@atproto/oauth-provider 0.19.6 → 0.19.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. package/CHANGELOG.md +33 -0
  2. package/dist/errors/error-parser.js +5 -5
  3. package/dist/errors/error-parser.js.map +1 -1
  4. package/package.json +22 -18
  5. package/src/access-token/access-token-mode.ts +0 -4
  6. package/src/account/account-manager.ts +0 -591
  7. package/src/account/account-store.ts +0 -305
  8. package/src/account/sign-in-data.ts +0 -15
  9. package/src/account/sign-up-input.ts +0 -20
  10. package/src/client/client-auth.ts +0 -64
  11. package/src/client/client-data.ts +0 -9
  12. package/src/client/client-id.ts +0 -4
  13. package/src/client/client-info.ts +0 -13
  14. package/src/client/client-manager.ts +0 -772
  15. package/src/client/client-store.ts +0 -35
  16. package/src/client/client-utils.ts +0 -37
  17. package/src/client/client.ts +0 -394
  18. package/src/constants.ts +0 -80
  19. package/src/customization/branding.ts +0 -12
  20. package/src/customization/build-customization-css.ts +0 -55
  21. package/src/customization/build-customization-data.ts +0 -24
  22. package/src/customization/colors.ts +0 -48
  23. package/src/customization/customization.ts +0 -29
  24. package/src/customization/links.ts +0 -10
  25. package/src/device/device-data.ts +0 -11
  26. package/src/device/device-id.ts +0 -27
  27. package/src/device/device-manager.ts +0 -292
  28. package/src/device/device-store.ts +0 -31
  29. package/src/device/session-id.ts +0 -21
  30. package/src/dpop/dpop-manager.ts +0 -214
  31. package/src/dpop/dpop-nonce.ts +0 -121
  32. package/src/dpop/dpop-proof.ts +0 -6
  33. package/src/errors/access-denied-error.ts +0 -12
  34. package/src/errors/account-selection-required-error.ts +0 -12
  35. package/src/errors/authorization-error.ts +0 -45
  36. package/src/errors/consent-required-error.ts +0 -12
  37. package/src/errors/error-parser.ts +0 -147
  38. package/src/errors/handle-unavailable-error.ts +0 -23
  39. package/src/errors/invalid-authorization-details-error.ts +0 -27
  40. package/src/errors/invalid-client-error.ts +0 -20
  41. package/src/errors/invalid-client-id-error.ts +0 -31
  42. package/src/errors/invalid-client-metadata-error.ts +0 -68
  43. package/src/errors/invalid-credentials-error.ts +0 -29
  44. package/src/errors/invalid-dpop-key-binding-error.ts +0 -21
  45. package/src/errors/invalid-dpop-proof-error.ts +0 -13
  46. package/src/errors/invalid-grant-error.ts +0 -21
  47. package/src/errors/invalid-invite-code-error.ts +0 -10
  48. package/src/errors/invalid-redirect-uri-error.ts +0 -17
  49. package/src/errors/invalid-request-error.ts +0 -32
  50. package/src/errors/invalid-scope-error.ts +0 -15
  51. package/src/errors/invalid-token-error.ts +0 -60
  52. package/src/errors/login-required-error.ts +0 -12
  53. package/src/errors/oauth-error.ts +0 -28
  54. package/src/errors/second-authentication-factor-required-error.ts +0 -25
  55. package/src/errors/unauthorized-client-error.ts +0 -20
  56. package/src/errors/use-dpop-nonce-error.ts +0 -32
  57. package/src/errors/www-authenticate-error.ts +0 -64
  58. package/src/index.ts +0 -16
  59. package/src/lexicon/lexicon-data.ts +0 -11
  60. package/src/lexicon/lexicon-getter.ts +0 -55
  61. package/src/lexicon/lexicon-manager.ts +0 -116
  62. package/src/lexicon/lexicon-store.ts +0 -35
  63. package/src/lib/csp/index.ts +0 -101
  64. package/src/lib/hcaptcha.ts +0 -228
  65. package/src/lib/html/README.md +0 -9
  66. package/src/lib/html/build-document.ts +0 -151
  67. package/src/lib/html/escapers.ts +0 -66
  68. package/src/lib/html/html.ts +0 -56
  69. package/src/lib/html/hydration-data.ts +0 -19
  70. package/src/lib/html/index.ts +0 -5
  71. package/src/lib/html/tags.ts +0 -67
  72. package/src/lib/html/util.ts +0 -17
  73. package/src/lib/http/README.md +0 -11
  74. package/src/lib/http/accept.ts +0 -90
  75. package/src/lib/http/context.ts +0 -42
