@atproto/oauth-provider 0.1.0

package/dist/assets/asset.d.ts

@@ -0,0 +1,9 @@
+/// <reference types="node" />
+import type { Readable } from 'node:stream';
+export type Asset = {
+    url: string;
+    type?: string;
+    sha256: string;
+    createStream: () => Readable;
+};
+//# sourceMappingURL=asset.d.ts.map

package/dist/assets/asset.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"asset.d.ts","sourceRoot":"","sources":["../../src/assets/asset.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAE3C,MAAM,MAAM,KAAK,GAAG;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,QAAQ,CAAA;CAC7B,CAAA"}

package/dist/assets/asset.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=asset.js.map

package/dist/assets/asset.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"asset.js","sourceRoot":"","sources":["../../src/assets/asset.ts"],"names":[],"mappings":""}

package/dist/assets/assets-middleware.d.ts

@@ -0,0 +1,2 @@
+export declare function authorizeAssetsMiddleware(): (req: any, res: any, next: any) => Promise<void>;
+//# sourceMappingURL=assets-middleware.d.ts.map

package/dist/assets/assets-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets-middleware.d.ts","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":"AAIA,wBAAgB,yBAAyB,uCACiB,QAAQ,IAAI,CAAC,CA0BtE"}

package/dist/assets/assets-middleware.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizeAssetsMiddleware = void 0;
+const index_js_1 = require("../lib/http/index.js");
+const index_js_2 = require("./index.js");
+function authorizeAssetsMiddleware() {
+    return async function assetsMiddleware(req, res, next) {
+        if (req.method !== 'GET' && req.method !== 'HEAD')
+            return next();
+        if (!req.url?.startsWith(index_js_2.ASSETS_URL_PREFIX))
+            return next();
+        const [pathname, query] = req.url.split('?', 2);
+        const filename = pathname.slice(index_js_2.ASSETS_URL_PREFIX.length);
+        if (!filename)
+            return next();
+        const asset = await (0, index_js_2.getAsset)(filename).catch(() => null);
+        if (!asset)
+            return next();
+        if (req.headers['if-none-match'] === asset.sha256) {
+            return void res.writeHead(304).end();
+        }
+        res.setHeader('ETag', asset.sha256);
+        if (query === asset.sha256) {
+            res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
+        }
+        await (0, index_js_1.writeStream)(res, asset.createStream(), asset.type);
+    };
+}
+exports.authorizeAssetsMiddleware = authorizeAssetsMiddleware;
+//# sourceMappingURL=assets-middleware.js.map

package/dist/assets/assets-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets-middleware.js","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":";;;AAAA,mDAAkD;AAElD,yCAAwD;AAExD,SAAgB,yBAAyB;IACvC,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,4BAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAG7C,CAAA;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,4BAAiB,CAAC,MAAM,CAAC,CAAA;QACzD,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QAEnC,IAAI,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAC3B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,YAAY,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;IAC1D,CAAC,CAAA;AACH,CAAC;AA3BD,8DA2BC"}

package/dist/assets/index.d.ts

@@ -0,0 +1,4 @@
+import { Asset } from './asset';
+export declare const ASSETS_URL_PREFIX = "/@atproto/oauth-provider/~assets/";
+export declare function getAsset(inputFilename: string): Promise<Asset>;
+//# sourceMappingURL=index.d.ts.map

package/dist/assets/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAM/B,eAAO,MAAM,iBAAiB,sCAAsC,CAAA;AAEpE,wBAAsB,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAmCpE"}

