npm - @atproto/oauth-provider - Versions diffs - 0.1.0 - Mend

@atproto/oauth-provider 0.1.0

Files changed (631) hide show

package/.postcssrc.yml +3 -0
package/CHANGELOG.md +19 -0
package/LICENSE.txt +7 -0
package/dist/access-token/access-token-type.d.ts +6 -0
package/dist/access-token/access-token-type.d.ts.map +1 -0
package/dist/access-token/access-token-type.js +10 -0
package/dist/access-token/access-token-type.js.map +1 -0
package/dist/account/account-manager.d.ts +14 -0
package/dist/account/account-manager.d.ts.map +1 -0
package/dist/account/account-manager.js +39 -0
package/dist/account/account-manager.js.map +1 -0
package/dist/account/account-store.d.ts +39 -0
package/dist/account/account-store.d.ts.map +1 -0
package/dist/account/account-store.js +19 -0
package/dist/account/account-store.js.map +1 -0
package/dist/account/account.d.ts +8 -0
package/dist/account/account.d.ts.map +1 -0
package/dist/account/account.js +3 -0
package/dist/account/account.js.map +1 -0
package/dist/assets/app/bundle-manifest.json +22 -0
package/dist/assets/app/main.css +3 -0
package/dist/assets/app/main.js +20 -0
package/dist/assets/app/main.js.map +1 -0
package/dist/assets/asset.d.ts +9 -0
package/dist/assets/asset.d.ts.map +1 -0
package/dist/assets/asset.js +3 -0
package/dist/assets/asset.js.map +1 -0
package/dist/assets/assets-middleware.d.ts +2 -0
package/dist/assets/assets-middleware.d.ts.map +1 -0
package/dist/assets/assets-middleware.js +30 -0
package/dist/assets/assets-middleware.js.map +1 -0
package/dist/assets/index.d.ts +4 -0
package/dist/assets/index.d.ts.map +1 -0
package/dist/assets/index.js +65 -0
package/dist/assets/index.js.map +1 -0
package/dist/client/client-auth.d.ts +13 -0
package/dist/client/client-auth.d.ts.map +1 -0
package/dist/client/client-auth.js +35 -0
package/dist/client/client-auth.js.map +1 -0
package/dist/client/client-data.d.ts +8 -0
package/dist/client/client-data.d.ts.map +1 -0
package/dist/client/client-data.js +3 -0
package/dist/client/client-data.js.map +1 -0
package/dist/client/client-id.d.ts +4 -0
package/dist/client/client-id.d.ts.map +1 -0
package/dist/client/client-id.js +6 -0
package/dist/client/client-id.js.map +1 -0
package/dist/client/client-info.d.ts +13 -0
package/dist/client/client-info.d.ts.map +1 -0
package/dist/client/client-info.js +3 -0
package/dist/client/client-info.js.map +1 -0
package/dist/client/client-manager.d.ts +38 -0
package/dist/client/client-manager.d.ts.map +1 -0
package/dist/client/client-manager.js +534 -0
package/dist/client/client-manager.js.map +1 -0
package/dist/client/client-store.d.ts +13 -0
package/dist/client/client-store.d.ts.map +1 -0
package/dist/client/client-store.js +39 -0
package/dist/client/client-store.js.map +1 -0
package/dist/client/client-utils.d.ts +6 -0
package/dist/client/client-utils.d.ts.map +1 -0
package/dist/client/client-utils.js +40 -0
package/dist/client/client-utils.js.map +1 -0
package/dist/client/client.d.ts +41 -0
package/dist/client/client.d.ts.map +1 -0
package/dist/client/client.js +163 -0
package/dist/client/client.js.map +1 -0
package/dist/constants.d.ts +42 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +53 -0
package/dist/constants.js.map +1 -0
package/dist/device/device-data.d.ts +20 -0
package/dist/device/device-data.d.ts.map +1 -0
package/dist/device/device-data.js +11 -0
package/dist/device/device-data.js.map +1 -0
package/dist/device/device-details.d.ts +17 -0
package/dist/device/device-details.d.ts.map +1 -0
package/dist/device/device-details.js +34 -0
package/dist/device/device-details.js.map +1 -0
package/dist/device/device-id.d.ts +6 -0
package/dist/device/device-id.d.ts.map +1 -0
package/dist/device/device-id.js +18 -0
package/dist/device/device-id.js.map +1 -0
package/dist/device/device-manager.d.ts +88 -0
package/dist/device/device-manager.d.ts.map +1 -0
package/dist/device/device-manager.js +206 -0
package/dist/device/device-manager.js.map +1 -0
package/dist/device/device-store.d.ts +15 -0
package/dist/device/device-store.d.ts.map +1 -0
package/dist/device/device-store.js +36 -0
package/dist/device/device-store.js.map +1 -0
package/dist/device/session-id.d.ts +6 -0
package/dist/device/session-id.d.ts.map +1 -0
package/dist/device/session-id.js +18 -0
package/dist/device/session-id.js.map +1 -0
package/dist/dpop/dpop-manager.d.ts +33 -0
package/dist/dpop/dpop-manager.d.ts.map +1 -0
package/dist/dpop/dpop-manager.js +115 -0
package/dist/dpop/dpop-manager.js.map +1 -0
package/dist/dpop/dpop-nonce.d.ts +13 -0
package/dist/dpop/dpop-nonce.d.ts.map +1 -0
package/dist/dpop/dpop-nonce.js +94 -0
package/dist/dpop/dpop-nonce.js.map +1 -0
package/dist/errors/access-denied-error.d.ts +8 -0
package/dist/errors/access-denied-error.d.ts.map +1 -0
package/dist/errors/access-denied-error.js +21 -0
package/dist/errors/access-denied-error.js.map +1 -0