  76. package/src/lib/http/headers.ts +0 -15
  77. package/src/lib/http/index.ts +0 -10
  78. package/src/lib/http/method.ts +0 -18
  79. package/src/lib/http/middleware.ts +0 -169
  80. package/src/lib/http/parser.ts +0 -101
  81. package/src/lib/http/path.ts +0 -82
  82. package/src/lib/http/request.ts +0 -256
  83. package/src/lib/http/response.ts +0 -122
  84. package/src/lib/http/route.ts +0 -60
  85. package/src/lib/http/router.ts +0 -117
  86. package/src/lib/http/security-headers.ts +0 -100
  87. package/src/lib/http/stream.ts +0 -57
  88. package/src/lib/http/types.ts +0 -16
  89. package/src/lib/http/url.ts +0 -23
  90. package/src/lib/nsid.ts +0 -10
  91. package/src/lib/redis.ts +0 -25
  92. package/src/lib/util/authorization-header.ts +0 -28
  93. package/src/lib/util/cast.ts +0 -18
  94. package/src/lib/util/color.ts +0 -168
  95. package/src/lib/util/crypto.ts +0 -32
  96. package/src/lib/util/date.ts +0 -7
  97. package/src/lib/util/error.ts +0 -7
  98. package/src/lib/util/function.ts +0 -39
  99. package/src/lib/util/locale.ts +0 -12
  100. package/src/lib/util/object.ts +0 -23
  101. package/src/lib/util/redirect-uri.ts +0 -46
  102. package/src/lib/util/time.ts +0 -49
  103. package/src/lib/util/type.ts +0 -182
  104. package/src/lib/util/ui8.ts +0 -14
  105. package/src/lib/util/well-known.ts +0 -8
  106. package/src/lib/util/zod-error.ts +0 -26
  107. package/src/lib/write-form-redirect.ts +0 -58
  108. package/src/lib/write-html.ts +0 -70
  109. package/src/metadata/build-metadata.ts +0 -141
  110. package/src/oauth-client.ts +0 -3
  111. package/src/oauth-dpop.ts +0 -2
  112. package/src/oauth-errors.ts +0 -26
  113. package/src/oauth-hooks.ts +0 -519
  114. package/src/oauth-middleware.ts +0 -53
  115. package/src/oauth-provider.ts +0 -1110
  116. package/src/oauth-store.ts +0 -12
  117. package/src/oauth-verifier.ts +0 -260
  118. package/src/replay/replay-manager.ts +0 -51
  119. package/src/replay/replay-store-memory.ts +0 -36
  120. package/src/replay/replay-store-redis.ts +0 -30
  121. package/src/replay/replay-store.ts +0 -44
  122. package/src/request/code.ts +0 -23
  123. package/src/request/request-data.ts +0 -36
  124. package/src/request/request-id.ts +0 -22
  125. package/src/request/request-manager.ts +0 -521
  126. package/src/request/request-store.ts +0 -60
  127. package/src/request/request-uri.ts +0 -42
  128. package/src/result/authorization-redirect-parameters.ts +0 -24
  129. package/src/result/authorization-result-authorize-page.ts +0 -16
  130. package/src/result/authorization-result-redirect.ts +0 -8
  131. package/src/router/assets/assets-manifest.ts +0 -117
  132. package/src/router/assets/assets.ts +0 -124
  133. package/src/router/assets/csrf.ts +0 -79
  134. package/src/router/assets/send-account-page.ts +0 -23
  135. package/src/router/assets/send-authorization-page.ts +0 -42
  136. package/src/router/assets/send-cookie-error-page.ts +0 -21
  137. package/src/router/assets/send-error-page.ts +0 -25
  138. package/src/router/assets/send-redirect.ts +0 -140
  139. package/src/router/create-account-page-middleware.ts +0 -88
  140. package/src/router/create-api-middleware.ts +0 -1051
  141. package/src/router/create-authorization-page-middleware.ts +0 -281
  142. package/src/router/create-oauth-middleware.ts +0 -257
  143. package/src/router/error-handler.ts +0 -6
  144. package/src/router/middleware-options.ts +0 -9
  145. package/src/signer/access-token-payload.ts +0 -25
  146. package/src/signer/api-token-payload.ts +0 -18
  147. package/src/signer/signer.ts +0 -121
  148. package/src/token/refresh-token.ts +0 -30
  149. package/src/token/token-claims.ts +0 -22
  150. package/src/token/token-data.ts +0 -40
  151. package/src/token/token-id.ts +0 -25
  152. package/src/token/token-manager.ts +0 -427
  153. package/src/token/token-store.ts +0 -88
  154. package/src/types/authorization-response-error.ts +0 -27
