@atproto/oauth-provider 0.18.4 → 0.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (91) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/dist/account/account-manager.d.ts +11 -7
  3. package/dist/account/account-manager.d.ts.map +1 -1
  4. package/dist/account/account-manager.js +82 -19
  5. package/dist/account/account-manager.js.map +1 -1
  6. package/dist/account/account-store.d.ts +47 -13
  7. package/dist/account/account-store.d.ts.map +1 -1
  8. package/dist/account/account-store.js +4 -1
  9. package/dist/account/account-store.js.map +1 -1
  10. package/dist/account/sign-up-input.d.ts +2 -2
  11. package/dist/errors/invalid-credentials-error.d.ts +9 -9
  12. package/dist/errors/invalid-credentials-error.d.ts.map +1 -1
  13. package/dist/errors/invalid-credentials-error.js +8 -8
  14. package/dist/errors/invalid-credentials-error.js.map +1 -1
  15. package/dist/lib/util/function.js +1 -1
  16. package/dist/lib/util/function.js.map +1 -1
  17. package/dist/oauth-hooks.d.ts +77 -4
  18. package/dist/oauth-hooks.d.ts.map +1 -1
  19. package/dist/oauth-hooks.js.map +1 -1
  20. package/dist/oauth-provider.d.ts.map +1 -1
  21. package/dist/oauth-provider.js +15 -9
  22. package/dist/oauth-provider.js.map +1 -1
  23. package/dist/request/request-data.d.ts +4 -4
  24. package/dist/request/request-data.d.ts.map +1 -1
  25. package/dist/request/request-data.js +1 -1
  26. package/dist/request/request-data.js.map +1 -1
  27. package/dist/request/request-manager.d.ts.map +1 -1
  28. package/dist/request/request-manager.js +7 -4
  29. package/dist/request/request-manager.js.map +1 -1
  30. package/dist/request/request-store.d.ts +1 -1
  31. package/dist/request/request-store.js.map +1 -1
  32. package/dist/result/authorization-result-authorize-page.d.ts +1 -1
  33. package/dist/result/authorization-result-authorize-page.js.map +1 -1
  34. package/dist/router/assets/send-authorization-page.js +1 -1
  35. package/dist/router/assets/send-authorization-page.js.map +1 -1
  36. package/dist/router/create-api-middleware.d.ts.map +1 -1
  37. package/dist/router/create-api-middleware.js +87 -51
  38. package/dist/router/create-api-middleware.js.map +1 -1
  39. package/dist/signer/access-token-payload.d.ts +15 -15
  40. package/dist/signer/access-token-payload.js +2 -2
  41. package/dist/signer/access-token-payload.js.map +1 -1
  42. package/dist/signer/api-token-payload.d.ts +15 -15
  43. package/dist/signer/api-token-payload.js +2 -2
  44. package/dist/signer/api-token-payload.js.map +1 -1
  45. package/dist/signer/signer.d.ts +6 -187
  46. package/dist/signer/signer.d.ts.map +1 -1
  47. package/dist/signer/signer.js.map +1 -1
  48. package/dist/token/token-claims.d.ts +2 -1
  49. package/dist/token/token-claims.d.ts.map +1 -1
  50. package/dist/token/token-claims.js.map +1 -1
  51. package/dist/token/token-data.d.ts +3 -3
  52. package/dist/token/token-data.d.ts.map +1 -1
  53. package/dist/token/token-data.js.map +1 -1
  54. package/dist/token/token-manager.d.ts +3 -3
  55. package/dist/token/token-manager.d.ts.map +1 -1
  56. package/dist/token/token-manager.js +14 -14
  57. package/dist/token/token-manager.js.map +1 -1
  58. package/dist/token/token-store.d.ts +3 -3
  59. package/dist/token/token-store.d.ts.map +1 -1
  60. package/dist/token/token-store.js.map +1 -1
  61. package/dist/types/handle.d.ts +5 -1
  62. package/dist/types/handle.d.ts.map +1 -1
  63. package/dist/types/handle.js +9 -8
  64. package/dist/types/handle.js.map +1 -1
  65. package/package.json +8 -8
  66. package/src/account/account-manager.ts +123 -20
  67. package/src/account/account-store.ts +59 -11
  68. package/src/errors/invalid-credentials-error.ts +8 -8
  69. package/src/lib/util/function.ts +2 -2
  70. package/src/oauth-hooks.ts +85 -3
  71. package/src/oauth-provider.ts +17 -9
  72. package/src/request/request-data.ts +5 -5
  73. package/src/request/request-manager.ts +11 -4
  74. package/src/request/request-store.ts +1 -1
  75. package/src/result/authorization-result-authorize-page.ts +1 -1
  76. package/src/router/assets/send-authorization-page.ts +1 -1
  77. package/src/router/create-api-middleware.ts +128 -67
  78. package/src/signer/access-token-payload.ts +2 -2
  79. package/src/signer/api-token-payload.ts +2 -2
  80. package/src/signer/signer.ts +13 -4
  81. package/src/token/token-claims.ts +2 -1
  82. package/src/token/token-data.ts +3 -3
  83. package/src/token/token-manager.ts +15 -15
  84. package/src/token/token-store.ts +3 -3
  85. package/src/types/handle.ts +21 -16
  86. package/tsconfig.build.tsbuildinfo +1 -1
  87. package/dist/oidc/sub.d.ts +0 -4
  88. package/dist/oidc/sub.d.ts.map +0 -1
  89. package/dist/oidc/sub.js +0 -3
  90. package/dist/oidc/sub.js.map +0 -1
  91. package/src/oidc/sub.ts +0 -4
@@ -1817,7 +1817,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
1817
1817
  t?: string | undefined;
1818
1818
  }[] | undefined;
1819
1819
  } & {
1820
- kid: NonNullable<unknown>;
1820
+ kid: {};
1821
1821
  }) | ({
1822
1822
  kid?: string | undefined;
1823
1823
  use?: "enc" | "sig" | undefined;
@@ -1841,7 +1841,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
1841
1841
  y: string;
1842
1842
  d?: string | undefined;
1843
1843
  } & {
1844
- kid: NonNullable<unknown>;
1844
+ kid: {};
1845
1845
  }) | ({
1846
1846
  kid?: string | undefined;
1847
1847
  use?: "enc" | "sig" | undefined;
@@ -1865,7 +1865,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
1865
1865
  y: string;
1866
1866
  d?: string | undefined;
1867
1867
  } & {
1868
- kid: NonNullable<unknown>;
1868
+ kid: {};
1869
1869
  }) | ({
1870
1870
  kid?: string | undefined;
1871
1871
  use?: "enc" | "sig" | undefined;
@@ -1888,7 +1888,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
1888
1888
  x: string;
1889
1889
  d?: string | undefined;
1890
1890
  } & {
1891
- kid: NonNullable<unknown>;
1891
+ kid: {};
1892
1892
  })) & {
1893
1893
  d?: never;
1894
1894
  }) | undefined;
@@ -2092,7 +2092,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
2092
2092
  }, z.ZodTypeAny, "passthrough">>, "many">>>;
2093
2093
  }, {
