@atproto/oauth-provider 0.1.2 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +46 -0
- package/dist/account/account.d.ts +6 -2
- package/dist/account/account.d.ts.map +1 -1
- package/dist/assets/app/bundle-manifest.json +3 -3
- package/dist/assets/app/main.css +1 -1
- package/dist/assets/app/main.js +3 -3
- package/dist/assets/app/main.js.map +1 -1
- package/dist/assets/assets-middleware.d.ts +2 -1
- package/dist/assets/assets-middleware.d.ts.map +1 -1
- package/dist/assets/assets-middleware.js +7 -0
- package/dist/assets/assets-middleware.js.map +1 -1
- package/dist/client/client-manager.d.ts +4 -3
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +91 -77
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client.d.ts +2 -3
- package/dist/client/client.d.ts.map +1 -1
- package/dist/client/client.js +6 -12
- package/dist/client/client.js.map +1 -1
- package/dist/constants.d.ts +2 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +3 -1
- package/dist/constants.js.map +1 -1
- package/dist/device/device-manager.d.ts +1 -1
- package/dist/device/device-manager.d.ts.map +1 -1
- package/dist/device/device-manager.js +2 -2
- package/dist/device/device-manager.js.map +1 -1
- package/dist/dpop/dpop-manager.d.ts +0 -1
- package/dist/dpop/dpop-manager.d.ts.map +1 -1
- package/dist/dpop/dpop-manager.js +1 -4
- package/dist/dpop/dpop-manager.js.map +1 -1
- package/dist/errors/invalid-authorization-details-error.d.ts +4 -3
- package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -1
- package/dist/errors/invalid-authorization-details-error.js +4 -4
- package/dist/errors/invalid-authorization-details-error.js.map +1 -1
- package/dist/lib/http/parser.d.ts +13 -7
- package/dist/lib/http/parser.d.ts.map +1 -1
- package/dist/lib/http/parser.js +29 -9
- package/dist/lib/http/parser.js.map +1 -1
- package/dist/lib/http/request.d.ts +8 -5
- package/dist/lib/http/request.d.ts.map +1 -1
- package/dist/lib/http/request.js +24 -12
- package/dist/lib/http/request.js.map +1 -1
- package/dist/lib/http/stream.d.ts.map +1 -1
- package/dist/lib/http/stream.js +3 -2
- package/dist/lib/http/stream.js.map +1 -1
- package/dist/metadata/build-metadata.d.ts +0 -1
- package/dist/metadata/build-metadata.d.ts.map +1 -1
- package/dist/metadata/build-metadata.js +9 -49
- package/dist/metadata/build-metadata.js.map +1 -1
- package/dist/oauth-hooks.d.ts +3 -10
- package/dist/oauth-hooks.d.ts.map +1 -1
- package/dist/oauth-provider.d.ts +10 -15
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +176 -114
- package/dist/oauth-provider.js.map +1 -1
- package/dist/oauth-verifier.d.ts +1 -2
- package/dist/oauth-verifier.d.ts.map +1 -1
- package/dist/oauth-verifier.js.map +1 -1
- package/dist/output/build-authorize-data.d.ts +6 -0
- package/dist/output/build-authorize-data.d.ts.map +1 -1
- package/dist/output/build-authorize-data.js +1 -0
- package/dist/output/build-authorize-data.js.map +1 -1
- package/dist/replay/replay-manager.d.ts +1 -0
- package/dist/replay/replay-manager.d.ts.map +1 -1
- package/dist/replay/replay-manager.js +3 -0
- package/dist/replay/replay-manager.js.map +1 -1
- package/dist/replay/replay-store.d.ts +1 -1
- package/dist/request/request-info.d.ts +2 -0
- package/dist/request/request-info.d.ts.map +1 -1
- package/dist/request/request-manager.d.ts +3 -9
- package/dist/request/request-manager.d.ts.map +1 -1
- package/dist/request/request-manager.js +52 -77
- package/dist/request/request-manager.js.map +1 -1
- package/dist/request/types.d.ts +10 -10
- package/dist/signer/signed-token-payload.d.ts +88 -88
- package/dist/signer/signer.d.ts +24 -31
- package/dist/signer/signer.d.ts.map +1 -1
- package/dist/signer/signer.js +0 -40
- package/dist/signer/signer.js.map +1 -1
- package/dist/token/token-claims.d.ts +84 -84
- package/dist/token/token-manager.d.ts +1 -2
- package/dist/token/token-manager.d.ts.map +1 -1
- package/dist/token/token-manager.js +10 -37
- package/dist/token/token-manager.js.map +1 -1
- package/dist/token/types.d.ts +10 -10
- package/package.json +3 -3
- package/src/account/account.ts +11 -7
- package/src/assets/app/backend-data.ts +9 -2
- package/src/assets/app/components/accept-form.tsx +65 -51
- package/src/assets/app/components/client-name.tsx +24 -16
- package/src/assets/app/components/url-viewer.tsx +3 -3
- package/src/assets/app/views/accept-view.tsx +7 -4
