@atproto/oauth-provider 0.18.3 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/CHANGELOG.md +40 -0
  2. package/dist/account/account-manager.d.ts +11 -7
  3. package/dist/account/account-manager.d.ts.map +1 -1
  4. package/dist/account/account-manager.js +82 -19
  5. package/dist/account/account-manager.js.map +1 -1
  6. package/dist/account/account-store.d.ts +47 -13
  7. package/dist/account/account-store.d.ts.map +1 -1
  8. package/dist/account/account-store.js +12 -9
  9. package/dist/account/account-store.js.map +1 -1
  10. package/dist/account/sign-in-data.d.ts +2 -2
  11. package/dist/account/sign-up-input.d.ts +5 -5
  12. package/dist/client/client-manager.d.ts.map +1 -1
  13. package/dist/client/client-manager.js.map +1 -1
  14. package/dist/client/client.d.ts +1 -1
  15. package/dist/client/client.d.ts.map +1 -1
  16. package/dist/client/client.js.map +1 -1
  17. package/dist/customization/branding.d.ts +52 -52
  18. package/dist/customization/colors.d.ts +24 -24
  19. package/dist/customization/colors.d.ts.map +1 -1
  20. package/dist/customization/customization.d.ts +77 -77
  21. package/dist/customization/links.d.ts +4 -4
  22. package/dist/device/device-manager.d.ts +20 -20
  23. package/dist/device/device-manager.d.ts.map +1 -1
  24. package/dist/device/device-manager.js.map +1 -1
  25. package/dist/device/device-store.js +1 -1
  26. package/dist/device/device-store.js.map +1 -1
  27. package/dist/dpop/dpop-manager.d.ts.map +1 -1
  28. package/dist/dpop/dpop-manager.js.map +1 -1
  29. package/dist/dpop/dpop-nonce.d.ts.map +1 -1
  30. package/dist/dpop/dpop-nonce.js +1 -1
  31. package/dist/dpop/dpop-nonce.js.map +1 -1
  32. package/dist/errors/access-denied-error.d.ts.map +1 -1
  33. package/dist/errors/account-selection-required-error.d.ts.map +1 -1
  34. package/dist/errors/authorization-error.d.ts.map +1 -1
  35. package/dist/errors/authorization-error.js.map +1 -1
  36. package/dist/errors/consent-required-error.d.ts.map +1 -1
  37. package/dist/errors/handle-unavailable-error.d.ts +1 -1
  38. package/dist/errors/handle-unavailable-error.d.ts.map +1 -1
  39. package/dist/errors/handle-unavailable-error.js.map +1 -1
  40. package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -1
  41. package/dist/errors/invalid-client-error.d.ts.map +1 -1
  42. package/dist/errors/invalid-client-id-error.d.ts.map +1 -1
  43. package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -1
  44. package/dist/errors/invalid-credentials-error.d.ts +9 -9
  45. package/dist/errors/invalid-credentials-error.d.ts.map +1 -1
  46. package/dist/errors/invalid-credentials-error.js +8 -8
  47. package/dist/errors/invalid-credentials-error.js.map +1 -1
  48. package/dist/errors/invalid-dpop-key-binding-error.d.ts.map +1 -1
  49. package/dist/errors/invalid-dpop-proof-error.d.ts.map +1 -1
  50. package/dist/errors/invalid-grant-error.d.ts.map +1 -1
  51. package/dist/errors/invalid-invite-code-error.d.ts.map +1 -1
  52. package/dist/errors/invalid-redirect-uri-error.d.ts.map +1 -1
  53. package/dist/errors/invalid-request-error.d.ts.map +1 -1
  54. package/dist/errors/invalid-scope-error.d.ts.map +1 -1
  55. package/dist/errors/invalid-token-error.d.ts.map +1 -1
  56. package/dist/errors/invalid-token-error.js.map +1 -1
  57. package/dist/errors/login-required-error.d.ts.map +1 -1
  58. package/dist/errors/oauth-error.d.ts.map +1 -1
  59. package/dist/errors/oauth-error.js.map +1 -1
  60. package/dist/errors/second-authentication-factor-required-error.d.ts +2 -2
  61. package/dist/errors/second-authentication-factor-required-error.d.ts.map +1 -1
  62. package/dist/errors/second-authentication-factor-required-error.js.map +1 -1
  63. package/dist/errors/unauthorized-client-error.d.ts.map +1 -1
  64. package/dist/errors/use-dpop-nonce-error.d.ts.map +1 -1
  65. package/dist/errors/www-authenticate-error.d.ts.map +1 -1
  66. package/dist/lexicon/lexicon-getter.d.ts.map +1 -1
  67. package/dist/lexicon/lexicon-manager.d.ts.map +1 -1
  68. package/dist/lexicon/lexicon-store.js +1 -1
  69. package/dist/lexicon/lexicon-store.js.map +1 -1
  70. package/dist/lib/csp/index.d.ts +3 -3
  71. package/dist/lib/csp/index.d.ts.map +1 -1
  72. package/dist/lib/hcaptcha.d.ts +3 -3
  73. package/dist/lib/hcaptcha.d.ts.map +1 -1
  74. package/dist/lib/hcaptcha.js.map +1 -1
  75. package/dist/lib/html/build-document.d.ts.map +1 -1
  76. package/dist/lib/html/html.d.ts.map +1 -1
  77. package/dist/lib/html/tags.d.ts.map +1 -1
  78. package/dist/lib/http/accept.js.map +1 -1
  79. package/dist/lib/http/context.js.map +1 -1
  80. package/dist/lib/http/middleware.js.map +1 -1
  81. package/dist/lib/http/parser.d.ts +5 -5
  82. package/dist/lib/http/parser.d.ts.map +1 -1
  83. package/dist/lib/http/response.js.map +1 -1
  84. package/dist/lib/http/router.d.ts.map +1 -1
  85. package/dist/lib/http/stream.d.ts +5 -5
  86. package/dist/lib/http/stream.d.ts.map +1 -1
  87. package/dist/lib/util/authorization-header.d.ts +1 -1
  88. package/dist/lib/util/authorization-header.d.ts.map +1 -1
  89. package/dist/lib/util/color.js.map +1 -1
  90. package/dist/lib/util/crypto.d.ts +1 -1
  91. package/dist/lib/util/crypto.d.ts.map +1 -1
  92. package/dist/lib/util/date.js.map +1 -1
  93. package/dist/lib/util/function.js +1 -1
  94. package/dist/lib/util/function.js.map +1 -1
  95. package/dist/lib/util/type.d.ts.map +1 -1
  96. package/dist/oauth-hooks.d.ts +77 -4
  97. package/dist/oauth-hooks.d.ts.map +1 -1
  98. package/dist/oauth-hooks.js.map +1 -1
  99. package/dist/oauth-middleware.js.map +1 -1
  100. package/dist/oauth-provider.d.ts +31 -31
  101. package/dist/oauth-provider.d.ts.map +1 -1
  102. package/dist/oauth-provider.js +15 -9
  103. package/dist/oauth-provider.js.map +1 -1
  104. package/dist/oauth-verifier.d.ts.map +1 -1
  105. package/dist/replay/replay-manager.d.ts.map +1 -1
  106. package/dist/replay/replay-manager.js.map +1 -1
  107. package/dist/replay/replay-store-memory.d.ts.map +1 -1
  108. package/dist/replay/replay-store-redis.d.ts.map +1 -1
  109. package/dist/request/code.d.ts.map +1 -1
  110. package/dist/request/request-data.d.ts +4 -4
  111. package/dist/request/request-data.d.ts.map +1 -1
  112. package/dist/request/request-data.js +1 -1
  113. package/dist/request/request-data.js.map +1 -1
  114. package/dist/request/request-manager.d.ts +32 -32
  115. package/dist/request/request-manager.d.ts.map +1 -1
  116. package/dist/request/request-manager.js +7 -4
  117. package/dist/request/request-manager.js.map +1 -1
  118. package/dist/request/request-store.d.ts +1 -1
  119. package/dist/request/request-store.js +2 -2
  120. package/dist/request/request-store.js.map +1 -1
  121. package/dist/result/authorization-result-authorize-page.d.ts +1 -1
  122. package/dist/result/authorization-result-authorize-page.js.map +1 -1
  123. package/dist/router/assets/assets-manifest.js.map +1 -1
  124. package/dist/router/assets/assets.d.ts +1 -1
  125. package/dist/router/assets/assets.d.ts.map +1 -1
  126. package/dist/router/assets/assets.js.map +1 -1
  127. package/dist/router/assets/send-account-page.d.ts.map +1 -1
  128. package/dist/router/assets/send-authorization-page.d.ts.map +1 -1
  129. package/dist/router/assets/send-authorization-page.js +1 -1
  130. package/dist/router/assets/send-authorization-page.js.map +1 -1
  131. package/dist/router/assets/send-cookie-error-page.d.ts.map +1 -1
  132. package/dist/router/assets/send-error-page.d.ts.map +1 -1
  133. package/dist/router/assets/send-redirect.d.ts +2 -2