2094
2094
  jti: z.ZodEffects<z.ZodString, `tok-${string}`, string>;
2095
- sub: z.ZodString;
2095
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
2096
2096
  exp: z.ZodNumber;
2097
2097
  iat: z.ZodNumber;
2098
2098
  iss: z.ZodString;
@@ -3915,7 +3915,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
3915
3915
  t?: string | undefined;
3916
3916
  }[] | undefined;
3917
3917
  } & {
3918
- kid: NonNullable<unknown>;
3918
+ kid: {};
3919
3919
  }) | ({
3920
3920
  kid?: string | undefined;
3921
3921
  use?: "enc" | "sig" | undefined;
@@ -3939,7 +3939,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
3939
3939
  y: string;
3940
3940
  d?: string | undefined;
3941
3941
  } & {
3942
- kid: NonNullable<unknown>;
3942
+ kid: {};
3943
3943
  }) | ({
3944
3944
  kid?: string | undefined;
3945
3945
  use?: "enc" | "sig" | undefined;
@@ -3963,7 +3963,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
3963
3963
  y: string;
3964
3964
  d?: string | undefined;
3965
3965
  } & {
3966
- kid: NonNullable<unknown>;
3966
+ kid: {};
3967
3967
  }) | ({
3968
3968
  kid?: string | undefined;
3969
3969
  use?: "enc" | "sig" | undefined;
@@ -3986,7 +3986,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
3986
3986
  x: string;
3987
3987
  d?: string | undefined;
3988
3988
  } & {
3989
- kid: NonNullable<unknown>;
3989
+ kid: {};
3990
3990
  })) & {
3991
3991
  d?: never;
3992
3992
  }) | undefined;
@@ -4190,7 +4190,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
4190
4190
  }, z.ZodTypeAny, "passthrough">>, "many">>>;
4191
4191
  }, {
4192
4192
  jti: z.ZodEffects<z.ZodString, `tok-${string}`, string>;
4193
- sub: z.ZodString;
4193
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
4194
4194
  exp: z.ZodNumber;
4195
4195
  iat: z.ZodNumber;
4196
4196
  iss: z.ZodString;
@@ -6013,7 +6013,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
6013
6013
  t?: string | undefined;
6014
6014
  }[] | undefined;
6015
6015
  } & {
6016
- kid: NonNullable<unknown>;
6016
+ kid: {};
6017
6017
  }) | ({
6018
6018
  kid?: string | undefined;
6019
6019
  use?: "enc" | "sig" | undefined;
@@ -6037,7 +6037,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
6037
6037
  y: string;
6038
6038
  d?: string | undefined;
6039
6039
  } & {
6040
- kid: NonNullable<unknown>;
6040
+ kid: {};
6041
6041
  }) | ({
6042
6042
  kid?: string | undefined;
6043
6043
  use?: "enc" | "sig" | undefined;
@@ -6061,7 +6061,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
6061
6061
  y: string;
6062
6062
  d?: string | undefined;
6063
6063
  } & {
6064
- kid: NonNullable<unknown>;
6064
+ kid: {};
6065
6065
  }) | ({
6066
6066
  kid?: string | undefined;
6067
6067
  use?: "enc" | "sig" | undefined;
@@ -6084,7 +6084,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
6084
6084
  x: string;
6085
6085
  d?: string | undefined;
6086
6086
  } & {
6087
- kid: NonNullable<unknown>;
6087
+ kid: {};
6088
6088
  })) & {
6089
6089
  d?: never;
6090
6090
  }) | undefined;
@@ -6288,7 +6288,7 @@ export declare const accessTokenPayloadSchema: z.ZodObject<z.objectUtil.extendSh
6288
6288
  }, z.ZodTypeAny, "passthrough">>, "many">>>;
6289
6289
  }, {
6290
6290
  jti: z.ZodEffects<z.ZodString, `tok-${string}`, string>;
6291
- sub: z.ZodString;
6291
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
6292
6292
  exp: z.ZodNumber;
6293
6293
  iat: z.ZodNumber;
6294
6294
  iss: z.ZodString;
@@ -1,14 +1,14 @@
1
1
  import { z } from 'zod';
2
+ import { didSchema } from '@atproto/did';
2
3
  import { jwtPayloadSchema } from '@atproto/jwk';
3
4
  import { clientIdSchema } from '../client/client-id.js';
4
- import { subSchema } from '../oidc/sub.js';
5
5
  import { tokenIdSchema } from '../token/token-id.js';
6
6
  export const accessTokenPayloadSchema = jwtPayloadSchema
7
7
  .partial()
8
8
  .extend({
9
9
  // Following are required
10
10
  jti: tokenIdSchema,
11
- sub: subSchema,
11
+ sub: didSchema,
12
12
  exp: z.number().int(),
13
13
  iat: z.number().int(),
14
14
  iss: z.string().min(1),
@@ -1 +1 @@
1
- {"version":3,"file":"access-token-payload.js","sourceRoot":"","sources":["../../src/signer/access-token-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEpD,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB;KACrD,OAAO,EAAE;KACT,MAAM,CAAC;IACN,yBAAyB;IACzB,GAAG,EAAE,aAAa;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtB,2EAA2E;IAC3E,mCAAmC;IAEnC,6BAA6B;IAC7B,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { jwtPayloadSchema } from '@atproto/jwk'\nimport { clientIdSchema } from '../client/client-id.js'\nimport { subSchema } from '../oidc/sub.js'\nimport { tokenIdSchema } from '../token/token-id.js'\n\nexport const accessTokenPayloadSchema = jwtPayloadSchema\n .partial()\n .extend({\n // Following are required\n jti: tokenIdSchema,\n sub: subSchema,\n exp: z.number().int(),\n iat: z.number().int(),\n iss: z.string().min(1),\n\n // @NOTE \"aud\", \"scope\", \"client_id\" are not required, as are stored in the\n // DB in 'light' access token mode.\n\n // Restrict type of following\n client_id: clientIdSchema.optional(),\n })\n .passthrough()\n\nexport type AccessTokenPayload = z.infer<typeof accessTokenPayloadSchema>\n"]}
1
+ {"version":3,"file":"access-token-payload.js","sourceRoot":"","sources":["../../src/signer/access-token-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEpD,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB;KACrD,OAAO,EAAE;KACT,MAAM,CAAC;IACN,yBAAyB;IACzB,GAAG,EAAE,aAAa;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtB,2EAA2E;IAC3E,mCAAmC;IAEnC,6BAA6B;IAC7B,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { didSchema } from '@atproto/did'\nimport { jwtPayloadSchema } from '@atproto/jwk'\nimport { clientIdSchema } from '../client/client-id.js'\nimport { tokenIdSchema } from '../token/token-id.js'\n\nexport const accessTokenPayloadSchema = jwtPayloadSchema\n .partial()\n .extend({\n // Following are required\n jti: tokenIdSchema,\n sub: didSchema,\n exp: z.number().int(),\n iat: z.number().int(),\n iss: z.string().min(1),\n\n // @NOTE \"aud\", \"scope\", \"client_id\" are not required, as are stored in the\n // DB in 'light' access token mode.\n\n // Restrict type of following\n client_id: clientIdSchema.optional(),\n })\n .passthrough()\n\nexport type AccessTokenPayload = z.infer<typeof accessTokenPayloadSchema>\n"]}