package/dist/errors/account-selection-required-error.d.ts +6 -0
package/dist/errors/account-selection-required-error.d.ts.map +1 -0
package/dist/errors/account-selection-required-error.js +11 -0
package/dist/errors/account-selection-required-error.js.map +1 -0
package/dist/errors/consent-required-error.d.ts +6 -0
package/dist/errors/consent-required-error.d.ts.map +1 -0
package/dist/errors/consent-required-error.js +11 -0
package/dist/errors/consent-required-error.js.map +1 -0
package/dist/errors/invalid-authorization-details-error.d.ts +20 -0
package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -0
package/dist/errors/invalid-authorization-details-error.js +26 -0
package/dist/errors/invalid-authorization-details-error.js.map +1 -0
package/dist/errors/invalid-client-error.d.ts +18 -0
package/dist/errors/invalid-client-error.d.ts.map +1 -0
package/dist/errors/invalid-client-error.js +24 -0
package/dist/errors/invalid-client-error.js.map +1 -0
package/dist/errors/invalid-client-id-error.d.ts +13 -0
package/dist/errors/invalid-client-id-error.d.ts.map +1 -0
package/dist/errors/invalid-client-id-error.js +25 -0
package/dist/errors/invalid-client-id-error.js.map +1 -0
package/dist/errors/invalid-client-metadata-error.d.ts +13 -0
package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -0
package/dist/errors/invalid-client-metadata-error.js +23 -0
package/dist/errors/invalid-client-metadata-error.js.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts +12 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.js +20 -0
package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -0
package/dist/errors/invalid-dpop-proof-error.d.ts +5 -0
package/dist/errors/invalid-dpop-proof-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-proof-error.js +12 -0
package/dist/errors/invalid-dpop-proof-error.js.map +1 -0
package/dist/errors/invalid-grant-error.d.ts +14 -0
package/dist/errors/invalid-grant-error.d.ts.map +1 -0
package/dist/errors/invalid-grant-error.js +20 -0
package/dist/errors/invalid-grant-error.js.map +1 -0
package/dist/errors/invalid-parameters-error.d.ts +6 -0
package/dist/errors/invalid-parameters-error.d.ts.map +1 -0
package/dist/errors/invalid-parameters-error.js +11 -0
package/dist/errors/invalid-parameters-error.js.map +1 -0
package/dist/errors/invalid-redirect-uri-error.d.ts +11 -0
package/dist/errors/invalid-redirect-uri-error.d.ts.map +1 -0
package/dist/errors/invalid-redirect-uri-error.js +21 -0
package/dist/errors/invalid-redirect-uri-error.js.map +1 -0
package/dist/errors/invalid-request-error.d.ts +28 -0
package/dist/errors/invalid-request-error.d.ts.map +1 -0
package/dist/errors/invalid-request-error.js +34 -0
package/dist/errors/invalid-request-error.js.map +1 -0
package/dist/errors/invalid-token-error.d.ts +16 -0
package/dist/errors/invalid-token-error.d.ts.map +1 -0
package/dist/errors/invalid-token-error.js +45 -0
package/dist/errors/invalid-token-error.js.map +1 -0
package/dist/errors/login-required-error.d.ts +6 -0
package/dist/errors/login-required-error.d.ts.map +1 -0
package/dist/errors/login-required-error.js +11 -0
package/dist/errors/login-required-error.js.map +1 -0
package/dist/errors/oauth-error.d.ts +13 -0
package/dist/errors/oauth-error.d.ts.map +1 -0
package/dist/errors/oauth-error.js +29 -0
package/dist/errors/oauth-error.js.map +1 -0
package/dist/errors/unauthorized-client-error.d.ts +18 -0
package/dist/errors/unauthorized-client-error.d.ts.map +1 -0
package/dist/errors/unauthorized-client-error.js +24 -0
package/dist/errors/unauthorized-client-error.js.map +1 -0
package/dist/errors/use-dpop-nonce-error.d.ts +18 -0
package/dist/errors/use-dpop-nonce-error.d.ts.map +1 -0
package/dist/errors/use-dpop-nonce-error.js +27 -0
package/dist/errors/use-dpop-nonce-error.js.map +1 -0
package/dist/errors/www-authenticate-error.d.ts +9 -0
package/dist/errors/www-authenticate-error.d.ts.map +1 -0
package/dist/errors/www-authenticate-error.js +46 -0
package/dist/errors/www-authenticate-error.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/lib/html/build-document.d.ts +32 -0
package/dist/lib/html/build-document.d.ts.map +1 -0
package/dist/lib/html/build-document.js +61 -0
package/dist/lib/html/build-document.js.map +1 -0
package/dist/lib/html/escapers.d.ts +9 -0
package/dist/lib/html/escapers.d.ts.map +1 -0
package/dist/lib/html/escapers.js +66 -0
package/dist/lib/html/escapers.js.map +1 -0
package/dist/lib/html/html.d.ts +13 -0
package/dist/lib/html/html.d.ts.map +1 -0
package/dist/lib/html/html.js +53 -0
package/dist/lib/html/html.js.map +1 -0
package/dist/lib/html/index.d.ts +4 -0
package/dist/lib/html/index.d.ts.map +1 -0
package/dist/lib/html/index.js +21 -0
package/dist/lib/html/index.js.map +1 -0
package/dist/lib/html/tags.d.ts +34 -0
package/dist/lib/html/tags.d.ts.map +1 -0
package/dist/lib/html/tags.js +47 -0
