@atproto/oauth-provider 0.16.5 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (321) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/dist/access-token/access-token-mode.js +2 -5
  3. package/dist/access-token/access-token-mode.js.map +1 -1
  4. package/dist/account/account-manager.js +25 -33
  5. package/dist/account/account-manager.js.map +1 -1
  6. package/dist/account/account-store.js +11 -32
  7. package/dist/account/account-store.js.map +1 -1
  8. package/dist/account/sign-in-data.js +9 -12
  9. package/dist/account/sign-in-data.js.map +1 -1
  10. package/dist/account/sign-up-input.js +14 -17
  11. package/dist/account/sign-up-input.js.map +1 -1
  12. package/dist/client/client-auth.js +1 -2
  13. package/dist/client/client-data.js +1 -2
  14. package/dist/client/client-id.js +2 -5
  15. package/dist/client/client-id.js.map +1 -1
  16. package/dist/client/client-info.js +1 -2
  17. package/dist/client/client-manager.js +86 -97
  18. package/dist/client/client-manager.js.map +1 -1
  19. package/dist/client/client-store.js +7 -26
  20. package/dist/client/client-store.js.map +1 -1
  21. package/dist/client/client-utils.js +10 -14
  22. package/dist/client/client-utils.js.map +1 -1
  23. package/dist/client/client.js +43 -53
  24. package/dist/client/client.js.map +1 -1
  25. package/dist/constants.js +28 -31
  26. package/dist/constants.js.map +1 -1
  27. package/dist/customization/branding.js +8 -11
  28. package/dist/customization/branding.js.map +1 -1
  29. package/dist/customization/build-customization-css.js +8 -11
  30. package/dist/customization/build-customization-css.js.map +1 -1
  31. package/dist/customization/build-customization-data.js +1 -4
  32. package/dist/customization/build-customization-data.js.map +1 -1
  33. package/dist/customization/colors.js +11 -14
  34. package/dist/customization/colors.js.map +1 -1
  35. package/dist/customization/customization.js +8 -11
  36. package/dist/customization/customization.js.map +1 -1
  37. package/dist/customization/links.js +7 -10
  38. package/dist/customization/links.js.map +1 -1
  39. package/dist/device/device-data.js +7 -10
  40. package/dist/device/device-data.js.map +1 -1
  41. package/dist/device/device-id.js +11 -16
  42. package/dist/device/device-id.js.map +1 -1
  43. package/dist/device/device-manager.js +32 -38
  44. package/dist/device/device-manager.js.map +1 -1
  45. package/dist/device/device-store.js +7 -25
  46. package/dist/device/device-store.js.map +1 -1
  47. package/dist/device/session-id.js +9 -13
  48. package/dist/device/session-id.js.map +1 -1
  49. package/dist/dpop/dpop-manager.d.ts +3 -3
  50. package/dist/dpop/dpop-manager.js +38 -43
  51. package/dist/dpop/dpop-manager.js.map +1 -1
  52. package/dist/dpop/dpop-nonce.d.ts +2 -2
  53. package/dist/dpop/dpop-nonce.d.ts.map +1 -1
  54. package/dist/dpop/dpop-nonce.js +14 -18
  55. package/dist/dpop/dpop-nonce.js.map +1 -1
  56. package/dist/dpop/dpop-proof.js +1 -2
  57. package/dist/errors/access-denied-error.js +2 -6
  58. package/dist/errors/access-denied-error.js.map +1 -1
  59. package/dist/errors/account-selection-required-error.js +2 -6
  60. package/dist/errors/account-selection-required-error.js.map +1 -1
  61. package/dist/errors/authorization-error.js +7 -12
  62. package/dist/errors/authorization-error.js.map +1 -1
  63. package/dist/errors/consent-required-error.js +2 -6
  64. package/dist/errors/consent-required-error.js.map +1 -1
  65. package/dist/errors/error-parser.js +14 -18
  66. package/dist/errors/error-parser.js.map +1 -1
  67. package/dist/errors/handle-unavailable-error.js +2 -7
  68. package/dist/errors/handle-unavailable-error.js.map +1 -1
  69. package/dist/errors/invalid-authorization-details-error.js +2 -6
  70. package/dist/errors/invalid-authorization-details-error.js.map +1 -1
  71. package/dist/errors/invalid-client-error.js +2 -6
  72. package/dist/errors/invalid-client-error.js.map +1 -1
  73. package/dist/errors/invalid-client-id-error.js +2 -6
  74. package/dist/errors/invalid-client-id-error.js.map +1 -1
  75. package/dist/errors/invalid-client-metadata-error.js +7 -11
  76. package/dist/errors/invalid-client-metadata-error.js.map +1 -1
  77. package/dist/errors/invalid-credentials-error.js +2 -7
  78. package/dist/errors/invalid-credentials-error.js.map +1 -1
  79. package/dist/errors/invalid-dpop-key-binding-error.js +2 -6
  80. package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -1
  81. package/dist/errors/invalid-dpop-proof-error.js +2 -6
  82. package/dist/errors/invalid-dpop-proof-error.js.map +1 -1
  83. package/dist/errors/invalid-grant-error.js +2 -6
  84. package/dist/errors/invalid-grant-error.js.map +1 -1
  85. package/dist/errors/invalid-invite-code-error.d.ts +1 -1
  86. package/dist/errors/invalid-invite-code-error.d.ts.map +1 -1
  87. package/dist/errors/invalid-invite-code-error.js +2 -6
  88. package/dist/errors/invalid-invite-code-error.js.map +1 -1
  89. package/dist/errors/invalid-redirect-uri-error.js +2 -6
  90. package/dist/errors/invalid-redirect-uri-error.js.map +1 -1
  91. package/dist/errors/invalid-request-error.js +3 -7
  92. package/dist/errors/invalid-request-error.js.map +1 -1
  93. package/dist/errors/invalid-scope-error.js +2 -6
  94. package/dist/errors/invalid-scope-error.js.map +1 -1
  95. package/dist/errors/invalid-token-error.js +10 -15
  96. package/dist/errors/invalid-token-error.js.map +1 -1
  97. package/dist/errors/login-required-error.js +2 -6
  98. package/dist/errors/login-required-error.js.map +1 -1
  99. package/dist/errors/oauth-error.js +1 -9
  100. package/dist/errors/oauth-error.js.map +1 -1
  101. package/dist/errors/second-authentication-factor-required-error.js +2 -8
  102. package/dist/errors/second-authentication-factor-required-error.js.map +1 -1
  103. package/dist/errors/unauthorized-client-error.js +2 -6
  104. package/dist/errors/unauthorized-client-error.js.map +1 -1
  105. package/dist/errors/use-dpop-nonce-error.js +4 -8
  106. package/dist/errors/use-dpop-nonce-error.js.map +1 -1
  107. package/dist/errors/www-authenticate-error.js +4 -9
  108. package/dist/errors/www-authenticate-error.js.map +1 -1
  109. package/dist/index.js +14 -30
  110. package/dist/index.js.map +1 -1
  111. package/dist/lexicon/lexicon-data.js +1 -2
  112. package/dist/lexicon/lexicon-getter.js +6 -10
  113. package/dist/lexicon/lexicon-getter.js.map +1 -1
