@atproto/oauth-provider 0.1.2 → 0.2.0

package/dist/token/token-claims.d.ts

@@ -2,62 +2,27 @@ import z from 'zod';
 import { Simplify } from '../lib/util/type.js';
 export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     iat: z.ZodNumber;
-    exp: z.ZodNumber;
     aud: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "atleastone">]>;
+    exp: z.ZodNumber;
 }, "strip", z.ZodTypeAny, {
     iat: number;
-    exp: number;
     aud: string | [string, ...string[]];
+    exp: number;
 }, {
     iat: number;
-    exp: number;
     aud: string | [string, ...string[]];
+    exp: number;
 }>, z.ZodObject<z.objectUtil.extendShape<{
     nonce: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     htm: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     htu: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     ath: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    sub: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    preferred_username: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     email_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
-    phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
-    address: z.ZodOptional<z.ZodOptional<z.ZodObject<{
-        formatted: z.ZodOptional<z.ZodString>;
-        street_address: z.ZodOptional<z.ZodString>;
-        locality: z.ZodOptional<z.ZodString>;
-        region: z.ZodOptional<z.ZodString>;
-        postal_code: z.ZodOptional<z.ZodString>;
-        country: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        formatted?: string | undefined;
-        street_address?: string | undefined;
-        locality?: string | undefined;
-        region?: string | undefined;
-        postal_code?: string | undefined;
-        country?: string | undefined;
-    }, {
-        formatted?: string | undefined;
-        street_address?: string | undefined;
-        locality?: string | undefined;
-        region?: string | undefined;
-        postal_code?: string | undefined;
-        country?: string | undefined;
-    }>>>;
-    profile: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    family_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    given_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    middle_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    nickname: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    preferred_username: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    gender: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     picture: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    website: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    birthdate: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
-    updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
-    sub: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     nbf: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
     acr: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     azp: z.ZodOptional<z.ZodOptional<z.ZodString>>;
@@ -1349,6 +1314,41 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     c_hash: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     s_hash: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     auth_time: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
+    family_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    given_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    middle_name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    nickname: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    gender: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    profile: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    website: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    birthdate: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
+    phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
+    address: z.ZodOptional<z.ZodOptional<z.ZodObject<{
+        formatted: z.ZodOptional<z.ZodString>;
+        street_address: z.ZodOptional<z.ZodString>;
+        locality: z.ZodOptional<z.ZodString>;
+        region: z.ZodOptional<z.ZodString>;
+        postal_code: z.ZodOptional<z.ZodString>;
+        country: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        formatted?: string | undefined;
+        street_address?: string | undefined;
+        locality?: string | undefined;
+        region?: string | undefined;
+        postal_code?: string | undefined;
+        country?: string | undefined;
+    }, {
+        formatted?: string | undefined;
+        street_address?: string | undefined;
+        locality?: string | undefined;
+        region?: string | undefined;
+        postal_code?: string | undefined;
+        country?: string | undefined;
+    }>>>;
     authorization_details: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodObject<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -1382,31 +1382,10 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     htm?: string | undefined;
     htu?: string | undefined;
     ath?: string | undefined;
+    preferred_username?: string | undefined;
     email?: string | undefined;
     email_verified?: boolean | undefined;
-    phone_number?: string | undefined;
-    phone_number_verified?: boolean | undefined;
-    address?: {
-        formatted?: string | undefined;
-        street_address?: string | undefined;
-        locality?: string | undefined;
-        region?: string | undefined;
-        postal_code?: string | undefined;
-        country?: string | undefined;
-    } | undefined;
-    profile?: string | undefined;
-    family_name?: string | undefined;
-    given_name?: string | undefined;
-    middle_name?: string | undefined;
-    nickname?: string | undefined;
-    preferred_username?: string | undefined;
-    gender?: string | undefined;
     picture?: string | undefined;
-    website?: string | undefined;
-    birthdate?: string | undefined;
-    zoneinfo?: string | undefined;
-    locale?: string | undefined;
-    updated_at?: number | undefined;
     nbf?: number | undefined;
     acr?: string | undefined;
     azp?: string | undefined;
@@ -1520,6 +1499,27 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     c_hash?: string | undefined;
     s_hash?: string | undefined;
     auth_time?: number | undefined;
+    family_name?: string | undefined;
+    given_name?: string | undefined;
+    middle_name?: string | undefined;
+    nickname?: string | undefined;
+    gender?: string | undefined;
+    profile?: string | undefined;
+    website?: string | undefined;
+    birthdate?: string | undefined;
+    zoneinfo?: string | undefined;
+    locale?: string | undefined;
+    updated_at?: number | undefined;
+    phone_number?: string | undefined;
+    phone_number_verified?: boolean | undefined;
+    address?: {
+        formatted?: string | undefined;
+        street_address?: string | undefined;
+        locality?: string | undefined;
+        region?: string | undefined;
+        postal_code?: string | undefined;
+        country?: string | undefined;
+    } | undefined;
     authorization_details?: z.objectOutputType<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -1536,31 +1536,10 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     htm?: string | undefined;
     htu?: string | undefined;
     ath?: string | undefined;
+    preferred_username?: string | undefined;
     email?: string | undefined;
     email_verified?: boolean | undefined;
-    phone_number?: string | undefined;
-    phone_number_verified?: boolean | undefined;
-    address?: {
-        formatted?: string | undefined;
-        street_address?: string | undefined;
-        locality?: string | undefined;
-        region?: string | undefined;
-        postal_code?: string | undefined;
-        country?: string | undefined;
-    } | undefined;
-    profile?: string | undefined;
-    family_name?: string | undefined;
-    given_name?: string | undefined;
-    middle_name?: string | undefined;
-    nickname?: string | undefined;
-    preferred_username?: string | undefined;
-    gender?: string | undefined;
     picture?: string | undefined;
-    website?: string | undefined;
-    birthdate?: string | undefined;
-    zoneinfo?: string | undefined;
-    locale?: string | undefined;
-    updated_at?: number | undefined;
     nbf?: number | undefined;
     acr?: string | undefined;
     azp?: string | undefined;
@@ -1674,6 +1653,27 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     c_hash?: string | undefined;
     s_hash?: string | undefined;
     auth_time?: number | undefined;
+    family_name?: string | undefined;
+    given_name?: string | undefined;
+    middle_name?: string | undefined;
+    nickname?: string | undefined;
+    gender?: string | undefined;
+    profile?: string | undefined;
+    website?: string | undefined;
+    birthdate?: string | undefined;
+    zoneinfo?: string | undefined;
+    locale?: string | undefined;
+    updated_at?: number | undefined;
+    phone_number?: string | undefined;
+    phone_number_verified?: boolean | undefined;
+    address?: {
+        formatted?: string | undefined;
+        street_address?: string | undefined;
+        locality?: string | undefined;
+        region?: string | undefined;
+        postal_code?: string | undefined;
+        country?: string | undefined;
+    } | undefined;
     authorization_details?: z.objectInputType<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;