  155. package/src/types/color-hue.ts +0 -3
  156. package/src/types/email-otp.ts +0 -3
  157. package/src/types/email.ts +0 -26
  158. package/src/types/handle.ts +0 -23
  159. package/src/types/invite-code.ts +0 -4
  160. package/src/types/par-response-error.ts +0 -25
  161. package/src/types/password.ts +0 -4
  162. package/src/types/rgb-color.ts +0 -21
  163. package/tsconfig.build.json +0 -8
  164. package/tsconfig.build.tsbuildinfo +0 -1
  165. package/tsconfig.json +0 -4
@@ -1,305 +0,0 @@
1
- import type { Did } from '@atproto/did'
2
- import type {
3
- Account,
4
- ConfirmAccountDeletionInput,
5
- ConfirmEmailUpdateInput,
6
- ConfirmEmailVerificationInput,
7
- ConfirmResetPasswordInput,
8
- DeactivateAccountInput,
9
- InitiateAccountDeletionInput,
10
- InitiateEmailUpdateInput,
11
- InitiateEmailUpdateOutput,
12
- InitiateEmailVerificationInput,
13
- InitiatePasswordResetInput,
14
- ReactivateAccountInput,
15
- UpdateHandleInput,
16
- } from '@atproto/oauth-provider-api'
17
- import type { OAuthScope } from '@atproto/oauth-types'
18
- import type { HandleString } from '@atproto/syntax'
19
- import type { ClientId } from '../client/client-id.js'
20
- import type { DeviceId } from '../device/device-id.js'
21
- import type { DeviceData } from '../device/device-store.js'
22
- import type { HcaptchaVerifyResult } from '../lib/hcaptcha.js'
23
- import type { Awaitable } from '../lib/util/type.js'
24
- import { buildInterfaceChecker } from '../lib/util/type.js'
25
- import type {
26
- HandleUnavailableError,
27
- InvalidCredentialsError,
28
- InvalidRequestError,
29
- SecondAuthenticationFactorRequiredError,
30
- } from '../oauth-errors.js'
31
- import type { InviteCode } from '../types/invite-code.js'
32
- import type { SignUpInput } from './sign-up-input.js'
33
-
34
- // Export all types needed to implement the AccountStore interface
35
-
36
- export * from '../client/client-id.js'
37
- export * from '../device/device-data.js'
38
- export * from '../device/device-id.js'
39
- export * from '../request/request-id.js'
40
-
41
- export type {
42
- Account,
43
- Did,
44
- HandleString,
45
- HcaptchaVerifyResult,
46
- InviteCode,
47
- OAuthScope,
48
- SignUpInput,
49
- }
50
-
51
- export {
52
- HandleUnavailableError,
53
- InvalidCredentialsError,
54
- InvalidRequestError,
55
- SecondAuthenticationFactorRequiredError,
56
- }
57
-
58
- export type ResetPasswordRequestInput = InitiatePasswordResetInput
59
- export type ResetPasswordConfirmInput = ConfirmResetPasswordInput
60
-
61
- export type UpdateEmailRequestInput = InitiateEmailUpdateInput
62
- export type UpdateEmailRequestOutput = InitiateEmailUpdateOutput
63
- export type UpdateEmailConfirmInput = ConfirmEmailUpdateInput
64
- export type VerifyEmailRequestInput = InitiateEmailVerificationInput
65
- export type VerifyEmailConfirmInput = ConfirmEmailVerificationInput
66
- export type UpdateHandleData = UpdateHandleInput
67
-
68
- export type DeactivateAccountData = DeactivateAccountInput
69
- export type ReactivateAccountData = ReactivateAccountInput
70
- export type DeleteAccountRequestInput = InitiateAccountDeletionInput
71
- export type DeleteAccountConfirmInput = ConfirmAccountDeletionInput
72
-
73
- export type CreateAccountData = {
74
- locale: string
75
- email: string
76
- password: string
77
- handle: HandleString
78
- inviteCode?: string | undefined
79
- }
80
-
81
- export type AuthenticateAccountData = {
82
- locale: string
83
- password: string
84
- username: string
85
- emailOtp?: string | undefined
86
- }
87
-
88
- export type AuthorizedClientData = { authorizedScopes: readonly string[] }
89
- export type AuthorizedClients = Map<ClientId, AuthorizedClientData>
90
-
91
- export type DeviceAccount = {
92
- deviceId: DeviceId
93
-
94
- /**
95
- * The data associated with the device, created through the
96
- * {@link DeviceStore}. This data is used to identify devices on which a user
97
- * has logged in.