- package/src/assets/app/views/authorize-view.tsx +2 -1
- package/src/assets/assets-middleware.ts +14 -2
- package/src/client/client-manager.ts +124 -120
- package/src/client/client.ts +5 -17
- package/src/constants.ts +3 -0
- package/src/device/device-manager.ts +7 -1
- package/src/dpop/dpop-manager.ts +1 -6
- package/src/errors/invalid-authorization-details-error.ts +9 -4
- package/src/lib/http/parser.ts +37 -13
- package/src/lib/http/request.ts +61 -15
- package/src/lib/http/stream.ts +5 -2
- package/src/metadata/build-metadata.ts +9 -56
- package/src/oauth-hooks.ts +3 -13
- package/src/oauth-provider.ts +187 -177
- package/src/oauth-verifier.ts +1 -2
- package/src/output/build-authorize-data.ts +8 -0
- package/src/replay/replay-manager.ts +9 -0
- package/src/replay/replay-store.ts +1 -1
- package/src/request/request-info.ts +2 -0
- package/src/request/request-manager.ts +81 -107
- package/src/signer/signer.ts +0 -63
- package/src/token/token-manager.ts +8 -41
- package/dist/oidc/claims.d.ts +0 -16
- package/dist/oidc/claims.d.ts.map +0 -1
- package/dist/oidc/claims.js +0 -29
- package/dist/oidc/claims.js.map +0 -1
- package/dist/oidc/userinfo.d.ts +0 -7
- package/dist/oidc/userinfo.d.ts.map +0 -1
- package/dist/oidc/userinfo.js +0 -3
- package/dist/oidc/userinfo.js.map +0 -1
- package/dist/parameters/claims-requested.d.ts +0 -3
- package/dist/parameters/claims-requested.d.ts.map +0 -1
- package/dist/parameters/claims-requested.js +0 -77
- package/dist/parameters/claims-requested.js.map +0 -1
- package/dist/parameters/oidc-payload.d.ts +0 -31
- package/dist/parameters/oidc-payload.d.ts.map +0 -1
- package/dist/parameters/oidc-payload.js +0 -25
- package/dist/parameters/oidc-payload.js.map +0 -1
- package/src/assets/app/components/client-identifier.tsx +0 -31
- package/src/oidc/claims.ts +0 -35
- package/src/oidc/userinfo.ts +0 -11
- package/src/parameters/claims-requested.ts +0 -106
- package/src/parameters/oidc-payload.ts +0 -28
package/dist/request/types.d.ts
CHANGED
|
@@ -45,7 +45,7 @@ export declare const pushedAuthorizationRequestSchema: z.ZodIntersection<z.ZodUn
|
|
|
45
45
|
state: z.ZodOptional<z.ZodString>;
|
|
46
46
|
nonce: z.ZodOptional<z.ZodString>;
|
|
47
47
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
48
|
-
response_type: z.ZodEnum<["code", "token", "
|
|
48
|
+
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
49
49
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
50
50
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
51
51
|
code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
|
|
@@ -94,7 +94,7 @@ export declare const pushedAuthorizationRequestSchema: z.ZodIntersection<z.ZodUn
|
|
|
94
94
|
}>, "many">>;
|
|
95
95
|
}, "strip", z.ZodTypeAny, {
|
|
96
96
|
client_id: string;
|
|
97
|
-
response_type: "none" | "
|
|
97
|
+
response_type: "none" | "code" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
98
98
|
scope?: string | undefined;
|
|
99
99
|
redirect_uri?: string | undefined;
|
|
100
100
|
nonce?: string | undefined;
|
|
@@ -104,7 +104,7 @@ export declare const pushedAuthorizationRequestSchema: z.ZodIntersection<z.ZodUn
|
|
|
104
104
|
code_challenge?: string | undefined;
|
|
105
105
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
106
106
|
max_age?: number | undefined;
|
|
107
|
-
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "
|
|
107
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "preferred_username" | "email" | "email_verified" | "picture" | "acr" | "auth_time" | "family_name" | "given_name" | "middle_name" | "nickname" | "gender" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "phone_number" | "phone_number_verified" | "address", {
|
|
108
108
|
values?: (string | number | boolean)[] | undefined;
|
|
109
109
|
value?: string | number | boolean | undefined;
|
|
110
110
|
essential?: boolean | undefined;
|
|
@@ -124,7 +124,7 @@ export declare const pushedAuthorizationRequestSchema: z.ZodIntersection<z.ZodUn
|
|
|
124
124
|
}[] | undefined;
|
|
125
125
|
}, {
|
|
126
126
|
client_id: string;
|
|
127
|
-
response_type: "none" | "
|
|
127
|
+
response_type: "none" | "code" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
128
128
|
scope?: string | undefined;
|
|
129
129
|
redirect_uri?: string | undefined;
|
|
130
130
|
nonce?: string | undefined;