package/dist/lib/html/tags.js.map +1 -0
package/dist/lib/html/util.d.ts +4 -0
package/dist/lib/html/util.d.ts.map +1 -0
package/dist/lib/html/util.js +20 -0
package/dist/lib/html/util.js.map +1 -0
package/dist/lib/http/accept.d.ts +29 -0
package/dist/lib/http/accept.d.ts.map +1 -0
package/dist/lib/http/accept.js +67 -0
package/dist/lib/http/accept.js.map +1 -0
package/dist/lib/http/context.d.ts +5 -0
package/dist/lib/http/context.d.ts.map +1 -0
package/dist/lib/http/context.js +10 -0
package/dist/lib/http/context.js.map +1 -0
package/dist/lib/http/index.d.ts +10 -0
package/dist/lib/http/index.d.ts.map +1 -0
package/dist/lib/http/index.js +26 -0
package/dist/lib/http/index.js.map +1 -0
package/dist/lib/http/method.d.ts +6 -0
package/dist/lib/http/method.d.ts.map +1 -0
package/dist/lib/http/method.js +19 -0
package/dist/lib/http/method.js.map +1 -0
package/dist/lib/http/middleware.d.ts +18 -0
package/dist/lib/http/middleware.d.ts.map +1 -0
package/dist/lib/http/middleware.js +118 -0
package/dist/lib/http/middleware.js.map +1 -0
package/dist/lib/http/parser.d.ts +33 -0
package/dist/lib/http/parser.d.ts.map +1 -0
package/dist/lib/http/parser.js +48 -0
package/dist/lib/http/parser.js.map +1 -0
package/dist/lib/http/path.d.ts +9 -0
package/dist/lib/http/path.d.ts.map +1 -0
package/dist/lib/http/path.js +54 -0
package/dist/lib/http/path.js.map +1 -0
package/dist/lib/http/request.d.ts +33 -0
package/dist/lib/http/request.d.ts.map +1 -0
package/dist/lib/http/request.js +86 -0
package/dist/lib/http/request.js.map +1 -0
package/dist/lib/http/response.d.ts +13 -0
package/dist/lib/http/response.d.ts.map +1 -0
package/dist/lib/http/response.js +98 -0
package/dist/lib/http/response.js.map +1 -0
package/dist/lib/http/route.d.ts +25 -0
package/dist/lib/http/route.d.ts.map +1 -0
package/dist/lib/http/route.js +39 -0
package/dist/lib/http/route.js.map +1 -0
package/dist/lib/http/router.d.ts +32 -0
package/dist/lib/http/router.d.ts.map +1 -0
package/dist/lib/http/router.js +74 -0
package/dist/lib/http/router.js.map +1 -0
package/dist/lib/http/stream.d.ts +13 -0
package/dist/lib/http/stream.d.ts.map +1 -0
package/dist/lib/http/stream.js +46 -0
package/dist/lib/http/stream.js.map +1 -0
package/dist/lib/http/types.d.ts +7 -0
package/dist/lib/http/types.d.ts.map +1 -0
package/dist/lib/http/types.js +3 -0
package/dist/lib/http/types.js.map +1 -0
package/dist/lib/http/url.d.ts +8 -0
package/dist/lib/http/url.d.ts.map +1 -0
package/dist/lib/http/url.js +22 -0
package/dist/lib/http/url.js.map +1 -0
package/dist/lib/redis.d.ts +5 -0
package/dist/lib/redis.d.ts.map +1 -0
package/dist/lib/redis.js +22 -0
package/dist/lib/redis.js.map +1 -0
package/dist/lib/util/authorization-header.d.ts +4 -0
package/dist/lib/util/authorization-header.d.ts.map +1 -0
package/dist/lib/util/authorization-header.js +23 -0
package/dist/lib/util/authorization-header.js.map +1 -0
package/dist/lib/util/cast.d.ts +2 -0
package/dist/lib/util/cast.d.ts.map +1 -0
package/dist/lib/util/cast.js +10 -0
package/dist/lib/util/cast.js.map +1 -0
package/dist/lib/util/crypto.d.ts +3 -0
package/dist/lib/util/crypto.d.ts.map +1 -0
package/dist/lib/util/crypto.js +29 -0
package/dist/lib/util/crypto.js.map +1 -0
package/dist/lib/util/date.d.ts +3 -0
package/dist/lib/util/date.d.ts.map +1 -0
package/dist/lib/util/date.js +12 -0
package/dist/lib/util/date.js.map +1 -0
package/dist/lib/util/hostname.d.ts +6 -0
package/dist/lib/util/hostname.d.ts.map +1 -0
package/dist/lib/util/hostname.js +24 -0
package/dist/lib/util/hostname.js.map +1 -0
package/dist/lib/util/redirect-uri.d.ts +7 -0
package/dist/lib/util/redirect-uri.d.ts.map +1 -0
package/dist/lib/util/redirect-uri.js +44 -0
package/dist/lib/util/redirect-uri.js.map +1 -0
package/dist/lib/util/time.d.ts +6 -0
package/dist/lib/util/time.d.ts.map +1 -0
package/dist/lib/util/time.js +28 -0
package/dist/lib/util/time.js.map +1 -0
package/dist/lib/util/type.d.ts +6 -0
package/dist/lib/util/type.d.ts.map +1 -0
package/dist/lib/util/type.js +3 -0
package/dist/lib/util/type.js.map +1 -0
package/dist/lib/util/well-known.d.ts +3 -0
package/dist/lib/util/well-known.d.ts.map +1 -0
package/dist/lib/util/well-known.js +11 -0
package/dist/lib/util/well-known.js.map +1 -0
package/dist/metadata/build-metadata.d.ts +14 -0
package/dist/metadata/build-metadata.d.ts.map +1 -0
package/dist/metadata/build-metadata.js +132 -0
package/dist/metadata/build-metadata.js.map +1 -0
package/dist/oauth-client.d.ts +4 -0
package/dist/oauth-client.d.ts.map +1 -0
package/dist/oauth-client.js +19 -0
package/dist/oauth-client.js.map +1 -0
package/dist/oauth-dpop.d.ts +3 -0
package/dist/oauth-dpop.d.ts.map +1 -0
package/dist/oauth-dpop.js +19 -0
package/dist/oauth-dpop.js.map +1 -0
package/dist/oauth-errors.d.ts +20 -0
package/dist/oauth-errors.d.ts.map +1 -0
package/dist/oauth-errors.js +43 -0
package/dist/oauth-errors.js.map +1 -0