98
- */
99
- deviceData: DeviceData
100
-
101
- /**
102
- * The account associated with the device account.
103
- */
104
- account: Account
105
-
106
- /**
107
- * The list of clients that are authorized by the account, as created through
108
- * the {@link AccountStore.setAuthorizedClient} method.
109
- */
110
- authorizedClients: AuthorizedClients
111
-
112
- /**
113
- * The date at which the device account was created. This value is currently
114
- * not used.
115
- */
116
- createdAt: Date
117
-
118
- /**
119
- * The date at which the device account was last updated. This value is used
120
- * to determine the date at which the user last authenticated on a device
121
- */
122
- updatedAt: Date
123
- }
124
-
125
- export type SignUpData = SignUpInput & {
126
- hcaptchaResult?: HcaptchaVerifyResult
127
- inviteCode?: InviteCode
128
- }
129
-
130
- export interface AccountStore {
131
- /**
132
- * @throws {HandleUnavailableError} - To indicate that the handle is already taken
133
- * @throws {InvalidRequestError} - To indicate that some data is invalid
134
- */
135
- createAccount(data: CreateAccountData): Awaitable<Account>
136
-
137
- /**
138
- * @throws {InvalidCredentialsError} - When the credentials are not valid.
139
- * Populate {@link InvalidCredentialsError.did} with the subject identifier
140
- * when the identifier matched an existing account (e.g. wrong password for
141
- * a known user); omit it when the identifier was not found. Throwing the
142
- * generic {@link InvalidRequestError} is also accepted for backward
143
- * compatibility but prevents the `onSignInFailed` hook from distinguishing
144
- * the two cases.
145
- * @throws {SecondAuthenticationFactorRequiredError} - To indicate that an {@link SecondAuthenticationFactorRequiredError.type} is required in the credentials
146
- */
147
- authenticateAccount(data: AuthenticateAccountData): Awaitable<Account>
148
-
149
- /**
150
- * Add a client & scopes to the list of authorized clients for the given account.
151
- */
152
- setAuthorizedClient(
153
- did: Did,
154
- clientId: ClientId,
155
- data: AuthorizedClientData,
156
- ): Awaitable<void>
157
-
158
- /**
159
- * @throws {InvalidRequestError} - When the credentials are not valid
160
- */
161
- getAccount(did: Did): Awaitable<{
162
- account: Account
163
- authorizedClients: AuthorizedClients
164
- }>
165
-
166
- /**
167
- * @param data.requestId - If provided, the inserted account must be bound to
168
- * that particular requestId.
169
- *
170
- * @note Whenever a particular device account is created, all **unbound**
171
- * device accounts for the same `deviceId` & `sub` should be deleted.
172
- *
173
- * @note When a particular request is deleted (through
174
- * {@link RequestStore.deleteRequest}), all accounts bound to that request
175
- * should be deleted as well.
176
- */
177
- upsertDeviceAccount(deviceId: DeviceId, did: Did): Awaitable<void>
178
-
179
- /**
180
- * @param requestId - If provided, the result must either have the same
181
- * requestId, or not be bound to a particular requestId. If `null`, the
182
- * result must not be bound to a particular requestId.
183
- * @throws {InvalidRequestError} - Instead of returning `null` in order to
184
- * provide a custom error message
185
- */
186
- getDeviceAccount(
187
- deviceId: DeviceId,
188
- did: Did,
189
- ): Awaitable<DeviceAccount | null>
190
-
191
- /**
192
- * Removes *all* the unbound device-accounts associated with the given device
193
- * & account.
194
- *
195
- * @note Noop if the device-account is not found.
196
- */
197
- removeDeviceAccount(deviceId: DeviceId, did: Did): Awaitable<void>
198
-
199
- /**
200
- * @returns **all** the device accounts that match the {@link requestId}
201
- * criteria and given {@link filter}.