|
|
@@ -134,7 +134,7 @@ export declare const pushedAuthorizationRequestSchema: z.ZodIntersection<z.ZodUn
|
|
|
134
134
|
code_challenge?: string | undefined;
|
|
135
135
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
136
136
|
max_age?: number | undefined;
|
|
137
|
-
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "
|
|
137
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "preferred_username" | "email" | "email_verified" | "picture" | "acr" | "auth_time" | "family_name" | "given_name" | "middle_name" | "nickname" | "gender" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "phone_number" | "phone_number_verified" | "address", {
|
|
138
138
|
values?: (string | number | boolean)[] | undefined;
|
|
139
139
|
value?: string | number | boolean | undefined;
|
|
140
140
|
essential?: boolean | undefined;
|
|
@@ -198,7 +198,7 @@ export declare const authorizationRequestQuerySchema: z.ZodIntersection<z.ZodUni
|
|
|
198
198
|
state: z.ZodOptional<z.ZodString>;
|
|
199
199
|
nonce: z.ZodOptional<z.ZodString>;
|
|
200
200
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
201
|
-
response_type: z.ZodEnum<["code", "token", "
|
|
201
|
+
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
202
202
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
203
203
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
204
204
|
code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
|
|
@@ -247,7 +247,7 @@ export declare const authorizationRequestQuerySchema: z.ZodIntersection<z.ZodUni
|
|
|
247
247
|
}>, "many">>;
|
|
248
248
|
}, "strip", z.ZodTypeAny, {
|
|
249
249
|
client_id: string;
|
|
250
|
-
response_type: "none" | "
|
|
250
|
+
response_type: "none" | "code" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
251
251
|
scope?: string | undefined;
|
|
252
252
|
redirect_uri?: string | undefined;
|
|
253
253
|
nonce?: string | undefined;
|
|
@@ -257,7 +257,7 @@ export declare const authorizationRequestQuerySchema: z.ZodIntersection<z.ZodUni
|
|
|
257
257
|
code_challenge?: string | undefined;
|
|
258
258
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
259
259
|
max_age?: number | undefined;
|
|
260
|
-
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "
|
|
260
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "preferred_username" | "email" | "email_verified" | "picture" | "acr" | "auth_time" | "family_name" | "given_name" | "middle_name" | "nickname" | "gender" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "phone_number" | "phone_number_verified" | "address", {
|
|
261
261
|
values?: (string | number | boolean)[] | undefined;
|
|
262
262
|
value?: string | number | boolean | undefined;
|
|
263
263
|
essential?: boolean | undefined;
|
|
@@ -277,7 +277,7 @@ export declare const authorizationRequestQuerySchema: z.ZodIntersection<z.ZodUni
|
|
|
277
277
|
}[] | undefined;
|
|
278
278
|
}, {
|
|
279
279
|
client_id: string;
|
|
280
|
-
response_type: "none" | "
|
|
280
|
+
response_type: "none" | "code" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
281
281
|
scope?: string | undefined;
|
|
282
282
|
redirect_uri?: string | undefined;
|
|
283
283
|
nonce?: string | undefined;
|
|
@@ -287,7 +287,7 @@ export declare const authorizationRequestQuerySchema: z.ZodIntersection<z.ZodUni
|
|
|
287
287
|
code_challenge?: string | undefined;
|
|
288
288
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
289
289
|
max_age?: number | undefined;
|
|
290
|
-
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "
|
|
290
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"nonce" | "name" | "preferred_username" | "email" | "email_verified" | "picture" | "acr" | "auth_time" | "family_name" | "given_name" | "middle_name" | "nickname" | "gender" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "phone_number" | "phone_number_verified" | "address", {
|
|
291
291
|
values?: (string | number | boolean)[] | undefined;
|
|
292
292
|
value?: string | number | boolean | undefined;
|
|
293
293
|
essential?: boolean | undefined;
|
|
@@ -2,66 +2,31 @@ import z from 'zod';
|
|
|
2
2
|
import { Simplify } from '../lib/util/type.js';
|
|
3
3
|
export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
4
4
|
iat: z.ZodNumber;
|
|
5
|
-
exp: z.ZodNumber;
|
|
6
|
-
iss: z.ZodString;
|
|
7
5
|
aud: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "atleastone">]>;
