@atproto/oauth-provider 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/assets/app/bundle-manifest.json +2 -2
  3. package/dist/assets/app/main.js +3 -3
  4. package/dist/assets/app/main.js.map +1 -1
  5. package/dist/client/client-manager.d.ts.map +1 -1
  6. package/dist/client/client-manager.js +31 -40
  7. package/dist/client/client-manager.js.map +1 -1
  8. package/dist/client/client.d.ts +2 -3
  9. package/dist/client/client.d.ts.map +1 -1
  10. package/dist/client/client.js +5 -9
  11. package/dist/client/client.js.map +1 -1
  12. package/dist/dpop/dpop-manager.d.ts +0 -1
  13. package/dist/dpop/dpop-manager.d.ts.map +1 -1
  14. package/dist/dpop/dpop-manager.js +1 -4
  15. package/dist/dpop/dpop-manager.js.map +1 -1
  16. package/dist/lib/http/parser.d.ts +13 -7
  17. package/dist/lib/http/parser.d.ts.map +1 -1
  18. package/dist/lib/http/parser.js +29 -9
  19. package/dist/lib/http/parser.js.map +1 -1
  20. package/dist/lib/http/request.d.ts +5 -5
  21. package/dist/lib/http/stream.d.ts.map +1 -1
  22. package/dist/lib/http/stream.js +3 -2
  23. package/dist/lib/http/stream.js.map +1 -1
  24. package/dist/metadata/build-metadata.d.ts.map +1 -1
  25. package/dist/metadata/build-metadata.js +0 -14
  26. package/dist/metadata/build-metadata.js.map +1 -1
  27. package/dist/oauth-provider.d.ts +2 -2
  28. package/dist/oauth-provider.d.ts.map +1 -1
  29. package/dist/oauth-provider.js +7 -5
  30. package/dist/oauth-provider.js.map +1 -1
  31. package/dist/request/types.d.ts +4 -4
  32. package/dist/signer/signed-token-payload.d.ts +3 -3
  33. package/dist/signer/signer.d.ts +1 -1
  34. package/dist/token/token-claims.d.ts +3 -3
  35. package/package.json +3 -2
  36. package/src/client/client-manager.ts +46 -60
  37. package/src/client/client.ts +4 -13
  38. package/src/dpop/dpop-manager.ts +1 -6
  39. package/src/lib/http/parser.ts +37 -13
  40. package/src/lib/http/stream.ts +5 -2
  41. package/src/metadata/build-metadata.ts +0 -14
  42. package/src/oauth-provider.ts +6 -18
@@ -7,6 +7,7 @@ import {
7
7
  KnownNames,
8
8
  KnownParser,
9
9
  KnownTypes,
10
+ parseContentType,
10
11
  ParserForType,
11
12
  ParserResult,
12
13
  parsers,
@@ -64,9 +65,11 @@ export async function parseStream(
64
65
  throw createHttpError(400, 'Invalid content-type')
65
66
  }
66
67
 
68
+ const type = parseContentType(contentType)
69
+
67
70
  const parser = parsers.find(
68
71
  (parser) =>
69
- allow?.includes(parser.name) !== false && parser.test(contentType),
72
+ allow?.includes(parser.name) !== false && parser.test(type.mime),
70
73
  )
71
74
 
72
75
  if (!parser) {
@@ -74,5 +77,5 @@ export async function parseStream(
74
77
  }
75
78
 
76
79
  const buffer = await readStream(req)
77
- return parser.parse(buffer)
80
+ return parser.parse(buffer, type)
78
81
  }
@@ -127,28 +127,14 @@ export function buildMetadata(
127
127
  token_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
128
128
 
129
129
  revocation_endpoint: new URL('/oauth/revoke', issuer).href,
130
- revocation_endpoint_auth_methods_supported: [
131
- ...Client.AUTH_METHODS_SUPPORTED,
132
- ],
133
- revocation_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
134
130
 
135
131
  introspection_endpoint: new URL('/oauth/introspect', issuer).href,
136
- introspection_endpoint_auth_methods_supported: [
137
- ...Client.AUTH_METHODS_SUPPORTED,
138
- ],
139
- introspection_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
140
132
 
141
133
  userinfo_endpoint: new URL('/oauth/userinfo', issuer).href,
142
134
  // end_session_endpoint: new URL('/oauth/logout', issuer).href,
143
135
 
144
136
  // https://datatracker.ietf.org/doc/html/rfc9126#section-5
145
137
  pushed_authorization_request_endpoint: new URL('/oauth/par', issuer).href,
146
- pushed_authorization_request_endpoint_auth_methods_supported: [
147
- ...Client.AUTH_METHODS_SUPPORTED,
148
- ],
149
- pushed_authorization_request_endpoint_auth_signing_alg_values_supported: [
150
- ...VERIFY_ALGOS,
151
- ],
152
138
 
153
139
  require_pushed_authorization_requests: true,
154
140
 
@@ -9,7 +9,6 @@ import {
9
9
  OAuthAuthorizationServerMetadata,
10
10
  OAuthClientIdentification,
11
11
  OAuthClientMetadata,
12
- OAuthEndpointName,
13
12
  OAuthTokenResponse,
14
13
  OAuthTokenType,
15
14
  atprotoLoopbackClientMetadata,
@@ -339,14 +338,11 @@ export class OAuthProvider extends OAuthVerifier {
339
338
 
340
339
  protected async authenticateClient(
341
340
  client: Client,
342
- endpoint: OAuthEndpointName,
343
341
  credentials: OAuthClientIdentification,
344
342
  ): Promise<ClientAuth> {
345
- const { clientAuth, nonce } = await client.verifyCredentials(
346
- credentials,
347
- endpoint,
348
- { audience: this.issuer },
349
- )
343
+ const { clientAuth, nonce } = await client.verifyCredentials(credentials, {
344
+ audience: this.issuer,
345
+ })
350
346
 
351
347
  if (nonce != null) {
352
348
  const unique = await this.replayManager.uniqueAuth(nonce, client.id)
@@ -424,11 +420,7 @@ export class OAuthProvider extends OAuthVerifier {
424
420
  ) {
425
421
  try {
426
422
  const client = await this.clientManager.getClient(input.client_id)
427
- const clientAuth = await this.authenticateClient(
428
- client,
429
- 'pushed_authorization_request',
430
- input,
431
- )
423
+ const clientAuth = await this.authenticateClient(client, input)
432
424
 
433
425
  const { payload: parameters } =
434
426
  'request' in input // Handle JAR
@@ -767,7 +759,7 @@ export class OAuthProvider extends OAuthVerifier {
767
759
  dpopJkt: null | string,
768
760
  ): Promise<OAuthTokenResponse> {
769
761
  const client = await this.clientManager.getClient(input.client_id)
770
- const clientAuth = await this.authenticateClient(client, 'token', input)
762
+ const clientAuth = await this.authenticateClient(client, input)
771
763
 
772
764
  if (!client.metadata.grant_types.includes(input.grant_type)) {
773
765
  throw new InvalidGrantError(
@@ -851,11 +843,7 @@ export class OAuthProvider extends OAuthVerifier {
851
843
  input: Introspect,
852
844
  ): Promise<IntrospectionResponse> {
853
845
  const client = await this.clientManager.getClient(input.client_id)
854
- const clientAuth = await this.authenticateClient(
855
- client,
856
- 'introspection',
857
- input,
858
- )
846
+ const clientAuth = await this.authenticateClient(client, input)
859
847
 
860
848
  // RFC7662 states the following:
861
849
  //