package/dist/lib/util/time.js.map +1 -0
package/dist/lib/util/type.d.ts +6 -0
package/dist/lib/util/type.d.ts.map +1 -0
package/dist/lib/util/type.js +3 -0
package/dist/lib/util/type.js.map +1 -0
package/dist/lib/util/well-known.d.ts +3 -0
package/dist/lib/util/well-known.d.ts.map +1 -0
package/dist/lib/util/well-known.js +11 -0
package/dist/lib/util/well-known.js.map +1 -0
package/dist/metadata/build-metadata.d.ts +14 -0
package/dist/metadata/build-metadata.d.ts.map +1 -0
package/dist/metadata/build-metadata.js +132 -0
package/dist/metadata/build-metadata.js.map +1 -0
package/dist/oauth-client.d.ts +4 -0
package/dist/oauth-client.d.ts.map +1 -0
package/dist/oauth-client.js +19 -0
package/dist/oauth-client.js.map +1 -0
package/dist/oauth-dpop.d.ts +3 -0
package/dist/oauth-dpop.d.ts.map +1 -0
package/dist/oauth-dpop.js +19 -0
package/dist/oauth-dpop.js.map +1 -0
package/dist/oauth-errors.d.ts +20 -0
package/dist/oauth-errors.d.ts.map +1 -0
package/dist/oauth-errors.js +43 -0
package/dist/oauth-errors.js.map +1 -0
package/dist/oauth-hooks.d.ts +42 -0
package/dist/oauth-hooks.d.ts.map +1 -0
package/dist/oauth-hooks.js +3 -0
package/dist/oauth-hooks.js.map +1 -0
package/dist/oauth-provider.d.ts +179 -0
package/dist/oauth-provider.d.ts.map +1 -0
package/dist/oauth-provider.js +748 -0
package/dist/oauth-provider.js.map +1 -0
package/dist/oauth-store.d.ts +11 -0
package/dist/oauth-store.d.ts.map +1 -0
package/dist/oauth-store.js +27 -0
package/dist/oauth-store.js.map +1 -0
package/dist/oauth-verifier.d.ts +66 -0
package/dist/oauth-verifier.d.ts.map +1 -0
package/dist/oauth-verifier.js +94 -0
package/dist/oauth-verifier.js.map +1 -0
package/dist/oidc/claims.d.ts +16 -0
package/dist/oidc/claims.d.ts.map +1 -0
package/dist/oidc/claims.js +29 -0
package/dist/oidc/claims.js.map +1 -0
package/dist/oidc/sub.d.ts +4 -0
package/dist/oidc/sub.d.ts.map +1 -0
package/dist/oidc/sub.js +6 -0
package/dist/oidc/sub.js.map +1 -0
package/dist/oidc/userinfo.d.ts +7 -0
package/dist/oidc/userinfo.d.ts.map +1 -0
package/dist/oidc/userinfo.js +3 -0
package/dist/oidc/userinfo.js.map +1 -0
package/dist/output/build-error-payload.d.ts +6 -0
package/dist/output/build-error-payload.d.ts.map +1 -0
package/dist/output/build-error-payload.js +108 -0
package/dist/output/build-error-payload.js.map +1 -0
package/dist/output/customization.d.ts +37 -0
package/dist/output/customization.d.ts.map +1 -0
package/dist/output/customization.js +62 -0
package/dist/output/customization.js.map +1 -0
package/dist/output/send-authorize-page.d.ts +43 -0
package/dist/output/send-authorize-page.d.ts.map +1 -0
package/dist/output/send-authorize-page.js +49 -0
package/dist/output/send-authorize-page.js.map +1 -0
package/dist/output/send-authorize-redirect.d.ts +25 -0
package/dist/output/send-authorize-redirect.d.ts.map +1 -0
package/dist/output/send-authorize-redirect.js +72 -0
package/dist/output/send-authorize-redirect.js.map +1 -0
package/dist/output/send-error-page.d.ts +5 -0
package/dist/output/send-error-page.d.ts.map +1 -0
package/dist/output/send-error-page.js +31 -0
package/dist/output/send-error-page.js.map +1 -0
package/dist/output/send-web-page.d.ts +8 -0
package/dist/output/send-web-page.d.ts.map +1 -0
package/dist/output/send-web-page.js +48 -0
package/dist/output/send-web-page.js.map +1 -0
package/dist/parameters/claims-requested.d.ts +3 -0
package/dist/parameters/claims-requested.d.ts.map +1 -0
package/dist/parameters/claims-requested.js +77 -0
package/dist/parameters/claims-requested.js.map +1 -0
package/dist/parameters/oidc-payload.d.ts +31 -0
package/dist/parameters/oidc-payload.d.ts.map +1 -0
package/dist/parameters/oidc-payload.js +25 -0
package/dist/parameters/oidc-payload.js.map +1 -0
package/dist/replay/replay-manager.d.ts +10 -0
package/dist/replay/replay-manager.d.ts.map +1 -0
package/dist/replay/replay-manager.js +23 -0
package/dist/replay/replay-manager.js.map +1 -0
package/dist/replay/replay-store-memory.d.ts +11 -0
package/dist/replay/replay-store-memory.d.ts.map +1 -0
package/dist/replay/replay-store-memory.js +30 -0
package/dist/replay/replay-store-memory.js.map +1 -0
package/dist/replay/replay-store-redis.d.ts +16 -0
package/dist/replay/replay-store-redis.d.ts.map +1 -0
package/dist/replay/replay-store-redis.js +20 -0
package/dist/replay/replay-store-redis.js.map +1 -0
package/dist/replay/replay-store.d.ts +16 -0
package/dist/replay/replay-store.d.ts.map +1 -0
package/dist/replay/replay-store.js +22 -0
package/dist/replay/replay-store.js.map +1 -0
package/dist/request/code.d.ts +7 -0
package/dist/request/code.d.ts.map +1 -0
package/dist/request/code.js +20 -0
package/dist/request/code.js.map +1 -0
package/dist/request/request-data.d.ts +21 -0
package/dist/request/request-data.d.ts.map +1 -0
package/dist/request/request-data.js +6 -0
package/dist/request/request-data.js.map +1 -0
package/dist/request/request-id.d.ts +6 -0
package/dist/request/request-id.d.ts.map +1 -0
package/dist/request/request-id.js +18 -0
package/dist/request/request-id.js.map +1 -0
package/dist/request/request-info.d.ts +12 -0
package/dist/request/request-info.d.ts.map +1 -0
package/dist/request/request-info.js +3 -0
package/dist/request/request-info.js.map +1 -0
package/dist/request/request-manager.d.ts +40 -0
package/dist/request/request-manager.d.ts.map +1 -0
package/dist/request/request-manager.js +310 -0
package/dist/request/request-manager.js.map +1 -0
package/dist/request/request-store-memory.d.ts +16 -0
package/dist/request/request-store-memory.d.ts.map +1 -0
package/dist/request/request-store-memory.js +31 -0
package/dist/request/request-store-memory.js.map +1 -0
package/dist/request/request-store-redis.d.ts +24 -0
package/dist/request/request-store-redis.d.ts.map +1 -0
package/dist/request/request-store-redis.js +58 -0
package/dist/request/request-store-redis.js.map +1 -0
package/dist/request/request-store.d.ts +27 -0
package/dist/request/request-store.d.ts.map +1 -0
package/dist/request/request-store.js +37 -0
package/dist/request/request-store.js.map +1 -0
package/dist/request/request-uri.d.ts +8 -0
package/dist/request/request-uri.d.ts.map +1 -0
package/dist/request/request-uri.js +24 -0
package/dist/request/request-uri.js.map +1 -0
package/dist/request/types.d.ts +328 -0
package/dist/request/types.d.ts.map +1 -0
package/dist/request/types.js +27 -0
package/dist/request/types.js.map +1 -0
package/dist/signer/signed-token-payload.d.ts +1694 -0
package/dist/signer/signed-token-payload.d.ts.map +1 -0
package/dist/signer/signed-token-payload.js +32 -0
package/dist/signer/signed-token-payload.js.map +1 -0
package/dist/signer/signer.d.ts +193 -0
package/dist/signer/signer.d.ts.map +1 -0
package/dist/signer/signer.js +101 -0
package/dist/signer/signer.js.map +1 -0
package/dist/token/refresh-token.d.ts +7 -0
package/dist/token/refresh-token.d.ts.map +1 -0
package/dist/token/refresh-token.js +20 -0
package/dist/token/refresh-token.js.map +1 -0
package/dist/token/token-claims.d.ts +1687 -0
package/dist/token/token-claims.d.ts.map +1 -0
package/dist/token/token-claims.js +30 -0
package/dist/token/token-claims.js.map +1 -0
package/dist/token/token-data.d.ts +20 -0
package/dist/token/token-data.d.ts.map +1 -0
package/dist/token/token-data.js +3 -0
package/dist/token/token-data.js.map +1 -0
package/dist/token/token-id.d.ts +7 -0
package/dist/token/token-id.d.ts.map +1 -0
package/dist/token/token-id.js +20 -0
package/dist/token/token-id.js.map +1 -0
package/dist/token/token-manager.d.ts +48 -0
package/dist/token/token-manager.d.ts.map +1 -0
package/dist/token/token-manager.js +421 -0
package/dist/token/token-manager.js.map +1 -0
package/dist/token/token-store.d.ts +35 -0
package/dist/token/token-store.d.ts.map +1 -0
package/dist/token/token-store.js +38 -0
package/dist/token/token-store.js.map +1 -0
package/dist/token/types.d.ts +250 -0
package/dist/token/types.d.ts.map +1 -0
package/dist/token/types.js +36 -0
package/dist/token/types.js.map +1 -0
package/dist/token/verify-token-claims.d.ts +17 -0
package/dist/token/verify-token-claims.d.ts.map +1 -0
package/dist/token/verify-token-claims.js +39 -0
package/dist/token/verify-token-claims.js.map +1 -0
package/package.json +83 -0
package/rollup.config.js +55 -0
package/src/access-token/access-token-type.ts +5 -0
package/src/account/account-manager.ts +55 -0
package/src/account/account-store.ts +74 -0
package/src/account/account.ts +10 -0
package/src/assets/app/app.tsx +28 -0
package/src/assets/app/backend-data.ts +65 -0
package/src/assets/app/components/accept-form.tsx +112 -0
package/src/assets/app/components/account-identifier.tsx +18 -0
package/src/assets/app/components/account-picker.tsx +108 -0
package/src/assets/app/components/client-identifier.tsx +32 -0
package/src/assets/app/components/client-name.tsx +30 -0
package/src/assets/app/components/error-card.tsx +41 -0
package/src/assets/app/components/help-card.tsx +42 -0
package/src/assets/app/components/layout-title-page.tsx +43 -0
package/src/assets/app/components/layout-welcome.tsx +58 -0
package/src/assets/app/components/sign-in-form.tsx +290 -0
package/src/assets/app/components/sign-up-account-form.tsx +210 -0
package/src/assets/app/components/sign-up-disclaimer.tsx +44 -0
package/src/assets/app/components/url-viewer.tsx +70 -0
package/src/assets/app/cookies.ts +11 -0
package/src/assets/app/hooks/use-api.ts +104 -0
package/src/assets/app/hooks/use-bound-dispatch.ts +5 -0
package/src/assets/app/hooks/use-csrf-token.ts +5 -0
package/src/assets/app/lib/api.ts +64 -0
package/src/assets/app/lib/clsx.ts +4 -0
package/src/assets/app/lib/util.ts +10 -0
package/src/assets/app/main.css +11 -0
package/src/assets/app/main.tsx +28 -0
package/src/assets/app/views/accept-view.tsx +51 -0
package/src/assets/app/views/authorize-view.tsx +101 -0
package/src/assets/app/views/error-view.tsx +27 -0
package/src/assets/app/views/sign-in-view.tsx +121 -0
package/src/assets/app/views/sign-up-view.tsx +93 -0
package/src/assets/app/views/welcome-view.tsx +61 -0
package/src/assets/asset.ts +8 -0
package/src/assets/assets-middleware.ts +32 -0
package/src/assets/index.ts +74 -0
package/src/client/client-auth.ts +45 -0
package/src/client/client-data.ts +9 -0
package/src/client/client-id.ts +4 -0
package/src/client/client-info.ts +13 -0
package/src/client/client-manager.ts +818 -0
package/src/client/client-store.ts +38 -0
package/src/client/client-utils.ts +43 -0
package/src/client/client.ts +231 -0
package/src/constants.ts +69 -0
package/src/device/device-data.ts +11 -0
package/src/device/device-details.ts +43 -0
package/src/device/device-id.ts +23 -0
package/src/device/device-manager.ts +287 -0
package/src/device/device-store.ts +35 -0
package/src/device/session-id.ts +22 -0
package/src/dpop/dpop-manager.ts +147 -0
package/src/dpop/dpop-nonce.ts +104 -0
package/src/errors/access-denied-error.ts +26 -0
package/src/errors/account-selection-required-error.ts +12 -0
package/src/errors/consent-required-error.ts +12 -0
package/src/errors/invalid-authorization-details-error.ts +22 -0
package/src/errors/invalid-client-error.ts +20 -0
package/src/errors/invalid-client-id-error.ts +20 -0
package/src/errors/invalid-client-metadata-error.ts +19 -0
package/src/errors/invalid-dpop-key-binding-error.ts +21 -0
package/src/errors/invalid-dpop-proof-error.ts +13 -0
package/src/errors/invalid-grant-error.ts +16 -0
package/src/errors/invalid-parameters-error.ts +12 -0
package/src/errors/invalid-redirect-uri-error.ts +17 -0
package/src/errors/invalid-request-error.ts +30 -0
package/src/errors/invalid-token-error.ts +59 -0
package/src/errors/login-required-error.ts +12 -0
package/src/errors/oauth-error.ts +28 -0
package/src/errors/unauthorized-client-error.ts +20 -0
package/src/errors/use-dpop-nonce-error.ts +32 -0
package/src/errors/www-authenticate-error.ts +65 -0
package/src/index.ts +15 -0
package/src/lib/html/README.md +9 -0
package/src/lib/html/build-document.ts +98 -0
package/src/lib/html/escapers.ts +66 -0
package/src/lib/html/html.ts +61 -0
package/src/lib/html/index.ts +5 -0
package/src/lib/html/tags.ts +58 -0
package/src/lib/html/util.ts +21 -0
package/src/lib/http/README.md +11 -0
package/src/lib/http/accept.ts +91 -0
package/src/lib/http/context.ts +11 -0
package/src/lib/http/index.ts +9 -0
package/src/lib/http/method.ts +18 -0
package/src/lib/http/middleware.ts +183 -0
package/src/lib/http/parser.ts +64 -0
package/src/lib/http/path.ts +82 -0
package/src/lib/http/request.ts +141 -0
package/src/lib/http/response.ts +133 -0
package/src/lib/http/route.ts +56 -0
package/src/lib/http/router.ts +118 -0
package/src/lib/http/stream.ts +78 -0
package/src/lib/http/types.ts +22 -0
package/src/lib/http/url.ts +23 -0
package/src/lib/redis.ts +23 -0
package/src/lib/util/authorization-header.ts +26 -0
package/src/lib/util/cast.ts +4 -0
package/src/lib/util/crypto.ts +27 -0
package/src/lib/util/date.ts +7 -0
package/src/lib/util/hostname.ts +19 -0
package/src/lib/util/redirect-uri.ts +46 -0
package/src/lib/util/time.ts +33 -0
package/src/lib/util/type.ts +4 -0
package/src/lib/util/well-known.ts +8 -0
package/src/metadata/build-metadata.ts +165 -0
package/src/oauth-client.ts +3 -0
package/src/oauth-dpop.ts +2 -0
package/src/oauth-errors.ts +21 -0
package/src/oauth-hooks.ts +66 -0
package/src/oauth-provider.ts +1409 -0
package/src/oauth-store.ts +11 -0
package/src/oauth-verifier.ts +219 -0
package/src/oidc/claims.ts +35 -0
package/src/oidc/sub.ts +4 -0
package/src/oidc/userinfo.ts +11 -0
package/src/output/build-error-payload.ts +143 -0
package/src/output/customization.ts +96 -0
package/src/output/send-authorize-page.ts +111 -0
package/src/output/send-authorize-redirect.ts +130 -0
package/src/output/send-error-page.ts +41 -0
package/src/output/send-web-page.ts +66 -0
package/src/parameters/claims-requested.ts +106 -0
package/src/parameters/oidc-payload.ts +28 -0
package/src/replay/replay-manager.ts +38 -0
package/src/replay/replay-store-memory.ts +36 -0
package/src/replay/replay-store-redis.ts +31 -0
package/src/replay/replay-store.ts +44 -0
package/src/request/code.ts +24 -0
package/src/request/request-data.ts +26 -0
package/src/request/request-id.ts +23 -0
package/src/request/request-info.ts +12 -0
package/src/request/request-manager.ts +479 -0
package/src/request/request-store-memory.ts +39 -0
package/src/request/request-store-redis.ts +71 -0
package/src/request/request-store.ts +54 -0
package/src/request/request-uri.ts +29 -0
package/src/request/types.ts +48 -0
package/src/signer/signed-token-payload.ts +35 -0
package/src/signer/signer.ts +165 -0
package/src/token/refresh-token.ts +31 -0
package/src/token/token-claims.ts +31 -0
package/src/token/token-data.ts +33 -0
package/src/token/token-id.ts +26 -0
package/src/token/token-manager.ts +591 -0
package/src/token/token-store.ts +78 -0
package/src/token/types.ts +86 -0
package/src/token/verify-token-claims.ts +65 -0
package/tailwind.config.js +13 -0
package/tsconfig.backend.json +9 -0
package/tsconfig.frontend.json +11 -0
package/tsconfig.json +8 -0
package/tsconfig.tools.json +8 -0