@@ -1817,7 +1817,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
1817
1817
  t?: string | undefined;
1818
1818
  }[] | undefined;
1819
1819
  } & {
1820
- kid: NonNullable<unknown>;
1820
+ kid: {};
1821
1821
  }) | ({
1822
1822
  kid?: string | undefined;
1823
1823
  use?: "enc" | "sig" | undefined;
@@ -1841,7 +1841,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
1841
1841
  y: string;
1842
1842
  d?: string | undefined;
1843
1843
  } & {
1844
- kid: NonNullable<unknown>;
1844
+ kid: {};
1845
1845
  }) | ({
1846
1846
  kid?: string | undefined;
1847
1847
  use?: "enc" | "sig" | undefined;
@@ -1865,7 +1865,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
1865
1865
  y: string;
1866
1866
  d?: string | undefined;
1867
1867
  } & {
1868
- kid: NonNullable<unknown>;
1868
+ kid: {};
1869
1869
  }) | ({
1870
1870
  kid?: string | undefined;
1871
1871
  use?: "enc" | "sig" | undefined;
@@ -1888,7 +1888,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
1888
1888
  x: string;
1889
1889
  d?: string | undefined;
1890
1890
  } & {
1891
- kid: NonNullable<unknown>;
1891
+ kid: {};
1892
1892
  })) & {
1893
1893
  d?: never;
1894
1894
  }) | undefined;
@@ -2091,7 +2091,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
2091
2091
  privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2092
2092
  }, z.ZodTypeAny, "passthrough">>, "many">>;
2093
2093
  }, {
2094
- sub: z.ZodString;
2094
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
2095
2095
  deviceId: z.ZodEffects<z.ZodString, `dev-${string}`, string>;
2096
2096
  requestUri: z.ZodOptional<z.ZodEffects<z.ZodString, `urn:ietf:params:oauth:request_uri:req-${string}`, string>>;
2097
2097
  }>, "passthrough", z.ZodTypeAny, z.objectOutputType<z.objectUtil.extendShape<{
@@ -3912,7 +3912,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
3912
3912
  t?: string | undefined;
3913
3913
  }[] | undefined;
3914
3914
  } & {
3915
- kid: NonNullable<unknown>;
3915
+ kid: {};
3916
3916
  }) | ({
3917
3917
  kid?: string | undefined;
3918
3918
  use?: "enc" | "sig" | undefined;
@@ -3936,7 +3936,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
3936
3936
  y: string;
3937
3937
  d?: string | undefined;
3938
3938
  } & {
3939
- kid: NonNullable<unknown>;
3939
+ kid: {};
3940
3940
  }) | ({
3941
3941
  kid?: string | undefined;
3942
3942
  use?: "enc" | "sig" | undefined;
@@ -3960,7 +3960,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
3960
3960
  y: string;
3961
3961
  d?: string | undefined;
3962
3962
  } & {
3963
- kid: NonNullable<unknown>;
3963
+ kid: {};
3964
3964
  }) | ({
3965
3965
  kid?: string | undefined;
3966
3966
  use?: "enc" | "sig" | undefined;
@@ -3983,7 +3983,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
3983
3983
  x: string;
3984
3984
  d?: string | undefined;
3985
3985
  } & {
3986
- kid: NonNullable<unknown>;
3986
+ kid: {};
3987
3987
  })) & {
3988
3988
  d?: never;
3989
3989
  }) | undefined;
@@ -4186,7 +4186,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
4186
4186
  privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
4187
4187
  }, z.ZodTypeAny, "passthrough">>, "many">>;
4188
4188
  }, {
4189
- sub: z.ZodString;
4189
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
4190
4190
  deviceId: z.ZodEffects<z.ZodString, `dev-${string}`, string>;
4191
4191
  requestUri: z.ZodOptional<z.ZodEffects<z.ZodString, `urn:ietf:params:oauth:request_uri:req-${string}`, string>>;
4192
4192
  }>, z.ZodTypeAny, "passthrough">, z.objectInputType<z.objectUtil.extendShape<{
@@ -6007,7 +6007,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
6007
6007
  t?: string | undefined;
6008
6008
  }[] | undefined;
6009
6009
  } & {
6010
- kid: NonNullable<unknown>;
6010
+ kid: {};
6011
6011
  }) | ({
6012
6012
  kid?: string | undefined;
6013
6013
  use?: "enc" | "sig" | undefined;
@@ -6031,7 +6031,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
6031
6031
  y: string;
6032
6032
  d?: string | undefined;
6033
6033
  } & {
6034
- kid: NonNullable<unknown>;
6034
+ kid: {};
6035
6035
  }) | ({
6036
6036
  kid?: string | undefined;
6037
6037
  use?: "enc" | "sig" | undefined;
@@ -6055,7 +6055,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
6055
6055
  y: string;
6056
6056
  d?: string | undefined;
6057
6057
  } & {
6058
- kid: NonNullable<unknown>;
6058
+ kid: {};
6059
6059
  }) | ({
6060
6060
  kid?: string | undefined;
6061
6061
  use?: "enc" | "sig" | undefined;
@@ -6078,7 +6078,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
6078
6078
  x: string;
6079
6079
  d?: string | undefined;
6080
6080
  } & {
6081
- kid: NonNullable<unknown>;
6081
+ kid: {};
6082
6082
  })) & {
6083
6083
  d?: never;
6084
6084
  }) | undefined;
@@ -6281,7 +6281,7 @@ export declare const apiTokenPayloadSchema: z.ZodObject<z.objectUtil.extendShape
6281
6281
  privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
6282
6282
  }, z.ZodTypeAny, "passthrough">>, "many">>;
6283
6283
  }, {
6284
- sub: z.ZodString;
6284
+ sub: z.ZodEffects<z.ZodString, `did:${string}:${string}`, string>;
6285
6285
  deviceId: z.ZodEffects<z.ZodString, `dev-${string}`, string>;
6286
6286
  requestUri: z.ZodOptional<z.ZodEffects<z.ZodString, `urn:ietf:params:oauth:request_uri:req-${string}`, string>>;
6287
6287
  }>, z.ZodTypeAny, "passthrough">>;
@@ -1,10 +1,10 @@
1
+ import { didSchema } from '@atproto/did';
1
2
  import { jwtPayloadSchema } from '@atproto/jwk';
2
3
  import { deviceIdSchema } from '../oauth-store.js';
3
- import { subSchema } from '../oidc/sub.js';
4
4
  import { requestUriSchema } from '../request/request-uri.js';
5
5
  export const apiTokenPayloadSchema = jwtPayloadSchema
6
6
  .extend({
7
- sub: subSchema,
7
+ sub: didSchema,
8
8
  deviceId: deviceIdSchema,
9
9
  // If the token is bound to a particular authorization request, it can only
10
10
  // be used in the context of that request.