package/dist/assets/index.js

@@ -0,0 +1,65 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAsset = exports.ASSETS_URL_PREFIX = void 0;
+// If this library is used as a regular dependency (e.g. from node_modules), the
+// assets will simply be referenced from the node_modules directory. However, if
+// this library is bundled (e.g. via rollup), the assets need to be copied to
+// the output directory. Most bundlers support this (webpack, rollup, etc.) by
+// re-writing new URL('./path', import.meta.url) calls to point to the correct
+// output directory.
+//
+// https://github.com/evanw/esbuild/issues/795
+// https://www.npmjs.com/package/@web/rollup-plugin-import-meta-assets
+// Note that the bundle-manifest, being a JSON file, can be imported directly
+// without any special handling. This is because all bundlers support JSON
+// imports out of the box.
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const node_stream_1 = require("node:stream");
+// @ts-expect-error: This file is generated at build time
+const bundle_manifest_json_1 = __importDefault(require("./app/bundle-manifest.json"));
+const appBundleManifest = new Map(Object.entries(bundle_manifest_json_1.default));
+exports.ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/';
+async function getAsset(inputFilename) {
+    const filename = node_path_1.posix.normalize(inputFilename);
+    if (filename.startsWith('/') || // Prevent absolute paths
+        filename.startsWith('../') || // Prevent directory traversal attacks
+        /[<>:"|?*\\]/.test(filename) // Windows disallowed characters
+    ) {
+        throw new AssetNotFoundError(filename);
+    }
+    const manifest = appBundleManifest.get(filename);
+    if (!manifest)
+        throw new AssetNotFoundError(filename);
+    // When this package is used as a regular "node_modules" dependency, and gets
+    // bundled by the consumer, the assets should be copied to the bundle's output
+    // directory. In case the bundler does not support copying assets from the
+    // "dist/assets/app" folder, this package's build system can be modified to
+    // embed the asset data directly into the bundle-manifest.json (see the `data`
+    // option of "@atproto-labs/rollup-plugin-bundle-manifest" in rollup.config.js).
+    const { data } = manifest;
+    return {
+        url: node_path_1.posix.join(exports.ASSETS_URL_PREFIX, filename),
+        type: manifest.mime,
+        sha256: manifest.sha256,
+        createStream: data
+            ? () => node_stream_1.Readable.from(Buffer.from(data, 'base64'))
+            : () => 
+            // ESM version:
+            // createReadStream(new URL(`./app/${filename}`, import.meta.url))
+            // CJS version:
+            (0, node_fs_1.createReadStream)((0, node_path_1.join)(__dirname, './app', filename)),
+    };
+}
+exports.getAsset = getAsset;
+class AssetNotFoundError extends Error {
+    code = 'ENOENT';
+    statusCode = 404;
+    constructor(filename) {
+        super(`Asset not found: ${filename}`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/assets/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":";;;;;;AAEA,gFAAgF;AAChF,gFAAgF;AAChF,6EAA6E;AAC7E,8EAA8E;AAC9E,8EAA8E;AAC9E,oBAAoB;AACpB,EAAE;AACF,8CAA8C;AAC9C,sEAAsE;AAEtE,6EAA6E;AAC7E,0EAA0E;AAC1E,0BAA0B;AAE1B,qCAA0C;AAC1C,yCAAuC;AACvC,6CAAsC;AAEtC,yDAAyD;AACzD,sFAA8D;AAG9D,MAAM,iBAAiB,GAA8B,IAAI,GAAG,CAC1D,MAAM,CAAC,OAAO,CAAC,8BAAqB,CAAC,CACtC,CAAA;AAEY,QAAA,iBAAiB,GAAG,mCAAmC,CAAA;AAE7D,KAAK,UAAU,QAAQ,CAAC,aAAqB;IAClD,MAAM,QAAQ,GAAG,iBAAK,CAAC,SAAS,CAAC,aAAa,CAAC,CAAA;IAE/C,IACE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,yBAAyB;QACrD,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,sCAAsC;QACpE,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,gCAAgC;MAC7D,CAAC;QACD,MAAM,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAA;IACxC,CAAC;IAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IAChD,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAA;IAErD,6EAA6E;IAC7E,8EAA8E;IAC9E,0EAA0E;IAC1E,2EAA2E;IAC3E,8EAA8E;IAC9E,gFAAgF;IAEhF,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAA;IAEzB,OAAO;QACL,GAAG,EAAE,iBAAK,CAAC,IAAI,CAAC,yBAAiB,EAAE,QAAQ,CAAC;QAC5C,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,YAAY,EAAE,IAAI;YAChB,CAAC,CAAC,GAAG,EAAE,CAAC,sBAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YAClD,CAAC,CAAC,GAAG,EAAE;YACH,eAAe;YACf,kEAAkE;YAClE,eAAe;YACf,IAAA,0BAAgB,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;KAC3D,CAAA;AACH,CAAC;AAnCD,4BAmCC;AAED,MAAM,kBAAmB,SAAQ,KAAK;IACpB,IAAI,GAAG,QAAQ,CAAA;IACf,UAAU,GAAG,GAAG,CAAA;IAChC,YAAY,QAAgB;QAC1B,KAAK,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAA;IACvC,CAAC;CACF"}