package/dist/token/token-manager.d.ts

@@ -1,4 +1,3 @@
-import { SignedJwt } from '@atproto/jwk';
 import { AccessToken, OAuthAuthenticationRequestParameters, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
 import { AccessTokenType } from '../access-token/access-token-type.js';
 import { DeviceAccountInfo } from '../account/account-store.js';
@@ -28,7 +27,7 @@ export declare class TokenManager {
         id: DeviceId;
         info: DeviceAccountInfo;
     }, parameters: OAuthAuthenticationRequestParameters, input: CodeGrantRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
-    protected buildTokenResponse(client: Client, accessToken: AccessToken, refreshToken: string | undefined, idToken: SignedJwt | undefined, expiresAt: Date, parameters: OAuthAuthenticationRequestParameters, account: Account, authorizationDetails: null | any): Promise<OAuthTokenResponse>;
+    protected buildTokenResponse(client: Client, accessToken: AccessToken, refreshToken: string | undefined, expiresAt: Date, parameters: OAuthAuthenticationRequestParameters, account: Account, authorizationDetails: null | any): Promise<OAuthTokenResponse>;
     protected validateAccess(client: Client, clientAuth: ClientAuth, tokenInfo: TokenInfo): Promise<void>;
     refresh(client: Client, clientAuth: ClientAuth, input: RefreshGrantRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
     /**

package/dist/token/token-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,SAAS,EAAE,MAAM,cAAc,CAAA;AACrD,OAAO,EACL,WAAW,EAEX,oCAAoC,EACpC,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAQ5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAQjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE9C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAI5C,OAAO,EACL,OAAO,EAIR,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAClE,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EAExB,MAAM,0BAA0B,CAAA;AAEjC,MAAM,MAAM,yBAAyB,GAAG,uBAAuB,GAAG;IAChE,SAAS,EAAE,SAAS,CAAA;CACrB,CAAA;AAED,qBAAa,YAAY;IAErB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe;IACnD,SAAS,CAAC,QAAQ,CAAC,WAAW;gBAJX,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,eAAe,EAAE,eAAe,EAChC,WAAW,SAAgB;IAGhD,SAAS,CAAC,iBAAiB,CAAC,GAAG,OAAa;IAI5C,SAAS,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO;IAQtC,MAAM,CACV,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,IAAI,GAAG;QAAE,EAAE,EAAE,QAAQ,CAAC;QAAC,IAAI,EAAE,iBAAiB,CAAA;KAAE,EACxD,UAAU,EAAE,oCAAoC,EAChD,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,IAAI,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,CAAC;cAoKd,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,EAAE,SAAS,GAAG,SAAS,EAC9B,SAAS,EAAE,IAAI,EACf,UAAU,EAAE,oCAAoC,EAChD,OAAO,EAAE,OAAO,EAChB,oBAAoB,EAAE,IAAI,GAAG,GAAG,GAC/B,OAAO,CAAC,kBAAkB,CAAC;cA2Bd,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS;IAmBhB,OAAO,CACX,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,mBAAmB,EAC1B,OAAO,EAAE,IAAI,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,CAAC;IA+H9B;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC1C;;;;OAIG;IACG,eAAe,CACnB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,SAAS,CAAC;cAoBL,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IA0CjE,YAAY,CAAC,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO;IAcxD,mBAAmB,CACvB,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,OAAO,EACd,OAAO,EAAE,MAAM,GAAG,IAAI,EACtB,aAAa,CAAC,EAAE,wBAAwB,GACvC,OAAO,CAAC,yBAAyB,CAAC;CA0BtC"}
+{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":"AACA,OAAO,EACL,WAAW,EAEX,oCAAoC,EACpC,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAQ5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAQjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE9C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAI5C,OAAO,EACL,OAAO,EAIR,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAClE,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EAExB,MAAM,0BAA0B,CAAA;AAEjC,MAAM,MAAM,yBAAyB,GAAG,uBAAuB,GAAG;IAChE,SAAS,EAAE,SAAS,CAAA;CACrB,CAAA;AAED,qBAAa,YAAY;IAErB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe;IACnD,SAAS,CAAC,QAAQ,CAAC,WAAW;gBAJX,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,eAAe,EAAE,eAAe,EAChC,WAAW,SAAgB;IAGhD,SAAS,CAAC,iBAAiB,CAAC,GAAG,OAAa;IAI5C,SAAS,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO;IAQtC,MAAM,CACV,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,IAAI,GAAG;QAAE,EAAE,EAAE,QAAQ,CAAC;QAAC,IAAI,EAAE,iBAAiB,CAAA;KAAE,EACxD,UAAU,EAAE,oCAAoC,EAChD,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,IAAI,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,CAAC;cA2Jd,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,SAAS,EAAE,IAAI,EACf,UAAU,EAAE,oCAAoC,EAChD,OAAO,EAAE,OAAO,EAChB,oBAAoB,EAAE,IAAI,GAAG,GAAG,GAC/B,OAAO,CAAC,kBAAkB,CAAC;cAoBd,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS;IAmBhB,OAAO,CACX,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,mBAAmB,EAC1B,OAAO,EAAE,IAAI,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,CAAC;IA+G9B;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC1C;;;;OAIG;IACG,eAAe,CACnB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,SAAS,CAAC;cAoBL,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IA0CjE,YAAY,CAAC,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO;IAcxD,mBAAmB,CACvB,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,OAAO,EACd,OAAO,EAAE,MAAM,GAAG,IAAI,EACtB,aAAa,CAAC,EAAE,wBAAwB,GACvC,OAAO,CAAC,yBAAyB,CAAC;CA0BtC"}