  134. package/dist/router/assets/send-redirect.d.ts.map +1 -1
  135. package/dist/router/create-api-middleware.d.ts.map +1 -1
  136. package/dist/router/create-api-middleware.js +87 -51
  137. package/dist/router/create-api-middleware.js.map +1 -1
  138. package/dist/signer/access-token-payload.d.ts +1762 -1762
  139. package/dist/signer/access-token-payload.d.ts.map +1 -1
  140. package/dist/signer/access-token-payload.js +2 -2
  141. package/dist/signer/access-token-payload.js.map +1 -1
  142. package/dist/signer/api-token-payload.d.ts +1738 -1738
  143. package/dist/signer/api-token-payload.d.ts.map +1 -1
  144. package/dist/signer/api-token-payload.js +2 -2
  145. package/dist/signer/api-token-payload.js.map +1 -1
  146. package/dist/signer/signer.d.ts +6 -187
  147. package/dist/signer/signer.d.ts.map +1 -1
  148. package/dist/signer/signer.js.map +1 -1
  149. package/dist/token/refresh-token.d.ts.map +1 -1
  150. package/dist/token/token-claims.d.ts +2 -1
  151. package/dist/token/token-claims.d.ts.map +1 -1
  152. package/dist/token/token-claims.js.map +1 -1
  153. package/dist/token/token-data.d.ts +3 -3
  154. package/dist/token/token-data.d.ts.map +1 -1
  155. package/dist/token/token-data.js.map +1 -1
  156. package/dist/token/token-id.d.ts.map +1 -1
  157. package/dist/token/token-manager.d.ts +3 -3
  158. package/dist/token/token-manager.d.ts.map +1 -1
  159. package/dist/token/token-manager.js +14 -14
  160. package/dist/token/token-manager.js.map +1 -1
  161. package/dist/token/token-store.d.ts +3 -3
  162. package/dist/token/token-store.d.ts.map +1 -1
  163. package/dist/token/token-store.js +3 -3
  164. package/dist/token/token-store.js.map +1 -1
  165. package/dist/types/handle.d.ts +5 -1
  166. package/dist/types/handle.d.ts.map +1 -1
  167. package/dist/types/handle.js +9 -8
  168. package/dist/types/handle.js.map +1 -1
  169. package/package.json +19 -19
  170. package/src/account/account-manager.ts +123 -20
  171. package/src/account/account-store.ts +67 -19
  172. package/src/device/device-store.ts +1 -1
  173. package/src/errors/invalid-credentials-error.ts +8 -8
  174. package/src/lexicon/lexicon-store.ts +1 -1
  175. package/src/lib/util/function.ts +2 -2
  176. package/src/oauth-hooks.ts +85 -3
  177. package/src/oauth-provider.ts +17 -9
  178. package/src/request/request-data.ts +5 -5
  179. package/src/request/request-manager.ts +11 -4
  180. package/src/request/request-store.ts +3 -3
  181. package/src/result/authorization-result-authorize-page.ts +1 -1
  182. package/src/router/assets/send-authorization-page.ts +1 -1
  183. package/src/router/create-api-middleware.ts +128 -67
  184. package/src/signer/access-token-payload.ts +2 -2
  185. package/src/signer/api-token-payload.ts +2 -2
  186. package/src/signer/signer.ts +13 -4
  187. package/src/token/token-claims.ts +2 -1
  188. package/src/token/token-data.ts +3 -3
  189. package/src/token/token-manager.ts +15 -15
  190. package/src/token/token-store.ts +6 -6
  191. package/src/types/handle.ts +21 -16
  192. package/tsconfig.build.tsbuildinfo +1 -1
  193. package/dist/oidc/sub.d.ts +0 -4
  194. package/dist/oidc/sub.d.ts.map +0 -1
  195. package/dist/oidc/sub.js +0 -3
  196. package/dist/oidc/sub.js.map +0 -1
  197. package/src/oidc/sub.ts +0 -4
@@ -1,7 +1,8 @@
1
+ import { Did } from '@atproto/did';
1
2
  import { Jwks } from '@atproto/jwk';
2
3
  import type { Account } from '@atproto/oauth-provider-api';
3
4
  import { OAuthAccessToken, OAuthAuthorizationDetails, OAuthAuthorizationRequestParameters, OAuthClientMetadata, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
4
- import { ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateHandleData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from './account/account-store.js';
5
+ import { DeleteAccountConfirmInput, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateHandleData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from './account/account-store.js';
5
6
  import { SignInData } from './account/sign-in-data.js';
6
7
  import { SignUpInput } from './account/sign-up-input.js';
7
8
  import { ClientAuth } from './client/client-auth.js';
@@ -18,11 +19,10 @@ import { OAuthError } from './errors/oauth-error.js';
18
19
  import { HcaptchaClientTokens, HcaptchaConfig, HcaptchaVerifyResult } from './lib/hcaptcha.js';
19
20
  import { RequestMetadata } from './lib/http/request.js';
20
21
  import { Awaitable, OmitKey } from './lib/util/type.js';
21
- import { Sub } from './oidc/sub.js';
22
22
  import { RequestId } from './request/request-id.js';
23
23
  import { AccessTokenPayload } from './signer/access-token-payload.js';
24
24
  import { TokenClaims } from './token/token-claims.js';
25
- export { AccessDeniedError, type AccessTokenPayload, type Account, AuthorizationError, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceId, type DpopProof, type HcaptchaClientTokens, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidCredentialsError, InvalidRequestError, type Jwks, type OAuthAccessToken, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type OAuthTokenType, type RequestMetadata, type ResetPasswordConfirmInput, type ResetPasswordRequestInput, type SignInData, type SignUpData, type SignUpInput, type Sub, type TokenClaims, type UpdateHandleData, };
25
+ export { AccessDeniedError, type AccessTokenPayload, type Account, AuthorizationError, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceId, type Did, type DpopProof, type HcaptchaClientTokens, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidCredentialsError, InvalidRequestError, type Jwks, type OAuthAccessToken, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type OAuthTokenType, type RequestMetadata, type ResetPasswordConfirmInput, type ResetPasswordRequestInput, type SignInData, type SignUpData, type SignUpInput, type TokenClaims, type UpdateHandleData, };
26
26
  export type OAuthHooks = {
27
27
  /**
28
28
  * Use this to alter, override or validate the client metadata & jwks returned
@@ -140,6 +140,79 @@ export type OAuthHooks = {
140
140
  deviceMetadata: RequestMetadata;
141
141
  account: Account;
142
142
  }) => Awaitable<void>;
143
+ /**
144
+ * This hook is called when a user requests account deactivation, before the
145
+ * account is deactivated on the account store.
146
+ */
147
+ onDeactivateAccount?: (data: {
148
+ deviceId: DeviceId;
149
+ deviceMetadata: RequestMetadata;
150
+ account: Account;
151
+ }) => Awaitable<void>;
152
+ /**
153
+ * This hook is called after a user successfully deactivated their account on
154
+ * the account store.
155
+ */
156
+ onDeactivatedAccount?: (data: {
157
+ deviceId: DeviceId;
158
+ deviceMetadata: RequestMetadata;
159
+ account: Account;
160
+ }) => Awaitable<void>;
161
+ /**
162
+ * This hook is called when a user requests account reactivation, before the
163
+ * account is reactivated on the account store.
164
+ */
165
+ onReactivateAccount?: (data: {
166
+ deviceId: DeviceId;
167
+ deviceMetadata: RequestMetadata;
168
+ account: Account;
169
+ }) => Awaitable<void>;
170
+ /**
171
+ * This hook is called after a user successfully reactivated their account on
172
+ * the account store.
173
+ */
174
+ onReactivatedAccount?: (data: {
175
+ deviceId: DeviceId;
176
+ deviceMetadata: RequestMetadata;
177
+ account: Account;
178
+ }) => Awaitable<void>;
179
+ /**
180
+ * This hook is called when a user requests account deletion, before the
181
+ * confirmation email is dispatched on the account store.