202
- */
203
- listDeviceAccounts(
204
- filter: { did: Did } | { deviceId: DeviceId },
205
- ): Awaitable<DeviceAccount[]>
206
-
207
- resetPasswordRequest(
208
- data: ResetPasswordRequestInput,
209
- ): Awaitable<null | Account>
210
-
211
- resetPasswordConfirm(
212
- data: ResetPasswordConfirmInput,
213
- ): Awaitable<null | Account>
214
-
215
- updateEmailRequest(
216
- data: UpdateEmailRequestInput,
217
- ): Awaitable<UpdateEmailRequestOutput>
218
- /**
219
- * Must trigger a verification email to be sent to the new email address, that
220
- * will then be confirmed through {@link updateEmailConfirm}. The account's
221
- * {@link Account['emailVerified'] emailVerified} field is expected to become
222
- * `false` until the new email is confirmed.
223
- */
224
- updateEmailConfirm(data: UpdateEmailConfirmInput): Awaitable<Account | null>
225
-
226
- verifyEmailRequest(data: VerifyEmailRequestInput): Awaitable<void>
227
- verifyEmailConfirm(data: VerifyEmailConfirmInput): Awaitable<Account | null>
228
-
229
- /**
230
- * @throws {HandleUnavailableError} - To indicate that the handle is already taken
231
- */
232
- verifyHandleAvailability(handle: HandleString): Awaitable<void>
233
-
234
- /**
235
- * @throws {HandleUnavailableError} - To indicate that the handle is already taken
236
- * @throws {InvalidRequestError} - To indicate that the handle is invalid or
237
- * cannot be used
238
- */
239
- updateHandle(data: UpdateHandleData): Awaitable<Account>
240
-
241
- /**
242
- * Mark the account as deactivated. The account remains recoverable. Should
243
- * be a no-op when the account is already deactivated.
244
- *
245
- * @throws {InvalidRequestError} - When the account cannot be deactivated
246
- * (e.g. unknown account)
247
- */
248
- deactivateAccount(data: DeactivateAccountData): Awaitable<Account>
249
-
250
- /**
251
- * Reactivate a previously-deactivated account. Should be a no-op when the
252
- * account is already active.
253
- *
254
- * @throws {InvalidRequestError} - When the account cannot be reactivated
255
- * (e.g. unknown account)
256
- */
257
- reactivateAccount(data: ReactivateAccountData): Awaitable<Account>
258
-
259
- /**
260
- * Initiate account deletion: typically sends a confirmation token to the
261
- * account's email address. The account is NOT deleted until
262
- * {@link deleteAccountConfirm} is called with the matching token and the
263
- * user's current password.
264
- */
265
- deleteAccountRequest(data: DeleteAccountRequestInput): Awaitable<void>
266
-
267
- /**
268
- * Finalize account deletion. Implementations MUST verify both the email
269
- * confirmation `token` issued by {@link deleteAccountRequest} and the user's
270
- * current `password` before deleting any data. Deletion is irreversible.
271
- *
272
- * @throws {InvalidRequestError} - When the token or password is invalid.
273
- */
274
- deleteAccountConfirm(data: DeleteAccountConfirmInput): Awaitable<void>
275
- }
276
-
277
- export const isAccountStore = buildInterfaceChecker<AccountStore>([
278
- 'authenticateAccount',
279
- 'createAccount',
280
- 'deactivateAccount',
281
- 'deleteAccountConfirm',
282
- 'deleteAccountRequest',
283
- 'getAccount',
284
- 'getDeviceAccount',
285
- 'listDeviceAccounts',
286
- 'reactivateAccount',
287
- 'removeDeviceAccount',
288
- 'resetPasswordConfirm',
289
- 'resetPasswordRequest',
290
- 'setAuthorizedClient',
291
- 'updateEmailConfirm',
292
- 'updateEmailRequest',
293
- 'updateHandle',
294
- 'upsertDeviceAccount',
295
- 'verifyEmailConfirm',
296
- 'verifyEmailRequest',
297
- 'verifyHandleAvailability',
298
- ])
299
-
300
- export function asAccountStore<V>(implementation: V): V & AccountStore {
301
- if (!implementation || !isAccountStore(implementation)) {
302
- throw new Error('Invalid AccountStore implementation')
303
- }
304
- return implementation
305
- }
@@ -1,15 +0,0 @@
1
- import { z } from 'zod'
2
- import { localeSchema } from '../lib/util/locale.js'
3
- import { emailOtpSchema } from '../types/email-otp.js'