package/dist/token/token-manager.js

@@ -87,6 +87,10 @@ class TokenManager {
             if (!('code_verifier' in input) || !input.code_verifier) {
                 throw new invalid_grant_error_js_1.InvalidGrantError('code_verifier is required');
             }
+            // Prevent client from generating too short code_verifiers
+            if (input.code_verifier.length < 43) {
+                throw new invalid_grant_error_js_1.InvalidGrantError('code_verifier too short');
+            }
             switch (parameters.code_challenge_method) {
                 case undefined: // Default is "plain" (per spec)
                 case 'plain': {
@@ -121,8 +125,7 @@ class TokenManager {
             }
         }
         const tokenId = await (0, token_id_js_1.generateTokenId)();
-        const scopes = parameters.scope?.split(' ');
-        const refreshToken = scopes?.includes('offline_access')
+        const refreshToken = client.metadata.grant_types.includes('refresh_token')
             ? await (0, refresh_token_js_1.generateRefreshToken)()
             : undefined;
         const now = new Date();
@@ -153,25 +156,14 @@ class TokenManager {
                 cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
                 authorization_details: authorizationDetails,
             });
-        const idToken = scopes?.includes('openid')
-            ? await this.signer.idToken(client, parameters, account, {
-                exp: expiresAt,
-                iat: now,
-                // If there is no deviceInfo, we are in a "password_grant" context
-                auth_time: device?.info.authenticatedAt || new Date(),
-                access_token: accessToken,
-                code,
-            })
-            : undefined;
-        return this.buildTokenResponse(client, accessToken, refreshToken, idToken, expiresAt, parameters, account, authorizationDetails);
+        return this.buildTokenResponse(client, accessToken, refreshToken, expiresAt, parameters, account, authorizationDetails);
     }
-    async buildTokenResponse(client, accessToken, refreshToken, idToken, expiresAt, parameters, account, authorizationDetails) {
+    async buildTokenResponse(client, accessToken, refreshToken, expiresAt, parameters, account, authorizationDetails) {
         const tokenResponse = {
             access_token: accessToken,
             token_type: parameters.dpop_jkt ? 'DPoP' : 'Bearer',
             refresh_token: refreshToken,
-            id_token: idToken,
-            scope: parameters.scope ?? '',
+            scope: parameters.scope,
             authorization_details: authorizationDetails,
             get expires_in() {
                 return (0, date_js_1.dateToRelativeSeconds)(expiresAt);
@@ -181,11 +173,6 @@ class TokenManager {
             // mechanism.
             sub: account.sub,
         };
-        await this.hooks.onTokenResponse?.call(null, tokenResponse, {
-            client,
-            parameters,
-            account,
-        });
         return tokenResponse;
     }
     async validateAccess(client, clientAuth, tokenInfo) {
@@ -207,7 +194,7 @@ class TokenManager {
         if (!tokenInfo?.currentRefreshToken) {
             throw new invalid_grant_error_js_1.InvalidGrantError(`Invalid refresh token`);
         }
-        const { account, info, data } = tokenInfo;
+        const { account, data } = tokenInfo;
         const { parameters } = data;
         try {
             if (tokenInfo.currentRefreshToken !== input.refresh_token) {
@@ -273,21 +260,7 @@ class TokenManager {
                     cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
                     authorization_details,
                 });
-            // https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.3
-            //
-            // >  In addition to the response parameters specified by OAuth 2.0, the
-            // >  following parameters MUST be included in the response:
-            // >  - id_token: ID Token value associated with the authenticated session.
-            const scopes = parameters.scope?.split(' ');
-            const idToken = scopes?.includes('openid')
-                ? await this.signer.idToken(client, parameters, account, {
-                    exp: expiresAt,
-                    iat: now,
-                    auth_time: info?.authenticatedAt,
-                    access_token: accessToken,
-                })
-                : undefined;
-            return this.buildTokenResponse(client, accessToken, nextRefreshToken, idToken, expiresAt, parameters, account, authorization_details);
+            return this.buildTokenResponse(client, accessToken, nextRefreshToken, expiresAt, parameters, account, authorization_details);
         }
         catch (err) {
             if (err instanceof invalid_request_error_js_1.InvalidRequestError) {