182
+ */
183
+ onDeleteAccountRequest?: (data: {
184
+ deviceId: DeviceId;
185
+ deviceMetadata: RequestMetadata;
186
+ account: Account;
187
+ }) => Awaitable<void>;
188
+ /**
189
+ * This hook is called after a user has requested account deletion and the
190
+ * confirmation email has been dispatched.
191
+ */
192
+ onDeleteAccountRequested?: (data: {
193
+ deviceId: DeviceId;
194
+ deviceMetadata: RequestMetadata;
195
+ account: Account;
196
+ }) => Awaitable<void>;
197
+ /**
198
+ * This hook is called when a user confirms account deletion, before the
199
+ * account is actually deleted on the account store.
200
+ */
201
+ onDeleteAccountConfirm?: (data: {
202
+ deviceId: DeviceId;
203
+ deviceMetadata: RequestMetadata;
204
+ account: Account;
205
+ }) => Awaitable<void>;
206
+ /**
207
+ * This hook is called after a user has successfully deleted their account
208
+ * on the account store.
209
+ */
210
+ onDeleteAccountConfirmed?: (data: {
211
+ deviceId: DeviceId;
212
+ deviceMetadata: RequestMetadata;
213
+ account: Account;
214
+ input: DeleteAccountConfirmInput;
215
+ }) => Awaitable<void>;
143
216
  /**
144
217
  * This hook is called when a user attempts to sign up, after every validation
145
218
  * has passed (including hcaptcha).
@@ -259,7 +332,7 @@ export type OAuthHooks = {
259
332
  onSignInFailed?: (data: {
260
333
  data: SignInData;
261
334
  error: InvalidRequestError;
262
- sub: Sub | null;
335
+ did: Did | null;
263
336
  deviceId: DeviceId;
264
337
  deviceMetadata: RequestMetadata;
265
338
  clientId?: ClientId;
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAGrD,OAAO,EACL,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,OAAO,EACZ,kBAAkB,EAClB,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,gBAAgB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,GAAG,EACR,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,KAAK,EAAE,gBAAgB,CAAA;QACvB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,gBAAgB,CAAA;QACvB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;KACxB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,UAAU,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE,UAAU,CAAA;QAChB,KAAK,EAAE,mBAAmB,CAAA;QAC1B,GAAG,EAAE,GAAG,GAAG,IAAI,CAAA;QACf,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,IAAI,GAAG,UAAU,CAAA;QAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,CAAA;KAC1D,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,MAAM,EAAE,WAAW,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,GAAG,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1D;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,SAAS,EAAE,cAAc,CAAA;QACzB,KAAK,EAAE,gBAAgB,CAAA;QACvB,OAAO,EAAE,kBAAkB,CAAA;QAC3B,SAAS,EAAE,IAAI,GAAG,SAAS,CAAA;KAC5B,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
1
+ {"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAGrD,OAAO,EACL,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,OAAO,EACZ,kBAAkB,EAClB,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,GAAG,EACR,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,gBAAgB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,uBAAuB,CAAA;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,KAAK,EAAE,gBAAgB,CAAA;QACvB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,gBAAgB,CAAA;QACvB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC3B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC3B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC5B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,KAAK,EAAE,yBAAyB,CAAA;KACjC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;KACxB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,UAAU,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE,UAAU,CAAA;QAChB,KAAK,EAAE,mBAAmB,CAAA;QAC1B,GAAG,EAAE,GAAG,GAAG,IAAI,CAAA;QACf,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,IAAI,GAAG,UAAU,CAAA;QAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,CAAA;KAC1D,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,MAAM,EAAE,WAAW,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,GAAG,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1D;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,SAAS,EAAE,cAAc,CAAA;QACzB,KAAK,EAAE,gBAAgB,CAAA;QACvB,OAAO,EAAE,kBAAkB,CAAA;QAC3B,SAAS,EAAE,IAAI,GAAG,SAAS,CAAA;KAC5B,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAyBA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAG3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAapD,sEAAsE;AACtE,OAAO,EACL,iBAAiB,EAGjB,kBAAkB,EAElB,MAAM,EASN,uBAAuB,EACvB,mBAAmB,EAMnB,UAAU,GAYX,CAAA","sourcesContent":["import { Jwks } from '@atproto/jwk'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport {\n OAuthAccessToken,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n OAuthClientMetadata,\n OAuthTokenResponse,\n OAuthTokenType,\n} from '@atproto/oauth-types'\nimport {\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n UpdateEmailConfirmInput,\n UpdateEmailRequestInput,\n UpdateHandleData,\n VerifyEmailConfirmInput,\n VerifyEmailRequestInput,\n} from './account/account-store.js'\nimport { SignInData } from './account/sign-in-data.js'\nimport { SignUpInput } from './account/sign-up-input.js'\nimport { ClientAuth } from './client/client-auth.js'\nimport { ClientId } from './client/client-id.js'\nimport { ClientInfo } from './client/client-info.js'\nimport { Client } from './client/client.js'\nimport { DeviceId } from './device/device-id.js'\nimport { DpopProof } from './dpop/dpop-proof.js'\nimport { AccessDeniedError } from './errors/access-denied-error.js'\nimport { AuthorizationError } from './errors/authorization-error.js'\nimport { InvalidCredentialsError } from './errors/invalid-credentials-error.js'\nimport { InvalidRequestError } from './errors/invalid-request-error.js'\nimport { OAuthError } from './errors/oauth-error.js'\nimport {\n HcaptchaClientTokens,\n HcaptchaConfig,\n HcaptchaVerifyResult,\n} from './lib/hcaptcha.js'\nimport { RequestMetadata } from './lib/http/request.js'\nimport { Awaitable, OmitKey } from './lib/util/type.js'\nimport { Sub } from './oidc/sub.js'\nimport { RequestId } from './request/request-id.js'\nimport { AccessTokenPayload } from './signer/access-token-payload.js'\nimport { TokenClaims } from './token/token-claims.js'\n\n// Make sure all types needed to implement the OAuthHooks are exported\nexport {\n AccessDeniedError,\n type AccessTokenPayload,\n type Account,\n AuthorizationError,\n type Awaitable,\n Client,\n type ClientAuth,\n type ClientId,\n type ClientInfo,\n type DeviceId,\n type DpopProof,\n type HcaptchaClientTokens,\n type HcaptchaConfig,\n type HcaptchaVerifyResult,\n InvalidCredentialsError,\n InvalidRequestError,\n type Jwks,\n type OAuthAccessToken,\n type OAuthAuthorizationDetails,\n type OAuthAuthorizationRequestParameters,\n type OAuthClientMetadata,\n OAuthError,\n type OAuthTokenResponse,\n type OAuthTokenType,\n type RequestMetadata,\n type ResetPasswordConfirmInput,\n type ResetPasswordRequestInput,\n type SignInData,\n type SignUpData,\n type SignUpInput,\n type Sub,\n type TokenClaims,\n type UpdateHandleData,\n}\n\nexport type OAuthHooks = {\n /**\n * Use this to alter, override or validate the client metadata & jwks returned\n * by the client store.\n *\n * @throws {InvalidClientMetadataError} if the metadata is invalid\n * @see {@link InvalidClientMetadataError}\n */\n getClientInfo?: (\n clientId: ClientId,\n data: { metadata: OAuthClientMetadata; jwks?: Jwks },\n ) => Awaitable<undefined | Partial<ClientInfo>>\n\n /**\n * This hook is called when a user requests an email change, before the email\n * change request is triggered on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onChangeEmailRequest?: (data: {\n input: UpdateEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user requests an email change, and the email\n * change request was successfully triggered on the account store.\n */\n onChangeEmailRequested?: (data: {\n input: UpdateEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms an email change, before the email\n * change is actually confirmed on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onUpdateEmailConfirm?: (data: {\n input: UpdateEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms an email change, and the email\n * change was successfully confirmed on the account store.\n */\n onUpdateEmailConfirmed?: (data: {\n input: UpdateEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests an email verification, before the\n * verification request is triggered on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onVerifyEmailRequest?: (data: {\n input: VerifyEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user requests an email verification, and the\n * verification request was successfully triggered on the account store.