package/dist/output/send-authorize-page.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/// <reference types="node" />
+import { OAuthAuthenticationRequestParameters, OAuthClientMetadata } from '@atproto/oauth-types';
+import { ServerResponse } from 'node:http';
+import { DeviceAccountInfo } from '../account/account-store.js';
+import { Account } from '../account/account.js';
+import { Client } from '../client/client.js';
+import { RequestUri } from '../request/request-uri.js';
+import { Customization } from './customization.js';
+export type AuthorizationResultAuthorize = {
+    issuer: string;
+    client: Client;
+    parameters: OAuthAuthenticationRequestParameters;
+    authorize: {
+        uri: RequestUri;
+        sessions: readonly {
+            account: Account;
+            info: DeviceAccountInfo;
+            selected: boolean;
+            loginRequired: boolean;
+            consentRequired: boolean;
+        }[];
+    };
+};
+type Session = {
+    account: Account;
+    info?: never;
+    selected: boolean;
+    loginRequired: boolean;
+    consentRequired: boolean;
+};
+export type AuthorizeData = {
+    clientId: string;
+    clientMetadata: OAuthClientMetadata;
+    clientTrusted: boolean;
+    requestUri: string;
+    csrfCookie: string;
+    loginHint?: string;
+    newSessionsRequireConsent: boolean;
+    sessions: Session[];
+};
+export declare function sendAuthorizePage(res: ServerResponse, data: AuthorizationResultAuthorize, customization?: Customization): Promise<void>;
+export {};
+//# sourceMappingURL=send-authorize-page.d.ts.map