package/dist/token/token-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":";;;AAAA,sCAAqD;AACrD,sDAM6B;AAC7B,6CAAwC;AAExC,+EAAsE;AAKtE,kDAMwB;AAExB,mGAAwF;AACxF,uFAA6E;AAC7E,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AACpE,iDAAwE;AACxE,iEAAgE;AAEhE,gDAA2C;AAE3C,yDAAyE;AAGzE,+CAKsB;AAGtB,qEAIiC;AAMjC,MAAa,YAAY;IAEF;IACA;IACA;IACA;IACA;IALrB,YACqB,KAAiB,EACjB,MAAc,EACd,KAAiB,EACjB,eAAgC,EAChC,cAAc,4BAAa;QAJ3B,UAAK,GAAL,KAAK,CAAY;QACjB,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,oBAAe,GAAf,eAAe,CAAiB;QAChC,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE;QAC1C,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IACnD,CAAC;IAES,iBAAiB,CAAC,OAAgB;QAC1C,IAAI,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,IAAI,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,GAAG,CAAA;QAC3C,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,GAAG,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,MAAc,EACd,UAAsB,EACtB,OAAgB,EAChB,MAAwD,EACxD,UAAgD,EAChD,KAAuB,EACvB,OAAsB;QAEtB,IAAI,MAAM,CAAC,QAAQ,CAAC,wBAAwB,IAAI,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACzB,IAAI,OAAO;gBAAE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAChE,CAAC;aAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;QACxC,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,8CAAgC,EAAE,CAAC;YAC3D,kEAAkE;YAClE,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,8CAAmB,CAC3B,8EAA8E,CAC/E,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;QACH,CAAC;QAED,QAAQ,KAAK,CAAC,UAAU,EAAE,CAAC;YACzB,KAAK,oBAAoB;gBACvB,IAAI,CAAC,UAAU,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAC;oBACpE,MAAM,IAAI,0CAAiB,CAAC,kBAAkB,CAAC,CAAA;gBACjD,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9D,IAAA,oCAAkB,EAAC,GAAG,EAAE,KAAK,CAAC,YAAY,CAAC,CAC5C,CAAA;oBACD,IAAI,YAAY,EAAE,CAAC;wBACjB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,CAAA;oBAC9C,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,0CAAiB,CAAC,sBAAsB,CAAC,CAAA;oBACrD,CAAC;gBACH,CAAC;qBAAM,IAAI,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY,EAAE,CAAC;oBAC1D,MAAM,IAAI,0CAAiB,CACzB,+CAA+C,CAChD,CAAA;gBACH,CAAC;gBAED,MAAK;YAEP;gBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,UAAU,GAAG,CAAC,CAAA;QACnE,CAAC;QAED,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC9B,IAAI,CAAC,CAAC,eAAe,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxD,MAAM,IAAI,0CAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,QAAQ,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACzC,KAAK,SAAS,CAAC,CAAC,gCAAgC;gBAChD,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,UAAU,CAAC,cAAc,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;wBACtD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;oBACtD,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,kEAAkE;oBAClE,yCAAyC;oBACzC,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,UAAU,CAAC,cAAc,EACzB,QAAQ,CACT,CAAA;oBACD,MAAM,iBAAiB,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;yBAC3C,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC;yBAC3B,MAAM,EAAE,CAAA;oBACX,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;wBACpD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;oBACtD,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAI,8CAAmB,CAC3B,qCAAqC,UAAU,CAAC,qBAAqB,EAAE,CACxE,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;YACxD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBAC1C,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;YAC9C,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3C,MAAM,YAAY,GAAG,MAAM,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YACrD,CAAC,CAAC,MAAM,IAAA,uCAAoB,GAAE;YAC9B,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QAE7C,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CACxE,IAAI,EACJ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAChC,CAAA;QAED,MAAM,SAAS,GAAc;YAC3B,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,UAAU;YACV,OAAO,EAAE,oBAAoB,IAAI,IAAI;YACrC,IAAI,EAAE,IAAI,IAAI,IAAI;SACnB,CAAA;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC,CAAA;QAE9D,MAAM,WAAW,GAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YAC/D,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;gBACzD,wEAAwE;gBACxE,0CAA0C;gBAC1C,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;gBACnE,qBAAqB,EAAE,oBAAoB;aAC5C,CAAC,CAAA;QAEN,MAAM,OAAO,GAAG,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC;YACxC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;gBACrD,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,GAAG;gBACR,kEAAkE;gBAClE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI,IAAI,EAAE;gBACrD,YAAY,EAAE,WAAW;gBACzB,IAAI;aACL,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,OAAO,IAAI,CAAC,kBAAkB,CAC5B,MAAM,EACN,WAAW,EACX,YAAY,EACZ,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,oBAAoB,CACrB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,MAAc,EACd,WAAwB,EACxB,YAAgC,EAChC,OAA8B,EAC9B,SAAe,EACf,UAAgD,EAChD,OAAgB,EAChB,oBAAgC;QAEhC,MAAM,aAAa,GAAuB;YACxC,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,YAAY;YAC3B,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,EAAE;YAC7B,qBAAqB,EAAE,oBAAoB;YAC3C,IAAI,UAAU;gBACZ,OAAO,IAAA,+BAAqB,EAAC,SAAS,CAAC