\n */\n onVerifyEmailRequested?: (data: {\n input: VerifyEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms an email verification, before the\n * verification is actually confirmed on the account store. Only triggered\n * with authenticated sessions, so the `account` is always available.\n */\n onVerifyEmailConfirm?: (data: {\n input: VerifyEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms an email verification, and the\n * verification was successfully confirmed on the account store.\n */\n onVerifyEmailConfirmed?: (data: {\n input: VerifyEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a handle change, before the change\n * is performed on the account store. Only triggered with authenticated\n * sessions, so the `account` is always available.\n */\n onUpdateHandle?: (data: {\n input: UpdateHandleData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user successfully changed their handle on the\n * account store.\n */\n onUpdatedHandle?: (data: {\n input: UpdateHandleData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after every validation\n * has passed (including hcaptcha).\n */\n onSignUpAttempt?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after the hcaptcha\n * `/siteverify` request has been made (and before the result is validated).\n */\n onHcaptchaResult?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n tokens: HcaptchaClientTokens\n result: HcaptchaVerifyResult\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store. Use this to\n * potentially cancel the password reset.\n */\n onResetPasswordRequest?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store. If not account\n * was found for the provided identifier, the `account` field will be `null`.\n */\n onResetPasswordRequested?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account | null\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms a password reset, before the\n * password is actually reset on the account store.\n */\n onResetPasswordConfirm?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms a password reset, and the\n * password was successfully reset on the account store.\n */\n onResetPasswordConfirmed?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs up.\n *\n * @throws {AccessDeniedError} to deny the sign-up\n */\n onSignedUp?: (data: {\n data: SignUpData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request (i.e. the user is logging in to approve a\n * client); it is omitted for first-party sign-ins that happen outside any\n * authorization flow.\n */\n onSignInAttempt?: (data: {\n data: SignInData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs in.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * @throws {InvalidRequestError} when the sing-in should be denied\n */\n onSignedIn?: (data: {\n data: SignInData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a sign-in attempt is rejected by the account\n * store due to invalid credentials (e.g. unknown identifier, wrong\n * password). It is *not* called for unexpected server errors, nor for flows\n * that require an additional authentication factor.\n *\n * `sub` is populated when the store throws an\n * {@link InvalidCredentialsError} that carries the matched subject\n * identifier (i.e. identifier known, credentials wrong). It is `null` when\n * the identifier was unknown or when the store threw a plain\n * {@link InvalidRequestError} without distinguishing the two cases.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * Errors thrown from this hook are caught and ignored so that they do not\n * mask the original authentication failure.\n */\n onSignInFailed?: (data: {\n data: SignInData\n error: InvalidRequestError\n sub: Sub | null\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * Allows validating an authorization request (typically the requested scopes)\n * before it is created. Note that the validity against the client metadata is\n * already enforced by the OAuth provider.\n *\n * @throws {AuthorizationError}\n */\n onAuthorizationRequest?: (data: {\n client: Client\n clientAuth: null | ClientAuth\n parameters: Readonly<OAuthAuthorizationRequestParameters>\n }) => Awaitable<void>\n\n /**\n * This hook is called when a client is authorized.\n *\n * @throws {AuthorizationError} to deny the authorization request and redirect\n * the user to the client with an OAuth error (other errors will result in an\n * internal server error being displayed to the user)\n *\n * @note We use `deviceMetadata` instead of `clientMetadata` to make it clear\n * that this metadata is from the user device, which might be different from\n * the client metadata (because the OAuth client could live in a backend).\n */\n onAuthorized?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n requestId: RequestId\n }) => Awaitable<void>\n\n /**\n * This hook is called whenever a token is about to be created. You can use\n * it to modify the token claims or perform additional validation.\n *\n * This hook should never throw an error.\n */\n onCreateToken?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n claims: TokenClaims\n }) => Awaitable<void | OmitKey<AccessTokenPayload, 'iss'>>\n\n /**\n * This hook is called whenever a token was just decoded, and basic validation\n * was performed (signature, expiration, not-before).\n *\n * It can be used to modify the payload (e.g., to add custom claims), or to\n * perform additional validation.\n *\n * This hook is called when authenticating requests through the\n * `authenticateRequest()` method in `OAuthVerifier` and `OAuthProvider`.\n *\n * Any error thrown here will be propagated.\n */\n onDecodeToken?: (data: {\n tokenType: OAuthTokenType\n token: OAuthAccessToken\n payload: AccessTokenPayload\n dpopProof: null | DpopProof\n }) => Promise<AccessTokenPayload | void>\n\n /**\n * This hook is called when an authorized client exchanges an authorization\n * code for an access token.\n *\n * @throws {OAuthError} to cancel the token creation and revoke the session\n */\n onTokenCreated?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n\n /**\n * This hook is called when an authorized client refreshes an access token.\n *\n * @throws {OAuthError} to cancel the token refresh and revoke the session\n */\n onTokenRefreshed?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n}\n"]}
1
+ {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AA2BA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAG3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAYpD,sEAAsE;AACtE,OAAO,EACL,iBAAiB,EAGjB,kBAAkB,EAElB,MAAM,EAUN,uBAAuB,EACvB,mBAAmB,EAMnB,UAAU,GAWX,CAAA","sourcesContent":["import { Did } from '@atproto/did'\nimport { Jwks } from '@atproto/jwk'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport {\n OAuthAccessToken,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n OAuthClientMetadata,\n OAuthTokenResponse,\n OAuthTokenType,\n} from '@atproto/oauth-types'\nimport {\n DeleteAccountConfirmInput,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n UpdateEmailConfirmInput,\n UpdateEmailRequestInput,\n UpdateHandleData,\n VerifyEmailConfirmInput,\n VerifyEmailRequestInput,\n} from './account/account-store.js'\nimport { SignInData } from './account/sign-in-data.js'\nimport { SignUpInput } from './account/sign-up-input.js'\nimport { ClientAuth } from './client/client-auth.js'\nimport { ClientId } from './client/client-id.js'\nimport { ClientInfo } from './client/client-info.js'\nimport { Client } from './client/client.js'\nimport { DeviceId } from './device/device-id.js'\nimport { DpopProof } from './dpop/dpop-proof.js'\nimport { AccessDeniedError } from './errors/access-denied-error.js'\nimport { AuthorizationError } from './errors/authorization-error.js'\nimport { InvalidCredentialsError } from './errors/invalid-credentials-error.js'\nimport { InvalidRequestError } from './errors/invalid-request-error.js'\nimport { OAuthError } from './errors/oauth-error.js'\nimport {\n HcaptchaClientTokens,\n HcaptchaConfig,\n HcaptchaVerifyResult,\n} from './lib/hcaptcha.js'\nimport { RequestMetadata } from './lib/http/request.js'\nimport { Awaitable, OmitKey } from './lib/util/type.js'\nimport { RequestId } from './request/request-id.js'\nimport { AccessTokenPayload } from './signer/access-token-payload.js'\nimport { TokenClaims } from './token/token-claims.js'\n\n// Make sure all types needed to implement the OAuthHooks are exported\nexport {\n AccessDeniedError,\n type AccessTokenPayload,\n type Account,\n AuthorizationError,\n type Awaitable,\n Client,\n type ClientAuth,\n type ClientId,\n type ClientInfo,\n type DeviceId,\n type Did,\n type DpopProof,\n type HcaptchaClientTokens,\n type HcaptchaConfig,\n type HcaptchaVerifyResult,\n InvalidCredentialsError,\n InvalidRequestError,\n type Jwks,\n type OAuthAccessToken,\n type OAuthAuthorizationDetails,\n type OAuthAuthorizationRequestParameters,\n type OAuthClientMetadata,\n OAuthError,\n type OAuthTokenResponse,\n type OAuthTokenType,\n type RequestMetadata,\n type ResetPasswordConfirmInput,\n type ResetPasswordRequestInput,\n type SignInData,\n type SignUpData,\n type SignUpInput,\n type TokenClaims,\n type UpdateHandleData,\n}\n\nexport type OAuthHooks = {\n /**\n * Use this to alter, override or validate the client metadata & jwks returned\n * by the client store.