package/dist/output/send-authorize-page.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-authorize-page.d.ts","sourceRoot":"","sources":["../../src/output/send-authorize-page.ts"],"names":[],"mappings":";AAAA,OAAO,EACL,oCAAoC,EACpC,mBAAmB,EACpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EACL,aAAa,EAGd,MAAM,oBAAoB,CAAA;AAG3B,MAAM,MAAM,4BAA4B,GAAG;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,oCAAoC,CAAA;IAChD,SAAS,EAAE;QACT,GAAG,EAAE,UAAU,CAAA;QACf,QAAQ,EAAE,SAAS;YACjB,OAAO,EAAE,OAAO,CAAA;YAChB,IAAI,EAAE,iBAAiB,CAAA;YAEvB,QAAQ,EAAE,OAAO,CAAA;YACjB,aAAa,EAAE,OAAO,CAAA;YACtB,eAAe,EAAE,OAAO,CAAA;SACzB,EAAE,CAAA;KACJ,CAAA;CACF,CAAA;AAKD,KAAK,OAAO,GAAG;IACb,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,KAAK,CAAA;IAEZ,QAAQ,EAAE,OAAO,CAAA;IACjB,aAAa,EAAE,OAAO,CAAA;IACtB,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,mBAAmB,CAAA;IACnC,aAAa,EAAE,OAAO,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,yBAAyB,EAAE,OAAO,CAAA;IAClC,QAAQ,EAAE,OAAO,EAAE,CAAA;CACpB,CAAA;AAsBD,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,4BAA4B,EAClC,aAAa,CAAC,EAAE,aAAa,GAC5B,OAAO,CAAC,IAAI,CAAC,CA2Bf"}