@@ -1 +1 @@
1
- {"version":3,"file":"api-token-payload.js","sourceRoot":"","sources":["../../src/signer/api-token-payload.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAE5D,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB;KAClD,MAAM,CAAC;IACN,GAAG,EAAE,SAAS;IAEd,QAAQ,EAAE,cAAc;IACxB,2EAA2E;IAC3E,0CAA0C;IAC1C,UAAU,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACxC,CAAC;KACD,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { jwtPayloadSchema } from '@atproto/jwk'\nimport { deviceIdSchema } from '../oauth-store.js'\nimport { subSchema } from '../oidc/sub.js'\nimport { requestUriSchema } from '../request/request-uri.js'\n\nexport const apiTokenPayloadSchema = jwtPayloadSchema\n .extend({\n sub: subSchema,\n\n deviceId: deviceIdSchema,\n // If the token is bound to a particular authorization request, it can only\n // be used in the context of that request.\n requestUri: requestUriSchema.optional(),\n })\n .passthrough()\n\nexport type ApiTokenPayload = z.infer<typeof apiTokenPayloadSchema>\n"]}
1
+ {"version":3,"file":"api-token-payload.js","sourceRoot":"","sources":["../../src/signer/api-token-payload.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAE5D,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB;KAClD,MAAM,CAAC;IACN,GAAG,EAAE,SAAS;IAEd,QAAQ,EAAE,cAAc;IACxB,2EAA2E;IAC3E,0CAA0C;IAC1C,UAAU,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACxC,CAAC;KACD,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { didSchema } from '@atproto/did'\nimport { jwtPayloadSchema } from '@atproto/jwk'\nimport { deviceIdSchema } from '../oauth-store.js'\nimport { requestUriSchema } from '../request/request-uri.js'\n\nexport const apiTokenPayloadSchema = jwtPayloadSchema\n .extend({\n sub: didSchema,\n\n deviceId: deviceIdSchema,\n // If the token is bound to a particular authorization request, it can only\n // be used in the context of that request.\n requestUri: requestUriSchema.optional(),\n })\n .passthrough()\n\nexport type ApiTokenPayload = z.infer<typeof apiTokenPayloadSchema>\n"]}
@@ -1,4 +1,4 @@
1
- import { JwtPayload, JwtPayloadGetter, JwtSignHeader, Keyset, SignedJwt, VerifyOptions } from '@atproto/jwk';
1
+ import { JwtHeader, JwtPayload, JwtPayloadGetter, JwtSignHeader, Key, Keyset, SignedJwt, VerifyOptions, VerifyResult } from '@atproto/jwk';
2
2
  import { OmitKey, RequiredKey } from '../lib/util/type.js';
3
3
  import { AccessTokenPayload } from './access-token-payload.js';
4
4
  import { ApiTokenPayload } from './api-token-payload.js';
@@ -11,199 +11,18 @@ export declare class Signer {
11
11
  readonly issuer: string;
12
12
  readonly keyset: Keyset;
13
13
  constructor(issuer: string, keyset: Keyset);
14
- verify<C extends string = never>(token: SignedJwt, options?: Omit<VerifyOptions<C>, 'issuer'>): Promise<import("@atproto/jwk").VerifyResult<C> & {
15
- key: import("@atproto/jwk").Key<{
16
- kid?: string | undefined;
17
- use?: "enc" | "sig" | undefined;
18
- key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
19
- x5c?: string[] | undefined;
20
- x5t?: string | undefined;
21
- 'x5t#S256'?: string | undefined;
22
- x5u?: string | undefined;
23
- ext?: boolean | undefined;
24
- iat?: number | undefined;
25
- exp?: number | undefined;
26
- nbf?: number | undefined;
27
- revoked?: {
28
- revoked_at: number;
29
- reason?: string | undefined;
30
- } | undefined;
31
- kty: "RSA";
32
- alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
33
- n: string;
34
- e: string;
35
- d?: string | undefined;
36
- p?: string | undefined;
37
- q?: string | undefined;
38
- dp?: string | undefined;
39
- dq?: string | undefined;
40
- qi?: string | undefined;
41
- oth?: {
42
- r?: string | undefined;
43
- d?: string | undefined;
44
- t?: string | undefined;
45
- }[] | undefined;
46
- } | {
47
- kid?: string | undefined;
48
- use?: "enc" | "sig" | undefined;
49
- key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
50
- x5c?: string[] | undefined;
51
- x5t?: string | undefined;
52
- 'x5t#S256'?: string | undefined;
53
- x5u?: string | undefined;
54
- ext?: boolean | undefined;
55
- iat?: number | undefined;
56
- exp?: number | undefined;
57
- nbf?: number | undefined;
58
- revoked?: {
59
- revoked_at: number;
60
- reason?: string | undefined;
61
- } | undefined;
62
- kty: "EC";
63
- alg?: "ES256" | "ES384" | "ES512" | undefined;
64
- crv: "P-256" | "P-384" | "P-521";
65
- x: string;
66
- y: string;
67
- d?: string | undefined;
68
- } | {
69
- kid?: string | undefined;
70
- use?: "enc" | "sig" | undefined;
71
- key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
72
- x5c?: string[] | undefined;
73
- x5t?: string | undefined;
74
- 'x5t#S256'?: string | undefined;
75
- x5u?: string | undefined;
76
- ext?: boolean | undefined;
77
- iat?: number | undefined;
78
- exp?: number | undefined;
79
- nbf?: number | undefined;
80
- revoked?: {
81
- revoked_at: number;
82
- reason?: string | undefined;
83
- } | undefined;
84
- kty: "EC";
85
- alg?: "ES256K" | undefined;
86
- crv: "secp256k1";
87
- x: string;
88
- y: string;
89
- d?: string | undefined;
90
- } | {
91
- kid?: string | undefined;
92
- use?: "enc" | "sig" | undefined;
93
- key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
94
- x5c?: string[] | undefined;
95
- x5t?: string | undefined;
96
- 'x5t#S256'?: string | undefined;
97
- x5u?: string | undefined;
98
- ext?: boolean | undefined;
99
- iat?: number | undefined;
100
- exp?: number | undefined;
101
- nbf?: number | undefined;
102
- revoked?: {
103
- revoked_at: number;
104
- reason?: string | undefined;
105
- } | undefined;
106
- kty: "OKP";
107
- alg?: "EdDSA" | undefined;
108
- crv: "Ed25519" | "Ed448";
109
- x: string;
110
- d?: string | undefined;
111
- } | {
112
- kid?: string | undefined;
113
- use?: "enc" | "sig" | undefined;
114
- key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
115
- x5c?: string[] | undefined;
116
- x5t?: string | undefined;
117
- 'x5t#S256'?: string | undefined;
118
- x5u?: string | undefined;
119
- ext?: boolean | undefined;
120
- iat?: number | undefined;