package/dist/oauth-hooks.d.ts +42 -0
package/dist/oauth-hooks.d.ts.map +1 -0
package/dist/oauth-hooks.js +3 -0
package/dist/oauth-hooks.js.map +1 -0
package/dist/oauth-provider.d.ts +179 -0
package/dist/oauth-provider.d.ts.map +1 -0
package/dist/oauth-provider.js +748 -0
package/dist/oauth-provider.js.map +1 -0
package/dist/oauth-store.d.ts +11 -0
package/dist/oauth-store.d.ts.map +1 -0
package/dist/oauth-store.js +27 -0
package/dist/oauth-store.js.map +1 -0
package/dist/oauth-verifier.d.ts +66 -0
package/dist/oauth-verifier.d.ts.map +1 -0
package/dist/oauth-verifier.js +94 -0
package/dist/oauth-verifier.js.map +1 -0
package/dist/oidc/claims.d.ts +16 -0
package/dist/oidc/claims.d.ts.map +1 -0
package/dist/oidc/claims.js +29 -0
package/dist/oidc/claims.js.map +1 -0
package/dist/oidc/sub.d.ts +4 -0
package/dist/oidc/sub.d.ts.map +1 -0
package/dist/oidc/sub.js +6 -0
package/dist/oidc/sub.js.map +1 -0
package/dist/oidc/userinfo.d.ts +7 -0
package/dist/oidc/userinfo.d.ts.map +1 -0
package/dist/oidc/userinfo.js +3 -0
package/dist/oidc/userinfo.js.map +1 -0
package/dist/output/build-error-payload.d.ts +6 -0
package/dist/output/build-error-payload.d.ts.map +1 -0
package/dist/output/build-error-payload.js +108 -0
package/dist/output/build-error-payload.js.map +1 -0
package/dist/output/customization.d.ts +37 -0
package/dist/output/customization.d.ts.map +1 -0
package/dist/output/customization.js +62 -0
package/dist/output/customization.js.map +1 -0
package/dist/output/send-authorize-page.d.ts +43 -0
package/dist/output/send-authorize-page.d.ts.map +1 -0
package/dist/output/send-authorize-page.js +49 -0
package/dist/output/send-authorize-page.js.map +1 -0
package/dist/output/send-authorize-redirect.d.ts +25 -0
package/dist/output/send-authorize-redirect.d.ts.map +1 -0
package/dist/output/send-authorize-redirect.js +72 -0
package/dist/output/send-authorize-redirect.js.map +1 -0
package/dist/output/send-error-page.d.ts +5 -0
package/dist/output/send-error-page.d.ts.map +1 -0
package/dist/output/send-error-page.js +31 -0
package/dist/output/send-error-page.js.map +1 -0
package/dist/output/send-web-page.d.ts +8 -0
package/dist/output/send-web-page.d.ts.map +1 -0
package/dist/output/send-web-page.js +48 -0
package/dist/output/send-web-page.js.map +1 -0
package/dist/parameters/claims-requested.d.ts +3 -0
package/dist/parameters/claims-requested.d.ts.map +1 -0
package/dist/parameters/claims-requested.js +77 -0
package/dist/parameters/claims-requested.js.map +1 -0
package/dist/parameters/oidc-payload.d.ts +31 -0
package/dist/parameters/oidc-payload.d.ts.map +1 -0
package/dist/parameters/oidc-payload.js +25 -0
package/dist/parameters/oidc-payload.js.map +1 -0
package/dist/replay/replay-manager.d.ts +10 -0
package/dist/replay/replay-manager.d.ts.map +1 -0
package/dist/replay/replay-manager.js +23 -0
package/dist/replay/replay-manager.js.map +1 -0
package/dist/replay/replay-store-memory.d.ts +11 -0
package/dist/replay/replay-store-memory.d.ts.map +1 -0
package/dist/replay/replay-store-memory.js +30 -0
package/dist/replay/replay-store-memory.js.map +1 -0
package/dist/replay/replay-store-redis.d.ts +16 -0
package/dist/replay/replay-store-redis.d.ts.map +1 -0
package/dist/replay/replay-store-redis.js +20 -0
package/dist/replay/replay-store-redis.js.map +1 -0
package/dist/replay/replay-store.d.ts +16 -0
package/dist/replay/replay-store.d.ts.map +1 -0
package/dist/replay/replay-store.js +22 -0
package/dist/replay/replay-store.js.map +1 -0
package/dist/request/code.d.ts +7 -0
package/dist/request/code.d.ts.map +1 -0
package/dist/request/code.js +20 -0
package/dist/request/code.js.map +1 -0
package/dist/request/request-data.d.ts +21 -0
package/dist/request/request-data.d.ts.map +1 -0
package/dist/request/request-data.js +6 -0
package/dist/request/request-data.js.map +1 -0
package/dist/request/request-id.d.ts +6 -0
package/dist/request/request-id.d.ts.map +1 -0
package/dist/request/request-id.js +18 -0
package/dist/request/request-id.js.map +1 -0
package/dist/request/request-info.d.ts +12 -0
package/dist/request/request-info.d.ts.map +1 -0
package/dist/request/request-info.js +3 -0
package/dist/request/request-info.js.map +1 -0
package/dist/request/request-manager.d.ts +40 -0
package/dist/request/request-manager.d.ts.map +1 -0
package/dist/request/request-manager.js +310 -0
package/dist/request/request-manager.js.map +1 -0
package/dist/request/request-store-memory.d.ts +16 -0
package/dist/request/request-store-memory.d.ts.map +1 -0
package/dist/request/request-store-memory.js +31 -0
package/dist/request/request-store-memory.js.map +1 -0
package/dist/request/request-store-redis.d.ts +24 -0
package/dist/request/request-store-redis.d.ts.map +1 -0
package/dist/request/request-store-redis.js +58 -0
package/dist/request/request-store-redis.js.map +1 -0
package/dist/request/request-store.d.ts +27 -0