  114. package/dist/lexicon/lexicon-manager.js +10 -30
  115. package/dist/lexicon/lexicon-manager.js.map +1 -1
  116. package/dist/lexicon/lexicon-store.js +5 -10
  117. package/dist/lexicon/lexicon-store.js.map +1 -1
  118. package/dist/lib/csp/index.js +3 -8
  119. package/dist/lib/csp/index.js.map +1 -1
  120. package/dist/lib/hcaptcha.js +33 -43
  121. package/dist/lib/hcaptcha.js.map +1 -1
  122. package/dist/lib/html/build-document.js +19 -24
  123. package/dist/lib/html/build-document.js.map +1 -1
  124. package/dist/lib/html/escapers.js +10 -16
  125. package/dist/lib/html/escapers.js.map +1 -1
  126. package/dist/lib/html/html.js +1 -5
  127. package/dist/lib/html/html.js.map +1 -1
  128. package/dist/lib/html/hydration-data.js +6 -10
  129. package/dist/lib/html/hydration-data.js.map +1 -1
  130. package/dist/lib/html/index.js +3 -19
  131. package/dist/lib/html/index.js.map +1 -1
  132. package/dist/lib/html/tags.js +14 -23
  133. package/dist/lib/html/tags.js.map +1 -1
  134. package/dist/lib/html/util.js +1 -4
  135. package/dist/lib/html/util.js.map +1 -1
  136. package/dist/lib/http/accept.d.ts.map +1 -1
  137. package/dist/lib/http/accept.js +8 -8
  138. package/dist/lib/http/accept.js.map +1 -1
  139. package/dist/lib/http/context.js +1 -4
  140. package/dist/lib/http/context.js.map +1 -1
  141. package/dist/lib/http/headers.js +1 -4
  142. package/dist/lib/http/headers.js.map +1 -1
  143. package/dist/lib/http/index.js +10 -26
  144. package/dist/lib/http/index.js.map +1 -1
  145. package/dist/lib/http/method.js +1 -4
  146. package/dist/lib/http/method.js.map +1 -1
  147. package/dist/lib/http/middleware.js +11 -17
  148. package/dist/lib/http/middleware.js.map +1 -1
  149. package/dist/lib/http/parser.js +13 -20
  150. package/dist/lib/http/parser.js.map +1 -1
  151. package/dist/lib/http/path.js +1 -4
  152. package/dist/lib/http/path.js.map +1 -1
  153. package/dist/lib/http/request.d.ts.map +1 -1
  154. package/dist/lib/http/request.js +32 -47
  155. package/dist/lib/http/request.js.map +1 -1
  156. package/dist/lib/http/response.js +14 -27
  157. package/dist/lib/http/response.js.map +1 -1
  158. package/dist/lib/http/route.js +9 -12
  159. package/dist/lib/http/route.js.map +1 -1
  160. package/dist/lib/http/router.js +8 -13
  161. package/dist/lib/http/router.js.map +1 -1
  162. package/dist/lib/http/security-headers.js +10 -15
  163. package/dist/lib/http/security-headers.js.map +1 -1
  164. package/dist/lib/http/stream.js +12 -20
  165. package/dist/lib/http/stream.js.map +1 -1
  166. package/dist/lib/http/types.js +1 -2
  167. package/dist/lib/http/url.js +1 -4
  168. package/dist/lib/http/url.js.map +1 -1
  169. package/dist/lib/nsid.js +4 -8
  170. package/dist/lib/nsid.js.map +1 -1
  171. package/dist/lib/redis.js +4 -7
  172. package/dist/lib/redis.js.map +1 -1
  173. package/dist/lib/util/authorization-header.js +11 -15
  174. package/dist/lib/util/authorization-header.js.map +1 -1
  175. package/dist/lib/util/cast.js +3 -8
  176. package/dist/lib/util/cast.js.map +1 -1
  177. package/dist/lib/util/color.js +23 -32
  178. package/dist/lib/util/color.js.map +1 -1
  179. package/dist/lib/util/crypto.js +5 -10
  180. package/dist/lib/util/crypto.js.map +1 -1
  181. package/dist/lib/util/date.js +2 -6
  182. package/dist/lib/util/date.js.map +1 -1
  183. package/dist/lib/util/error.js +5 -8
  184. package/dist/lib/util/error.js.map +1 -1
  185. package/dist/lib/util/function.js +3 -8
  186. package/dist/lib/util/function.js.map +1 -1
  187. package/dist/lib/util/locale.js +3 -6
  188. package/dist/lib/util/locale.js.map +1 -1
  189. package/dist/lib/util/object.js +1 -4
  190. package/dist/lib/util/object.js.map +1 -1
  191. package/dist/lib/util/redirect-uri.js +3 -6
  192. package/dist/lib/util/redirect-uri.js.map +1 -1
  193. package/dist/lib/util/time.js +5 -9
  194. package/dist/lib/util/time.js.map +1 -1
  195. package/dist/lib/util/type.d.ts.map +1 -1
  196. package/dist/lib/util/type.js +1 -5
  197. package/dist/lib/util/type.js.map +1 -1
  198. package/dist/lib/util/ui8.js +3 -8
  199. package/dist/lib/util/ui8.js.map +1 -1
  200. package/dist/lib/util/well-known.js +1 -4
  201. package/dist/lib/util/well-known.js.map +1 -1
  202. package/dist/lib/util/zod-error.js +4 -8
  203. package/dist/lib/util/zod-error.js.map +1 -1
  204. package/dist/lib/write-form-redirect.js +9 -12
  205. package/dist/lib/write-form-redirect.js.map +1 -1
  206. package/dist/lib/write-html.js +12 -15
  207. package/dist/lib/write-html.js.map +1 -1
  208. package/dist/metadata/build-metadata.js +9 -12
  209. package/dist/metadata/build-metadata.js.map +1 -1
  210. package/dist/oauth-client.js +2 -18
  211. package/dist/oauth-client.js.map +1 -1
  212. package/dist/oauth-dpop.js +2 -18
  213. package/dist/oauth-dpop.js.map +1 -1
  214. package/dist/oauth-errors.js +24 -42
  215. package/dist/oauth-errors.js.map +1 -1
  216. package/dist/oauth-hooks.js +8 -15
  217. package/dist/oauth-hooks.js.map +1 -1
  218. package/dist/oauth-middleware.js +13 -16
  219. package/dist/oauth-middleware.js.map +1 -1
  220. package/dist/oauth-provider.js +108 -125
  221. package/dist/oauth-provider.js.map +1 -1
  222. package/dist/oauth-store.js +7 -23
  223. package/dist/oauth-store.js.map +1 -1
  224. package/dist/oauth-verifier.js +41 -53
  225. package/dist/oauth-verifier.js.map +1 -1
  226. package/dist/oidc/sub.js +2 -5
  227. package/dist/oidc/sub.js.map +1 -1
  228. package/dist/replay/replay-manager.js +6 -11
  229. package/dist/replay/replay-manager.js.map +1 -1
  230. package/dist/replay/replay-store-memory.js +5 -7
  231. package/dist/replay/replay-store-memory.js.map +1 -1
  232. package/dist/replay/replay-store-redis.js +3 -8
  233. package/dist/replay/replay-store-redis.js.map +1 -1
  234. package/dist/replay/replay-store.js +3 -8
  235. package/dist/replay/replay-store.js.map +1 -1
  236. package/dist/request/code.js +10 -15
  237. package/dist/request/code.js.map +1 -1
  238. package/dist/request/request-data.js +1 -5
  239. package/dist/request/request-data.js.map +1 -1
  240. package/dist/request/request-id.js +9 -13
  241. package/dist/request/request-id.js.map +1 -1
  242. package/dist/request/request-manager.js +61 -71
  243. package/dist/request/request-manager.js.map +1 -1
  244. package/dist/request/request-store.js +9 -27
  245. package/dist/request/request-store.js.map +1 -1