121
- exp?: number | undefined;
122
- nbf?: number | undefined;
123
- revoked?: {
124
- revoked_at: number;
125
- reason?: string | undefined;
126
- } | undefined;
127
- kty: "oct";
128
- alg?: "HS256" | "HS384" | "HS512" | undefined;
129
- k: string;
130
- }>;
14
+ verify<C extends string = never>(token: SignedJwt, options?: Omit<VerifyOptions<C>, 'issuer'>): Promise<VerifyResult<C> & {
15
+ key: Key;
131
16
  }>;
132
17
  sign(signHeader: JwtSignHeader, payload: SignPayload | JwtPayloadGetter<SignPayload>): Promise<SignedJwt>;
133
18
  createAccessToken(payload: OmitKey<AccessTokenPayload, 'iss'>): Promise<SignedJwt>;
134
19
  verifyAccessToken<C extends string = never>(token: SignedJwt, options?: Omit<VerifyOptions<C>, 'issuer' | 'typ'>): Promise<{
135
- protectedHeader: import("zod").objectOutputType<{
136
- alg: import("zod").ZodString;
137
- jku: import("zod").ZodOptional<import("zod").ZodString>;
138
- jwk: import("zod").ZodOptional<import("zod").ZodObject<{
139
- kty: import("zod").ZodString;
140
- crv: import("zod").ZodOptional<import("zod").ZodString>;
141
- x: import("zod").ZodOptional<import("zod").ZodString>;
142
- y: import("zod").ZodOptional<import("zod").ZodString>;
143
- e: import("zod").ZodOptional<import("zod").ZodString>;
144
- n: import("zod").ZodOptional<import("zod").ZodString>;
145
- }, "strip", import("zod").ZodTypeAny, {
146
- kty: string;
147
- crv?: string | undefined;
148
- x?: string | undefined;
149
- y?: string | undefined;
150
- e?: string | undefined;
151
- n?: string | undefined;
152
- }, {
153
- kty: string;
154
- crv?: string | undefined;
155
- x?: string | undefined;
156
- y?: string | undefined;
157
- e?: string | undefined;
158
- n?: string | undefined;
159
- }>>;
160
- kid: import("zod").ZodOptional<import("zod").ZodString>;
161
- x5u: import("zod").ZodOptional<import("zod").ZodString>;
162
- x5c: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
163
- x5t: import("zod").ZodOptional<import("zod").ZodString>;
164
- 'x5t#S256': import("zod").ZodOptional<import("zod").ZodString>;
165
- typ: import("zod").ZodOptional<import("zod").ZodString>;
166
- cty: import("zod").ZodOptional<import("zod").ZodString>;
167
- crit: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
168
- }, import("zod").ZodTypeAny, "passthrough">;
20
+ protectedHeader: JwtHeader;
169
21
  payload: RequiredKey<AccessTokenPayload, C>;
170
22
  }>;
171
- createEphemeralToken(payload: OmitKey<ApiTokenPayload, 'iss' | 'aud' | 'iat'>): Promise<`${string}.${string}.${string}`>;
23
+ createEphemeralToken(payload: OmitKey<ApiTokenPayload, 'iss' | 'aud' | 'iat'>): Promise<SignedJwt>;
172
24
  verifyEphemeralToken<C extends string = never>(token: SignedJwt, options?: Omit<VerifyOptions<C>, 'issuer' | 'audience' | 'typ'>): Promise<{
173
- protectedHeader: import("zod").objectOutputType<{
174
- alg: import("zod").ZodString;
175
- jku: import("zod").ZodOptional<import("zod").ZodString>;
176
- jwk: import("zod").ZodOptional<import("zod").ZodObject<{
177
- kty: import("zod").ZodString;
178
- crv: import("zod").ZodOptional<import("zod").ZodString>;
179
- x: import("zod").ZodOptional<import("zod").ZodString>;
180
- y: import("zod").ZodOptional<import("zod").ZodString>;
181
- e: import("zod").ZodOptional<import("zod").ZodString>;
182
- n: import("zod").ZodOptional<import("zod").ZodString>;
183
- }, "strip", import("zod").ZodTypeAny, {
184
- kty: string;
185
- crv?: string | undefined;
186
- x?: string | undefined;
187
- y?: string | undefined;
188
- e?: string | undefined;
189
- n?: string | undefined;
190
- }, {
191
- kty: string;
192
- crv?: string | undefined;
193
- x?: string | undefined;
194
- y?: string | undefined;
195
- e?: string | undefined;
196
- n?: string | undefined;
197
- }>>;
198
- kid: import("zod").ZodOptional<import("zod").ZodString>;
199
- x5u: import("zod").ZodOptional<import("zod").ZodString>;
200
- x5c: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
201
- x5t: import("zod").ZodOptional<import("zod").ZodString>;
202
- 'x5t#S256': import("zod").ZodOptional<import("zod").ZodString>;
203
- typ: import("zod").ZodOptional<import("zod").ZodString>;
204
- cty: import("zod").ZodOptional<import("zod").ZodString>;
205
- crit: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
206
- }, import("zod").ZodTypeAny, "passthrough">;
25
+ protectedHeader: JwtHeader;
207
26
  payload: RequiredKey<ApiTokenPayload, C>;
208
27
  }>;
209
28
  }
@@ -1 +1 @@
1
- {"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,MAAM,EACN,SAAS,EACT,aAAa,EACd,MAAM,cAAc,CAAA;AAGrB,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EACL,kBAAkB,EAEnB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,eAAe,EAAyB,MAAM,wBAAwB,CAAA;AAE/E,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG;IAAE,GAAG,CAAC,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtD,OAAO,EAAE,MAAM,EAAE,CAAA;AACjB,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;AAEzE,qBAAa,MAAM;aAEC,MAAM,EAAE,MAAM;aACd,MAAM,EAAE,MAAM;IAFhC,YACkB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EAC5B;IAEE,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACnC,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAM3C;IAEY,IAAI,CACf,UAAU,EAAE,aAAa,EACzB,OAAO,EAAE,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC,GACnD,OAAO,CAAC,SAAS,CAAC,CAOpB;IAEK,iBAAiB,CACrB,OAAO,EAAE,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,GAC1C,OAAO,CAAC,SAAS,CAAC,CASpB;IAEK,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EAC9C,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAKW,WAAW,CACpE,kBAAkB,EAClB,CAAC,CACF;OAEJ;IAEK,oBAAoB,CACxB,OAAO,EAAE,OAAO,CAAC,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,4CAazD;IAEK,oBAAoB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACjD,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAUL,WAAW,CACjE,eAAe,EACf,CAAC,CACF;OAEJ;CACF"}
1