package/dist/output/send-authorize-page.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizePage = void 0;
+const index_js_1 = require("../assets/index.js");
+const index_js_2 = require("../lib/html/index.js");
+const customization_js_1 = require("./customization.js");
+const send_web_page_js_1 = require("./send-web-page.js");
+function buildAuthorizeData(data) {
+    return {
+        clientId: data.client.id,
+        clientMetadata: data.client.metadata,
+        clientTrusted: data.client.info.isTrusted,
+        requestUri: data.authorize.uri,
+        csrfCookie: `csrf-${data.authorize.uri}`,
+        loginHint: data.parameters.login_hint,
+        newSessionsRequireConsent: data.parameters.prompt === 'consent',
+        sessions: data.authorize.sessions.map((session) => ({
+            account: session.account,
+            selected: session.selected,
+            loginRequired: session.loginRequired,
+            consentRequired: session.consentRequired,
+        })),
+    };
+}
+async function sendAuthorizePage(res, data, customization) {
+    res.setHeader('Cache-Control', 'no-store');
+    res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()');
+    const [jsAsset, cssAsset] = await Promise.all([
+        (0, index_js_1.getAsset)('main.js'),
+        (0, index_js_1.getAsset)('main.css'),
+    ]);
+    return (0, send_web_page_js_1.sendWebPage)(res, {
+        scripts: [
+            (0, send_web_page_js_1.declareBackendData)('__customizationData', (0, customization_js_1.buildCustomizationData)(customization)),
+            (0, send_web_page_js_1.declareBackendData)('__authorizeData', buildAuthorizeData(data)),
+            jsAsset, // Last (to be able to read the global variables)
+        ],
+        styles: [
+            cssAsset, // First (to be overridden by customization)
+            (0, index_js_2.cssCode)((0, customization_js_1.buildCustomizationCss)(customization)),
+        ],
+        links: customization?.links,
+        htmlAttrs: { lang: 'en' },
+        title: 'Authorize',
+        body: (0, index_js_2.html) `<div id="root"></div>`,
+    });
+}
+exports.sendAuthorizePage = sendAuthorizePage;
+//# sourceMappingURL=send-authorize-page.js.map

package/dist/output/send-authorize-page.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-authorize-page.js","sourceRoot":"","sources":["../../src/output/send-authorize-page.ts"],"names":[],"mappings":";;;AAQA,iDAA6C;AAE7C,mDAAoD;AAEpD,yDAI2B;AAC3B,yDAAoE;AA0CpE,SAAS,kBAAkB,CAAC,IAAkC;IAC5D,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;QACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;QACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;QACzC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG;QAC9B,UAAU,EAAE,QAAQ,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;QACxC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;QACrC,yBAAyB,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,SAAS;QAC/D,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CACnC,CAAC,OAAO,EAAW,EAAE,CAAC,CAAC;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,eAAe,EAAE,OAAO,CAAC,eAAe;SACzC,CAAC,CACH;KACF,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAmB,EACnB,IAAkC,EAClC,aAA6B;IAE7B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,IAAA,mBAAQ,EAAC,SAAS,CAAC;QACnB,IAAA,mBAAQ,EAAC,UAAU,CAAC;KACrB,CAAC,CAAA;IAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,OAAO,EAAE;YACP,IAAA,qCAAkB,EAChB,qBAAqB,EACrB,IAAA,yCAAsB,EAAC,aAAa,CAAC,CACtC;YACD,IAAA,qCAAkB,EAAC,iBAAiB,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/D,OAAO,EAAE,iDAAiD;SAC3D;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,4CAA4C;YACtD,IAAA,kBAAO,EAAC,IAAA,wCAAqB,EAAC,aAAa,CAAC,CAAC;SAC9C;QACD,KAAK,EAAE,aAAa,EAAE,KAAK;QAC3B,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,KAAK,EAAE,WAAW;QAClB,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;KAClC,CAAC,CAAA;AACJ,CAAC;AA/BD,8CA+BC"}

package/dist/output/send-authorize-redirect.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/// <reference types="node" />
+import { OAuthAuthenticationRequestParameters, OAuthTokenType } from '@atproto/oauth-types';
+import { ServerResponse } from 'node:http';
+import { Client } from '../client/client.js';
+import { Code } from '../request/code.js';
+export type AuthorizationResponseParameters = {
+    code?: Code;
+    id_token?: string;
+    access_token?: string;
+    token_type?: OAuthTokenType;
+    expires_in?: string;
+    response?: string;
+    session_state?: string;
+    error?: string;
+    error_description?: string;
+    error_uri?: string;
+};
+export type AuthorizationResultRedirect = {
+    issuer: string;
+    client: Client;
+    parameters: OAuthAuthenticationRequestParameters;
+    redirect: AuthorizationResponseParameters;
+};
+export declare function sendAuthorizeRedirect(res: ServerResponse, result: AuthorizationResultRedirect): Promise<void>;
+//# sourceMappingURL=send-authorize-redirect.d.ts.map

package/dist/output/send-authorize-redirect.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-authorize-redirect.d.ts","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":";AAAA,OAAO,EACL,oCAAoC,EACpC,cAAc,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AAMzC,MAAM,MAAM,+BAA+B,GAAG;IAO5C,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,oCAAoC,CAAA;IAChD,QAAQ,EAAE,+BAA+B,CAAA;CAC1C,CAAA;AAED,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,IAAI,CAAC,CAqCf"}

package/dist/output/send-authorize-redirect.js ADDED Viewed

@@ -0,0 +1,72 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizeRedirect = void 0;
+const index_js_1 = require("../lib/html/index.js");
+const send_web_page_js_1 = require("./send-web-page.js");
+// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4
+const REDIRECT_STATUS_CODE = 303;
+async function sendAuthorizeRedirect(res, result) {
+    const { issuer, parameters, redirect, client } = result;
+    const uri = parameters.redirect_uri || client.metadata.redirect_uris[0];
+    const mode = parameters.response_mode || 'query'; // @TODO: default should depend on response_type
+    const entries = Object.entries({
+        iss: issuer, // rfc9207
+        state: parameters.state,
+        response: redirect.response, // FAPI JARM
+        session_state: redirect.session_state, // OIDC Session Management
+        code: redirect.code,
+        id_token: redirect.id_token,
+        access_token: redirect.access_token,
+        expires_in: redirect.expires_in,
+        token_type: redirect.token_type,
+        error: redirect.error,
+        error_description: redirect.error_description,
+        error_uri: redirect.error_uri,
+    }).filter((entry) => entry[1] != null);
+    res.setHeader('Cache-Control', 'no-store');
+    switch (mode) {
+        case 'query':
+            return writeQuery(res, uri, entries);
+        case 'fragment':
+            return writeFragment(res, uri, entries);
+        case 'form_post':
+            return writeFormPost(res, uri, entries);
+    }
+    // @ts-expect-error fool proof
+    throw new Error(`Unsupported mode: ${mode}`);
+}
+exports.sendAuthorizeRedirect = sendAuthorizeRedirect;
+function writeQuery(res, uri, entries) {
+    const url = new URL(uri);
+    for (const [key, value] of entries)
+        url.searchParams.set(key, value);
+    res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end();
+}
+function writeFragment(res, uri, entries) {
+    const url = new URL(uri);
+    const searchParams = new URLSearchParams();
+    for (const [key, value] of entries)
+        searchParams.set(key, value);
+    url.hash = searchParams.toString();
+    res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end();
+}
+async function writeFormPost(res, uri, entries) {
+    // Prevent the Chrome from caching this page
+    // see: https://latesthackingnews.com/2023/12/12/google-updates-chrome-bfcache-for-faster-page-viewing/
+    res.setHeader('Set-Cookie', `bfCacheBypass=foo; max-age=1; SameSite=Lax`);
+    res.setHeader('Cache-Control', 'no-store');
+    res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()');
+    return (0, send_web_page_js_1.sendWebPage)(res, {
+        htmlAttrs: { lang: 'en' },
+        body: (0, index_js_1.html) `
+      <form method="post" action="${uri}">
+        ${entries.map(([key, value]) => [
+            (0, index_js_1.html) `<input type="hidden" name="${key}" value="${value}" />`,
+        ])}
+        <input type="submit" value="Continue" />
+      </form>
+    `,
+        scripts: [(0, index_js_1.js) `document.forms[0].submit();`],
+    });
+}
+//# sourceMappingURL=send-authorize-redirect.js.map