|
|
6
|
+
iss: z.ZodString;
|
|
7
|
+
exp: z.ZodNumber;
|
|
8
8
|
}, "strip", z.ZodTypeAny, {
|
|
9
9
|
iat: number;
|
|
10
|
-
exp: number;
|
|
11
|
-
iss: string;
|
|
12
10
|
aud: string | [string, ...string[]];
|
|
11
|
+
iss: string;
|
|
12
|
+
exp: number;
|
|
13
13
|
}, {
|
|
14
14
|
iat: number;
|
|
15
|
-
exp: number;
|
|
16
|
-
iss: string;
|
|
17
15
|
aud: string | [string, ...string[]];
|
|
16
|
+
iss: string;
|
|
17
|
+
exp: number;
|
|
18
18
|
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
19
19
|
nonce: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
20
|
-
name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
21
20
|
jti: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
21
|
+
name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
22
22
|
htm: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
23
23
|
htu: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
24
24
|
ath: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
25
|
+
sub: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
26
|
+
preferred_username: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
25
27
|
email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
26
28
|
email_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
|
|
27
|
-
phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
28
|
-
phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
|
|
29
|
-
address: z.ZodOptional<z.ZodOptional<z.ZodObject<{
|
|
30
|
-
formatted: z.ZodOptional<z.ZodString>;
|
|
31
|
-
street_address: z.ZodOptional<z.ZodString>;
|
|
32
|
-
locality: z.ZodOptional<z.ZodString>;
|
|
33
|
-
region: z.ZodOptional<z.ZodString>;
|
|
34
|
-
postal_code: z.ZodOptional<z.ZodString>;
|
|
35
|
-
country: z.ZodOptional<z.ZodString>;
|
|
36
|
-
}, "strip", z.ZodTypeAny, {
|
|
37
|
-
formatted?: string | undefined;
|
|
38
|
-
street_address?: string | undefined;
|
|
39
|
-
locality?: string | undefined;
|
|
40
|
-
region?: string | undefined;
|
|
41
|
-
postal_code?: string | undefined;
|
|
42
|
-
country?: string | undefined;
|
|
43
|
-
}, {
|
|
44
|
-
formatted?: string | undefined;
|
|
45
|
-
street_address?: string | undefined;
|
|
46
|
-
locality?: string | undefined;
|
|
47
|
-
region?: string | undefined;
|
|
48
|
-
postal_code?: string | undefined;
|
|
49
|
-
country?: string | undefined;
|
|
50
|
-
}>>>;
|
|
51
|
-
profile: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
52
|
-
family_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
53
|
-
given_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
54
|
-
middle_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
55
|
-
nickname: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
56
|
-
preferred_username: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
57
|
-
gender: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
58
29
|
picture: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
59
|
-
website: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
60
|
-
birthdate: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
61
|
-
zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
62
|
-
locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
63
|
-
updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
|
|
64
|
-
sub: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
65
30
|
nbf: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
|
|
66
31
|
acr: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
67
32
|
azp: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
@@ -1353,6 +1318,41 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
|
1353
1318
|
c_hash: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1354
1319
|
s_hash: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1355
1320
|
auth_time: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
|
|
1321
|
+
family_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1322
|
+
given_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1323
|
+
middle_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1324
|
+
nickname: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1325
|
+
gender: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1326
|
+
profile: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1327
|
+
website: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1328
|
+
