@atproto/oauth-provider 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/dist/assets/app/bundle-manifest.json +2 -2
- package/dist/assets/app/main.js +3 -3
- package/dist/assets/app/main.js.map +1 -1
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +31 -40
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client.d.ts +2 -3
- package/dist/client/client.d.ts.map +1 -1
- package/dist/client/client.js +5 -9
- package/dist/client/client.js.map +1 -1
- package/dist/dpop/dpop-manager.d.ts +0 -1
- package/dist/dpop/dpop-manager.d.ts.map +1 -1
- package/dist/dpop/dpop-manager.js +1 -4
- package/dist/dpop/dpop-manager.js.map +1 -1
- package/dist/lib/http/parser.d.ts +13 -7
- package/dist/lib/http/parser.d.ts.map +1 -1
- package/dist/lib/http/parser.js +29 -9
- package/dist/lib/http/parser.js.map +1 -1
- package/dist/lib/http/request.d.ts +5 -5
- package/dist/lib/http/stream.d.ts.map +1 -1
- package/dist/lib/http/stream.js +3 -2
- package/dist/lib/http/stream.js.map +1 -1
- package/dist/metadata/build-metadata.d.ts.map +1 -1
- package/dist/metadata/build-metadata.js +0 -14
- package/dist/metadata/build-metadata.js.map +1 -1
- package/dist/oauth-provider.d.ts +2 -2
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +7 -5
- package/dist/oauth-provider.js.map +1 -1
- package/dist/request/types.d.ts +4 -4
- package/dist/signer/signed-token-payload.d.ts +3 -3
- package/dist/signer/signer.d.ts +1 -1
- package/dist/token/token-claims.d.ts +3 -3
- package/package.json +3 -2
- package/src/client/client-manager.ts +46 -60
- package/src/client/client.ts +4 -13
- package/src/dpop/dpop-manager.ts +1 -6
- package/src/lib/http/parser.ts +37 -13
- package/src/lib/http/stream.ts +5 -2
- package/src/metadata/build-metadata.ts +0 -14
- package/src/oauth-provider.ts +6 -18
package/src/lib/http/stream.ts
CHANGED
@@ -7,6 +7,7 @@ import {
|
|
7
7
|
KnownNames,
|
8
8
|
KnownParser,
|
9
9
|
KnownTypes,
|
10
|
+
parseContentType,
|
10
11
|
ParserForType,
|
11
12
|
ParserResult,
|
12
13
|
parsers,
|
@@ -64,9 +65,11 @@ export async function parseStream(
|
|
64
65
|
throw createHttpError(400, 'Invalid content-type')
|
65
66
|
}
|
66
67
|
|
68
|
+
const type = parseContentType(contentType)
|
69
|
+
|
67
70
|
const parser = parsers.find(
|
68
71
|
(parser) =>
|
69
|
-
allow?.includes(parser.name) !== false && parser.test(
|
72
|
+
allow?.includes(parser.name) !== false && parser.test(type.mime),
|
70
73
|
)
|
71
74
|
|
72
75
|
if (!parser) {
|
@@ -74,5 +77,5 @@ export async function parseStream(
|
|
74
77
|
}
|
75
78
|
|
76
79
|
const buffer = await readStream(req)
|
77
|
-
return parser.parse(buffer)
|
80
|
+
return parser.parse(buffer, type)
|
78
81
|
}
|
@@ -127,28 +127,14 @@ export function buildMetadata(
|
|
127
127
|
token_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
|
128
128
|
|
129
129
|
revocation_endpoint: new URL('/oauth/revoke', issuer).href,
|
130
|
-
revocation_endpoint_auth_methods_supported: [
|
131
|
-
...Client.AUTH_METHODS_SUPPORTED,
|
132
|
-
],
|
133
|
-
revocation_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
|
134
130
|
|
135
131
|
introspection_endpoint: new URL('/oauth/introspect', issuer).href,
|
136
|
-
introspection_endpoint_auth_methods_supported: [
|
137
|
-
...Client.AUTH_METHODS_SUPPORTED,
|
138
|