  246. package/dist/request/request-uri.js +17 -23
  247. package/dist/request/request-uri.js.map +1 -1
  248. package/dist/result/authorization-redirect-parameters.js +1 -2
  249. package/dist/result/authorization-result-authorize-page.js +1 -2
  250. package/dist/result/authorization-result-redirect.js +1 -2
  251. package/dist/router/assets/assets-manifest.d.ts.map +1 -1
  252. package/dist/router/assets/assets-manifest.js +14 -15
  253. package/dist/router/assets/assets-manifest.js.map +1 -1
  254. package/dist/router/assets/assets.d.ts.map +1 -1
  255. package/dist/router/assets/assets.js +25 -27
  256. package/dist/router/assets/assets.js.map +1 -1
  257. package/dist/router/assets/csrf.js +16 -25
  258. package/dist/router/assets/csrf.js.map +1 -1
  259. package/dist/router/assets/send-account-page.js +3 -6
  260. package/dist/router/assets/send-account-page.js.map +1 -1
  261. package/dist/router/assets/send-authorization-page.js +3 -6
  262. package/dist/router/assets/send-authorization-page.js.map +1 -1
  263. package/dist/router/assets/send-cookie-error-page.js +3 -6
  264. package/dist/router/assets/send-cookie-error-page.js.map +1 -1
  265. package/dist/router/assets/send-error-page.js +6 -9
  266. package/dist/router/assets/send-error-page.js.map +1 -1
  267. package/dist/router/assets/send-redirect.js +12 -20
  268. package/dist/router/assets/send-redirect.js.map +1 -1
  269. package/dist/router/create-account-page-middleware.js +11 -14
  270. package/dist/router/create-account-page-middleware.js.map +1 -1
  271. package/dist/router/create-api-middleware.js +83 -90
  272. package/dist/router/create-api-middleware.js.map +1 -1
  273. package/dist/router/create-authorization-page-middleware.js +43 -46
  274. package/dist/router/create-authorization-page-middleware.js.map +1 -1
  275. package/dist/router/create-oauth-middleware.js +31 -34
  276. package/dist/router/create-oauth-middleware.js.map +1 -1
  277. package/dist/router/error-handler.js +1 -2
  278. package/dist/router/middleware-options.js +1 -2
  279. package/dist/signer/access-token-payload.js +12 -15
  280. package/dist/signer/access-token-payload.js.map +1 -1
  281. package/dist/signer/api-token-payload.js +8 -11
  282. package/dist/signer/api-token-payload.js.map +1 -1
  283. package/dist/signer/signer.js +11 -17
  284. package/dist/signer/signer.js.map +1 -1
  285. package/dist/token/refresh-token.js +10 -15
  286. package/dist/token/refresh-token.js.map +1 -1
  287. package/dist/token/token-claims.js +1 -2
  288. package/dist/token/token-data.js +1 -2
  289. package/dist/token/token-id.js +10 -15
  290. package/dist/token/token-id.js.map +1 -1
  291. package/dist/token/token-manager.js +40 -51
  292. package/dist/token/token-manager.js.map +1 -1
  293. package/dist/token/token-store.js +7 -25
  294. package/dist/token/token-store.js.map +1 -1
  295. package/dist/types/authorization-response-error.js +8 -12
  296. package/dist/types/authorization-response-error.js.map +1 -1
  297. package/dist/types/color-hue.js +2 -5
  298. package/dist/types/color-hue.js.map +1 -1
  299. package/dist/types/email-otp.js +2 -5
  300. package/dist/types/email-otp.js.map +1 -1
  301. package/dist/types/email.js +6 -9
  302. package/dist/types/email.js.map +1 -1
  303. package/dist/types/handle.js +6 -9
  304. package/dist/types/handle.js.map +1 -1
  305. package/dist/types/invite-code.js +2 -5
  306. package/dist/types/invite-code.js.map +1 -1
  307. package/dist/types/par-response-error.js +5 -9
  308. package/dist/types/par-response-error.js.map +1 -1
  309. package/dist/types/password.js +3 -6
  310. package/dist/types/password.js.map +1 -1
  311. package/dist/types/rgb-color.js +7 -10
  312. package/dist/types/rgb-color.js.map +1 -1
  313. package/package.json +20 -22
  314. package/src/dpop/dpop-nonce.ts +1 -1
  315. package/src/errors/invalid-invite-code-error.ts +1 -1
  316. package/src/lib/http/accept.ts +4 -1
  317. package/src/lib/http/request.ts +4 -1
  318. package/src/lib/util/type.ts +0 -1
  319. package/src/router/assets/assets-manifest.ts +3 -1
  320. package/src/router/assets/assets.ts +2 -0
  321. package/tsconfig.build.tsbuildinfo +1 -1
package/dist/oauth-errors.js CHANGED
@@ -1,44 +1,26 @@
1
- "use strict";
2
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
- if (k2 === undefined) k2 = k;
4
- var desc = Object.getOwnPropertyDescriptor(m, k);
5
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
- desc = { enumerable: true, get: function() { return m[k]; } };
7
- }
8
- Object.defineProperty(o, k2, desc);
9
- }) : (function(o, m, k, k2) {
10
- if (k2 === undefined) k2 = k;
11
- o[k2] = m[k];
12
- }));
13
- var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
- for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
- };
16
- Object.defineProperty(exports, "__esModule", { value: true });
17
- exports.OAuthError = void 0;
18
1
  // Root Error class
19
- var oauth_error_js_1 = require("./errors/oauth-error.js");
20
- Object.defineProperty(exports, "OAuthError", { enumerable: true, get: function () { return oauth_error_js_1.OAuthError; } });
21
- __exportStar(require("./errors/access-denied-error.js"), exports);
22
- __exportStar(require("./errors/account-selection-required-error.js"), exports);
23
- __exportStar(require("./errors/authorization-error.js"), exports);
24
- __exportStar(require("./errors/consent-required-error.js"), exports);
25
- __exportStar(require("./errors/handle-unavailable-error.js"), exports);
26
- __exportStar(require("./errors/invalid-authorization-details-error.js"), exports);
27
- __exportStar(require("./errors/invalid-client-error.js"), exports);
28
- __exportStar(require("./errors/invalid-client-id-error.js"), exports);
29
- __exportStar(require("./errors/invalid-client-metadata-error.js"), exports);
30
- __exportStar(require("./errors/invalid-credentials-error.js"), exports);
31
- __exportStar(require("./errors/invalid-dpop-key-binding-error.js"), exports);
32
- __exportStar(require("./errors/invalid-dpop-proof-error.js"), exports);
33
- __exportStar(require("./errors/invalid-grant-error.js"), exports);
34
- __exportStar(require("./errors/invalid-invite-code-error.js"), exports);
35
- __exportStar(require("./errors/invalid-redirect-uri-error.js"), exports);
36
- __exportStar(require("./errors/invalid-request-error.js"), exports);
37
- __exportStar(require("./errors/invalid-scope-error.js"), exports);