+ {"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,GAAG,EACH,MAAM,EACN,SAAS,EACT,aAAa,EACb,YAAY,EACb,MAAM,cAAc,CAAA;AAGrB,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EACL,kBAAkB,EAEnB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,eAAe,EAAyB,MAAM,wBAAwB,CAAA;AAE/E,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG;IAAE,GAAG,CAAC,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtD,OAAO,EAAE,MAAM,EAAE,CAAA;AACjB,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;AAEzE,qBAAa,MAAM;aAEC,MAAM,EAAE,MAAM;aACd,MAAM,EAAE,MAAM;IAFhC,YACkB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EAC5B;IAEE,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACnC,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,GACzC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,CAAC,CAKzC;IAEY,IAAI,CACf,UAAU,EAAE,aAAa,EACzB,OAAO,EAAE,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC,GACnD,OAAO,CAAC,SAAS,CAAC,CAOpB;IAEK,iBAAiB,CACrB,OAAO,EAAE,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,GAC1C,OAAO,CAAC,SAAS,CAAC,CASpB;IAEK,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EAC9C,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC,GACjD,OAAO,CAAC;QACT,eAAe,EAAE,SAAS,CAAA;QAC1B,OAAO,EAAE,WAAW,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAA;KAC5C,CAAC,CASD;IAEK,oBAAoB,CACxB,OAAO,EAAE,OAAO,CAAC,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,GACvD,OAAO,CAAC,SAAS,CAAC,CAYpB;IAEK,oBAAoB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACjD,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC,GAC9D,OAAO,CAAC;QACT,eAAe,EAAE,SAAS,CAAA;QAC1B,OAAO,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC,CAAA;KACzC,CAAC,CAcD;CACF"}
@@ -1 +1 @@
1
- {"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,MAAM,GAGP,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAEjD,OAAO,EAEL,wBAAwB,GACzB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAmB,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAI/E,OAAO,EAAE,MAAM,EAAE,CAAA;AAGjB,MAAM,OAAO,MAAM;IACjB,YACkB,MAAc,EACd,MAAc;sBADd,MAAM;sBACN,MAAM;IACrB,CAAC;IAEJ,KAAK,CAAC,MAAM,CACV,KAAgB,EAChB,OAA0C;QAE1C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAI,KAAK,EAAE;YACrC,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,UAAyB,EACzB,OAAoD;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,OAAO,OAAO,KAAK,UAAU;gBAC/B,CAAC,CAAC,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC;gBACrC,CAAC,CAAC,OAAO,CAAC;YACZ,GAAG,EAAE,IAAI,CAAC,MAAM;SACjB,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAA2C;QAE3C,OAAO,IAAI,CAAC,IAAI,CACd;YACE,4DAA4D;YAC5D,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD,OAAO,CACR,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAgB,EAChB,OAAkD;QAElD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAA;QACzE,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGrD;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAwD;QAExD,OAAO,IAAI,CAAC,IAAI,CACd;YACE,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD;YACE,GAAG,OAAO;YACV,GAAG,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YACxC,GAAG,EAAE,WAAW,EAAE;SACnB,CACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAgB,EAChB,OAA+D;QAE/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE;YACzC,GAAG,OAAO;YACV,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,yBAAyB,GAAG,GAAG;YACpE,QAAQ,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YAC7C,GAAG,EAAE,QAAQ;SACd,CAAC,CAAA;QACF,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGlD;SACF,CAAA;IACH,CAAC;CACF","sourcesContent":["import {\n JwtPayload,\n JwtPayloadGetter,\n JwtSignHeader,\n Keyset,\n SignedJwt,\n VerifyOptions,\n} from '@atproto/jwk'\nimport { EPHEMERAL_SESSION_MAX_AGE } from '../constants.js'\nimport { dateToEpoch } from '../lib/util/date.js'\nimport { OmitKey, RequiredKey } from '../lib/util/type.js'\nimport {\n AccessTokenPayload,\n accessTokenPayloadSchema,\n} from './access-token-payload.js'\nimport { ApiTokenPayload, apiTokenPayloadSchema } from './api-token-payload.js'\n\nexport type SignPayload = JwtPayload & { iss?: never }\n\nexport { Keyset }\nexport type { JwtPayloadGetter, JwtSignHeader, SignedJwt, VerifyOptions }\n\nexport class Signer {\n constructor(\n public readonly issuer: string,\n public readonly keyset: Keyset,\n ) {}\n\n async verify<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer'>,\n ) {\n return this.keyset.verifyJwt<C>(token, {\n ...options,\n issuer: [this.issuer],\n })\n }\n\n public async sign(\n signHeader: JwtSignHeader,\n payload: SignPayload | JwtPayloadGetter<SignPayload>,\n ): Promise<SignedJwt> {\n return this.keyset.createJwt(signHeader, async (protectedHeader, key) => ({\n ...(typeof payload === 'function'\n ? await payload(protectedHeader, key)\n : payload),\n iss: this.issuer,\n }))\n }\n\n async createAccessToken(\n payload: OmitKey<AccessTokenPayload, 'iss'>,\n ): Promise<SignedJwt> {\n return this.sign(\n {\n // https://datatracker.ietf.org/doc/html/rfc9068#section-2.1\n alg: undefined,\n typ: 'at+jwt',\n },\n payload,\n )\n }\n\n async verifyAccessToken<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer' | 'typ'>,\n ) {\n const result = await this.verify<C>(token, { ...options, typ: 'at+jwt' })\n return {\n protectedHeader: result.protectedHeader,\n payload: accessTokenPayloadSchema.parse(result.payload) as RequiredKey<\n AccessTokenPayload,\n C\n >,\n }\n }\n\n async createEphemeralToken(\n payload: OmitKey<ApiTokenPayload, 'iss' | 'aud' | 'iat'>,\n ) {\n return this.sign(\n {\n alg: undefined,\n typ: 'at+jwt',\n },\n {\n ...payload,\n aud: `oauth-provider-api@${this.issuer}`,\n iat: dateToEpoch(),\n },\n )\n }\n\n async verifyEphemeralToken<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer' | 'audience' | 'typ'>,\n ) {\n const result = await this.verify<C>(token, {\n ...options,\n maxTokenAge: options?.maxTokenAge ?? EPHEMERAL_SESSION_MAX_AGE / 1e3,\n audience: `oauth-provider-api@${this.issuer}`,\n typ: 'at+jwt',\n })\n return {\n protectedHeader: result.protectedHeader,\n payload: apiTokenPayloadSchema.parse(result.payload) as RequiredKey<\n ApiTokenPayload,\n C\n >,\n }\n }\n}\n"]}
1