\n *\n * @throws {InvalidClientMetadataError} if the metadata is invalid\n * @see {@link InvalidClientMetadataError}\n */\n getClientInfo?: (\n clientId: ClientId,\n data: { metadata: OAuthClientMetadata; jwks?: Jwks },\n ) => Awaitable<undefined | Partial<ClientInfo>>\n\n /**\n * This hook is called when a user requests an email change, before the email\n * change request is triggered on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onChangeEmailRequest?: (data: {\n input: UpdateEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user requests an email change, and the email\n * change request was successfully triggered on the account store.\n */\n onChangeEmailRequested?: (data: {\n input: UpdateEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms an email change, before the email\n * change is actually confirmed on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onUpdateEmailConfirm?: (data: {\n input: UpdateEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms an email change, and the email\n * change was successfully confirmed on the account store.\n */\n onUpdateEmailConfirmed?: (data: {\n input: UpdateEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests an email verification, before the\n * verification request is triggered on the account store. Only triggered with\n * authenticated sessions, so the `account` is always available.\n */\n onVerifyEmailRequest?: (data: {\n input: VerifyEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user requests an email verification, and the\n * verification request was successfully triggered on the account store.\n */\n onVerifyEmailRequested?: (data: {\n input: VerifyEmailRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms an email verification, before the\n * verification is actually confirmed on the account store. Only triggered\n * with authenticated sessions, so the `account` is always available.\n */\n onVerifyEmailConfirm?: (data: {\n input: VerifyEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms an email verification, and the\n * verification was successfully confirmed on the account store.\n */\n onVerifyEmailConfirmed?: (data: {\n input: VerifyEmailConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a handle change, before the change\n * is performed on the account store. Only triggered with authenticated\n * sessions, so the `account` is always available.\n */\n onUpdateHandle?: (data: {\n input: UpdateHandleData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user successfully changed their handle on the\n * account store.\n */\n onUpdatedHandle?: (data: {\n input: UpdateHandleData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests account deactivation, before the\n * account is deactivated on the account store.\n */\n onDeactivateAccount?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user successfully deactivated their account on\n * the account store.\n */\n onDeactivatedAccount?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests account reactivation, before the\n * account is reactivated on the account store.\n */\n onReactivateAccount?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user successfully reactivated their account on\n * the account store.\n */\n onReactivatedAccount?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests account deletion, before the\n * confirmation email is dispatched on the account store.\n */\n onDeleteAccountRequest?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user has requested account deletion and the\n * confirmation email has been dispatched.\n */\n onDeleteAccountRequested?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms account deletion, before the\n * account is actually deleted on the account store.\n */\n onDeleteAccountConfirm?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user has successfully deleted their account\n * on the account store.\n */\n onDeleteAccountConfirmed?: (data: {\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n input: DeleteAccountConfirmInput\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after every validation\n * has passed (including hcaptcha).\n */\n onSignUpAttempt?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user attempts to sign up, after the hcaptcha\n * `/siteverify` request has been made (and before the result is validated).\n */\n onHcaptchaResult?: (data: {\n input: SignUpInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n tokens: HcaptchaClientTokens\n result: HcaptchaVerifyResult\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store. Use this to\n * potentially cancel the password reset.\n */\n onResetPasswordRequest?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user requests a password reset, before the\n * reset password request is triggered on the account store. If not account\n * was found for the provided identifier, the `account` field will be `null`.\n */\n onResetPasswordRequested?: (data: {\n input: ResetPasswordRequestInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account | null\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user confirms a password reset, before the\n * password is actually reset on the account store.\n */\n onResetPasswordConfirm?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * This hook is called after a user confirms a password reset, and the\n * password was successfully reset on the account store.\n */\n onResetPasswordConfirmed?: (data: {\n input: ResetPasswordConfirmInput\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n account: Account\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs up.\n *\n * @throws {AccessDeniedError} to deny the sign-up\n */\n onSignedUp?: (data: {\n data: SignUpData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n }) => Awaitable<void>\n\n /**\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request (i.e. the user is logging in to approve a\n * client); it is omitted for first-party sign-ins that happen outside any\n * authorization flow.\n */\n onSignInAttempt?: (data: {\n data: SignInData\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a user successfully signs in.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * @throws {InvalidRequestError} when the sing-in should be denied\n */\n onSignedIn?: (data: {\n data: SignInData\n account: Account\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * This hook is called when a sign-in attempt is rejected by the account\n * store due to invalid credentials (e.g. unknown identifier, wrong\n * password). It is *not* called for unexpected server errors, nor for flows\n * that require an additional authentication factor.\n *\n * `sub` is populated when the store throws an\n * {@link InvalidCredentialsError} that carries the matched subject\n * identifier (i.e. identifier known, credentials wrong). It is `null` when\n * the identifier was unknown or when the store threw a plain\n * {@link InvalidRequestError} without distinguishing the two cases.\n *\n * `clientId` is populated when the sign-in is submitted in the context of\n * an OAuth authorization request; see {@link OAuthHooks.onSignInAttempt}.\n *\n * Errors thrown from this hook are caught and ignored so that they do not\n * mask the original authentication failure.\n */\n onSignInFailed?: (data: {\n data: SignInData\n error: InvalidRequestError\n did: Did | null\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n clientId?: ClientId\n }) => Awaitable<void>\n\n /**\n * Allows validating an authorization request (typically the requested scopes)\n * before it is created. Note that the validity against the client metadata is\n * already enforced by the OAuth provider.\n *\n * @throws {AuthorizationError}\n */\n onAuthorizationRequest?: (data: {\n client: Client\n clientAuth: null | ClientAuth\n parameters: Readonly<OAuthAuthorizationRequestParameters>\n }) => Awaitable<void>\n\n /**\n * This hook is called when a client is authorized.