38
- __exportStar(require("./errors/invalid-token-error.js"), exports);
39
- __exportStar(require("./errors/login-required-error.js"), exports);
40
- __exportStar(require("./errors/second-authentication-factor-required-error.js"), exports);
41
- __exportStar(require("./errors/unauthorized-client-error.js"), exports);
42
- __exportStar(require("./errors/use-dpop-nonce-error.js"), exports);
43
- __exportStar(require("./errors/www-authenticate-error.js"), exports);
2
+ export { OAuthError } from './errors/oauth-error.js';
3
+ export * from './errors/access-denied-error.js';
4
+ export * from './errors/account-selection-required-error.js';
5
+ export * from './errors/authorization-error.js';
6
+ export * from './errors/consent-required-error.js';
7
+ export * from './errors/handle-unavailable-error.js';
8
+ export * from './errors/invalid-authorization-details-error.js';
9
+ export * from './errors/invalid-client-error.js';
10
+ export * from './errors/invalid-client-id-error.js';
11
+ export * from './errors/invalid-client-metadata-error.js';
12
+ export * from './errors/invalid-credentials-error.js';
13
+ export * from './errors/invalid-dpop-key-binding-error.js';
14
+ export * from './errors/invalid-dpop-proof-error.js';
15
+ export * from './errors/invalid-grant-error.js';
16
+ export * from './errors/invalid-invite-code-error.js';
17
+ export * from './errors/invalid-redirect-uri-error.js';
18
+ export * from './errors/invalid-request-error.js';
19
+ export * from './errors/invalid-scope-error.js';
20
+ export * from './errors/invalid-token-error.js';
21
+ export * from './errors/login-required-error.js';
22
+ export * from './errors/second-authentication-factor-required-error.js';
23
+ export * from './errors/unauthorized-client-error.js';
24
+ export * from './errors/use-dpop-nonce-error.js';
25
+ export * from './errors/www-authenticate-error.js';
44
26
  //# sourceMappingURL=oauth-errors.js.map
package/dist/oauth-errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mBAAmB;AACnB,0DAAoD;AAA3C,4GAAA,UAAU,OAAA;AAEnB,kEAA+C;AAC/C,+EAA4D;AAC5D,kEAA+C;AAC/C,qEAAkD;AAClD,uEAAoD;AACpD,kFAA+D;AAC/D,mEAAgD;AAChD,sEAAmD;AACnD,4EAAyD;AACzD,wEAAqD;AACrD,6EAA0D;AAC1D,uEAAoD;AACpD,kEAA+C;AAC/C,wEAAqD;AACrD,yEAAsD;AACtD,oEAAiD;AACjD,kEAA+C;AAC/C,kEAA+C;AAC/C,mEAAgD;AAChD,0FAAuE;AACvE,wEAAqD;AACrD,mEAAgD;AAChD,qEAAkD","sourcesContent":["// Root Error class\nexport { OAuthError } from './errors/oauth-error.js'\n\nexport * from './errors/access-denied-error.js'\nexport * from './errors/account-selection-required-error.js'\nexport * from './errors/authorization-error.js'\nexport * from './errors/consent-required-error.js'\nexport * from './errors/handle-unavailable-error.js'\nexport * from './errors/invalid-authorization-details-error.js'\nexport * from './errors/invalid-client-error.js'\nexport * from './errors/invalid-client-id-error.js'\nexport * from './errors/invalid-client-metadata-error.js'\nexport * from './errors/invalid-credentials-error.js'\nexport * from './errors/invalid-dpop-key-binding-error.js'\nexport * from './errors/invalid-dpop-proof-error.js'\nexport * from './errors/invalid-grant-error.js'\nexport * from './errors/invalid-invite-code-error.js'\nexport * from './errors/invalid-redirect-uri-error.js'\nexport * from './errors/invalid-request-error.js'\nexport * from './errors/invalid-scope-error.js'\nexport * from './errors/invalid-token-error.js'\nexport * from './errors/login-required-error.js'\nexport * from './errors/second-authentication-factor-required-error.js'\nexport * from './errors/unauthorized-client-error.js'\nexport * from './errors/use-dpop-nonce-error.js'\nexport * from './errors/www-authenticate-error.js'\n"]}
1
+ {"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":"AAAA,mBAAmB;AACnB,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAEpD,cAAc,iCAAiC,CAAA;AAC/C,cAAc,8CAA8C,CAAA;AAC5D,cAAc,iCAAiC,CAAA;AAC/C,cAAc,oCAAoC,CAAA;AAClD,cAAc,sCAAsC,CAAA;AACpD,cAAc,iDAAiD,CAAA;AAC/D,cAAc,kCAAkC,CAAA;AAChD,cAAc,qCAAqC,CAAA;AACnD,cAAc,2CAA2C,CAAA;AACzD,cAAc,uCAAuC,CAAA;AACrD,cAAc,4CAA4C,CAAA;AAC1D,cAAc,sCAAsC,CAAA;AACpD,cAAc,iCAAiC,CAAA;AAC/C,cAAc,uCAAuC,CAAA;AACrD,cAAc,wCAAwC,CAAA;AACtD,cAAc,mCAAmC,CAAA;AACjD,cAAc,iCAAiC,CAAA;AAC/C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,kCAAkC,CAAA;AAChD,cAAc,yDAAyD,CAAA;AACvE,cAAc,uCAAuC,CAAA;AACrD,cAAc,kCAAkC,CAAA;AAChD,cAAc,oCAAoC,CAAA","sourcesContent":["// Root Error class\nexport { OAuthError } from './errors/oauth-error.js'\n\nexport * from './errors/access-denied-error.js'\nexport * from './errors/account-selection-required-error.js'\nexport * from './errors/authorization-error.js'\nexport * from './errors/consent-required-error.js'\nexport * from './errors/handle-unavailable-error.js'\nexport * from './errors/invalid-authorization-details-error.js'\nexport * from './errors/invalid-client-error.js'\nexport * from './errors/invalid-client-id-error.js'\nexport * from './errors/invalid-client-metadata-error.js'\nexport * from './errors/invalid-credentials-error.js'\nexport * from './errors/invalid-dpop-key-binding-error.js'\nexport * from './errors/invalid-dpop-proof-error.js'\nexport * from './errors/invalid-grant-error.js'\nexport * from './errors/invalid-invite-code-error.js'\nexport * from './errors/invalid-redirect-uri-error.js'\nexport * from './errors/invalid-request-error.js'\nexport * from './errors/invalid-scope-error.js'\nexport * from './errors/invalid-token-error.js'\nexport * from './errors/login-required-error.js'\nexport * from './errors/second-authentication-factor-required-error.js'\nexport * from './errors/unauthorized-client-error.js'\nexport * from './errors/use-dpop-nonce-error.js'\nexport * from './errors/www-authenticate-error.js'\n"]}
package/dist/oauth-hooks.js CHANGED
@@ -1,16 +1,9 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthError = exports.InvalidRequestError = exports.InvalidCredentialsError = exports.Client = exports.AuthorizationError = exports.AccessDeniedError = void 0;
4
- const client_js_1 = require("./client/client.js");
5
- Object.defineProperty(exports, "Client", { enumerable: true, get: function () { return client_js_1.Client; } });
6
- const access_denied_error_js_1 = require("./errors/access-denied-error.js");
7
- Object.defineProperty(exports, "AccessDeniedError", { enumerable: true, get: function () { return access_denied_error_js_1.AccessDeniedError; } });
8