package/dist/request/request-store.d.ts.map +1 -0
package/dist/request/request-store.js +37 -0
package/dist/request/request-store.js.map +1 -0
package/dist/request/request-uri.d.ts +8 -0
package/dist/request/request-uri.d.ts.map +1 -0
package/dist/request/request-uri.js +24 -0
package/dist/request/request-uri.js.map +1 -0
package/dist/request/types.d.ts +328 -0
package/dist/request/types.d.ts.map +1 -0
package/dist/request/types.js +27 -0
package/dist/request/types.js.map +1 -0
package/dist/signer/signed-token-payload.d.ts +1694 -0
package/dist/signer/signed-token-payload.d.ts.map +1 -0
package/dist/signer/signed-token-payload.js +32 -0
package/dist/signer/signed-token-payload.js.map +1 -0
package/dist/signer/signer.d.ts +193 -0
package/dist/signer/signer.d.ts.map +1 -0
package/dist/signer/signer.js +101 -0
package/dist/signer/signer.js.map +1 -0
package/dist/token/refresh-token.d.ts +7 -0
package/dist/token/refresh-token.d.ts.map +1 -0
package/dist/token/refresh-token.js +20 -0
package/dist/token/refresh-token.js.map +1 -0
package/dist/token/token-claims.d.ts +1687 -0
package/dist/token/token-claims.d.ts.map +1 -0
package/dist/token/token-claims.js +30 -0
package/dist/token/token-claims.js.map +1 -0
package/dist/token/token-data.d.ts +20 -0
package/dist/token/token-data.d.ts.map +1 -0
package/dist/token/token-data.js +3 -0
package/dist/token/token-data.js.map +1 -0
package/dist/token/token-id.d.ts +7 -0
package/dist/token/token-id.d.ts.map +1 -0
package/dist/token/token-id.js +20 -0
package/dist/token/token-id.js.map +1 -0
package/dist/token/token-manager.d.ts +48 -0
package/dist/token/token-manager.d.ts.map +1 -0
package/dist/token/token-manager.js +421 -0
package/dist/token/token-manager.js.map +1 -0
package/dist/token/token-store.d.ts +35 -0
package/dist/token/token-store.d.ts.map +1 -0
package/dist/token/token-store.js +38 -0
package/dist/token/token-store.js.map +1 -0
package/dist/token/types.d.ts +250 -0
package/dist/token/types.d.ts.map +1 -0
package/dist/token/types.js +36 -0
package/dist/token/types.js.map +1 -0
package/dist/token/verify-token-claims.d.ts +17 -0
package/dist/token/verify-token-claims.d.ts.map +1 -0
package/dist/token/verify-token-claims.js +39 -0
package/dist/token/verify-token-claims.js.map +1 -0
package/package.json +83 -0
package/rollup.config.js +55 -0
package/src/access-token/access-token-type.ts +5 -0
package/src/account/account-manager.ts +55 -0
package/src/account/account-store.ts +74 -0
package/src/account/account.ts +10 -0
package/src/assets/app/app.tsx +28 -0
package/src/assets/app/backend-data.ts +65 -0
package/src/assets/app/components/accept-form.tsx +112 -0
package/src/assets/app/components/account-identifier.tsx +18 -0
package/src/assets/app/components/account-picker.tsx +108 -0
package/src/assets/app/components/client-identifier.tsx +32 -0
package/src/assets/app/components/client-name.tsx +30 -0
package/src/assets/app/components/error-card.tsx +41 -0
package/src/assets/app/components/help-card.tsx +42 -0
package/src/assets/app/components/layout-title-page.tsx +43 -0
package/src/assets/app/components/layout-welcome.tsx +58 -0
package/src/assets/app/components/sign-in-form.tsx +290 -0
package/src/assets/app/components/sign-up-account-form.tsx +210 -0
package/src/assets/app/components/sign-up-disclaimer.tsx +44 -0
package/src/assets/app/components/url-viewer.tsx +70 -0
package/src/assets/app/cookies.ts +11 -0
package/src/assets/app/hooks/use-api.ts +104 -0
package/src/assets/app/hooks/use-bound-dispatch.ts +5 -0
package/src/assets/app/hooks/use-csrf-token.ts +5 -0
package/src/assets/app/lib/api.ts +64 -0
package/src/assets/app/lib/clsx.ts +4 -0
package/src/assets/app/lib/util.ts +10 -0
package/src/assets/app/main.css +11 -0
package/src/assets/app/main.tsx +28 -0
package/src/assets/app/views/accept-view.tsx +51 -0
package/src/assets/app/views/authorize-view.tsx +101 -0
package/src/assets/app/views/error-view.tsx +27 -0
package/src/assets/app/views/sign-in-view.tsx +121 -0
package/src/assets/app/views/sign-up-view.tsx +93 -0
package/src/assets/app/views/welcome-view.tsx +61 -0
package/src/assets/asset.ts +8 -0
package/src/assets/assets-middleware.ts +32 -0
package/src/assets/index.ts +74 -0
package/src/client/client-auth.ts +45 -0
package/src/client/client-data.ts +9 -0
package/src/client/client-id.ts +4 -0
package/src/client/client-info.ts +13 -0
package/src/client/client-manager.ts +818 -0
package/src/client/client-store.ts +38 -0
package/src/client/client-utils.ts +43 -0
package/src/client/client.ts +231 -0
package/src/constants.ts +69 -0
package/src/device/device-data.ts +11 -0
package/src/device/device-details.ts +43 -0
package/src/device/device-id.ts +23 -0
package/src/device/device-manager.ts +287 -0
package/src/device/device-store.ts +35 -0
package/src/device/session-id.ts +22 -0
package/src/dpop/dpop-manager.ts +147 -0