+ {"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAML,MAAM,GAIP,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAEjD,OAAO,EAEL,wBAAwB,GACzB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAmB,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAI/E,OAAO,EAAE,MAAM,EAAE,CAAA;AAGjB,MAAM,OAAO,MAAM;IACjB,YACkB,MAAc,EACd,MAAc;sBADd,MAAM;sBACN,MAAM;IACrB,CAAC;IAEJ,KAAK,CAAC,MAAM,CACV,KAAgB,EAChB,OAA0C;QAE1C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAI,KAAK,EAAE;YACrC,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,UAAyB,EACzB,OAAoD;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,OAAO,OAAO,KAAK,UAAU;gBAC/B,CAAC,CAAC,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC;gBACrC,CAAC,CAAC,OAAO,CAAC;YACZ,GAAG,EAAE,IAAI,CAAC,MAAM;SACjB,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAA2C;QAE3C,OAAO,IAAI,CAAC,IAAI,CACd;YACE,4DAA4D;YAC5D,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD,OAAO,CACR,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAgB,EAChB,OAAkD;QAKlD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAA;QACzE,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGrD;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAwD;QAExD,OAAO,IAAI,CAAC,IAAI,CACd;YACE,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD;YACE,GAAG,OAAO;YACV,GAAG,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YACxC,GAAG,EAAE,WAAW,EAAE;SACnB,CACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAgB,EAChB,OAA+D;QAK/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE;YACzC,GAAG,OAAO;YACV,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,yBAAyB,GAAG,GAAG;YACpE,QAAQ,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YAC7C,GAAG,EAAE,QAAQ;SACd,CAAC,CAAA;QACF,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGlD;SACF,CAAA;IACH,CAAC;CACF","sourcesContent":["import {\n JwtHeader,\n JwtPayload,\n JwtPayloadGetter,\n JwtSignHeader,\n Key,\n Keyset,\n SignedJwt,\n VerifyOptions,\n VerifyResult,\n} from '@atproto/jwk'\nimport { EPHEMERAL_SESSION_MAX_AGE } from '../constants.js'\nimport { dateToEpoch } from '../lib/util/date.js'\nimport { OmitKey, RequiredKey } from '../lib/util/type.js'\nimport {\n AccessTokenPayload,\n accessTokenPayloadSchema,\n} from './access-token-payload.js'\nimport { ApiTokenPayload, apiTokenPayloadSchema } from './api-token-payload.js'\n\nexport type SignPayload = JwtPayload & { iss?: never }\n\nexport { Keyset }\nexport type { JwtPayloadGetter, JwtSignHeader, SignedJwt, VerifyOptions }\n\nexport class Signer {\n constructor(\n public readonly issuer: string,\n public readonly keyset: Keyset,\n ) {}\n\n async verify<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer'>,\n ): Promise<VerifyResult<C> & { key: Key }> {\n return this.keyset.verifyJwt<C>(token, {\n ...options,\n issuer: [this.issuer],\n })\n }\n\n public async sign(\n signHeader: JwtSignHeader,\n payload: SignPayload | JwtPayloadGetter<SignPayload>,\n ): Promise<SignedJwt> {\n return this.keyset.createJwt(signHeader, async (protectedHeader, key) => ({\n ...(typeof payload === 'function'\n ? await payload(protectedHeader, key)\n : payload),\n iss: this.issuer,\n }))\n }\n\n async createAccessToken(\n payload: OmitKey<AccessTokenPayload, 'iss'>,\n ): Promise<SignedJwt> {\n return this.sign(\n {\n // https://datatracker.ietf.org/doc/html/rfc9068#section-2.1\n alg: undefined,\n typ: 'at+jwt',\n },\n payload,\n )\n }\n\n async verifyAccessToken<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer' | 'typ'>,\n ): Promise<{\n protectedHeader: JwtHeader\n payload: RequiredKey<AccessTokenPayload, C>\n }> {\n const result = await this.verify<C>(token, { ...options, typ: 'at+jwt' })\n return {\n protectedHeader: result.protectedHeader,\n payload: accessTokenPayloadSchema.parse(result.payload) as RequiredKey<\n AccessTokenPayload,\n C\n >,\n }\n }\n\n async createEphemeralToken(\n payload: OmitKey<ApiTokenPayload, 'iss' | 'aud' | 'iat'>,\n ): Promise<SignedJwt> {\n return this.sign(\n {\n alg: undefined,\n typ: 'at+jwt',\n },\n {\n ...payload,\n aud: `oauth-provider-api@${this.issuer}`,\n iat: dateToEpoch(),\n },\n )\n }\n\n async verifyEphemeralToken<C extends string = never>(\n token: SignedJwt,\n options?: Omit<VerifyOptions<C>, 'issuer' | 'audience' | 'typ'>,\n ): Promise<{\n protectedHeader: JwtHeader\n payload: RequiredKey<ApiTokenPayload, C>\n }> {\n const result = await this.verify<C>(token, {\n ...options,\n maxTokenAge: options?.maxTokenAge ?? EPHEMERAL_SESSION_MAX_AGE / 1e3,\n audience: `oauth-provider-api@${this.issuer}`,\n typ: 'at+jwt',\n })\n return {\n protectedHeader: result.protectedHeader,\n payload: apiTokenPayloadSchema.parse(result.payload) as RequiredKey<\n ApiTokenPayload,\n C\n >,\n }\n }\n}\n"]}
@@ -1,3 +1,4 @@
1
+ import { Did } from '@atproto/did';
1
2
  import { OAuthScope } from '@atproto/oauth-types';
2
3
  import { ClientId } from '../client/client-id.js';
3
4
  import { TokenId } from './token-id.js';
@@ -10,7 +11,7 @@ import { TokenId } from './token-id.js';
10
11
  */
11
12
  export type TokenClaims = {
12
13
  jti: TokenId;
13
- sub: string;
14
+ sub: Did;
14
15
  iat: number;
15
16
  exp: number;
16
17
  aud: string | [string, ...string[]];
@@ -1 +1 @@
1
- {"version":3,"file":"token-claims.d.ts","sourceRoot":"","sources":["../../src/token/token-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,GAAG,EAAE,OAAO,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IACrB,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,SAAS,EAAE,QAAQ,CAAA;CACpB,CAAA"}
1
+ {"version":3,"file":"token-claims.d.ts","sourceRoot":"","sources":["../../src/token/token-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,GAAG,EAAE,OAAO,CAAA;IACZ,GAAG,EAAE,GAAG,CAAA;IACR,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IACrB,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,SAAS,EAAE,QAAQ,CAAA;CACpB,CAAA"}
@@ -1 +1 @@
1