-
],
|
139
|
-
introspection_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],
|
140
132
|
|
141
133
|
userinfo_endpoint: new URL('/oauth/userinfo', issuer).href,
|
142
134
|
// end_session_endpoint: new URL('/oauth/logout', issuer).href,
|
143
135
|
|
144
136
|
// https://datatracker.ietf.org/doc/html/rfc9126#section-5
|
145
137
|
pushed_authorization_request_endpoint: new URL('/oauth/par', issuer).href,
|
146
|
-
pushed_authorization_request_endpoint_auth_methods_supported: [
|
147
|
-
...Client.AUTH_METHODS_SUPPORTED,
|
148
|
-
],
|
149
|
-
pushed_authorization_request_endpoint_auth_signing_alg_values_supported: [
|
150
|
-
...VERIFY_ALGOS,
|
151
|
-
],
|
152
138
|
|
153
139
|
require_pushed_authorization_requests: true,
|
154
140
|
|
package/src/oauth-provider.ts
CHANGED
@@ -9,7 +9,6 @@ import {
|
|
9
9
|
OAuthAuthorizationServerMetadata,
|
10
10
|
OAuthClientIdentification,
|
11
11
|
OAuthClientMetadata,
|
12
|
-
OAuthEndpointName,
|
13
12
|
OAuthTokenResponse,
|
14
13
|
OAuthTokenType,
|
15
14
|
atprotoLoopbackClientMetadata,
|
@@ -339,14 +338,11 @@ export class OAuthProvider extends OAuthVerifier {
|
|
339
338
|
|
340
339
|
protected async authenticateClient(
|
341
340
|
client: Client,
|
342
|
-
endpoint: OAuthEndpointName,
|
343
341
|
credentials: OAuthClientIdentification,
|
344
342
|
): Promise<ClientAuth> {
|
345
|
-
const { clientAuth, nonce } = await client.verifyCredentials(
|
346
|
-
|
347
|
-
|
348
|
-
{ audience: this.issuer },
|
349
|
-
)
|
343
|
+
const { clientAuth, nonce } = await client.verifyCredentials(credentials, {
|
344
|
+
audience: this.issuer,
|
345
|
+
})
|
350
346
|
|
351
347
|
if (nonce != null) {
|
352
348
|
const unique = await this.replayManager.uniqueAuth(nonce, client.id)
|
@@ -424,11 +420,7 @@ export class OAuthProvider extends OAuthVerifier {
|
|
424
420
|
) {
|
425
421
|
try {
|
426
422
|
const client = await this.clientManager.getClient(input.client_id)
|
427
|
-
const clientAuth = await this.authenticateClient(
|
428
|
-
client,
|
429
|
-
'pushed_authorization_request',
|
430
|
-
input,
|
431
|
-
)
|
423
|
+
const clientAuth = await this.authenticateClient(client, input)
|
432
424
|
|
433
425
|
const { payload: parameters } =
|
434
426
|
'request' in input // Handle JAR
|
@@ -767,7 +759,7 @@ export class OAuthProvider extends OAuthVerifier {
|
|
767
759
|
dpopJkt: null | string,
|
768
760
|
): Promise<OAuthTokenResponse> {
|
769
761
|
const client = await this.clientManager.getClient(input.client_id)
|
770
|
-
const clientAuth = await this.authenticateClient(client,
|
762
|
+
const clientAuth = await this.authenticateClient(client, input)
|
771
763
|
|
772
764
|
if (!client.metadata.grant_types.includes(input.grant_type)) {
|
773
765
|
throw new InvalidGrantError(
|
@@ -851,11 +843,7 @@ export class OAuthProvider extends OAuthVerifier {
|
|
851
843
|
input: Introspect,
|
852
844
|
): Promise<IntrospectionResponse> {
|
853
845
|
const client = await this.clientManager.getClient(input.client_id)
|
854
|
-
const clientAuth = await this.authenticateClient(
|
855
|
-
client,
|
856
|
-
'introspection',
|
857
|
-
input,
|
858
|
-
)
|
846
|
+
const clientAuth = await this.authenticateClient(client, input)
|
859
847
|
|
860
848
|
// RFC7662 states the following:
|
861
849
|
//
|