package/dist/client/client-auth.d.ts

@@ -0,0 +1,13 @@
+import { CLIENT_ASSERTION_TYPE_JWT_BEARER } from '@atproto/oauth-types';
+import { KeyLike } from 'jose';
+export type ClientAuth = {
+    method: 'none';
+} | {
+    method: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER;
+    alg: string;
+    kid: string;
+    jkt: string;
+};
+export declare function compareClientAuth(a: ClientAuth, b: ClientAuth): boolean;
+export declare function authJwkThumbprint(key: Uint8Array | KeyLike): Promise<string>;
+//# sourceMappingURL=client-auth.d.ts.map

package/dist/client/client-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-auth.d.ts","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,sBAAsB,CAAA;AACvE,OAAO,EAAE,OAAO,EAAqC,MAAM,MAAM,CAAA;AAKjE,MAAM,MAAM,UAAU,GAClB;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IACE,MAAM,EAAE,OAAO,gCAAgC,CAAA;IAC/C,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAEL,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAevE;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,UAAU,GAAG,OAAO,GACxB,OAAO,CAAC,MAAM,CAAC,CAUjB"}

package/dist/client/client-auth.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authJwkThumbprint = exports.compareClientAuth = void 0;
+const oauth_types_1 = require("@atproto/oauth-types");
+const jose_1 = require("jose");
+const errors_1 = require("jose/errors");
+const invalid_client_error_js_1 = require("../errors/invalid-client-error.js");
+function compareClientAuth(a, b) {
+    if (a.method === 'none') {
+        if (b.method !== a.method)
+            return false;
+        return true;
+    }
+    if (a.method === oauth_types_1.CLIENT_ASSERTION_TYPE_JWT_BEARER) {
+        if (b.method !== a.method)
+            return false;
+        return true;
+    }
+    // Fool-proof
+    throw new TypeError('Invalid ClientAuth method');
+}
+exports.compareClientAuth = compareClientAuth;
+async function authJwkThumbprint(key) {
+    try {
+        return await (0, jose_1.calculateJwkThumbprint)(await (0, jose_1.exportJWK)(key), 'sha512');
+    }
+    catch (err) {
+        const message = err instanceof errors_1.JOSEError
+            ? err.message
+            : 'Failed to compute JWK thumbprint';
+        throw new invalid_client_error_js_1.InvalidClientError(message, err);
+    }
+}
+exports.authJwkThumbprint = authJwkThumbprint;
+//# sourceMappingURL=client-auth.js.map