\n *\n * @throws {AuthorizationError} to deny the authorization request and redirect\n * the user to the client with an OAuth error (other errors will result in an\n * internal server error being displayed to the user)\n *\n * @note We use `deviceMetadata` instead of `clientMetadata` to make it clear\n * that this metadata is from the user device, which might be different from\n * the client metadata (because the OAuth client could live in a backend).\n */\n onAuthorized?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n deviceId: DeviceId\n deviceMetadata: RequestMetadata\n requestId: RequestId\n }) => Awaitable<void>\n\n /**\n * This hook is called whenever a token is about to be created. You can use\n * it to modify the token claims or perform additional validation.\n *\n * This hook should never throw an error.\n */\n onCreateToken?: (data: {\n client: Client\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n claims: TokenClaims\n }) => Awaitable<void | OmitKey<AccessTokenPayload, 'iss'>>\n\n /**\n * This hook is called whenever a token was just decoded, and basic validation\n * was performed (signature, expiration, not-before).\n *\n * It can be used to modify the payload (e.g., to add custom claims), or to\n * perform additional validation.\n *\n * This hook is called when authenticating requests through the\n * `authenticateRequest()` method in `OAuthVerifier` and `OAuthProvider`.\n *\n * Any error thrown here will be propagated.\n */\n onDecodeToken?: (data: {\n tokenType: OAuthTokenType\n token: OAuthAccessToken\n payload: AccessTokenPayload\n dpopProof: null | DpopProof\n }) => Promise<AccessTokenPayload | void>\n\n /**\n * This hook is called when an authorized client exchanges an authorization\n * code for an access token.\n *\n * @throws {OAuthError} to cancel the token creation and revoke the session\n */\n onTokenCreated?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n\n /**\n * This hook is called when an authorized client refreshes an access token.\n *\n * @throws {OAuthError} to cancel the token refresh and revoke the session\n */\n onTokenRefreshed?: (data: {\n client: Client\n clientAuth: ClientAuth\n clientMetadata: RequestMetadata\n account: Account\n parameters: OAuthAuthorizationRequestParameters\n }) => Awaitable<void>\n}\n"]}
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAGxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAA;AACxF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,iCAAiC,EAAE,MAAM,kDAAkD,CAAA;AACpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAA;AAa3E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,MAAM,UAAU,GAAG,kBAAkB,CAAC;QACpC,gBAAgB;QAChB,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC;QACpC,iCAAiC,CAAC,MAAM,EAAE,OAAO,CAAC;QAClD,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,SAAS,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { asHandler, combineMiddlewares } from './lib/http/middleware.js'\nimport { Handler } from './lib/http/types.js'\nimport { OAuthProvider } from './oauth-provider.js'\nimport { assetsMiddleware } from './router/assets/assets.js'\nimport { createAccountPageMiddleware } from './router/create-account-page-middleware.js'\nimport { createApiMiddleware } from './router/create-api-middleware.js'\nimport { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js'\nimport { createOAuthMiddleware } from './router/create-oauth-middleware.js'\nimport { ErrorHandler } from './router/error-handler.js'\nimport { MiddlewareOptions } from './router/middleware-options.js'\n\n// Export all the types exposed\nexport type {\n ErrorHandler,\n Handler,\n IncomingMessage,\n MiddlewareOptions,\n ServerResponse,\n}\n\n/**\n * @returns An http request handler that can be used with node's http server\n * or as a middleware with express / connect.\n */\nexport function oauthMiddleware<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { ...options }: MiddlewareOptions<Req, Res> = {},\n): Handler<void, Req, Res> {\n const { onError } = options\n\n // options is shallow cloned so it's fine to mutate it\n options.onError =\n process.env['NODE_ENV'] === 'development'\n ? (req, res, err, msg) => {\n console.error(`OAuthProvider error (${msg}):`, err)\n return onError?.(req, res, err, msg)\n }\n : onError\n\n const middleware = combineMiddlewares([\n assetsMiddleware,\n createOAuthMiddleware(server, options),\n createApiMiddleware(server, options),\n createAuthorizationPageMiddleware(server, options),\n createAccountPageMiddleware(server, options),\n ])\n\n return asHandler(middleware)\n}\n"]}
1
+ {"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAGxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAA;AACxF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,iCAAiC,EAAE,MAAM,kDAAkD,CAAA;AACpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAA;AAa3E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,EAAE,GAAgC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,MAAM,UAAU,GAAG,kBAAkB,CAAC;QACpC,gBAAgB;QAChB,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC;QACpC,iCAAiC,CAAC,MAAM,EAAE,OAAO,CAAC;QAClD,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,SAAS,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { asHandler, combineMiddlewares } from './lib/http/middleware.js'\nimport { Handler } from './lib/http/types.js'\nimport { OAuthProvider } from './oauth-provider.js'\nimport { assetsMiddleware } from './router/assets/assets.js'\nimport { createAccountPageMiddleware } from './router/create-account-page-middleware.js'\nimport { createApiMiddleware } from './router/create-api-middleware.js'\nimport { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js'\nimport { createOAuthMiddleware } from './router/create-oauth-middleware.js'\nimport { ErrorHandler } from './router/error-handler.js'\nimport { MiddlewareOptions } from './router/middleware-options.js'\n\n// Export all the types exposed\nexport type {\n ErrorHandler,\n Handler,\n IncomingMessage,\n MiddlewareOptions,\n ServerResponse,\n}\n\n/**\n * @returns An http request handler that can be used with node's http server\n * or as a middleware with express / connect.\n */\nexport function oauthMiddleware<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { ...options }: MiddlewareOptions<Req, Res> = {},\n): Handler<void, Req, Res> {\n const { onError } = options\n\n // options is shallow cloned so it's fine to mutate it\n options.onError =\n process.env['NODE_ENV'] === 'development'\n ? (req, res, err, msg) => {\n console.error(`OAuthProvider error (${msg}):`, err)\n return onError?.(req, res, err, msg)\n }\n : onError\n\n const middleware = combineMiddlewares([\n assetsMiddleware,\n createOAuthMiddleware(server, options),\n createApiMiddleware(server, options),\n createAuthorizationPageMiddleware(server, options),\n createAccountPageMiddleware(server, options),\n ])\n\n return asHandler(middleware)\n}\n"]}
@@ -138,16 +138,12 @@ export declare class OAuthProvider extends OAuthVerifier {
138
138
  lexResolver, accountStore, deviceStore, lexiconStore, tokenStore, requestStore, clientStore, replayStore, clientJwksCache, clientMetadataCache, loopbackMetadata, ...rest }: OAuthProviderOptions);
139
139
  get jwks(): Readonly<{
140
140
  keys: readonly (Readonly<{
141
- kty: "RSA";
142
- n: string;
143
- e: string;
144
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
145
141
  kid?: string | undefined;
146
- use?: "sig" | "enc" | undefined;
147
- key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
142
+ use?: "enc" | "sig" | undefined;
143
+ key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
148
144
  x5c?: string[] | undefined;
149
145
  x5t?: string | undefined;
150
- "x5t#S256"?: string | undefined;
146
+ 'x5t#S256'?: string | undefined;
151
147
  x5u?: string | undefined;
152
148
  ext?: boolean | undefined;
153
149
  iat?: number | undefined;
@@ -157,6 +153,10 @@ export declare class OAuthProvider extends OAuthVerifier {
157
153
  revoked_at: number;
158
154
  reason?: string | undefined;
159
155
  } | undefined;
156
+ kty: "RSA";
157
+ alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
158
+ n: string;
159
+ e: string;
160
160
  d?: string | undefined;
161
161
  p?: string | undefined;
162
162
  q?: string | undefined;
@@ -164,8 +164,8 @@ export declare class OAuthProvider extends OAuthVerifier {
164
164
  dq?: string | undefined;
165
165
  qi?: string | undefined;
166
166
  oth?: {
167
- d?: string | undefined;
168
167
  r?: string | undefined;
168
+ d?: string | undefined;
169
169
  t?: string | undefined;
170
170
  }[] | undefined;
171
171
  } & {
@@ -173,17 +173,12 @@ export declare class OAuthProvider extends OAuthVerifier {
173
173
  } & {
174
174
  d?: never;
175