4
- import { newPasswordSchema, oldPasswordSchema } from '../types/password.js'
5
-
6
- export const signInDataSchema = z
7
- .object({
8
- locale: localeSchema,
9
- username: z.string(),
10
- password: z.union([oldPasswordSchema, newPasswordSchema]),
11
- emailOtp: emailOtpSchema.optional(),
12
- })
13
- .strict()
14
-
15
- export type SignInData = z.output<typeof signInDataSchema>
@@ -1,20 +0,0 @@
1
- import { z } from 'zod'
2
- import { hcaptchaTokenSchema } from '../lib/hcaptcha.js'
3
- import { localeSchema } from '../lib/util/locale.js'
4
- import { emailSchema } from '../types/email.js'
5
- import { handleSchema } from '../types/handle.js'
6
- import { inviteCodeSchema } from '../types/invite-code.js'
7
- import { newPasswordSchema } from '../types/password.js'
8
-
9
- export const signUpInputSchema = z
10
- .object({
11
- locale: localeSchema,
12
- handle: handleSchema,
13
- email: emailSchema,
14
- password: newPasswordSchema,
15
- inviteCode: inviteCodeSchema.optional(),
16
- hcaptchaToken: hcaptchaTokenSchema.optional(),
17
- })
18
- .strict()
19
-
20
- export type SignUpInput = z.output<typeof signUpInputSchema>
@@ -1,64 +0,0 @@
1
- import { CLIENT_ASSERTION_TYPE_JWT_BEARER } from '@atproto/oauth-types'
2
-
3
- export type ClientAuth =
4
- | { method: 'none' }
5
- | {
6
- method: 'private_key_jwt'
7
-
8
- /**
9
- * Algorithm used for client authentication.
10
- *
11
- * @note We could allow clients to use a different algorithm over time
12
- * (e.g. because new safer algorithms become available). For now, we
13
- * require that the algorithm remains the same, as it is a bad practice to
14
- * use the same key for different purposes.
15
- */
16
- alg: string
17
-
18
- /**
19
- * ID of the key that was used for client authentication.
20
- *
21
- * @note The most important thing to validate is that the actual key didn't change (which is )
22
- */
23
- kid: string
24
-
25
- /**
26
- * Thumbprint of the key used for client authentication. This value must
27
- * be the same during token refreshes as the thumbprint of the key used
28
- * during initial token issuance.
29
- *
30
- * @note This value is computed by the AS to ensure that the key used for
31
- * client auth does not change
32
- */
33
- jkt: string
34
-
35
- /**
36
- * Nonce used to prevent replay attacks. This value is generated by the
37
- * client when generating it's assertion JWT and must be unique for each
38
- * request.
39
- *
40
- * @see {@link https://www.rfc-editor.org/rfc/rfc7523.html#section-3}
41
- */
42
- jti: string
43
-
44
- /**
45
- * "exp" (expiration time) claim that limits the time window during which
46
- * the JWT can be used.
47
- *
48
- * @note This field is optional for legacy reasons.
49
- */
50
- exp?: number
51
- }
52
-
53
- /**
54
- * @note In its previous version, the code was storing the
55
- * "client_assertion_type" instead of the authentication method, which was
56
- * confusing and prevented proper comparison with the client's
57
- * "token_endpoint_auth_method" metadata.
58
- */
59
- export type ClientAuthLegacy = {
60
- method: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER
61
- alg: string
62
- kid: string
63
- jkt: string
64
- }
@@ -1,9 +0,0 @@
1
- import { Jwks } from '@atproto/jwk'
2
- import { OAuthClientMetadata } from '@atproto/oauth-types'
3
-
4
- export type { OAuthClientMetadata }
5
-
6
- export type ClientData = {
7
- metadata: OAuthClientMetadata
8
- jwks?: Jwks
9
- }
@@ -1,4 +0,0 @@
1
- import { OAuthClientId, oauthClientIdSchema } from '@atproto/oauth-types'
2
-
3
- export type ClientId = OAuthClientId
4
- export const clientIdSchema = oauthClientIdSchema
@@ -1,13 +0,0 @@
1
- export type ClientInfo = {
2
- /**
3
- * Defaults to `false`
4
- */
5
- isFirstParty: boolean
6
-
7
- /**
8
- * Defaults to `true` if the client is isFirstParty, or if the client was
9
- * loaded from the store. (i.e. false in case of "loopback" & "discoverable"
10
- * clients)
11
- */
12
- isTrusted: boolean
13
- }