package/dist/output/send-authorize-redirect.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-authorize-redirect.js","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":";;;AAOA,mDAA+C;AAE/C,yDAAgD;AAEhD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AA8BzB,KAAK,UAAU,qBAAqB,CACzC,GAAmB,EACnB,MAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;IAEvD,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,gDAAgD;IAEjG,MAAM,OAAO,GAAuB,MAAM,CAAC,OAAO,CAAC;QACjD,GAAG,EAAE,MAAM,EAAE,UAAU;QACvB,KAAK,EAAE,UAAU,CAAC,KAAK;QAEvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,YAAY;QACzC,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,0BAA0B;QAEjE,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,UAAU,EAAE,QAAQ,CAAC,UAAU;QAE/B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;QAC7C,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAA6B,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;IAEjE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACtC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACzC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAxCD,sDAwCC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACpE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChE,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YAC9B,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}

package/dist/output/send-error-page.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/// <reference types="node" />
+import { ServerResponse } from 'node:http';
+import { Customization } from './customization.js';
+export declare function sendErrorPage(res: ServerResponse, err: unknown, customization?: Customization): Promise<void>;
+//# sourceMappingURL=send-error-page.d.ts.map

package/dist/output/send-error-page.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"send-error-page.d.ts","sourceRoot":"","sources":["../../src/output/send-error-page.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAK1C,OAAO,EACL,aAAa,EAGd,MAAM,oBAAoB,CAAA;AAG3B,wBAAsB,aAAa,CACjC,GAAG,EAAE,cAAc,EACnB,GAAG,EAAE,OAAO,EACZ,aAAa,CAAC,EAAE,aAAa,GAC5B,OAAO,CAAC,IAAI,CAAC,CAwBf"}

package/dist/output/send-error-page.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendErrorPage = void 0;
+const index_js_1 = require("../assets/index.js");
+const index_js_2 = require("../lib/html/index.js");
+const build_error_payload_js_1 = require("./build-error-payload.js");
+const customization_js_1 = require("./customization.js");
+const send_web_page_js_1 = require("./send-web-page.js");
+async function sendErrorPage(res, err, customization) {
+    const [jsAsset, cssAsset] = await Promise.all([
+        (0, index_js_1.getAsset)('main.js'),
+        (0, index_js_1.getAsset)('main.css'),
+    ]);
+    return (0, send_web_page_js_1.sendWebPage)(res, {
+        status: (0, build_error_payload_js_1.buildErrorStatus)(err),
+        scripts: [
+            (0, send_web_page_js_1.declareBackendData)('__customizationData', (0, customization_js_1.buildCustomizationData)(customization)),
+            (0, send_web_page_js_1.declareBackendData)('__errorData', (0, build_error_payload_js_1.buildErrorPayload)(err)),
+            jsAsset, // Last (to be able to read the global variables)
+        ],
+        styles: [
+            cssAsset, // First (to be overridden by customization)
+            (0, index_js_2.cssCode)((0, customization_js_1.buildCustomizationCss)(customization)),
+        ],
+        htmlAttrs: { lang: 'en' },
+        title: 'Error',
+        body: (0, index_js_2.html) `<div id="root"></div>`,
+    });
+}
+exports.sendErrorPage = sendErrorPage;
+//# sourceMappingURL=send-error-page.js.map

package/dist/output/send-error-page.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../src/output/send-error-page.ts"],"names":[],"mappings":";;;AAEA,iDAA6C;AAC7C,mDAAoD;AACpD,qEAA8E;AAC9E,yDAI2B;AAC3B,yDAAoE;AAE7D,KAAK,UAAU,aAAa,CACjC,GAAmB,EACnB,GAAY,EACZ,aAA6B;IAE7B,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,IAAA,mBAAQ,EAAC,SAAS,CAAC;QACnB,IAAA,mBAAQ,EAAC,UAAU,CAAC;KACrB,CAAC,CAAA;IAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,MAAM,EAAE,IAAA,yCAAgB,EAAC,GAAG,CAAC;QAC7B,OAAO,EAAE;YACP,IAAA,qCAAkB,EAChB,qBAAqB,EACrB,IAAA,yCAAsB,EAAC,aAAa,CAAC,CACtC;YACD,IAAA,qCAAkB,EAAC,aAAa,EAAE,IAAA,0CAAiB,EAAC,GAAG,CAAC,CAAC;YACzD,OAAO,EAAE,iDAAiD;SAC3D;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,4CAA4C;YACtD,IAAA,kBAAO,EAAC,IAAA,wCAAqB,EAAC,aAAa,CAAC,CAAC;SAC9C;QACD,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,KAAK,EAAE,OAAO;QACd,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;KAClC,CAAC,CAAA;AACJ,CAAC;AA5BD,sCA4BC"}

package/dist/output/send-web-page.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/// <reference types="node" />
+import { ServerResponse } from 'node:http';
+import { BuildDocumentOptions, Html } from '../lib/html/index.js';
+export declare function declareBackendData(name: string, data: unknown): Html;
+export declare function sendWebPage(res: ServerResponse, { status, ...options }: BuildDocumentOptions & {
+    status?: number;
+}): void;
+//# sourceMappingURL=send-web-page.d.ts.map

package/dist/output/send-web-page.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-web-page.d.ts","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAGL,oBAAoB,EACpB,IAAI,EAEL,MAAM,sBAAsB,CAAA;AAG7B,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,QAM7D;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,cAAc,EACnB,EAAE,MAAY,EAAE,GAAG,OAAO,EAAE,EAAE,oBAAoB,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACvE,IAAI,CAgCN"}