birthdate: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1329
|
+
zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1330
|
+
locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1331
|
+
updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
|
|
1332
|
+
phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
|
|
1333
|
+
phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
|
|
1334
|
+
address: z.ZodOptional<z.ZodOptional<z.ZodObject<{
|
|
1335
|
+
formatted: z.ZodOptional<z.ZodString>;
|
|
1336
|
+
street_address: z.ZodOptional<z.ZodString>;
|
|
1337
|
+
locality: z.ZodOptional<z.ZodString>;
|
|
1338
|
+
region: z.ZodOptional<z.ZodString>;
|
|
1339
|
+
postal_code: z.ZodOptional<z.ZodString>;
|
|
1340
|
+
country: z.ZodOptional<z.ZodString>;
|
|
1341
|
+
}, "strip", z.ZodTypeAny, {
|
|
1342
|
+
formatted?: string | undefined;
|
|
1343
|
+
street_address?: string | undefined;
|
|
1344
|
+
locality?: string | undefined;
|
|
1345
|
+
region?: string | undefined;
|
|
1346
|
+
postal_code?: string | undefined;
|
|
1347
|
+
country?: string | undefined;
|
|
1348
|
+
}, {
|
|
1349
|
+
formatted?: string | undefined;
|
|
1350
|
+
street_address?: string | undefined;
|
|
1351
|
+
locality?: string | undefined;
|
|
1352
|
+
region?: string | undefined;
|
|
1353
|
+
postal_code?: string | undefined;
|
|
1354
|
+
country?: string | undefined;
|
|
1355
|
+
}>>>;
|
|
1356
1356
|
authorization_details: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
1357
1357
|
type: z.ZodString;
|
|
1358
1358
|
locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -1388,31 +1388,10 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
|
1388
1388
|
htm?: string | undefined;
|
|
1389
1389
|
htu?: string | undefined;
|
|
1390
1390
|
ath?: string | undefined;
|
|
1391
|
+
preferred_username?: string | undefined;
|
|
1391
1392
|
email?: string | undefined;
|
|
1392
1393
|
email_verified?: boolean | undefined;
|
|
1393
|
-
phone_number?: string | undefined;
|
|
1394
|
-
phone_number_verified?: boolean | undefined;
|
|
1395
|
-
address?: {
|
|
1396
|
-
formatted?: string | undefined;
|
|
1397
|
-
street_address?: string | undefined;
|
|
1398
|
-
locality?: string | undefined;
|
|
1399
|
-
region?: string | undefined;
|
|
1400
|
-
postal_code?: string | undefined;
|
|
1401
|
-
country?: string | undefined;
|
|
1402
|
-
} | undefined;
|
|
1403
|
-
profile?: string | undefined;
|
|
1404
|
-
family_name?: string | undefined;
|
|
1405
|
-
given_name?: string | undefined;
|
|
1406
|
-
middle_name?: string | undefined;
|
|
1407
|
-
nickname?: string | undefined;
|
|
1408
|
-
preferred_username?: string | undefined;
|
|
1409
|
-
gender?: string | undefined;
|
|
1410
1394
|
picture?: string | undefined;
|
|
1411
|
-
website?: string | undefined;
|
|
1412
|
-
birthdate?: string | undefined;
|
|
1413
|
-
zoneinfo?: string | undefined;
|
|
1414
|
-
locale?: string | undefined;
|
|
1415
|
-
updated_at?: number | undefined;
|
|
1416
1395
|
nbf?: number | undefined;
|
|
1417
1396
|
acr?: string | undefined;
|
|
1418
1397
|
azp?: string | undefined;
|
|
@@ -1526,6 +1505,27 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
|
1526
1505
|
c_hash?: string | undefined;
|
|
1527
1506
|
s_hash?: string | undefined;
|
|
1528
1507
|
auth_time?: number | undefined;
|
|
1508
|
+
family_name?: string | undefined;
|
|
1509
|
+
given_name?: string | undefined;
|
|
1510
|
+
middle_name?: string | undefined;
|
|
1511
|
+
nickname?: string | undefined;
|
|
1512
|
+
gender?: string | undefined;
|
|
1513
|
+
profile?: string | undefined;
|
|
1514
|
+
website?: string | undefined;
|
|
1515
|
+
birthdate?: string | undefined;
|
|
1516
|
+
zoneinfo?: string | undefined;
|
|
1517
|
+
locale?: string | undefined;
|
|
1518
|
+
updated_at?: number | undefined;
|
|
1519
|
+
phone_number?: string | undefined;
|
|
1520
|
+
phone_number_verified?: boolean | undefined;
|
|
1521
|
+
address?: {
|
|
1522
|
+
formatted?: string | undefined;
|
|
1523
|
+
street_address?: string | undefined;
|
|
1524
|
+
locality?: string | undefined;
|
|
1525
|
+
region?: string | undefined;
|
|
1526
|
+
postal_code?: string | undefined;
|
|
1527
|
+
country?: string | undefined;
|
|
1528
|
+
} | undefined;
|
|
1529
1529
|
authorization_details?: z.objectOutputType<{
|
|
1530
1530
|
type: z.ZodString;
|
|
1531
1531
|
locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -1543,31 +1543,10 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
|
1543
1543
|
htm?: string | undefined;
|
|
1544
1544
|
htu?: string | undefined;
|
|
1545
1545
|
ath?: string | undefined;
|
|
1546
|
+
preferred_username?: string | undefined;
|
|
1546
1547
|
email?: string | undefined;
|
|
1547
1548
|
email_verified?: boolean | undefined;
|
|
1548
|
-
phone_number?: string | undefined;
|
|
1549
|
-
phone_number_verified?: boolean | undefined;
|
|
1550
|
-
address?: {
|
|
1551
|
-
formatted?: string | undefined;
|
|
1552
|
-
street_address?: string | undefined;
|
|
1553
|
-
locality?: string | undefined;
|
|
1554
|
-
region?: string | undefined;
|
|
1555
|
-
postal_code?: string | undefined;
|
|
1556
|
-
country?: string | undefined;
|
|
1557
|
-
} | undefined;
|
|
1558
|
-
profile?: string | undefined;
|
|
1559
|
-
family_name?: string | undefined;
|
|
1560
|
-
given_name?: string | undefined;
|
|
1561
|
-
middle_name?: string | undefined;
|
|
1562
|
-
nickname?: string | undefined;
|
|
1563
|
-
preferred_username?: string | undefined;
|
|
1564
|
-
gender?: string | undefined;
|
|
1565
1549
|
picture?: string | undefined;
|
|
1566
|
-
website?: string | undefined;
|
|
1567
|
-
birthdate?: string | undefined;
|
|
1568
|
-
zoneinfo?: string | undefined;
|
|
1569
|
-
locale?: string | undefined;
|
|
1570
|
-
updated_at?: number | undefined;
|
|
1571
1550
|
nbf?: number | undefined;
|
|
1572
1551
|
acr?: string | undefined;
|
|
1573
1552
|
azp?: string | undefined;
|
|
@@ -1681,6 +1660,27 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
|
|
|
1681
1660
|
c_hash?: string | undefined;
|
|
1682
1661
|
s_hash?: string | undefined;
|
|
1683
1662
|
auth_time?: number | undefined;
|
|
1663
|
+
family_name?: string | undefined;
|
|
1664
|
+
given_name?: string | undefined;
|
|
1665
|
+
middle_name?: string | undefined;
|
|
1666
|
+
nickname?: string | undefined;
|
|
1667
|
+
gender?: string | undefined;
|
|
1668
|
+
profile?: string | undefined;
|
|
1669
|
+
website?: string | undefined;
|
|
1670
|
+
birthdate?: string | undefined;
|
|
1671
|
+
zoneinfo?: string | undefined;
|
|
1672
|
+
locale?: string | undefined;
|
|
1673
|
+
updated_at?: number | undefined;
|
|
1674
|
+
phone_number?: string | undefined;
|
|
1675
|
+
phone_number_verified?: boolean | undefined;
|
|
1676
|
+
address?: {
|
|
1677
|
+
formatted?: string | undefined;
|
|
1678
|
+
street_address?: string | undefined;
|
|
1679
|
+
locality?: string | undefined;
|
|
1680
|
+
region?: string | undefined;
|
|
1681
|
+
postal_code?: string | undefined;
|
|
1682
|
+
country?: string | undefined;
|
|
1683
|
+
} | undefined;
|
|
1684
1684
|
authorization_details?: z.objectInputType<{
|
|
1685
1685
|
type: z.ZodString;
|
|
1686
1686
|
locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
package/dist/signer/signer.d.ts
CHANGED
|
@@ -22,9 +22,9 @@ export declare class Signer {
|
|
|
22
22
|
}): Promise<SignedJwt>;
|
|
23
23
|
verifyAccessToken(token: SignedJwt): Promise<import("@atproto/jwk").VerifyResult<{
|
|
24
24
|
iat: number;
|
|
25
|
-
exp: number;
|
|
26
|
-
iss: string;
|
|
27
25
|
aud: string | [string, ...string[]];
|
|
26
|
+
iss: string;
|
|
27
|
+
exp: number;
|
|
28
28
|
jti: `tok-${string}`;
|
|
29
29
|
sub: string;
|
|
30
30
|
client_id: string;
|
|
@@ -33,31 +33,10 @@ export declare class Signer {
|
|
|
33
33
|
htm?: string | undefined;
|
|
34
34
|
htu?: string | undefined;
|
|
35
35
|
ath?: string | undefined;
|
|
36
|
+
preferred_username?: string | undefined;
|
|
36
37
|
email?: string | undefined;
|
|
37
38
|
email_verified?: boolean | undefined;
|
|
38
|
-
phone_number?: string | undefined;
|
|
39
|
-
phone_number_verified?: boolean | undefined;
|
|
40
|
-
address?: {
|
|
41
|
-
formatted?: string | undefined;
|
|
42
|
-
street_address?: string | undefined;
|
|
43
|
-
locality?: string | undefined;
|
|
44
|
-
region?: string | undefined;
|
|
45
|
-
postal_code?: string | undefined;
|
|
46
|
-
country?: string | undefined;
|
|
47
|
-
} | undefined;
|
|
48
|
-
profile?: string | undefined;
|
|
49
|
-
family_name?: string | undefined;
|
|
50
|
-
given_name?: string | undefined;
|
|
51
|
-
middle_name?: string | undefined;
|
|
52
|
-
nickname?: string | undefined;
|
|
53
|
-
preferred_username?: string | undefined;
|
|
54
|
-