,CAAA;YACzC,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,aAAa;YACb,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAA;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE;YAC1D,MAAM;YACN,UAAU;YACV,OAAO;SACR,CAAC,CAAA;QAEF,OAAO,aAAa,CAAA;IACtB,CAAC;IAES,KAAK,CAAC,cAAc,CAC5B,MAAc,EACd,UAAsB,EACtB,SAAoB;QAEpB,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,0CAAiB,CAAC,qCAAqC,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,0CAAiB,CAAC,kCAAkC,CAAC,CAAA;QACjE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,0CAAiB,CAAC,uCAAuC,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,0CAAiB,CAAC,gCAAgC,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAc,EACd,UAAsB,EACtB,KAA0B,EAC1B,OAAsB;QAEtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CACxD,KAAK,CAAC,aAAa,CACpB,CAAA;QACD,IAAI,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC;YACpC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;QACzC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAE3B,IAAI,CAAC;YACH,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,IAAI,0CAAiB,CAAC,wBAAwB,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;YAExD,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;gBACxD,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;gBACxC,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAA;YACnC,MAAM,iBAAiB,GACrB,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,yDAA0C;gBAC5C,CAAC,CAAC,uDAAwC,CAAA;YAC9C,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC5D,MAAM,IAAI,0CAAiB,CAAC,2CAA2C,CAAC,CAAA;YAC1E,CAAC;YAED,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,+CAAgC;gBAClC,CAAC,CAAC,6CAA8B,CAAA;YACpC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACrD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,qBAAqB,GACzB,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;gBAClD,MAAM;gBACN,UAAU;gBACV,OAAO;aACR,CAAC,CAAA;YAEJ,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;YAC3C,MAAM,gBAAgB,GAAG,MAAM,IAAA,uCAAoB,GAAE,CAAA;YAErD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;YAE7C,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAC1B,SAAS,CAAC,EAAE,EACZ,WAAW,EACX,gBAAgB,EAChB;gBACE,SAAS,EAAE,GAAG;gBACd,SAAS;gBACT,mEAAmE;gBACnE,iEAAiE;gBACjE,kEAAkE;gBAClE,+DAA+D;gBAC/D,iEAAiE;gBACjE,kEAAkE;gBAClE,sEAAsE;gBACtE,mEAAmE;gBACnE,sEAAsE;gBACtE,oEAAoE;gBACpE,qEAAqE;gBACrE,sBAAsB;gBACtB,UAAU;aACX,CACF,CAAA;YAED,MAAM,WAAW,GAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;gBAC/D,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;oBACzD,wEAAwE;oBACxE,0CAA0C;oBAC1C,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,GAAG;oBACR,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBACnE,qBAAqB;iBACtB,CAAC,CAAA;YAEN,4EAA4E;YAC5E,EAAE;YACF,wEAAwE;YACxE,4DAA4D;YAC5D,2EAA2E;YAC3E,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAC3C,MAAM,OAAO,GAAG,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC;gBACxC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;oBACrD,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,GAAG;oBACR,SAAS,EAAE,IAAI,EAAE,eAAe;oBAChC,YAAY,EAAE,WAAW;iBAC1B,CAAC;gBACJ,CAAC,CAAC,SAAS,CAAA;YAEb,OAAO,IAAI,CAAC,kBAAkB,CAC5B,MAAM,EACN,WAAW,EACX,gBAAgB,EAChB,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,qBAAqB,CACtB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,8CAAmB,EAAE,CAAC;gBACvC,mEAAmE;gBACnE,UAAU;gBACV,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC5C,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;gBACnC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;oBAClD,cAAc,EAAE,QAAQ;iBACzB,CAAC,CAAA;gBACF,MAAM,OAAO,GAAG,2BAAa,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;gBACrC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED,KAAK,IAAA,gBAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED;gBACE,wDAAwD;gBACxD,OAAM;QACV,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,MAAc,EACd,UAAsB,EACtB,KAAa;QAEb,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC1C,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,KAAa;QACzC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC;gBACnB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAEpC,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;qBAClC,iBAAiB,CAAC,KAAK,CAAC;qBACxB,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;gBACpC,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAA;gBAEzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAE3B,oEAAoE;gBACpE,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,OAAO,IAAI,CAAA;gBACb,CAAC;gBAED,iCAAiC;gBACjC,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,MAAM,IAAI,KAAK,CACb,gBAAgB,SAAS,CAAC,OAAO,CAAC,GAAG,+BAA+B,OAAO,CAAC,GAAG,GAAG,CACnF,CAAA;gBACH,CAAC;gBAED,OAAO,SAAS,CAAA;YAClB,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,CAAC,SAAS,EAAE,mBAAmB;oBAAE,OAAO,IAAI,CAAA;gBAChD,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK;oBAAE,OAAO,IAAI,CAAA;gBACxD,OAAO,SAAS,CAAA;YAClB,CAAC;YAED;gBACE,sBAAsB;gBACtB,OAAO,IAAI,CAAA;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAAyB,EAAE,OAAgB;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,SAAyB,EACzB,KAAc,EACd,OAAsB,EACtB,aAAwC;QAExC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,IAAI,CAAA;QAErC,wDAAwD;QACxD,MAAM,MAAM,GAAgB;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK;YACtC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;YAClC,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;SACpE,CAAA;QAED,MAAM,MAAM,GAAG,IAAA,0CAAiB,EAC9B,KAAK,EACL,KAAK,EACL,SAAS,EACT,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAA;QAED,OAAO,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,CAAA;IACjC,CAAC;CACF;AAxhBD,oCAwhBC"}