package/dist/output/send-web-page.js ADDED Viewed

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendWebPage = exports.declareBackendData = void 0;
+const node_crypto_1 = require("node:crypto");
+const index_js_1 = require("../lib/html/index.js");
+const response_js_1 = require("../lib/http/response.js");
+function declareBackendData(name, data) {
+    // The script tag is removed after the data is assigned to the global variable
+    // to prevent other scripts from deducing the value of the variable. The "app"
+    // script will read the global variable and then unset it. See
+    // "readBackendData" in "src/assets/app/backend-data.ts".
+    return (0, index_js_1.js) `window[${name}]=${data};document.currentScript.remove();`;
+}
+exports.declareBackendData = declareBackendData;
+function sendWebPage(res, { status = 200, ...options }) {
+    // @TODO: make these headers configurable (?)
+    res.setHeader('Cross-Origin-Embedder-Policy', 'credentialless');
+    res.setHeader('Cross-Origin-Resource-Policy', 'same-origin');
+    res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+    res.setHeader('Referrer-Policy', 'same-origin');
+    res.setHeader('X-Frame-Options', 'DENY');
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-XSS-Protection', '0');
+    res.setHeader('Strict-Transport-Security', 'max-age=63072000');
+    res.setHeader('Content-Security-Policy', [
+        `default-src 'none'`,
+        `frame-ancestors 'none'`,
+        `form-action 'none'`,
+        `base-uri ${options.base?.origin || `'none'`}`,
+        `script-src 'self' ${options.scripts?.map(assetToHash).map(hashToCspRule).join(' ') ?? ''}`,
+        `style-src 'self' ${options.styles?.map(assetToHash).map(hashToCspRule).join(' ') ?? ''}`,
+        `img-src 'self' data: https:`,
+        `connect-src 'self'`,
+        `upgrade-insecure-requests`,
+    ].join('; '));
+    const html = (0, index_js_1.buildDocument)(options);
+    (0, response_js_1.writeHtml)(res, html.toString(), status);
+}
+exports.sendWebPage = sendWebPage;
+function assetToHash(asset) {
+    return asset instanceof index_js_1.Html
+        ? (0, node_crypto_1.createHash)('sha256').update(asset.toString()).digest('base64')
+        : asset.sha256;
+}
+function hashToCspRule(hash) {
+    return `'sha256-${hash}'`;
+}
+//# sourceMappingURL=send-web-page.js.map

package/dist/output/send-web-page.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AAGxC,mDAM6B;AAC7B,yDAAmD;AAEnD,SAAgB,kBAAkB,CAAC,IAAY,EAAE,IAAa;IAC5D,8EAA8E;IAC9E,8EAA8E;IAC9E,8DAA8D;IAC9D,yDAAyD;IACzD,OAAO,IAAA,aAAE,EAAA,UAAU,IAAI,KAAK,IAAI,mCAAmC,CAAA;AACrE,CAAC;AAND,gDAMC;AAED,SAAgB,WAAW,CACzB,GAAmB,EACnB,EAAE,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,EAA8C;IAExE,6CAA6C;IAC7C,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,gBAAgB,CAAC,CAAA;IAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,aAAa,CAAC,CAAA;IAC5D,GAAG,CAAC,SAAS,CAAC,4BAA4B,EAAE,aAAa,CAAC,CAAA;IAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACxC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtC,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAA;IAC9D,GAAG,CAAC,SAAS,CACX,yBAAyB,EACzB;QACE,oBAAoB;QACpB,wBAAwB;QACxB,oBAAoB;QACpB,YAAY,OAAO,CAAC,IAAI,EAAE,MAAM,IAAI,QAAQ,EAAE;QAC9C,qBACE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACpE,EAAE;QACF,oBACE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACnE,EAAE;QACF,6BAA6B;QAC7B,oBAAoB;QACpB,2BAA2B;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAA;IAED,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAA;IAEnC,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAA;AACzC,CAAC;AAnCD,kCAmCC;AAED,SAAS,WAAW,CAAC,KAAsB;IACzC,OAAO,KAAK,YAAY,eAAI;QAC1B,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,WAAW,IAAI,GAAG,CAAA;AAC3B,CAAC"}

package/dist/parameters/claims-requested.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { OAuthAuthenticationRequestParameters, OidcClaimsParameter, OidcEntityType } from '@atproto/oauth-types';
+export declare function claimRequested(parameters: OAuthAuthenticationRequestParameters, entityType: OidcEntityType, claimName: OidcClaimsParameter, value: unknown): boolean;
+//# sourceMappingURL=claims-requested.d.ts.map

package/dist/parameters/claims-requested.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"claims-requested.d.ts","sourceRoot":"","sources":["../../src/parameters/claims-requested.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oCAAoC,EACpC,mBAAmB,EACnB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAG7B,wBAAgB,cAAc,CAC5B,UAAU,EAAE,oCAAoC,EAChD,UAAU,EAAE,cAAc,EAC1B,SAAS,EAAE,mBAAmB,EAC9B,KAAK,EAAE,OAAO,GACb,OAAO,CA+BT"}

package/dist/parameters/claims-requested.js ADDED Viewed

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.claimRequested = void 0;
+const invalid_request_error_js_1 = require("../errors/invalid-request-error.js");
+function claimRequested(parameters, entityType, claimName, value) {
+    if (claimAvailable(parameters, entityType, claimName, value)) {
+        return true;
+    }
+    const entityClaims = parameters.claims?.[entityType];
+    if (entityClaims?.[claimName]?.essential === true) {
+        // https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.5.1
+        //
+        // > By requesting Claims as Essential Claims, the RP indicates to the
+        // > End-User that releasing these Claims will ensure a smooth
+        // > authorization for the specific task requested by the End-User. Note
+        // > that even if the Claims are not available because the End-User did
+        // > not authorize their release or they are not present, the
+        // > Authorization Server MUST NOT generate an error when Claims are not
+        // > returned, whether they are Essential or Voluntary, unless otherwise
+        // > specified in the description of the specific claim.
+        switch (claimName) {
+            case 'acr':
+                // https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.5.1.1
+                //
+                // > If this is an Essential Claim and the requirement cannot be met,
+                // > then the Authorization Server MUST treat that outcome as a failed
+                // > authentication attempt.
+                throw new invalid_request_error_js_1.InvalidRequestError(`Unable to provide essential claim: ${claimName}`);
+        }
+    }
+    return false;
+}
+exports.claimRequested = claimRequested;
+function claimAvailable(parameters, entityType, claimName, value) {
+    if (value === undefined)
+        return false;
+    if (parameters.claims) {
+        const entityClaims = parameters.claims[entityType];
+        if (entityClaims === undefined)
+            return false;
+        const claimConfig = entityClaims[claimName];
+        if (claimConfig === undefined)
+            return false;
+        if (claimConfig === null)
+            return true;
+        if (claimConfig.value !== undefined &&
+            !compareClaimValue(claimConfig.value, value)) {
+            return false;
+        }
+        if (claimConfig?.values !== undefined &&
+            !claimConfig.values.some((v) => compareClaimValue(v, value))) {
+            return false;
+        }
+    }
+    return true;
+}
+function compareClaimValue(expectedValue, value) {
+    const expectedType = typeof expectedValue;
+    const valueType = typeof value;
+    if (expectedType !== valueType)
+        return false;
+    switch (typeof expectedValue) {
+        case 'undefined':
+        case 'string':
+        case 'number':
+        case 'boolean':
+            return expectedValue === value;
+        case 'object':
+            if (expectedValue === null)
+                return value === null;
+        // @TODO (?): allow object comparison
+        // falls through
+        default:
+            throw new invalid_request_error_js_1.InvalidRequestError(`Unable to compare claim value of type ${expectedType}`);
+    }
+}
+//# sourceMappingURL=claims-requested.js.map