- const authorization_error_js_1 = require("./errors/authorization-error.js");
9
- Object.defineProperty(exports, "AuthorizationError", { enumerable: true, get: function () { return authorization_error_js_1.AuthorizationError; } });
10
- const invalid_credentials_error_js_1 = require("./errors/invalid-credentials-error.js");
11
- Object.defineProperty(exports, "InvalidCredentialsError", { enumerable: true, get: function () { return invalid_credentials_error_js_1.InvalidCredentialsError; } });
12
- const invalid_request_error_js_1 = require("./errors/invalid-request-error.js");
13
- Object.defineProperty(exports, "InvalidRequestError", { enumerable: true, get: function () { return invalid_request_error_js_1.InvalidRequestError; } });
14
- const oauth_error_js_1 = require("./errors/oauth-error.js");
15
- Object.defineProperty(exports, "OAuthError", { enumerable: true, get: function () { return oauth_error_js_1.OAuthError; } });
1
+ import { Client } from './client/client.js';
2
+ import { AccessDeniedError } from './errors/access-denied-error.js';
3
+ import { AuthorizationError } from './errors/authorization-error.js';
4
+ import { InvalidCredentialsError } from './errors/invalid-credentials-error.js';
5
+ import { InvalidRequestError } from './errors/invalid-request-error.js';
6
+ import { OAuthError } from './errors/oauth-error.js';
7
+ // Make sure all types needed to implement the OAuthHooks are exported
8
+ export { AccessDeniedError, AuthorizationError, Client, InvalidCredentialsError, InvalidRequestError, OAuthError, };
16
9
  //# sourceMappingURL=oauth-hooks.js.map
package/dist/oauth-hooks.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAoBA,kDAA2C;AA2BzC,uFA3BO,kBAAM,OA2BP;AAxBR,4EAAmE;AAmBjE,kGAnBO,0CAAiB,OAmBP;AAlBnB,4EAAoE;AAqBlE,mGArBO,2CAAkB,OAqBP;AApBpB,wFAA+E;AA+B7E,wGA/BO,sDAAuB,OA+BP;AA9BzB,gFAAuE;AA+BrE,oGA/BO,8CAAmB,OA+BP;AA9BrB,4DAAoD;AAoClD,2FApCO,2BAAU,OAoCP","sourcesContent":["import { Jwks } from '@atproto/jwk'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport {\n OAuthAccessToken,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n OAuthClientMetadata,\n OAuthTokenResponse,\n OAuthTokenType,\n} from '@atproto/oauth-types'\nimport {\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n} from './account/account-store.js'\nimport { SignInData } from './account/sign-in-data.js'\nimport { SignUpInput } from './account/sign-up-input.js'\nimport { ClientAuth } from './client/client-auth.js'\nimport { ClientId } from './client/client-id.js'\nimport { ClientInfo } from './client/client-info.js'\nimport { Client } from './client/client.js'\nimport { DeviceId } from './device/device-id.js'\nimport { DpopProof } from './dpop/dpop-proof.js'\nimport { AccessDeniedError } from './errors/access-denied-error.js'\nimport { AuthorizationError } from './errors/authorization-error.js'\nimport { InvalidCredentialsError } from './errors/invalid-credentials-error.js'\nimport { InvalidRequestError } from './errors/invalid-request-error.js'\nimport { OAuthError } from './errors/oauth-error.js'\nimport {\n HcaptchaClientTokens,\n HcaptchaConfig,\n HcaptchaVerifyResult,\n} from './lib/hcaptcha.js'\nimport { RequestMetadata } from './lib/http/request.js'\nimport { Awaitable, OmitKey } from './lib/util/type.js'\nimport { Sub } from './oidc/sub.js'\nimport { RequestId } from './request/request-id.js'\nimport { AccessTokenPayload } from './signer/access-token-payload.js'\nimport { TokenClaims } from './token/token-claims.js'\n\n// Make sure all types needed to implement the OAuthHooks are exported\nexport {\n AccessDeniedError,\n type AccessTokenPayload,\n type Account,\n AuthorizationError,\n type Awaitable,\n Client,\n type ClientAuth,\n type ClientId,\n type ClientInfo,\n type DeviceId,\n type DpopProof,\n type HcaptchaClientTokens,\n type HcaptchaConfig,\n type HcaptchaVerifyResult,\n InvalidCredentialsError,\n InvalidRequestError,\n type Jwks,\n type OAuthAccessToken,\n type OAuthAuthorizationDetails,\n type OAuthAuthorizationRequestParameters,\n type OAuthClientMetadata,\n OAuthError,\n type OAuthTokenResponse,\n type OAuthTokenType,\n type RequestMetadata,\n type ResetPasswordConfirmInput,\n type ResetPasswordRequestInput,\n type SignInData,\n type SignUpData,\n type SignUpInput,\n type Sub,\n type TokenClaims,\n}\n\nexport type OAuthHooks = {\n /**\n * Use this to alter, override or validate the client metadata & jwks returned\n * by the client store.\n *\n * @throws {InvalidClientMetadataError} if the metadata is invalid\n * @see {@link InvalidClientMetadataError}\n */\n getClientInfo?: (\n clientId: ClientId,\n data: { metadata: OAuthClientMetadata; jwks?: Jwks },\n ) => Awaitable<undefined | Partial<ClientInfo>>\n\n /**\n * This hook is called when a user attempts to sign up, after every validation\n * has passed (including hcaptcha).\n */\n onSignUpAttempt?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after the hcaptcha\n * `/siteverify` request has been made (and before the result is validated).\n */\n onHcaptchaResult?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n tokens: HcaptchaClientTokens\n result: HcaptchaVerifyResult\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store.\n */\n onResetPasswordRequest?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store.\n */\n onResetPasswordRequested?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms a password reset, before the\n * password is actually reset on the account store.\n */\n onResetPasswordConfirm?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms a password reset, and the\n * password was successfully reset on the account store.\n */\n onResetPasswordConfirmed?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs up.\n *\n * @throws {AccessDeniedError} to deny the sign-up\n */\n onSignedUp?: (data: {\n data: SignUpData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request (i.e. the user is logging in to approve a\n * client); it is omitted for first-party sign-ins that happen outside any\n * authorization flow.\n */\n onSignInAttempt?: (data: {\n data: SignInData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs in.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * @throws {InvalidRequestError} when the sing-in should be denied\n */\n onSignedIn?: (data: {\n data: SignInData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a sign-in attempt is rejected by the account\n * store due to invalid credentials (e.g. unknown identifier, wrong\n * password). It is *not* called for unexpected server errors, nor for flows\n * that require an additional authentication factor.