+{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA0C;AAC1C,sDAM6B;AAC7B,6CAAwC;AAExC,+EAAsE;AAKtE,kDAMwB;AAExB,mGAAwF;AACxF,uFAA6E;AAC7E,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AACpE,iDAAwE;AACxE,iEAAgE;AAEhE,gDAA2C;AAE3C,yDAAyE;AAGzE,+CAKsB;AAGtB,qEAIiC;AAMjC,MAAa,YAAY;IAEF;IACA;IACA;IACA;IACA;IALrB,YACqB,KAAiB,EACjB,MAAc,EACd,KAAiB,EACjB,eAAgC,EAChC,cAAc,4BAAa;QAJ3B,UAAK,GAAL,KAAK,CAAY;QACjB,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,oBAAe,GAAf,eAAe,CAAiB;QAChC,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE;QAC1C,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IACnD,CAAC;IAES,iBAAiB,CAAC,OAAgB;QAC1C,IAAI,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,IAAI,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,GAAG,CAAA;QAC3C,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,GAAG,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,MAAc,EACd,UAAsB,EACtB,OAAgB,EAChB,MAAwD,EACxD,UAAgD,EAChD,KAAuB,EACvB,OAAsB;QAEtB,IAAI,MAAM,CAAC,QAAQ,CAAC,wBAAwB,IAAI,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACzB,IAAI,OAAO;gBAAE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAChE,CAAC;aAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;QACxC,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,8CAAgC,EAAE,CAAC;YAC3D,kEAAkE;YAClE,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,8CAAmB,CAC3B,8EAA8E,CAC/E,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;QACH,CAAC;QAED,QAAQ,KAAK,CAAC,UAAU,EAAE,CAAC;YACzB,KAAK,oBAAoB;gBACvB,IAAI,CAAC,UAAU,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAC;oBACpE,MAAM,IAAI,0CAAiB,CAAC,kBAAkB,CAAC,CAAA;gBACjD,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9D,IAAA,oCAAkB,EAAC,GAAG,EAAE,KAAK,CAAC,YAAY,CAAC,CAC5C,CAAA;oBACD,IAAI,YAAY,EAAE,CAAC;wBACjB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,CAAA;oBAC9C,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,0CAAiB,CAAC,sBAAsB,CAAC,CAAA;oBACrD,CAAC;gBACH,CAAC;qBAAM,IAAI,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY,EAAE,CAAC;oBAC1D,MAAM,IAAI,0CAAiB,CACzB,+CAA+C,CAChD,CAAA;gBACH,CAAC;gBAED,MAAK;YAEP;gBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,UAAU,GAAG,CAAC,CAAA;QACnE,CAAC;QAED,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC9B,IAAI,CAAC,CAAC,eAAe,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxD,MAAM,IAAI,0CAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,0DAA0D;YAC1D,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,0CAAiB,CAAC,yBAAyB,CAAC,CAAA;YACxD,CAAC;YACD,QAAQ,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACzC,KAAK,SAAS,CAAC,CAAC,gCAAgC;gBAChD,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,UAAU,CAAC,cAAc,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;wBACtD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;oBACtD,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,kEAAkE;oBAClE,yCAAyC;oBACzC,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,UAAU,CAAC,cAAc,EACzB,QAAQ,CACT,CAAA;oBACD,MAAM,iBAAiB,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;yBAC3C,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC;yBAC3B,MAAM,EAAE,CAAA;oBACX,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;wBACpD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;oBACtD,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAI,8CAAmB,CAC3B,qCAAqC,UAAU,CAAC,qBAAqB,EAAE,CACxE,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;YACxD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBAC1C,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;YAC9C,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;QACvC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC;YACxE,CAAC,CAAC,MAAM,IAAA,uCAAoB,GAAE;YAC9B,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QAE7C,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CACxE,IAAI,EACJ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAChC,CAAA;QAED,MAAM,SAAS,GAAc;YAC3B,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,UAAU;YACV,OAAO,EAAE,oBAAoB,IAAI,IAAI;YACrC,IAAI,EAAE,IAAI,IAAI,IAAI;SACnB,CAAA;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC,CAAA;QAE9D,MAAM,WAAW,GAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YAC/D,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;gBACzD,wEAAwE;gBACxE,0CAA0C;gBAC1C,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;gBACnE,qBAAqB,EAAE,oBAAoB;aAC5C,CAAC,CAAA;QAEN,OAAO,IAAI,CAAC,kBAAkB,CAC5B,MAAM,EACN,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,EACV,OAAO,EACP,oBAAoB,CACrB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,MAAc,EACd,WAAwB,EACxB,YAAgC,EAChC,SAAe,EACf,UAAgD,EAChD,OAAgB,EAChB,oBAAgC;QAEhC,MAAM,aAAa,GAAuB;YACxC,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,qBAAqB,EAAE,oBAAoB;YAC3C,IAAI,UAAU;gBACZ,OAAO,IAAA,+BAAqB,EAAC,SAAS,CAAC,CAAA;YACzC,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,aAAa;YACb,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAA;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;IAES,KAAK,CAAC,cAAc,CAC5B,MAAc,EACd,UAAsB,EACtB,SAAoB;QAEpB,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,0CAAiB,CAAC,qCAAqC,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,0CAAiB,CAAC,kCAAkC,CAAC,CAAA;QACjE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,0CAAiB,CAAC,uCAAuC,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,0CAAiB,CAAC,gCAAgC,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAc,EACd,UAAsB,EACtB,KAA0B,EAC1B,OAAsB;QAEtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CACxD,KAAK,CAAC,aAAa,CACpB,CAAA;QACD,IAAI,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC;YACpC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;QACnC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAE3B,IAAI,CAAC;YACH,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,IAAI,0CAAiB,CAAC,wBAAwB,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;YAExD,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;gBACxD,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;gBACxC,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAA;YACnC,MAAM,iBAAiB,GACrB,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,yDAA0C;gBAC5C,CAAC,CAAC,uDAAwC,CAAA;YAC9C,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC5D,MAAM,IAAI,0CAAiB,CAAC,2CAA2C,CAAC,CAAA;YAC1E,CAAC;YAED,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,+CAAgC;gBAClC,CAAC,CAAC,6CAA8B,CAAA;YACpC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACrD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,qBAAqB,GACzB,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;gBAClD,MAAM;gBACN,UAAU;gBACV,OAAO;aACR,CAAC,CAAA;YAEJ,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;YAC3C,MAAM,gBAAgB,GAAG,MAAM,IAAA,uCAAoB,GAAE,CAAA;YAErD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;YAE7C,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAC1B,SAAS,CAAC,EAAE,EACZ,WAAW,EACX,gBAAgB,EAChB;gBACE,SAAS,EAAE,GAAG;gBACd,SAAS;gBACT,mEAAmE;gBACnE,iEAAiE;gBACjE,kEAAkE;gBAClE,+DAA+D;gBAC/D,iEAAiE;gBACjE,kEAAkE;gBAClE,sEAAsE;gBACtE,mEAAmE;gBACnE,sEAAsE;gBACtE,oEAAoE;gBACpE,qEAAqE;gBACrE,sBAAsB;gBACtB,UAAU;aACX,CACF,CAAA;YAED,MAAM,WAAW,GAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;gBAC/D,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;oBACzD,wEAAwE;oBACxE,0CAA0C;oBAC1C,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,GAAG;oBACR,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBACnE,qBAAqB;iBACtB,CAAC,CAAA;YAEN,OAAO,IAAI,CAAC,kBAAkB,CAC5B,MAAM,EACN,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,UAAU,EACV,OAAO,EACP,qBAAqB,CACtB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,8CAAmB,EAAE,CAAC;gBACvC,mEAAmE;gBACnE,UAAU;gBACV,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC5C,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;gBACnC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;oBAClD,cAAc,EAAE,QAAQ;iBACzB,CAAC,CAAA;gBACF,MAAM,OAAO,GAAG,2BAAa,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;gBACrC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED,KAAK,IAAA,gBAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED;gBACE,wDAAwD;gBACxD,OAAM;QACV,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,MAAc,EACd,UAAsB,EACtB,KAAa;QAEb,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC1C,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,KAAa;QACzC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC;gBACnB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAEpC,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;qBAClC,iBAAiB,CAAC,KAAK,CAAC;qBACxB,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;gBACpC,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAA;gBAEzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAE3B,oEAAoE;gBACpE,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,OAAO,IAAI,CAAA;gBACb,CAAC;gBAED,iCAAiC;gBACjC,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,MAAM,IAAI,KAAK,CACb,gBAAgB,SAAS,CAAC,OAAO,CAAC,GAAG,+BAA+B,OAAO,CAAC,GAAG,GAAG,CACnF,CAAA;gBACH,CAAC;gBAED,OAAO,SAAS,CAAA;YAClB,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,CAAC,SAAS,EAAE,mBAAmB;oBAAE,OAAO,IAAI,CAAA;gBAChD,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK;oBAAE,OAAO,IAAI,CAAA;gBACxD,OAAO,SAAS,CAAA;YAClB,CAAC;YAED;gBACE,sBAAsB;gBACtB,OAAO,IAAI,CAAA;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAAyB,EAAE,OAAgB;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,SAAyB,EACzB,KAAc,EACd,OAAsB,EACtB,aAAwC;QAExC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,IAAI,CAAA;QAErC,wDAAwD;QACxD,MAAM,MAAM,GAAgB;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK;YACtC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;YAClC,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;SACpE,CAAA;QAED,MAAM,MAAM,GAAG,IAAA,0CAAiB,EAC9B,KAAK,EACL,KAAK,EACL,SAAS,EACT,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAA;QAED,OAAO,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,CAAA;IACjC,CAAC;CACF;AAvfD,oCAufC"}