package/dist/parameters/claims-requested.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"claims-requested.js","sourceRoot":"","sources":["../../src/parameters/claims-requested.ts"],"names":[],"mappings":";;;AAKA,iFAAwE;AAExE,SAAgB,cAAc,CAC5B,UAAgD,EAChD,UAA0B,EAC1B,SAA8B,EAC9B,KAAc;IAEd,IAAI,cAAc,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;QAC7D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,YAAY,EAAE,CAAC,SAAS,CAAC,EAAE,SAAS,KAAK,IAAI,EAAE,CAAC;QAClD,0EAA0E;QAC1E,EAAE;QACF,sEAAsE;QACtE,8DAA8D;QAC9D,wEAAwE;QACxE,uEAAuE;QACvE,6DAA6D;QAC7D,wEAAwE;QACxE,wEAAwE;QACxE,wDAAwD;QACxD,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,KAAK;gBACR,4EAA4E;gBAC5E,EAAE;gBACF,qEAAqE;gBACrE,sEAAsE;gBACtE,4BAA4B;gBAC5B,MAAM,IAAI,8CAAmB,CAC3B,sCAAsC,SAAS,EAAE,CAClD,CAAA;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AApCD,wCAoCC;AAED,SAAS,cAAc,CACrB,UAAgD,EAChD,UAA0B,EAC1B,SAA8B,EAC9B,KAAc;IAEd,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IAErC,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAClD,IAAI,YAAY,KAAK,SAAS;YAAE,OAAO,KAAK,CAAA;QAE5C,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CAAC,CAAA;QAC3C,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,KAAK,CAAA;QAC3C,IAAI,WAAW,KAAK,IAAI;YAAE,OAAO,IAAI,CAAA;QAErC,IACE,WAAW,CAAC,KAAK,KAAK,SAAS;YAC/B,CAAC,iBAAiB,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,EAC5C,CAAC;YACD,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IACE,WAAW,EAAE,MAAM,KAAK,SAAS;YACjC,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAC5D,CAAC;YACD,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAID,SAAS,iBAAiB,CACxB,aAA2B,EAC3B,KAAmB;IAEnB,MAAM,YAAY,GAAG,OAAO,aAAa,CAAA;IACzC,MAAM,SAAS,GAAG,OAAO,KAAK,CAAA;IAE9B,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IAE5C,QAAQ,OAAO,aAAa,EAAE,CAAC;QAC7B,KAAK,WAAW,CAAC;QACjB,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,aAAa,KAAK,KAAK,CAAA;QAChC,KAAK,QAAQ;YACX,IAAI,aAAa,KAAK,IAAI;gBAAE,OAAO,KAAK,KAAK,IAAI,CAAA;QACnD,qCAAqC;QACrC,gBAAgB;QAChB;YACE,MAAM,IAAI,8CAAmB,CAC3B,yCAAyC,YAAY,EAAE,CACxD,CAAA;IACL,CAAC;AACH,CAAC"}

package/dist/parameters/oidc-payload.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { OAuthAuthenticationRequestParameters } from '@atproto/oauth-types';
+import { Account } from '../account/account.js';
+export declare function oidcPayload(params: OAuthAuthenticationRequestParameters, account: Account): Partial<{
+    name?: string | undefined;
+    email?: string | undefined;
+    email_verified?: boolean | undefined;
+    phone_number?: string | undefined;
+    phone_number_verified?: boolean | undefined;
+    address?: {
+        formatted?: string | undefined;
+        street_address?: string | undefined;
+        locality?: string | undefined;
+        region?: string | undefined;
+        postal_code?: string | undefined;
+        country?: string | undefined;
+    } | undefined;
+    profile?: string | undefined;
+    family_name?: string | undefined;
+    given_name?: string | undefined;
+    middle_name?: string | undefined;
+    nickname?: string | undefined;
+    preferred_username?: string | undefined;
+    gender?: string | undefined;
+    picture?: string | undefined;
+    website?: string | undefined;
+    birthdate?: string | undefined;
+    zoneinfo?: string | undefined;
+    locale?: string | undefined;
+    updated_at?: number | undefined;
+}>;
+//# sourceMappingURL=oidc-payload.d.ts.map

package/dist/parameters/oidc-payload.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"oidc-payload.d.ts","sourceRoot":"","sources":["../../src/parameters/oidc-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oCAAoC,EAAE,MAAM,sBAAsB,CAAA;AAC3E,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAI/C,wBAAgB,WAAW,CACzB,MAAM,EAAE,oCAAoC,EAC5C,OAAO,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoBjB"}

package/dist/parameters/oidc-payload.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oidcPayload = void 0;
+const claims_js_1 = require("../oidc/claims.js");
+const claims_requested_js_1 = require("./claims-requested.js");
+function oidcPayload(params, account) {
+    const payload = {};
+    const scopes = params.scope ? params.scope?.split(' ') : undefined;
+    if (scopes) {
+        for (const [scope, claims] of Object.entries(claims_js_1.OIDC_SCOPE_CLAIMS)) {
+            const allowed = scopes.includes(scope);
+            for (const claim of claims) {
+                const value = allowed ? account[claim] : undefined;
+                // Should not throw as RequestManager should have already checked
+                // that all the essential claims are available.
+                if ((0, claims_requested_js_1.claimRequested)(params, 'id_token', claim, value)) {
+                    payload[claim] = value; // All good as long as the account props match the claims
+                }
+            }
+        }
+    }
+    return payload;
+}
+exports.oidcPayload = oidcPayload;
+//# sourceMappingURL=oidc-payload.js.map

package/dist/parameters/oidc-payload.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oidc-payload.js","sourceRoot":"","sources":["../../src/parameters/oidc-payload.ts"],"names":[],"mappings":";;;AAEA,iDAA0E;AAC1E,+DAAsD;AAEtD,SAAgB,WAAW,CACzB,MAA4C,EAC5C,OAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAA;IAEvC,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,6BAAiB,CAAC,EAAE,CAAC;YAChE,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YACtC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;gBAClD,iEAAiE;gBACjE,+CAA+C;gBAC/C,IAAI,IAAA,oCAAc,EAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;oBACrD,OAAO,CAAC,KAAK,CAAC,GAAG,KAAY,CAAA,CAAC,yDAAyD;gBACzF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAtBD,kCAsBC"}

package/dist/replay/replay-manager.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { ClientId } from '../client/client-id.js';
+import { ReplayStore } from './replay-store.js';
+export declare class ReplayManager {
+    protected readonly replayStore: ReplayStore;
+    constructor(replayStore: ReplayStore);
+    uniqueAuth(jti: string, clientId: ClientId): Promise<boolean>;
+    uniqueJar(jti: string, clientId: ClientId): Promise<boolean>;
+    uniqueDpop(jti: string, clientId?: ClientId): Promise<boolean>;
+}
+//# sourceMappingURL=replay-manager.d.ts.map