package/src/dpop/dpop-nonce.ts +104 -0
package/src/errors/access-denied-error.ts +26 -0
package/src/errors/account-selection-required-error.ts +12 -0
package/src/errors/consent-required-error.ts +12 -0
package/src/errors/invalid-authorization-details-error.ts +22 -0
package/src/errors/invalid-client-error.ts +20 -0
package/src/errors/invalid-client-id-error.ts +20 -0
package/src/errors/invalid-client-metadata-error.ts +19 -0
package/src/errors/invalid-dpop-key-binding-error.ts +21 -0
package/src/errors/invalid-dpop-proof-error.ts +13 -0
package/src/errors/invalid-grant-error.ts +16 -0
package/src/errors/invalid-parameters-error.ts +12 -0
package/src/errors/invalid-redirect-uri-error.ts +17 -0
package/src/errors/invalid-request-error.ts +30 -0
package/src/errors/invalid-token-error.ts +59 -0
package/src/errors/login-required-error.ts +12 -0
package/src/errors/oauth-error.ts +28 -0
package/src/errors/unauthorized-client-error.ts +20 -0
package/src/errors/use-dpop-nonce-error.ts +32 -0
package/src/errors/www-authenticate-error.ts +65 -0
package/src/index.ts +15 -0
package/src/lib/html/README.md +9 -0
package/src/lib/html/build-document.ts +98 -0
package/src/lib/html/escapers.ts +66 -0
package/src/lib/html/html.ts +61 -0
package/src/lib/html/index.ts +5 -0
package/src/lib/html/tags.ts +58 -0
package/src/lib/html/util.ts +21 -0
package/src/lib/http/README.md +11 -0
package/src/lib/http/accept.ts +91 -0
package/src/lib/http/context.ts +11 -0
package/src/lib/http/index.ts +9 -0
package/src/lib/http/method.ts +18 -0
package/src/lib/http/middleware.ts +183 -0
package/src/lib/http/parser.ts +64 -0
package/src/lib/http/path.ts +82 -0
package/src/lib/http/request.ts +141 -0
package/src/lib/http/response.ts +133 -0
package/src/lib/http/route.ts +56 -0
package/src/lib/http/router.ts +118 -0
package/src/lib/http/stream.ts +78 -0
package/src/lib/http/types.ts +22 -0
package/src/lib/http/url.ts +23 -0
package/src/lib/redis.ts +23 -0
package/src/lib/util/authorization-header.ts +26 -0
package/src/lib/util/cast.ts +4 -0
package/src/lib/util/crypto.ts +27 -0
package/src/lib/util/date.ts +7 -0
package/src/lib/util/hostname.ts +19 -0
package/src/lib/util/redirect-uri.ts +46 -0
package/src/lib/util/time.ts +33 -0
package/src/lib/util/type.ts +4 -0
package/src/lib/util/well-known.ts +8 -0
package/src/metadata/build-metadata.ts +165 -0
package/src/oauth-client.ts +3 -0
package/src/oauth-dpop.ts +2 -0
package/src/oauth-errors.ts +21 -0
package/src/oauth-hooks.ts +66 -0
package/src/oauth-provider.ts +1409 -0
package/src/oauth-store.ts +11 -0
package/src/oauth-verifier.ts +219 -0
package/src/oidc/claims.ts +35 -0
package/src/oidc/sub.ts +4 -0
package/src/oidc/userinfo.ts +11 -0
package/src/output/build-error-payload.ts +143 -0
package/src/output/customization.ts +96 -0
package/src/output/send-authorize-page.ts +111 -0
package/src/output/send-authorize-redirect.ts +130 -0
package/src/output/send-error-page.ts +41 -0
package/src/output/send-web-page.ts +66 -0
package/src/parameters/claims-requested.ts +106 -0
package/src/parameters/oidc-payload.ts +28 -0
package/src/replay/replay-manager.ts +38 -0
package/src/replay/replay-store-memory.ts +36 -0
package/src/replay/replay-store-redis.ts +31 -0
package/src/replay/replay-store.ts +44 -0
package/src/request/code.ts +24 -0
package/src/request/request-data.ts +26 -0
package/src/request/request-id.ts +23 -0
package/src/request/request-info.ts +12 -0
package/src/request/request-manager.ts +479 -0
package/src/request/request-store-memory.ts +39 -0
package/src/request/request-store-redis.ts +71 -0
package/src/request/request-store.ts +54 -0
package/src/request/request-uri.ts +29 -0
package/src/request/types.ts +48 -0
package/src/signer/signed-token-payload.ts +35 -0
package/src/signer/signer.ts +165 -0
package/src/token/refresh-token.ts +31 -0
package/src/token/token-claims.ts +31 -0
package/src/token/token-data.ts +33 -0
package/src/token/token-id.ts +26 -0
package/src/token/token-manager.ts +591 -0
package/src/token/token-store.ts +78 -0
package/src/token/types.ts +86 -0
package/src/token/verify-token-claims.ts +65 -0
package/tailwind.config.js +13 -0
package/tsconfig.backend.json +9 -0
package/tsconfig.frontend.json +11 -0
package/tsconfig.json +8 -0
package/tsconfig.tools.json +8 -0

package/src/request/types.ts ADDED Viewed

@@ -0,0 +1,48 @@
+import { signedJwtSchema, unsignedJwtSchema } from '@atproto/jwk'
+import {
+  oauthAuthenticationRequestParametersSchema,
+  oauthClientIdentificationSchema,
+} from '@atproto/oauth-types'
+import { z } from 'zod'
+import { requestUriSchema } from './request-uri.js'
+export const authorizationRequestJarSchema = z.object({
+  /**
+   * AuthorizationRequest inside a JWT:
+   * - "iat" is required and **MUST** be less than one minute
+   *
+   * @see {@link https://datatracker.ietf.org/doc/html/rfc9101}