package/dist/client/client-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-auth.js","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":";;;AAAA,sDAAuE;AACvE,+BAAiE;AACjE,wCAAuC;AAEvC,+EAAsE;AAWtE,SAAgB,iBAAiB,CAAC,CAAa,EAAE,CAAa;IAC5D,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAEvC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,8CAAgC,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAEvC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,aAAa;IACb,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAA;AAClD,CAAC;AAfD,8CAeC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,6BAAsB,EAAC,MAAM,IAAA,gBAAS,EAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GACX,GAAG,YAAY,kBAAS;YACtB,CAAC,CAAC,GAAG,CAAC,OAAO;YACb,CAAC,CAAC,kCAAkC,CAAA;QACxC,MAAM,IAAI,4CAAkB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC;AACH,CAAC;AAZD,8CAYC"}

package/dist/client/client-data.d.ts

@@ -0,0 +1,8 @@
+import { Jwks } from '@atproto/jwk';
+import { OAuthClientMetadata } from '@atproto/oauth-types';
+export type { OAuthClientMetadata };
+export type ClientData = {
+    metadata: OAuthClientMetadata;
+    jwks?: Jwks;
+};
+//# sourceMappingURL=client-data.d.ts.map

package/dist/client/client-data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-data.d.ts","sourceRoot":"","sources":["../../src/client/client-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAE1D,YAAY,EAAE,mBAAmB,EAAE,CAAA;AAEnC,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,mBAAmB,CAAA;IAC7B,IAAI,CAAC,EAAE,IAAI,CAAA;CACZ,CAAA"}

package/dist/client/client-data.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=client-data.js.map

package/dist/client/client-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-data.js","sourceRoot":"","sources":["../../src/client/client-data.ts"],"names":[],"mappings":""}

package/dist/client/client-id.d.ts

@@ -0,0 +1,4 @@
+import { OAuthClientId } from '@atproto/oauth-types';
+export type ClientId = OAuthClientId;
+export declare const clientIdSchema: import("zod").ZodString;
+//# sourceMappingURL=client-id.d.ts.map

package/dist/client/client-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-id.d.ts","sourceRoot":"","sources":["../../src/client/client-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAuB,MAAM,sBAAsB,CAAA;AAEzE,MAAM,MAAM,QAAQ,GAAG,aAAa,CAAA;AACpC,eAAO,MAAM,cAAc,yBAAsB,CAAA"}

package/dist/client/client-id.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clientIdSchema = void 0;
+const oauth_types_1 = require("@atproto/oauth-types");
+exports.clientIdSchema = oauth_types_1.oauthClientIdSchema;
+//# sourceMappingURL=client-id.js.map

package/dist/client/client-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-id.js","sourceRoot":"","sources":["../../src/client/client-id.ts"],"names":[],"mappings":";;;AAAA,sDAAyE;AAG5D,QAAA,cAAc,GAAG,iCAAmB,CAAA"}

package/dist/client/client-info.d.ts

@@ -0,0 +1,13 @@
+export type ClientInfo = {
+    /**
+     * Defaults to `false`
+     */
+    isFirstParty: boolean;
+    /**
+     * Defaults to `true` if the client is isFirstParty, or if the client was
+     * loaded from the store. (i.e. false in case of "loopback" & "discoverable"
+     * clients)
+     */
+    isTrusted: boolean;
+};
+//# sourceMappingURL=client-info.d.ts.map

package/dist/client/client-info.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.d.ts","sourceRoot":"","sources":["../../src/client/client-info.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,YAAY,EAAE,OAAO,CAAA;IAErB;;;;OAIG;IACH,SAAS,EAAE,OAAO,CAAA;CACnB,CAAA"}

package/dist/client/client-info.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=client-info.js.map

package/dist/client/client-info.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.js","sourceRoot":"","sources":["../../src/client/client-info.ts"],"names":[],"mappings":""}