175
  }> | Readonly<{
176
- kty: "EC";
177
- crv: "P-256" | "P-384" | "P-521";
178
- x: string;
179
- y: string;
180
- alg?: "ES256" | "ES384" | "ES512" | undefined;
181
176
  kid?: string | undefined;
182
- use?: "sig" | "enc" | undefined;
183
- key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
177
+ use?: "enc" | "sig" | undefined;
178
+ key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
184
179
  x5c?: string[] | undefined;
185
180
  x5t?: string | undefined;
186
- "x5t#S256"?: string | undefined;
181
+ 'x5t#S256'?: string | undefined;
187
182
  x5u?: string | undefined;
188
183
  ext?: boolean | undefined;
189
184
  iat?: number | undefined;
@@ -193,23 +188,23 @@ export declare class OAuthProvider extends OAuthVerifier {
193
188
  revoked_at: number;
194
189
  reason?: string | undefined;
195
190
  } | undefined;
191
+ kty: "EC";
192
+ alg?: "ES256" | "ES384" | "ES512" | undefined;
193
+ crv: "P-256" | "P-384" | "P-521";
194
+ x: string;
195
+ y: string;
196
196
  d?: string | undefined;
197
197
  } & {
198
198
  kid: NonNullable<unknown>;
199
199
  } & {
200
200
  d?: never;
201
201
  }> | Readonly<{
202
- kty: "EC";
203
- crv: "secp256k1";
204
- x: string;
205
- y: string;
206
- alg?: "ES256K" | undefined;
207
202
  kid?: string | undefined;
208
- use?: "sig" | "enc" | undefined;
209
- key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
203
+ use?: "enc" | "sig" | undefined;
204
+ key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
210
205
  x5c?: string[] | undefined;
211
206
  x5t?: string | undefined;
212
- "x5t#S256"?: string | undefined;
207
+ 'x5t#S256'?: string | undefined;
213
208
  x5u?: string | undefined;
214
209
  ext?: boolean | undefined;
215
210
  iat?: number | undefined;
@@ -219,22 +214,23 @@ export declare class OAuthProvider extends OAuthVerifier {
219
214
  revoked_at: number;
220
215
  reason?: string | undefined;
221
216
  } | undefined;
217
+ kty: "EC";
218
+ alg?: "ES256K" | undefined;
219
+ crv: "secp256k1";
220
+ x: string;
221
+ y: string;
222
222
  d?: string | undefined;
223
223
  } & {
224
224
  kid: NonNullable<unknown>;
225
225
  } & {
226
226
  d?: never;
227
227
  }> | Readonly<{
228
- kty: "OKP";
229
- crv: "Ed25519" | "Ed448";
230
- x: string;
231
- alg?: "EdDSA" | undefined;
232
228
  kid?: string | undefined;
233
- use?: "sig" | "enc" | undefined;
234
- key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
229
+ use?: "enc" | "sig" | undefined;
230
+ key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
235
231
  x5c?: string[] | undefined;
236
232
  x5t?: string | undefined;
237
- "x5t#S256"?: string | undefined;
233
+ 'x5t#S256'?: string | undefined;
238
234
  x5u?: string | undefined;
239
235
  ext?: boolean | undefined;
240
236
  iat?: number | undefined;
@@ -244,6 +240,10 @@ export declare class OAuthProvider extends OAuthVerifier {
244
240
  revoked_at: number;
245
241
  reason?: string | undefined;
246
242
  } | undefined;
243
+ kty: "OKP";
244
+ alg?: "EdDSA" | undefined;
245
+ crv: "Ed25519" | "Ed448";
246
+ x: string;
247
247
  d?: string | undefined;
248
248
  } & {
249
249
  kid: NonNullable<unknown>;
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAEnD,OAAO,EAEL,gBAAgB,EAChB,uCAAuC,EACvC,4BAA4B,EAC5B,4BAA4B,EAC5B,mCAAmC,EACnC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,kCAAkC,EAClC,wBAAwB,EACxB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EAGf,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAA;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,aAAa,EAEd,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,aAAa,EACb,sBAAsB,EACvB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAS3C,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AACrE,OAAO,EACL,aAAa,EACb,kBAAkB,EAEnB,MAAM,kCAAkC,CAAA;AAEzC,OAAO,EACL,UAAU,EACV,aAAa,EACb,oBAAoB,EACrB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AASrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAkB,MAAM,4BAA4B,CAAA;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,EAAE,cAAc,EAAiB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EACL,SAAS,EACT,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EAC1B,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AAErE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAkB,MAAM,4BAA4B,CAAA;AAEzE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAA;AAC/F,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAA;AAClG,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAA;AACvF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EACL,UAAU,EAGX,MAAM,wBAAwB,CAAA;AAG/B,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AAC/C,YAAY,EACV,kBAAkB,EAClB,+BAA+B,EAC/B,gCAAgC,IAAI,4BAA4B,EAChE,2BAA2B,EAC3B,QAAQ,EACR,aAAa,EACb,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,yBAAyB,GAC1B,CAAA;AAED,KAAK,mBAAmB,GAAG;IACzB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;;;;;;;;;;;OAaG;IACH,eAAe,CAAC,EAAE,eAAe,CAAA;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;IAEnC;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,GAAG,YAAY,GAAG,MAAM,CAAA;IAErC;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,OAAO,CACb,YAAY,GACV,WAAW,GACX,WAAW,GACX,YAAY,GACZ,WAAW,GACX,YAAY,GACZ,UAAU,CACb,CAAA;IAED,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,UAAU,CAAC,EAAE,UAAU,CAAA;IAEvB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAE3C;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;IAE9D;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,sBAAsB,CAAA;CACzD,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,GACpD,oBAAoB,GACpB,UAAU,GACV,oBAAoB,GACpB,kBAAkB,CAAA;AAEpB,qBAAa,aAAc,SAAQ,aAAa;IAC9C,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAA;IAEpC,SAAgB,QAAQ,EAAE,gCAAgC,CAAA;IAC1D,SAAgB,aAAa,EAAE,aAAa,CAAA;IAE5C,SAAgB,oBAAoB,EAAE,MAAM,CAAA;IAE5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,YAAY,EAAE,YAAY,CAAA;gBAEvB,EAEjB,oBAA6C,EAC7C,WAA2B,EAC3B,eAA2C,EAE3C,QAAQ,EAER,SAA2B,EAC3B,KAAK,EAAE,gCAAgC;IACvC,WAAmD,EAGnD,YAAoC,EACpC,WAAkC,EAClC,YAAoC,EACpC,UAAgC,EAChC,YAAoC,EAGpC,WAAkC,EAClC,WAAkC,EAElC,eAGE,EACF,mBAGE,EAEF,gBAAgD,EAMhD,GAAG,IAAI,EACR,EAAE,oBAAoB;IA4DvB,IAAI,IAAI;;;;;eArTH,CAAC;eACkB,CAAC;eAEhB,CAAC;mBACsB,CAAC;eAKjC,CAAA;eACe,CAAC;sBAA4C,CAAC;eAG3D,CAAC;eACe,CAAC;eACe,CAAC;eACL,CAAC;eAErB,CAAC;mBAGb,CAAA;;sBAC0B,CAAC;;aACR,CAAC;aAAmC,CAAC;aAAmC,CAAC;cACzD,CAAC;cACjC,CAAC;cAAoC,CAAC;eACrC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBACjD,CAAC;;;;;aAEd,CAAC;;;;;;eAEqB,CAAC;eACJ,CAAC;eAAqC,CAAC;mBAC1B,CAAC;eAGnC,CAAC;eAAuC,CAAC;sBACN,CAAC;eAClB,CAAC;eAAqC,CAAC;eACtC,CAAA;eAElB,CAAC;eAEO,CAAC;mBAEX,CAAA;;sBACkC,CAAA;;aACR,CAAC;;;;aAEN,CAAA;;;;;;eAEc,CAAC;eAAuC,CAAC;eAC3D,CAAC;mBAAgD,CAAC;eAExD,CAAC;eAAuC,CAAC;sBACb,CAAC;eACjC,CAAC;eAAqC,CAAC;eACZ,CAAC;eAE5B,CAAC;eAEO,CAAC;mBAEb,CAAC;;sBAEN,CAAC;;aAEC,CAAA;;;;aAE6C,CAAC;;;;;eAM9B,CAAC;eAGjB,CAAA;eACkB,CAAC;mBAIpB,CAAC;eAKA,CAAC;eAGA,CAAC;sBAA4C,CAAC;eAExC,CAAC;eAGO,CAAC;eAAsC,CAAC;eACzC,CAAC;eAAqC,CAAC;mBACrC,CAAC;;sBAChB,CAAD;;aAA+D,CAAA;;;;aAGvD,CAAC;;OAiNR;IAED;;OAEG;IACI,oBAAoB,CACzB,UAAU,EAAE,mCAAmC,EAC/C,UAAU,CAAC,EAAE,oBAAoB;IAiB5B,kBAAkB,CAAC,aAAa,EAAE,aAAa;cAKtC,kBAAkB,CAChC,iBAAiB,EAAE,sBAAsB,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,CAAC,EAAE;QACR,qBAAqB,CAAC,EAAE,OAAO,CAAA;KAChC,GACA,OAAO,CAAC;QACT,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;KACvB,CAAC;IAgDI,SAAS,CACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,4BAA4B,GAClC,OAAO,CAAC,mCAAmC,CAAC;IA0B/C;;OAEG;IACU,0BAA0B,CACrC,WAAW,EAAE,sBAAsB,EACnC,oBAAoB,EAAE,4BAA4B,EAClD,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,gBAAgB,CAAC;YAgEd,2BAA2B;IA6CzC;;OAEG;IACU,SAAS,CACpB,KAAK,EAAE,8BAA8B,EACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,UAAU,GACvC,OAAO,CAAC,2BAA2B,GAAG,gCAAgC,CAAC;IAoJ7D,KAAK,CAChB,iBAAiB,EAAE,sBAAsB,EACzC,cAAc,EAAE,eAAe,EAC/B,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cA2Cd,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,EAAE;QACP,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,UAAU,EAAE,IAAI,GAAG,UAAU,GAAG,gBAAgB,CAAA;KACjD,GACA,OAAO,CAAC,IAAI,CAAC;cA+DA,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,uCAAuC,EAC9C,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cA+Dd,iBAAiB,CAC/B,UAAU,EAAE,mCAAmC,EAC/C,KAAK,EAAE,uCAAuC,GAC7C,OAAO,CAAC,IAAI,CAAC;cAmDA,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,kCAAkC,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cA4Bd,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,SAAS,GACd,OAAO,CAAC,IAAI,CAAC;IAoBhB;;OAEG;IACU,MAAM,CACjB,iBAAiB,EAAE,sBAAsB,EACzC,EAAE,KAAK,EAAE,EAAE,wBAAwB,EACnC,SAAS,EAAE,IAAI,GAAG,SAAS;cAuBJ,WAAW,CAClC,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,gBAAgB,EACvB,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;CAmB/B"}