+   */
+  request: z.union([signedJwtSchema, unsignedJwtSchema]),
+})
+export type AuthorizationRequestJar = z.infer<
+  typeof authorizationRequestJarSchema
+>
+export const pushedAuthorizationRequestSchema = z.intersection(
+  oauthClientIdentificationSchema,
+  z.union([
+    oauthAuthenticationRequestParametersSchema,
+    authorizationRequestJarSchema,
+    //
+  ]),
+)
+export type PushedAuthorizationRequest = z.infer<
+  typeof pushedAuthorizationRequestSchema
+>
+export const authorizationRequestQuerySchema = z.intersection(
+  oauthClientIdentificationSchema,
+  z.union([
+    oauthAuthenticationRequestParametersSchema,
+    authorizationRequestJarSchema,
+    z.object({ request_uri: requestUriSchema }),
+  ]),
+)
+export type AuthorizationRequestQuery = z.infer<
+  typeof authorizationRequestQuerySchema
+>

package/src/signer/signed-token-payload.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { jwtPayloadSchema } from '@atproto/jwk'
+import z from 'zod'
+import { clientIdSchema } from '../client/client-id.js'
+import { Simplify } from '../lib/util/type.js'
+import { subSchema } from '../oidc/sub.js'
+import { tokenIdSchema } from '../token/token-id.js'
+export const signedTokenPayloadSchema = z.intersection(
+  jwtPayloadSchema
+    .pick({
+      exp: true,
+      iat: true,
+      iss: true,
+      aud: true,
+    })
+    .required(),
+  jwtPayloadSchema
+    .omit({
+      exp: true,
+      iat: true,
+      iss: true,
+      aud: true,
+    })
+    .partial()
+    .extend({
+      jti: tokenIdSchema,
+      sub: subSchema,
+      client_id: clientIdSchema,
+    }),
+)
+export type SignedTokenPayload = Simplify<
+  z.infer<typeof signedTokenPayloadSchema>
+>

package/src/signer/signer.ts ADDED Viewed

@@ -0,0 +1,165 @@
+import { randomBytes } from 'node:crypto'
+import {
+  JwtPayload,
+  JwtPayloadGetter,
+  JwtSignHeader,
+  Keyset,
+  SignedJwt,
+  VerifyOptions,
+} from '@atproto/jwk'
+import {
+  OAuthAuthenticationRequestParameters,
+  OAuthAuthorizationDetails,
+} from '@atproto/oauth-types'
+import { generate as hash } from 'oidc-token-hash'
+import { Account } from '../account/account.js'
+import { Client } from '../client/client.js'
+import { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'
+import { dateToEpoch } from '../lib/util/date.js'
+import { claimRequested } from '../parameters/claims-requested.js'
+import { oidcPayload } from '../parameters/oidc-payload.js'
+import { TokenId } from '../token/token-id.js'
+import {
+  SignedTokenPayload,
+  signedTokenPayloadSchema,
+} from './signed-token-payload.js'
+export type SignPayload = Omit<JwtPayload, 'iss'>
+export class Signer {
+  constructor(
+    public readonly issuer: string,
+    public readonly keyset: Keyset,
+  ) {}
+  async verify<P extends Record<string, unknown> = JwtPayload>(
+    token: SignedJwt,
+    options?: Omit<VerifyOptions, 'issuer'>,
+  ) {
+    return this.keyset.verifyJwt<P>(token, {
+      ...options,
+      issuer: [this.issuer],
+    })
+  }
+  public async sign(
+    signHeader: JwtSignHeader,
+    payload: SignPayload | JwtPayloadGetter<SignPayload>,
+  ): Promise<SignedJwt> {
+    return this.keyset.createJwt(signHeader, async (protectedHeader, key) => ({
+      ...(typeof payload === 'function'
+        ? await payload(protectedHeader, key)
+        : payload),
+      iss: this.issuer,
+    }))
+  }
+  async accessToken(
+    client: Client,
+    parameters: OAuthAuthenticationRequestParameters,
+    account: Account,
+    extra: {
+      jti: TokenId
+      exp: Date
+      iat?: Date
+      alg?: string
+      cnf?: Record<string, string>
+      authorization_details?: OAuthAuthorizationDetails
+    },
+  ): Promise<SignedJwt> {
+    const header: JwtSignHeader = {
+      // https://datatracker.ietf.org/doc/html/rfc9068#section-2.1
+      alg: extra.alg,
+      typ: 'at+jwt',
+    }
+    const payload: Omit<SignedTokenPayload, 'iss'> = {
+      aud: account.aud,
+      iat: dateToEpoch(extra?.iat),
+      exp: dateToEpoch(extra.exp),
+      sub: account.sub,
+      jti: extra.jti,
+      cnf: extra.cnf,
+      // https://datatracker.ietf.org/doc/html/rfc8693#section-4.3
+      client_id: client.id,
+      scope: parameters.scope || client.metadata.scope,
+      authorization_details: extra.authorization_details,
+    }
+    return this.sign(header, payload)
+  }
+  async verifyAccessToken(token: SignedJwt) {
+    const result = await this.verify<SignedTokenPayload>(token, {
+      typ: 'at+jwt',
+    })
+    // The result is already type casted as an AccessTokenPayload, but we need
+    // to actually verify this. That should already be covered by the fact that
+    // we don't sign 'at+jwt' tokens without a valid token ID. Let's double
+    // check in case another version/implementation was used to generate the
+    // token.