- {"version":3,"file":"token-claims.js","sourceRoot":"","sources":["../../src/token/token-claims.ts"],"names":[],"mappings":"","sourcesContent":["import { OAuthScope } from '@atproto/oauth-types'\nimport { ClientId } from '../client/client-id.js'\nimport { TokenId } from './token-id.js'\n\n/**\n * The access token claims that will be set by the {@link TokenManager} and that\n * will be passed to the \"onCreateToken\" hook.\n *\n * @note \"iss\" is missing here because it cannot be altered and will always be\n * set to the Authorization Server's identifier.\n */\nexport type TokenClaims = {\n jti: TokenId\n sub: string\n iat: number\n exp: number\n aud: string | [string, ...string[]]\n cnf?: { jkt: string }\n scope?: OAuthScope\n client_id: ClientId\n}\n"]}
1
+ {"version":3,"file":"token-claims.js","sourceRoot":"","sources":["../../src/token/token-claims.ts"],"names":[],"mappings":"","sourcesContent":["import { Did } from '@atproto/did'\nimport { OAuthScope } from '@atproto/oauth-types'\nimport { ClientId } from '../client/client-id.js'\nimport { TokenId } from './token-id.js'\n\n/**\n * The access token claims that will be set by the {@link TokenManager} and that\n * will be passed to the \"onCreateToken\" hook.\n *\n * @note \"iss\" is missing here because it cannot be altered and will always be\n * set to the Authorization Server's identifier.\n */\nexport type TokenClaims = {\n jti: TokenId\n sub: Did\n iat: number\n exp: number\n aud: string | [string, ...string[]]\n cnf?: { jkt: string }\n scope?: OAuthScope\n client_id: ClientId\n}\n"]}
@@ -1,10 +1,10 @@
1
+ import { Did } from '@atproto/did';
1
2
  import { OAuthAuthorizationDetails, OAuthAuthorizationRequestParameters } from '@atproto/oauth-types';
2
3
  import { ClientAuth, ClientAuthLegacy } from '../client/client-auth.js';
3
4
  import { ClientId } from '../client/client-id.js';
4
5
  import { DeviceId } from '../device/device-id.js';
5
- import { Sub } from '../oidc/sub.js';
6
6
  import { Code } from '../request/code.js';
7
- export type { ClientAuth, ClientId, Code, DeviceId, OAuthAuthorizationDetails, OAuthAuthorizationRequestParameters, Sub, };
7
+ export type { ClientAuth, ClientId, Code, DeviceId, Did, OAuthAuthorizationDetails, OAuthAuthorizationRequestParameters, };
8
8
  export type TokenData = {
9
9
  createdAt: Date;
10
10
  updatedAt: Date;
@@ -12,7 +12,7 @@ export type TokenData = {
12
12
  clientId: ClientId;
13
13
  clientAuth: ClientAuth | ClientAuthLegacy;
14
14
  deviceId: DeviceId | null;
15
- sub: Sub;
15
+ did: Did;
16
16
  parameters: OAuthAuthorizationRequestParameters;
17
17
  details?: null;
18
18
  code: Code | null;
@@ -1 +1 @@
1
- {"version":3,"file":"token-data.d.ts","sourceRoot":"","sources":["../../src/token/token-data.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AACvE,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AAEzC,YAAY,EACV,UAAU,EACV,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,yBAAyB,EACzB,mCAAmC,EACnC,GAAG,GACJ,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,UAAU,GAAG,gBAAgB,CAAA;IACzC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAA;IACzB,GAAG,EAAE,GAAG,CAAA;IACR,UAAU,EAAE,mCAAmC,CAAA;IAC/C,OAAO,CAAC,EAAE,IAAI,CAAA;IACd,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IAEjB;;;;;OAKG;IACH,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB,CAAA"}
1
+ {"version":3,"file":"token-data.d.ts","sourceRoot":"","sources":["../../src/token/token-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AACvE,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AAEzC,YAAY,EACV,UAAU,EACV,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,GAAG,EACH,yBAAyB,EACzB,mCAAmC,GACpC,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,UAAU,GAAG,gBAAgB,CAAA;IACzC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAA;IACzB,GAAG,EAAE,GAAG,CAAA;IACR,UAAU,EAAE,mCAAmC,CAAA;IAC/C,OAAO,CAAC,EAAE,IAAI,CAAA;IACd,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IAEjB;;;;;OAKG;IACH,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB,CAAA"}
@@ -1 +1 @@
1
- {"version":3,"file":"token-data.js","sourceRoot":"","sources":["../../src/token/token-data.ts"],"names":[],"mappings":"","sourcesContent":["import {\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n} from '@atproto/oauth-types'\nimport { ClientAuth, ClientAuthLegacy } from '../client/client-auth.js'\nimport { ClientId } from '../client/client-id.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { Sub } from '../oidc/sub.js'\nimport { Code } from '../request/code.js'\n\nexport type {\n ClientAuth,\n ClientId,\n Code,\n DeviceId,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n Sub,\n}\n\nexport type TokenData = {\n createdAt: Date\n updatedAt: Date\n expiresAt: Date\n clientId: ClientId\n clientAuth: ClientAuth | ClientAuthLegacy\n deviceId: DeviceId | null\n sub: Sub\n parameters: OAuthAuthorizationRequestParameters\n details?: null // Legacy field, not used\n code: Code | null\n\n /**\n * This will contain the parameter scope, translated into permissions\n *\n * @note null because this didn't use to exist. New tokens should always\n * include a scope.\n */\n scope: string | null\n}\n"]}
1
+ {"version":3,"file":"token-data.js","sourceRoot":"","sources":["../../src/token/token-data.ts"],"names":[],"mappings":"","sourcesContent":["import { Did } from '@atproto/did'\nimport {\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n} from '@atproto/oauth-types'\nimport { ClientAuth, ClientAuthLegacy } from '../client/client-auth.js'\nimport { ClientId } from '../client/client-id.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { Code } from '../request/code.js'\n\nexport type {\n ClientAuth,\n ClientId,\n Code,\n DeviceId,\n Did,\n OAuthAuthorizationDetails,\n OAuthAuthorizationRequestParameters,\n}\n\nexport type TokenData = {\n createdAt: Date\n updatedAt: Date\n expiresAt: Date\n clientId: ClientId\n clientAuth: ClientAuth | ClientAuthLegacy\n deviceId: DeviceId | null\n did: Did\n parameters: OAuthAuthorizationRequestParameters\n details?: null // Legacy field, not used\n code: Code | null\n\n /**\n * This will contain the parameter scope, translated into permissions\n *\n * @note null because this didn't use to exist. New tokens should always\n * include a scope.\n */\n scope: string | null\n}\n"]}