package/dist/token/types.d.ts

@@ -77,12 +77,12 @@ export declare const refreshGrantRequestSchema: z.ZodIntersection<z.ZodUnion<[z.
     refresh_token: z.ZodEffects<z.ZodString, `ref-${string}`, string>;
     client_id: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    client_id: string;
     refresh_token: `ref-${string}`;
+    client_id: string;
     grant_type: "refresh_token";
 }, {
-    client_id: string;
     refresh_token: string;
+    client_id: string;
     grant_type: "refresh_token";
 }>>;
 export type RefreshGrantRequest = z.infer<typeof refreshGrantRequestSchema>;
@@ -161,12 +161,12 @@ export declare const tokenRequestSchema: z.ZodUnion<[z.ZodIntersection<z.ZodUnio
     refresh_token: z.ZodEffects<z.ZodString, `ref-${string}`, string>;
     client_id: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    client_id: string;
     refresh_token: `ref-${string}`;
+    client_id: string;
     grant_type: "refresh_token";
 }, {
-    client_id: string;
     refresh_token: string;
+    client_id: string;
     grant_type: "refresh_token";
 }>>]>;
 export type TokenRequest = z.infer<typeof tokenRequestSchema>;
@@ -175,10 +175,10 @@ export declare const tokenIdentification: z.ZodObject<{
     token_type_hint: z.ZodOptional<z.ZodEnum<["access_token", "refresh_token"]>>;
 }, "strip", z.ZodTypeAny, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }>;
 export type TokenIdentification = z.infer<typeof tokenIdentification>;
 export declare const revokeSchema: z.ZodObject<{
@@ -186,10 +186,10 @@ export declare const revokeSchema: z.ZodObject<{
     token_type_hint: z.ZodOptional<z.ZodEnum<["access_token", "refresh_token"]>>;
 }, "strip", z.ZodTypeAny, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }>;
 export type Revoke = z.infer<typeof revokeSchema>;
 export declare const introspectSchema: z.ZodIntersection<z.ZodUnion<[z.ZodUnion<[z.ZodObject<{
@@ -224,10 +224,10 @@ export declare const introspectSchema: z.ZodIntersection<z.ZodUnion<[z.ZodUnion<
     token_type_hint: z.ZodOptional<z.ZodEnum<["access_token", "refresh_token"]>>;
 }, "strip", z.ZodTypeAny, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }, {
     token: string;
-    token_type_hint?: "access_token" | "refresh_token" | undefined;
+    token_type_hint?: "refresh_token" | "access_token" | undefined;
 }>>;
 export type Introspect = z.infer<typeof introspectSchema>;
 export type IntrospectionResponse = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "license": "MIT",
   "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
   "keywords": [
@@ -30,12 +30,12 @@
   "dependencies": {
     "@hapi/accept": "^6.0.3",
     "@hapi/bourne": "^3.0.0",
+    "@hapi/content": "^6.0.0",
     "cookie": "^0.6.0",
     "http-errors": "^2.0.0",
     "ioredis": "^5.3.2",
     "jose": "^5.2.0",
     "keygrip": "^1.1.0",
-    "oidc-token-hash": "^5.0.3",
     "psl": "^1.9.0",
     "zod": "^3.23.8",
     "@atproto-labs/fetch": "0.1.0",
@@ -45,7 +45,7 @@
     "@atproto-labs/simple-store-memory": "0.1.1",
     "@atproto/jwk": "0.1.1",
     "@atproto/jwk-jose": "0.1.2",
-    "@atproto/oauth-types": "0.1.2"
+    "@atproto/oauth-types": "0.1.4"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^25.0.7",

package/src/account/account.ts

@@ -1,10 +1,14 @@
-import { OIDCStandardPayload } from '../oidc/claims.js'
 import { Sub } from '../oidc/sub.js'
 import { Simplify } from '../lib/util/type.js'
 
-export type Account = Simplify<
-  {
-    sub: Sub // Account id
-    aud: string | [string, ...string[]] // Resource server URL
-  } & OIDCStandardPayload
->
+export type Account = Simplify<{
+  sub: Sub // Account id
+  aud: string | [string, ...string[]] // Resource server URL
+
+  // OIDC inspired
+  preferred_username?: string
+  email?: string
+  email_verified?: boolean
+  picture?: string
+  name?: string
+}>

package/src/assets/app/backend-data.ts

@@ -14,6 +14,7 @@ export type Account = {
 
 export type Session = {
   account: Account
+  info?: never // Prevent relying on this in the frontend
 
   selected: boolean
   loginRequired: boolean
@@ -37,15 +38,21 @@ export type ErrorData = {
   error_description: string
 }
 
+export type ScopeDetail = {
+  scope: string
+  description?: string
+}
+
 export type AuthorizeData = {
   clientId: string
   clientMetadata: OAuthClientMetadata
   clientTrusted: boolean
   requestUri: string
   csrfCookie: string
-  sessions: Session[]
-  newSessionsRequireConsent: boolean
   loginHint?: string
+  scopeDetails?: ScopeDetail[]
+  newSessionsRequireConsent: boolean
+  sessions: Session[]
 }
 
 // see "declareBackendData()" in the backend