+    signedTokenPayloadSchema.parse(result.payload)
+    return result
+  }
+  async idToken(
+    client: Client,
+    params: OAuthAuthenticationRequestParameters,
+    account: Account,
+    extra: {
+      exp: Date
+      iat?: Date
+      auth_time?: Date
+      code?: string
+      access_token?: string
+    },
+  ): Promise<SignedJwt> {
+    // This can happen when a client is using password_grant. If a client is
+    // using password_grant, it should not set "require_auth_time" to true.
+    if (client.metadata.require_auth_time && extra.auth_time == null) {
+      throw new InvalidClientMetadataError(
+        '"require_auth_time" metadata is not compatible with "password_grant" flow',
+      )
+    }
+    return this.sign(
+      {
+        alg: client.metadata.id_token_signed_response_alg,
+        typ: 'JWT',
+      },
+      async ({ alg }, key) => ({
+        ...oidcPayload(params, account),
+        aud: client.id,
+        iat: dateToEpoch(extra.iat),
+        exp: dateToEpoch(extra.exp),
+        sub: account.sub,
+        jti: randomBytes(16).toString('hex'),
+        scope: params.scope,
+        nonce: params.nonce,
+        s_hash: params.state //
+          ? await hash(params.state, alg, key.crv)
+          : undefined,
+        c_hash: extra.code //
+          ? await hash(extra.code, alg, key.crv)
+          : undefined,
+        at_hash: extra.access_token //
+          ? await hash(extra.access_token, alg, key.crv)
+          : undefined,
+        // https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2
+        auth_time:
+          client.metadata.require_auth_time ||
+          (extra.auth_time != null && params.max_age != null) ||
+          claimRequested(params, 'id_token', 'auth_time', extra.auth_time)
+            ? dateToEpoch(extra.auth_time!)
+            : undefined,
+      }),
+    )
+  }
+}

package/src/token/refresh-token.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { z } from 'zod'
+import {
+  REFRESH_TOKEN_BYTES_LENGTH,
+  REFRESH_TOKEN_PREFIX,
+} from '../constants.js'
+import { randomHexId } from '../lib/util/crypto.js'
+export const REFRESH_TOKEN_LENGTH =
+  REFRESH_TOKEN_PREFIX.length + REFRESH_TOKEN_BYTES_LENGTH * 2 // hex encoding
+export const refreshTokenSchema = z
+  .string()
+  .length(REFRESH_TOKEN_LENGTH)
+  .refine(
+    (v): v is `${typeof REFRESH_TOKEN_PREFIX}${string}` =>
+      v.startsWith(REFRESH_TOKEN_PREFIX),
+    {
+      message: `Invalid refresh token format`,
+    },
+  )
+export const isRefreshToken = (data: unknown): data is RefreshToken =>
+  refreshTokenSchema.safeParse(data).success
+export type RefreshToken = z.infer<typeof refreshTokenSchema>
+export const generateRefreshToken = async (): Promise<RefreshToken> => {
+  return `${REFRESH_TOKEN_PREFIX}${await randomHexId(
+    REFRESH_TOKEN_BYTES_LENGTH,
+  )}`
+}

package/src/token/token-claims.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { jwtPayloadSchema } from '@atproto/jwk'
+import z from 'zod'
+import { clientIdSchema } from '../client/client-id.js'
+import { Simplify } from '../lib/util/type.js'
+import { subSchema } from '../oidc/sub.js'
+export const tokenClaimsSchema = z.intersection(
+  jwtPayloadSchema
+    .pick({
+      iat: true,
+      exp: true,
+      aud: true,
+    })
+    .required(),
+  jwtPayloadSchema
+    .omit({
+      exp: true,
+      iat: true,
+      iss: true,
+      aud: true,
+      jti: true,
+    })
+    .partial()
+    .extend({
+      sub: subSchema,
+      client_id: clientIdSchema,
+    }),
+)
+export type TokenClaims = Simplify<z.infer<typeof tokenClaimsSchema>>

package/src/token/token-data.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import {
+  OAuthAuthenticationRequestParameters,
+  OAuthAuthorizationDetails,
+} from '@atproto/oauth-types'
+import { ClientAuth } from '../client/client-auth.js'
+import { ClientId } from '../client/client-id.js'
+import { DeviceId } from '../device/device-id.js'
+import { Sub } from '../oidc/sub.js'
+import { Code } from '../request/code.js'
+export type {
+  ClientAuth,
+  ClientId,
+  Code,
+  DeviceId,
+  OAuthAuthenticationRequestParameters,
+  OAuthAuthorizationDetails,
+  Sub,
+}
+export type TokenData = {
+  createdAt: Date
+  updatedAt: Date
+  expiresAt: Date
+  clientId: ClientId
+  clientAuth: ClientAuth
+  deviceId: DeviceId | null
+  sub: Sub
+  parameters: OAuthAuthenticationRequestParameters
+  details: OAuthAuthorizationDetails | null
+  code: Code | null
+}

package/src/token/token-id.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { z } from 'zod'
+import { TOKEN_ID_BYTES_LENGTH, TOKEN_ID_PREFIX } from '../constants.js'
+import { randomHexId } from '../lib/util/crypto.js'
+export const TOKEN_ID_LENGTH =
+  TOKEN_ID_PREFIX.length + TOKEN_ID_BYTES_LENGTH * 2 // hex encoding
+export const tokenIdSchema = z
+  .string()
+  .length(TOKEN_ID_LENGTH)
+  .refine(
+    (v): v is `${typeof TOKEN_ID_PREFIX}${string}` =>
+      v.startsWith(TOKEN_ID_PREFIX),
+    {
+      message: `Invalid token ID format`,
+    },
+  )
+export type TokenId = z.infer<typeof tokenIdSchema>
+export const generateTokenId = async (): Promise<TokenId> => {
+  return `${TOKEN_ID_PREFIX}${await randomHexId(TOKEN_ID_BYTES_LENGTH)}`
+}
+export const isTokenId = (data: unknown): data is TokenId =>
+  tokenIdSchema.safeParse(data).success