package/dist/replay/replay-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"replay-manager.d.ts","sourceRoot":"","sources":["../../src/replay/replay-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAMjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAK/C,qBAAa,aAAa;IACZ,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;gBAAxB,WAAW,EAAE,WAAW;IAEjD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IAQ7D,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IAQ5D,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAOrE"}

package/dist/replay/replay-manager.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayManager = void 0;
+const constants_js_1 = require("../constants.js");
+const SECURITY_RATIO = 1.1; // 10% extra time for security
+const asTimeFrame = (timeFrame) => Math.ceil(timeFrame * SECURITY_RATIO);
+class ReplayManager {
+    replayStore;
+    constructor(replayStore) {
+        this.replayStore = replayStore;
+    }
+    async uniqueAuth(jti, clientId) {
+        return this.replayStore.unique(`Auth@${clientId}`, jti, asTimeFrame(constants_js_1.CLIENT_ASSERTION_MAX_AGE));
+    }
+    async uniqueJar(jti, clientId) {
+        return this.replayStore.unique(`JAR@${clientId}`, jti, asTimeFrame(constants_js_1.JAR_MAX_AGE));
+    }
+    async uniqueDpop(jti, clientId) {
+        return this.replayStore.unique(clientId ? `DPoP@${clientId}` : `DPoP`, jti, asTimeFrame(constants_js_1.DPOP_NONCE_MAX_AGE));
+    }
+}
+exports.ReplayManager = ReplayManager;
+//# sourceMappingURL=replay-manager.js.map

package/dist/replay/replay-manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"replay-manager.js","sourceRoot":"","sources":["../../src/replay/replay-manager.ts"],"names":[],"mappings":";;;AACA,kDAIwB;AAGxB,MAAM,cAAc,GAAG,GAAG,CAAA,CAAC,8BAA8B;AACzD,MAAM,WAAW,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,cAAc,CAAC,CAAA;AAEhF,MAAa,aAAa;IACO;IAA/B,YAA+B,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAE3D,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,QAAkB;QAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,QAAQ,QAAQ,EAAE,EAClB,GAAG,EACH,WAAW,CAAC,uCAAwB,CAAC,CACtC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,OAAO,QAAQ,EAAE,EACjB,GAAG,EACH,WAAW,CAAC,0BAAW,CAAC,CACzB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,QAAmB;QAC/C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,QAAQ,CAAC,CAAC,CAAC,QAAQ,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,EACtC,GAAG,EACH,WAAW,CAAC,iCAAkB,CAAC,CAChC,CAAA;IACH,CAAC;CACF;AA1BD,sCA0BC"}

package/dist/replay/replay-store-memory.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { ReplayStore } from './replay-store.js';
+export declare class ReplayStoreMemory implements ReplayStore {
+    private lastCleanup;
+    private nonces;
+    /**
+     * Returns true if the nonce is unique within the given time frame.
+     */
+    unique(namespace: string, nonce: string, timeFrame: number): Promise<boolean>;
+    private cleanup;
+}
+//# sourceMappingURL=replay-store-memory.d.ts.map

package/dist/replay/replay-store-memory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"replay-store-memory.d.ts","sourceRoot":"","sources":["../../src/replay/replay-store-memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,MAAM,CAA4B;IAE1C;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC;IAYnB,OAAO,CAAC,OAAO;CAUhB"}

package/dist/replay/replay-store-memory.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayStoreMemory = void 0;
+class ReplayStoreMemory {
+    lastCleanup = Date.now();
+    nonces = new Map();
+    /**
+     * Returns true if the nonce is unique within the given time frame.
+     */
+    async unique(namespace, nonce, timeFrame) {
+        this.cleanup();
+        const key = `${namespace}:${nonce}`;
+        const now = Date.now();
+        const exp = this.nonces.get(key);
+        this.nonces.set(key, now + timeFrame);
+        return exp == null || exp < now;
+    }
+    cleanup() {
+        const now = Date.now();
+        if (this.lastCleanup < now - 60_000) {
+            for (const [key, expires] of this.nonces) {
+                if (expires < now)
+                    this.nonces.delete(key);
+            }
+            this.lastCleanup = now;
+        }
+    }
+}
+exports.ReplayStoreMemory = ReplayStoreMemory;
+//# sourceMappingURL=replay-store-memory.js.map

package/dist/replay/replay-store-memory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"replay-store-memory.js","sourceRoot":"","sources":["../../src/replay/replay-store-memory.ts"],"names":[],"mappings":";;;AAEA,MAAa,iBAAiB;IACpB,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAA;IAE1C;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,KAAa,EACb,SAAiB;QAEjB,IAAI,CAAC,OAAO,EAAE,CAAA;QACd,MAAM,GAAG,GAAG,GAAG,SAAS,IAAI,KAAK,EAAE,CAAA;QAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAA;QAErC,OAAO,GAAG,IAAI,IAAI,IAAI,GAAG,GAAG,GAAG,CAAA;IACjC,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,IAAI,CAAC,WAAW,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACzC,IAAI,OAAO,GAAG,GAAG;oBAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAA;QACxB,CAAC;IACH,CAAC;CACF;AAjCD,8CAiCC"}

package/dist/replay/replay-store-redis.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { Redis } from 'ioredis';
+import { CreateRedisOptions } from '../lib/redis.js';
+import type { ReplayStore } from './replay-store.js';
+export type { CreateRedisOptions, Redis };
+export type ReplayStoreRedisOptions = {
+    redis: CreateRedisOptions;
+};
+export declare class ReplayStoreRedis implements ReplayStore {
+    private readonly redis;
+    constructor(options: ReplayStoreRedisOptions);
+    /**
+     * Returns true if the nonce is unique within the given time frame.
+     */
+    unique(namespace: string, nonce: string, timeFrame: number): Promise<boolean>;
+}
+//# sourceMappingURL=replay-store-redis.d.ts.map

package/dist/replay/replay-store-redis.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"replay-store-redis.d.ts","sourceRoot":"","sources":["../../src/replay/replay-store-redis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/B,OAAO,EAAE,kBAAkB,EAAe,MAAM,iBAAiB,CAAA;AACjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,YAAY,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAA;AAEzC,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,EAAE,kBAAkB,CAAA;CAC1B,CAAA;AAED,qBAAa,gBAAiB,YAAW,WAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;gBAEjB,OAAO,EAAE,uBAAuB;IAI5C;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC;CAKpB"}

package/dist/replay/replay-store-redis.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayStoreRedis = void 0;
+const redis_js_1 = require("../lib/redis.js");
+class ReplayStoreRedis {
+    redis;
+    constructor(options) {
+        this.redis = (0, redis_js_1.createRedis)(options.redis);
+    }
+    /**
+     * Returns true if the nonce is unique within the given time frame.
+     */
+    async unique(namespace, nonce, timeFrame) {
+        const key = `nonces:${namespace}:${nonce}`;
+        const prev = await this.redis.set(key, '1', 'PX', timeFrame, 'GET');
+        return prev == null;
+    }
+}
+exports.ReplayStoreRedis = ReplayStoreRedis;
+//# sourceMappingURL=replay-store-redis.js.map