\n *\n * `sub` is populated when the store throws an\n * {@link InvalidCredentialsError} that carries the matched subject\n * identifier (i.e. identifier known, credentials wrong). It is `null` when\n * the identifier was unknown or when the store threw a plain\n * {@link InvalidRequestError} without distinguishing the two cases.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * Errors thrown from this hook are caught and ignored so that they do not\n * mask the original authentication failure.\n */\n onSignInFailed?: (data: {\n data: SignInData\n error: InvalidRequestError\n sub: Sub | null\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * Allows validating an authorization request (typically the requested scopes)\n * before it is created. Note that the validity against the client metadata is\n * already enforced by the OAuth provider.\n *\n * @throws {AuthorizationError}\n */\n onAuthorizationRequest?: (data: {\n client: Client\n clientAuth: null | ClientAuth\n parameters: Readonly<OAuthAuthorizationRequestParameters>\n }) => Awaitable<void>\n\n /**\n * This hook is called when a client is authorized.\n *\n * @throws {AuthorizationError} to deny the authorization request and redirect\n * the user to the client with an OAuth error (other errors will result in an\n * internal server error being displayed to the user)\n *\n * @note We use `deviceMetadata` instead of `clientMetadata` to make it clear\n * that this metadata is from the user device, which might be different from\n * the client metadata (because the OAuth client could live in a backend).\n */\n onAuthorized?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n requestId: RequestId\n }) => Awaitable<void>\n\n /**\n * This hook is called whenever a token is about to be created. You can use\n * it to modify the token claims or perform additional validation.\n *\n * This hook should never throw an error.\n */\n onCreateToken?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n claims: TokenClaims\n }) => Awaitable<void | OmitKey<AccessTokenPayload, 'iss'>>\n\n /**\n * This hook is called whenever a token was just decoded, and basic validation\n * was performed (signature, expiration, not-before).\n *\n * It can be used to modify the payload (e.g., to add custom claims), or to\n * perform additional validation.\n *\n * This hook is called when authenticating requests through the\n * `authenticateRequest()` method in `OAuthVerifier` and `OAuthProvider`.\n *\n * Any error thrown here will be propagated.\n */\n onDecodeToken?: (data: {\n tokenType: OAuthTokenType\n token: OAuthAccessToken\n payload: AccessTokenPayload\n dpopProof: null | DpopProof\n }) => Promise<AccessTokenPayload | void>\n\n /**\n * This hook is called when an authorized client exchanges an authorization\n * code for an access token.\n *\n * @throws {OAuthError} to cancel the token creation and revoke the session\n */\n onTokenCreated?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n\n /**\n * This hook is called when an authorized client refreshes an access token.\n *\n * @throws {OAuthError} to cancel the token refresh and revoke the session\n */\n onTokenRefreshed?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n}\n"]}
1
+ {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAG3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAapD,sEAAsE;AACtE,OAAO,EACL,iBAAiB,EAGjB,kBAAkB,EAElB,MAAM,EASN,uBAAuB,EACvB,mBAAmB,EAMnB,UAAU,GAWX,CAAA","sourcesContent":["import { Jwks } from '@atproto/jwk'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport {\n OAuthAccessToken,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n OAuthClientMetadata,\n OAuthTokenResponse,\n OAuthTokenType,\n} from '@atproto/oauth-types'\nimport {\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n} from './account/account-store.js'\nimport { SignInData } from './account/sign-in-data.js'\nimport { SignUpInput } from './account/sign-up-input.js'\nimport { ClientAuth } from './client/client-auth.js'\nimport { ClientId } from './client/client-id.js'\nimport { ClientInfo } from './client/client-info.js'\nimport { Client } from './client/client.js'\nimport { DeviceId } from './device/device-id.js'\nimport { DpopProof } from './dpop/dpop-proof.js'\nimport { AccessDeniedError } from './errors/access-denied-error.js'\nimport { AuthorizationError } from './errors/authorization-error.js'\nimport { InvalidCredentialsError } from './errors/invalid-credentials-error.js'\nimport { InvalidRequestError } from './errors/invalid-request-error.js'\nimport { OAuthError } from './errors/oauth-error.js'\nimport {\n HcaptchaClientTokens,\n HcaptchaConfig,\n HcaptchaVerifyResult,\n} from './lib/hcaptcha.js'\nimport { RequestMetadata } from './lib/http/request.js'\nimport { Awaitable, OmitKey } from './lib/util/type.js'\nimport { Sub } from './oidc/sub.js'\nimport { RequestId } from './request/request-id.js'\nimport { AccessTokenPayload } from './signer/access-token-payload.js'\nimport { TokenClaims } from './token/token-claims.js'\n\n// Make sure all types needed to implement the OAuthHooks are exported\nexport {\n AccessDeniedError,\n type AccessTokenPayload,\n type Account,\n AuthorizationError,\n type Awaitable,\n Client,\n type ClientAuth,\n type ClientId,\n type ClientInfo,\n type DeviceId,\n type DpopProof,\n type HcaptchaClientTokens,\n type HcaptchaConfig,\n type HcaptchaVerifyResult,\n InvalidCredentialsError,\n InvalidRequestError,\n type Jwks,\n type OAuthAccessToken,\n type OAuthAuthorizationDetails,\n type OAuthAuthorizationRequestParameters,\n type OAuthClientMetadata,\n OAuthError,\n type OAuthTokenResponse,\n type OAuthTokenType,\n type RequestMetadata,\n type ResetPasswordConfirmInput,\n type ResetPasswordRequestInput,\n type SignInData,\n type SignUpData,\n type SignUpInput,\n type Sub,\n type TokenClaims,\n}\n\nexport type OAuthHooks = {\n /**\n * Use this to alter, override or validate the client metadata & jwks returned\n * by the client store.\n *\n * @throws {InvalidClientMetadataError} if the metadata is invalid\n * @see {@link InvalidClientMetadataError}\n */\n getClientInfo?: (\n clientId: ClientId,\n data: { metadata: OAuthClientMetadata; jwks?: Jwks },\n ) => Awaitable<undefined | Partial<ClientInfo>>\n\n /**\n * This hook is called when a user attempts to sign up, after every validation\n * has passed (including hcaptcha).