gender?: string | undefined;
|
|
55
39
|
picture?: string | undefined;
|
|
56
|
-
website?: string | undefined;
|
|
57
|
-
birthdate?: string | undefined;
|
|
58
|
-
zoneinfo?: string | undefined;
|
|
59
|
-
locale?: string | undefined;
|
|
60
|
-
updated_at?: number | undefined;
|
|
61
40
|
nbf?: number | undefined;
|
|
62
41
|
acr?: string | undefined;
|
|
63
42
|
azp?: string | undefined;
|
|
@@ -171,6 +150,27 @@ export declare class Signer {
|
|
|
171
150
|
c_hash?: string | undefined;
|
|
172
151
|
s_hash?: string | undefined;
|
|
173
152
|
auth_time?: number | undefined;
|
|
153
|
+
family_name?: string | undefined;
|
|
154
|
+
given_name?: string | undefined;
|
|
155
|
+
middle_name?: string | undefined;
|
|
156
|
+
nickname?: string | undefined;
|
|
157
|
+
gender?: string | undefined;
|
|
158
|
+
profile?: string | undefined;
|
|
159
|
+
website?: string | undefined;
|
|
160
|
+
birthdate?: string | undefined;
|
|
161
|
+
zoneinfo?: string | undefined;
|
|
162
|
+
locale?: string | undefined;
|
|
163
|
+
updated_at?: number | undefined;
|
|
164
|
+
phone_number?: string | undefined;
|
|
165
|
+
phone_number_verified?: boolean | undefined;
|
|
166
|
+
address?: {
|
|
167
|
+
formatted?: string | undefined;
|
|
168
|
+
street_address?: string | undefined;
|
|
169
|
+
locality?: string | undefined;
|
|
170
|
+
region?: string | undefined;
|
|
171
|
+
postal_code?: string | undefined;
|
|
172
|
+
country?: string | undefined;
|
|
173
|
+
} | undefined;
|
|
174
174
|
authorization_details?: import("zod").objectOutputType<{
|
|
175
175
|
type: import("zod").ZodString;
|
|
176
176
|
locations: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
|
|
@@ -182,12 +182,5 @@ export declare class Signer {
|
|
|
182
182
|
}, string> & {
|
|
183
183
|
key: import("@atproto/jwk").Key;
|
|
184
184
|
}>;
|
|
185
|
-
idToken(client: Client, params: OAuthAuthenticationRequestParameters, account: Account, extra: {
|
|
186
|
-
exp: Date;
|
|
187
|
-
iat?: Date;
|
|
188
|
-
auth_time?: Date;
|
|
189
|
-
code?: string;
|
|
190
|
-
access_token?: string;
|
|
191
|
-
}): Promise<SignedJwt>;
|
|
192
185
|
}
|
|
193
186
|
//# sourceMappingURL=signer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,MAAM,EACN,SAAS,EACT,aAAa,EACd,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,oCAAoC,EACpC,yBAAyB,EAC1B,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AAM9C,MAAM,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;AAEjD,qBAAa,MAAM;aAEC,MAAM,EAAE,MAAM;aACd,MAAM,EAAE,MAAM;gBADd,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM;IAG1B,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,EACzD,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC;;;IAQ5B,IAAI,CACf,UAAU,EAAE,aAAa,EACzB,OAAO,EAAE,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC,GACnD,OAAO,CAAC,SAAS,CAAC;IASf,WAAW,CACf,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,oCAAoC,EAChD,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE;QACL,GAAG,EAAE,OAAO,CAAA;QACZ,GAAG,EAAE,IAAI,CAAA;QACT,GAAG,CAAC,EAAE,IAAI,CAAA;QACV,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAC5B,qBAAqB,CAAC,EAAE,yBAAyB,CAAA;KAClD,GACA,OAAO,CAAC,SAAS,CAAC;IAuBf,iBAAiB,CAAC,KAAK,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAczC"}
|
package/dist/signer/signer.js
CHANGED
|
@@ -1,12 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Signer = void 0;
|
|
4
|
-
const node_crypto_1 = require("node:crypto");
|
|
5
|
-
const oidc_token_hash_1 = require("oidc-token-hash");
|
|
6
|
-
const invalid_client_metadata_error_js_1 = require("../errors/invalid-client-metadata-error.js");
|
|
7
4
|
const date_js_1 = require("../lib/util/date.js");
|
|
8
|
-
const claims_requested_js_1 = require("../parameters/claims-requested.js");
|
|
9
|
-
const oidc_payload_js_1 = require("../parameters/oidc-payload.js");
|
|
10
5
|
const signed_token_payload_js_1 = require("./signed-token-payload.js");
|
|
11
6
|
class Signer {
|
|
12
7
|
issuer;
|
|
@@ -61,41 +56,6 @@ class Signer {
|
|
|
61
56
|
signed_token_payload_js_1.signedTokenPayloadSchema.parse(result.payload);
|
|
62
57
|
return result;
|
|
63
58
|
}
|
|
64
|
-
async idToken(client, params, account, extra) {
|
|
65
|
-
// This can happen when a client is using password_grant. If a client is
|
|
66
|
-
// using password_grant, it should not set "require_auth_time" to true.