package/dist/client/client-manager.d.ts

@@ -0,0 +1,38 @@
+import { Fetch } from '@atproto-labs/fetch';
+import { CachedGetter, SimpleStore } from '@atproto-labs/simple-store';
+import { Jwks, Keyset } from '@atproto/jwk';
+import { OAuthClientIdDiscoverable, OAuthClientIdLoopback, OAuthClientMetadata, OAuthClientMetadataInput } from '@atproto/oauth-types';
+import { Awaitable } from '../lib/util/type.js';
+import { OAuthHooks } from '../oauth-hooks.js';
+import { ClientId } from './client-id.js';
+import { ClientStore } from './client-store.js';
+import { Client } from './client.js';
+export type LoopbackMetadataGetter = (url: string) => Awaitable<OAuthClientMetadataInput>;
+export declare class ClientManager {
+    protected readonly keyset: Keyset;
+    protected readonly hooks: OAuthHooks;
+    protected readonly store: ClientStore | null;
+    protected readonly loopbackMetadata: LoopbackMetadataGetter | null;
+    protected readonly jwks: CachedGetter<string, Jwks>;
+    protected readonly metadata: CachedGetter<string, OAuthClientMetadata>;
+    constructor(keyset: Keyset, hooks: OAuthHooks, store: ClientStore | null, loopbackMetadata: LoopbackMetadataGetter | null, safeFetch: Fetch, clientJwksCache: SimpleStore<string, Jwks>, clientMetadataCache: SimpleStore<string, OAuthClientMetadata>);
+    /**
+     *
+     * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2 OIDC Client Registration}
+     */
+    getClient(clientId: string): Promise<Client>;
+    protected getClientMetadata(clientId: ClientId): Promise<OAuthClientMetadata>;
+    protected getLoopbackClientMetadata(clientId: OAuthClientIdLoopback): Promise<OAuthClientMetadata>;
+    protected getDiscoverableClientMetadata(clientId: OAuthClientIdDiscoverable): Promise<OAuthClientMetadata>;
+    protected getStoredClientMetadata(clientId: ClientId): Promise<OAuthClientMetadata>;
+    /**
+     * This method will ensure that the client metadata is valid w.r.t. the OAuth
+     * and OIDC specifications. It will also ensure that the metadata is
+     * compatible with the implementation of this library, and ATPROTO's
+     * requirements.
+     */
+    protected validateClientMetadata(clientId: ClientId, metadata: OAuthClientMetadata): OAuthClientMetadata;
+    validateLoopbackClientMetadata(clientId: OAuthClientIdLoopback, metadata: OAuthClientMetadata): OAuthClientMetadata;
+    validateDiscoverableClientMetadata(clientId: OAuthClientIdDiscoverable, metadata: OAuthClientMetadata): OAuthClientMetadata;
+}
+//# sourceMappingURL=client-manager.d.ts.map

package/dist/client/client-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-manager.d.ts","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,EAIN,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,YAAY,EAEZ,WAAW,EACZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,IAAI,EAAc,MAAM,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EAML,yBAAyB,EACzB,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,sBAAsB,CAAA;AAO7B,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAcpC,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,MAAM,KACR,SAAS,CAAC,wBAAwB,CAAC,CAAA;AAExC,qBAAa,aAAa;IAKtB,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,GAAG,IAAI;IAPpE,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;gBAGjD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,gBAAgB,EAAE,sBAAsB,GAAG,IAAW,EACzE,SAAS,EAAE,KAAK,EAChB,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAC1C,mBAAmB,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAsB/D;;;OAGG;IACU,SAAS,CAAC,QAAQ,EAAE,MAAM;cA+BvB,iBAAiB,CAC/B,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;cAYf,yBAAyB,CACvC,QAAQ,EAAE,qBAAqB,GAC9B,OAAO,CAAC,mBAAmB,CAAC;cAiBf,6BAA6B,CAC3C,QAAQ,EAAE,yBAAyB,GAClC,OAAO,CAAC,mBAAmB,CAAC;cAYf,uBAAuB,CACrC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;IAS/B;;;;;OAKG;IACH,SAAS,CAAC,sBAAsB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IA+dtB,8BAA8B,CAC5B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAqDtB,kCAAkC,CAChC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;CAuEvB"}