\n */\n onSignUpAttempt?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after the hcaptcha\n * `/siteverify` request has been made (and before the result is validated).\n */\n onHcaptchaResult?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n tokens: HcaptchaClientTokens\n result: HcaptchaVerifyResult\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store.\n */\n onResetPasswordRequest?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store.\n */\n onResetPasswordRequested?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms a password reset, before the\n * password is actually reset on the account store.\n */\n onResetPasswordConfirm?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms a password reset, and the\n * password was successfully reset on the account store.\n */\n onResetPasswordConfirmed?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs up.\n *\n * @throws {AccessDeniedError} to deny the sign-up\n */\n onSignedUp?: (data: {\n data: SignUpData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request (i.e. the user is logging in to approve a\n * client); it is omitted for first-party sign-ins that happen outside any\n * authorization flow.\n */\n onSignInAttempt?: (data: {\n data: SignInData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs in.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * @throws {InvalidRequestError} when the sing-in should be denied\n */\n onSignedIn?: (data: {\n data: SignInData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a sign-in attempt is rejected by the account\n * store due to invalid credentials (e.g. unknown identifier, wrong\n * password). It is *not* called for unexpected server errors, nor for flows\n * that require an additional authentication factor.\n *\n * `sub` is populated when the store throws an\n * {@link InvalidCredentialsError} that carries the matched subject\n * identifier (i.e. identifier known, credentials wrong). It is `null` when\n * the identifier was unknown or when the store threw a plain\n * {@link InvalidRequestError} without distinguishing the two cases.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * Errors thrown from this hook are caught and ignored so that they do not\n * mask the original authentication failure.\n */\n onSignInFailed?: (data: {\n data: SignInData\n error: InvalidRequestError\n sub: Sub | null\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * Allows validating an authorization request (typically the requested scopes)\n * before it is created. Note that the validity against the client metadata is\n * already enforced by the OAuth provider.\n *\n * @throws {AuthorizationError}\n */\n onAuthorizationRequest?: (data: {\n client: Client\n clientAuth: null | ClientAuth\n parameters: Readonly<OAuthAuthorizationRequestParameters>\n }) => Awaitable<void>\n\n /**\n * This hook is called when a client is authorized.\n *\n * @throws {AuthorizationError} to deny the authorization request and redirect\n * the user to the client with an OAuth error (other errors will result in an\n * internal server error being displayed to the user)\n *\n * @note We use `deviceMetadata` instead of `clientMetadata` to make it clear\n * that this metadata is from the user device, which might be different from\n * the client metadata (because the OAuth client could live in a backend).\n */\n onAuthorized?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n requestId: RequestId\n }) => Awaitable<void>\n\n /**\n * This hook is called whenever a token is about to be created. You can use\n * it to modify the token claims or perform additional validation.\n *\n * This hook should never throw an error.\n */\n onCreateToken?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n claims: TokenClaims\n }) => Awaitable<void | OmitKey<AccessTokenPayload, 'iss'>>\n\n /**\n * This hook is called whenever a token was just decoded, and basic validation\n * was performed (signature, expiration, not-before).\n *\n * It can be used to modify the payload (e.g., to add custom claims), or to\n * perform additional validation.\n *\n * This hook is called when authenticating requests through the\n * `authenticateRequest()` method in `OAuthVerifier` and `OAuthProvider`.\n *\n * Any error thrown here will be propagated.\n */\n onDecodeToken?: (data: {\n tokenType: OAuthTokenType\n token: OAuthAccessToken\n payload: AccessTokenPayload\n dpopProof: null | DpopProof\n }) => Promise<AccessTokenPayload | void>\n\n /**\n * This hook is called when an authorized client exchanges an authorization\n * code for an access token.\n *\n * @throws {OAuthError} to cancel the token creation and revoke the session\n */\n onTokenCreated?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n\n /**\n * This hook is called when an authorized client refreshes an access token.\n *\n * @throws {OAuthError} to cancel the token refresh and revoke the session\n */\n onTokenRefreshed?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n}\n"]}
package/dist/oauth-middleware.js CHANGED
@@ -1,17 +1,14 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.oauthMiddleware = oauthMiddleware;
4
- const middleware_js_1 = require("./lib/http/middleware.js");
5
- const assets_js_1 = require("./router/assets/assets.js");
6
- const create_account_page_middleware_js_1 = require("./router/create-account-page-middleware.js");
7
- const create_api_middleware_js_1 = require("./router/create-api-middleware.js");
8
- const create_authorization_page_middleware_js_1 = require("./router/create-authorization-page-middleware.js");
9
- const create_oauth_middleware_js_1 = require("./router/create-oauth-middleware.js");
1
+ import { asHandler, combineMiddlewares } from './lib/http/middleware.js';
2
+ import { assetsMiddleware } from './router/assets/assets.js';
3
+ import { createAccountPageMiddleware } from './router/create-account-page-middleware.js';
4
+ import { createApiMiddleware } from './router/create-api-middleware.js';
5
+ import { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js';
6
+ import { createOAuthMiddleware } from './router/create-oauth-middleware.js';
10
7
  /**
11
8
  * @returns An http request handler that can be used with node's http server
12
9
  * or as a middleware with express / connect.