1
+ {"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAEnD,OAAO,EAEL,gBAAgB,EAChB,uCAAuC,EACvC,4BAA4B,EAC5B,4BAA4B,EAC5B,mCAAmC,EACnC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,mBAAmB,EACnB,gBAAgB,EAChB,kCAAkC,EAClC,wBAAwB,EACxB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EAGf,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAA;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,aAAa,EAEd,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,aAAa,EACb,sBAAsB,EACvB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAS3C,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AACrE,OAAO,EACL,aAAa,EACb,kBAAkB,EAEnB,MAAM,kCAAkC,CAAA;AAEzC,OAAO,EACL,UAAU,EACV,aAAa,EACb,oBAAoB,EACrB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AASrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAkB,MAAM,4BAA4B,CAAA;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,EAAE,cAAc,EAAiB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EACL,SAAS,EACT,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EAC1B,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AAErE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAkB,MAAM,4BAA4B,CAAA;AAEzE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAA;AAC/F,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAA;AAClG,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAA;AACvF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EACL,UAAU,EAGX,MAAM,wBAAwB,CAAA;AAG/B,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AAC/C,YAAY,EACV,kBAAkB,EAClB,+BAA+B,EAC/B,gCAAgC,IAAI,4BAA4B,EAChE,2BAA2B,EAC3B,QAAQ,EACR,aAAa,EACb,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,yBAAyB,GAC1B,CAAA;AAED,KAAK,mBAAmB,GAAG;IACzB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;;;;;;;;;;;OAaG;IACH,eAAe,CAAC,EAAE,eAAe,CAAA;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAA;IAEzB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAA;IAEzB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;IAEnC;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,GAAG,YAAY,GAAG,MAAM,CAAA;IAErC;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,OAAO,CACb,YAAY,GACV,WAAW,GACX,WAAW,GACX,YAAY,GACZ,WAAW,GACX,YAAY,GACZ,UAAU,CACb,CAAA;IAED,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,UAAU,CAAC,EAAE,UAAU,CAAA;IAEvB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAE3C;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;IAE9D;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,sBAAsB,CAAA;CACzD,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,GACpD,oBAAoB,GACpB,UAAU,GACV,oBAAoB,GACpB,kBAAkB,CAAA;AAEpB,qBAAa,aAAc,SAAQ,aAAa;IAC9C,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAA;IAEpC,SAAgB,QAAQ,EAAE,gCAAgC,CAAA;IAC1D,SAAgB,aAAa,EAAE,aAAa,CAAA;IAE5C,SAAgB,oBAAoB,EAAE,MAAM,CAAA;IAE5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,YAAY,EAAE,YAAY,CAAA;IAE1C,YAAmB,EAEjB,oBAA6C,EAC7C,WAA2B,EAC3B,eAA2C,EAE3C,QAAQ,EAER,SAA2B,EAC3B,KAAK,EAAE,gCAAgC;IACvC,WAAmD,EAGnD,YAAoC,EACpC,WAAkC,EAClC,YAAoC,EACpC,UAAgC,EAChC,YAAoC,EAGpC,WAAkC,EAClC,WAAkC,EAElC,eAGE,EACF,mBAGE,EAEF,gBAAgD,EAMhD,GAAG,IAAI,EACR,EAAE,oBAAoB,EA0DtB;IAED,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAEP;IAED;;OAEG;IACI,oBAAoB,CACzB,UAAU,EAAE,mCAAmC,EAC/C,UAAU,CAAC,EAAE,oBAAoB,WAelC;IAEM,kBAAkB,CAAC,aAAa,EAAE,aAAa,WAGrD;IAED,UAAgB,kBAAkB,CAChC,iBAAiB,EAAE,sBAAsB,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,CAAC,EAAE;QACR,qBAAqB,CAAC,EAAE,OAAO,CAAA;KAChC,GACA,OAAO,CAAC;QACT,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;KACvB,CAAC,CA8CD;IAEK,SAAS,CACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,4BAA4B,GAClC,OAAO,CAAC,mCAAmC,CAAC,CAwB9C;IAED;;OAEG;IACU,0BAA0B,CACrC,WAAW,EAAE,sBAAsB,EACnC,oBAAoB,EAAE,4BAA4B,EAClD,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,gBAAgB,CAAC,CA8D3B;YAEa,2BAA2B;IA6CzC;;OAEG;IACU,SAAS,CACpB,KAAK,EAAE,8BAA8B,EACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,UAAU,GACvC,OAAO,CAAC,2BAA2B,GAAG,gCAAgC,CAAC,CAsJzE;IAEY,KAAK,CAChB,iBAAiB,EAAE,sBAAsB,EACzC,cAAc,EAAE,eAAe,EAC/B,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CAyC7B;IAED,UAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,EAAE;QACP,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,UAAU,EAAE,IAAI,GAAG,UAAU,GAAG,gBAAgB,CAAA;KACjD,GACA,OAAO,CAAC,IAAI,CAAC,CA6Df;IAED,UAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,uCAAuC,EAC9C,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CA6D7B;IAED,UAAgB,iBAAiB,CAC/B,UAAU,EAAE,mCAAmC,EAC/C,KAAK,EAAE,uCAAuC,GAC7C,OAAO,CAAC,IAAI,CAAC,CAiDf;IAED,UAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,kCAAkC,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CA0B7B;IAED,UAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,SAAS,GACd,OAAO,CAAC,IAAI,CAAC,CAkBf;IAED;;OAEG;IACU,MAAM,CACjB,iBAAiB,EAAE,sBAAsB,EACzC,EAAE,KAAK,EAAE,EAAE,wBAAwB,EACnC,SAAS,EAAE,IAAI,GAAG,SAAS,iBAqB5B;IAED,UAAyB,WAAW,CAClC,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,gBAAgB,EACvB,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CAkB7B;CACF"}
@@ -273,6 +273,9 @@ export class OAuthProvider extends OAuthVerifier {
273
273
  if (parameters.prompt === 'select_account' && !sessions.length) {
274
274
  throw new AccountSelectionRequiredError(parameters);
275
275
  }
276
+ const ssoSessions = sessions
277
+ .filter(hasActiveAccount)
278
+ .filter(matchesHint, parameters);
276
279
  // prompt=none
277
280
  //
278
281
  // > The Authorization Server MUST NOT display any authentication or
@@ -284,7 +287,6 @@ export class OAuthProvider extends OAuthVerifier {
284
287
  // > Section 3.1.2.6. This can be used as a method to check for existing
285
288
  // > authentication and/or consent.
286
289
  if (parameters.prompt === 'none') {
287
- const ssoSessions = sessions.filter(matchesHint, parameters);
288
290
  if (ssoSessions.length > 1) {
289
291
  throw new AccountSelectionRequiredError(parameters);
290
292
  }
@@ -303,7 +305,6 @@ export class OAuthProvider extends OAuthVerifier {
303
305
  }
304
306
  // Automatic SSO when a hint was provided that matches a single session
305
307
  if (parameters.prompt == null && parameters.login_hint != null) {
306
- const ssoSessions = sessions.filter(matchesHint, parameters);
307
308
  if (ssoSessions.length === 1) {
308
309
  const ssoSession = ssoSessions[0];
309
310
  if (!ssoSession.loginRequired && !ssoSession.consentRequired) {
@@ -317,11 +318,13 @@ export class OAuthProvider extends OAuthVerifier {
317
318
  client,
318
319
  parameters,
319
320
  requestUri,
320
- sessions,
321
- selectedSub: parameters.prompt == null ||
321
+ sessions: sessions
322
+ // Strip un-necessary information (like consentRequired)
323
+ .map(({ account, loginRequired }) => ({ account, loginRequired })),
324
+ selectedDid: parameters.prompt == null ||
322
325
  parameters.prompt === 'login' ||
323
326
  parameters.prompt === 'consent'
324
- ? sessions.find(matchesHint, parameters)?.account.sub
327
+ ? sessions.find(matchesHint, parameters)?.account.did
325
328
  : undefined,
326
329
  permissionSets: await this.lexiconManager
327
330
  .getPermissionSetsFromScope(parameters.scope)
@@ -429,9 +432,9 @@ export class OAuthProvider extends OAuthVerifier {
429
432
  // As an additional security measure, we also sign the device out,
430
433
  // so that the device cannot be used to access the account anymore
431
434
  // without a new authentication.
432
- const { deviceId, sub } = tokenInfo.data;
435
+ const { deviceId, did } = tokenInfo.data;
433
436
  if (deviceId) {
434
- await this.accountManager.removeDeviceAccount(deviceId, sub);
437
+ await this.accountManager.removeDeviceAccount(deviceId, did);
435
438
  }
436
439
  }
437
440
  }
@@ -450,7 +453,7 @@ export class OAuthProvider extends OAuthVerifier {
450
453
  ? { ...data.parameters, dpop_jkt: dpopProof.jkt }
451
454
  : data.parameters;
452
455
  await this.validateCodeGrant(parameters, input);
453
- const { account } = await this.accountManager.getAccount(data.sub);
456
+ const { account } = await this.accountManager.getAccount(data.did);
454
457
  return this.tokenManager.createToken(client, clientAuth, clientMetadata, account, data.deviceId, parameters, code);
455
458
  }
456
459
  async validateCodeGrant(parameters, input) {
@@ -565,6 +568,9 @@ function matchesHint({ account }) {
565
568
  const hint = this.login_hint;
566
569
  if (!hint)
567
570
  return false;
568
- return account.sub === hint || account.preferred_username === hint;
571
+ return account.did === hint || account.handle === hint;
572
+ }
573
+ function hasActiveAccount({ account }) {
574
+ return !account.deactivated;
569
575
  }
570
576
  //# sourceMappingURL=oauth-provider.js.map