|
|
67
|
-
if (client.metadata.require_auth_time && extra.auth_time == null) {
|
|
68
|
-
throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('"require_auth_time" metadata is not compatible with "password_grant" flow');
|
|
69
|
-
}
|
|
70
|
-
return this.sign({
|
|
71
|
-
alg: client.metadata.id_token_signed_response_alg,
|
|
72
|
-
typ: 'JWT',
|
|
73
|
-
}, async ({ alg }, key) => ({
|
|
74
|
-
...(0, oidc_payload_js_1.oidcPayload)(params, account),
|
|
75
|
-
aud: client.id,
|
|
76
|
-
iat: (0, date_js_1.dateToEpoch)(extra.iat),
|
|
77
|
-
exp: (0, date_js_1.dateToEpoch)(extra.exp),
|
|
78
|
-
sub: account.sub,
|
|
79
|
-
jti: (0, node_crypto_1.randomBytes)(16).toString('hex'),
|
|
80
|
-
scope: params.scope,
|
|
81
|
-
nonce: params.nonce,
|
|
82
|
-
s_hash: params.state //
|
|
83
|
-
? await (0, oidc_token_hash_1.generate)(params.state, alg, key.crv)
|
|
84
|
-
: undefined,
|
|
85
|
-
c_hash: extra.code //
|
|
86
|
-
? await (0, oidc_token_hash_1.generate)(extra.code, alg, key.crv)
|
|
87
|
-
: undefined,
|
|
88
|
-
at_hash: extra.access_token //
|
|
89
|
-
? await (0, oidc_token_hash_1.generate)(extra.access_token, alg, key.crv)
|
|
90
|
-
: undefined,
|
|
91
|
-
// https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2
|
|
92
|
-
auth_time: client.metadata.require_auth_time ||
|
|
93
|
-
(extra.auth_time != null && params.max_age != null) ||
|
|
94
|
-
(0, claims_requested_js_1.claimRequested)(params, 'id_token', 'auth_time', extra.auth_time)
|
|
95
|
-
? (0, date_js_1.dateToEpoch)(extra.auth_time)
|
|
96
|
-
: undefined,
|
|
97
|
-
}));
|
|
98
|
-
}
|
|
99
59
|
}
|
|
100
60
|
exports.Signer = Signer;
|
|
101
61
|
//# sourceMappingURL=signer.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":";;;AAeA,iDAAiD;AAEjD,uEAGkC;AAIlC,MAAa,MAAM;IAEC;IACA;IAFlB,YACkB,MAAc,EACd,MAAc;QADd,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,MAAM,CACV,KAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAI,KAAK,EAAE;YACrC,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,UAAyB,EACzB,OAAoD;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,OAAO,OAAO,KAAK,UAAU;gBAC/B,CAAC,CAAC,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC;gBACrC,CAAC,CAAC,OAAO,CAAC;YACZ,GAAG,EAAE,IAAI,CAAC,MAAM;SACjB,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CACf,MAAc,EACd,UAAgD,EAChD,OAAgB,EAChB,KAOC;QAED,MAAM,MAAM,GAAkB;YAC5B,4DAA4D;YAC5D,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,GAAG,EAAE,QAAQ;SACd,CAAA;QAED,MAAM,OAAO,GAAoC;YAC/C,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,IAAA,qBAAW,EAAC,KAAK,EAAE,GAAG,CAAC;YAC5B,GAAG,EAAE,IAAA,qBAAW,EAAC,KAAK,CAAC,GAAG,CAAC;YAC3B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,4DAA4D;YAC5D,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK;YAChD,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;SACnD,CAAA;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAgB;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAqB,KAAK,EAAE;YAC1D,GAAG,EAAE,QAAQ;SACd,CAAC,CAAA;QAEF,0EAA0E;QAC1E,2EAA2E;QAC3E,uEAAuE;QACvE,wEAAwE;QACxE,SAAS;QACT,kDAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAE9C,OAAO,MAAM,CAAA;IACf,CAAC;CACF;AA7ED,wBA6EC"}
|