13
10
  */
14
- function oauthMiddleware(server, { ...options } = {}) {
11
+ export function oauthMiddleware(server, { ...options } = {}) {
15
12
  const { onError } = options;
16
13
  // options is shallow cloned so it's fine to mutate it
17
14
  options.onError =
@@ -21,12 +18,12 @@ function oauthMiddleware(server, { ...options } = {}) {
21
18
  return onError?.(req, res, err, msg);
22
19
  }
23
20
  : onError;
24
- return (0, middleware_js_1.asHandler)((0, middleware_js_1.combineMiddlewares)([
25
- assets_js_1.assetsMiddleware,
26
- (0, create_oauth_middleware_js_1.createOAuthMiddleware)(server, options),
27
- (0, create_api_middleware_js_1.createApiMiddleware)(server, options),
28
- (0, create_authorization_page_middleware_js_1.createAuthorizationPageMiddleware)(server, options),
29
- (0, create_account_page_middleware_js_1.createAccountPageMiddleware)(server, options),
21
+ return asHandler(combineMiddlewares([
22
+ assetsMiddleware,
23
+ createOAuthMiddleware(server, options),
24
+ createApiMiddleware(server, options),
25
+ createAuthorizationPageMiddleware(server, options),
26
+ createAccountPageMiddleware(server, options),
30
27
  ]));
31
28
  }
32
29
  //# sourceMappingURL=oauth-middleware.js.map
package/dist/oauth-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":";;AAyBA,0CA2BC;AAnDD,4DAAwE;AAGxE,yDAA4D;AAC5D,kGAAwF;AACxF,gFAAuE;AACvE,8GAAoG;AACpG,oFAA2E;AAa3E;;;GAGG;AACH,SAAgB,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,OAAO,IAAA,yBAAS,EACd,IAAA,kCAAkB,EAAC;QACjB,4BAAgB;QAChB,IAAA,kDAAqB,EAAC,MAAM,EAAE,OAAO,CAAC;QACtC,IAAA,8CAAmB,EAAC,MAAM,EAAE,OAAO,CAAC;QACpC,IAAA,2EAAiC,EAAC,MAAM,EAAE,OAAO,CAAC;QAClD,IAAA,+DAA2B,EAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CACH,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { asHandler, combineMiddlewares } from './lib/http/middleware.js'\nimport { Handler } from './lib/http/types.js'\nimport { OAuthProvider } from './oauth-provider.js'\nimport { assetsMiddleware } from './router/assets/assets.js'\nimport { createAccountPageMiddleware } from './router/create-account-page-middleware.js'\nimport { createApiMiddleware } from './router/create-api-middleware.js'\nimport { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js'\nimport { createOAuthMiddleware } from './router/create-oauth-middleware.js'\nimport { ErrorHandler } from './router/error-handler.js'\nimport { MiddlewareOptions } from './router/middleware-options.js'\n\n// Export all the types exposed\nexport type {\n ErrorHandler,\n Handler,\n IncomingMessage,\n MiddlewareOptions,\n ServerResponse,\n}\n\n/**\n * @returns An http request handler that can be used with node's http server\n * or as a middleware with express / connect.\n */\nexport function oauthMiddleware<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { ...options }: MiddlewareOptions<Req, Res> = {},\n): Handler<void, Req, Res> {\n const { onError } = options\n\n // options is shallow cloned so it's fine to mutate it\n options.onError =\n process.env['NODE_ENV'] === 'development'\n ? (req, res, err, msg) => {\n console.error(`OAuthProvider error (${msg}):`, err)\n return onError?.(req, res, err, msg)\n }\n : onError\n\n return asHandler(\n combineMiddlewares([\n assetsMiddleware,\n createOAuthMiddleware(server, options),\n createApiMiddleware(server, options),\n createAuthorizationPageMiddleware(server, options),\n createAccountPageMiddleware(server, options),\n ]),\n )\n}\n"]}
1
+ {"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAGxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAA;AACxF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,iCAAiC,EAAE,MAAM,kDAAkD,CAAA;AACpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAA;AAa3E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,OAAO,SAAS,CACd,kBAAkB,CAAC;QACjB,gBAAgB;QAChB,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC;QACpC,iCAAiC,CAAC,MAAM,EAAE,OAAO,CAAC;QAClD,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CACH,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { asHandler, combineMiddlewares } from './lib/http/middleware.js'\nimport { Handler } from './lib/http/types.js'\nimport { OAuthProvider } from './oauth-provider.js'\nimport { assetsMiddleware } from './router/assets/assets.js'\nimport { createAccountPageMiddleware } from './router/create-account-page-middleware.js'\nimport { createApiMiddleware } from './router/create-api-middleware.js'\nimport { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js'\nimport { createOAuthMiddleware } from './router/create-oauth-middleware.js'\nimport { ErrorHandler } from './router/error-handler.js'\nimport { MiddlewareOptions } from './router/middleware-options.js'\n\n// Export all the types exposed\nexport type {\n ErrorHandler,\n Handler,\n IncomingMessage,\n MiddlewareOptions,\n ServerResponse,\n}\n\n/**\n * @returns An http request handler that can be used with node's http server\n * or as a middleware with express / connect.\n */\nexport function oauthMiddleware<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { ...options }: MiddlewareOptions<Req, Res> = {},\n): Handler<void, Req, Res> {\n const { onError } = options\n\n // options is shallow cloned so it's fine to mutate it\n options.onError =\n process.env['NODE_ENV'] === 'development'\n ? (req, res, err, msg) => {\n console.error(`OAuthProvider error (${msg}):`, err)\n return onError?.(req, res, err, msg)\n }\n : onError\n\n return asHandler(\n combineMiddlewares([\n assetsMiddleware,\n createOAuthMiddleware(server, options),\n createApiMiddleware(server, options),\n createAuthorizationPageMiddleware(server, options),\n createAccountPageMiddleware(server, options),\n ]),\n )\n}\n"]}