@atproto/oauth-provider 0.2.0 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +42 -0
- package/dist/account/account-store.d.ts +2 -2
- package/dist/assets/app/bundle-manifest.json +3 -3
- package/dist/assets/app/main.css +1 -1
- package/dist/assets/app/main.js +3 -3
- package/dist/assets/app/main.js.map +1 -1
- package/dist/assets/assets-middleware.d.ts.map +1 -1
- package/dist/assets/assets-middleware.js +4 -2
- package/dist/assets/assets-middleware.js.map +1 -1
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +127 -118
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client-utils.d.ts +1 -2
- package/dist/client/client-utils.d.ts.map +1 -1
- package/dist/client/client-utils.js +3 -12
- package/dist/client/client-utils.js.map +1 -1
- package/dist/client/client.d.ts +8 -3
- package/dist/client/client.d.ts.map +1 -1
- package/dist/client/client.js +70 -1
- package/dist/client/client.js.map +1 -1
- package/dist/constants.d.ts +0 -1
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +1 -2
- package/dist/constants.js.map +1 -1
- package/dist/errors/access-denied-error.d.ts +4 -4
- package/dist/errors/access-denied-error.d.ts.map +1 -1
- package/dist/errors/access-denied-error.js +2 -2
- package/dist/errors/access-denied-error.js.map +1 -1
- package/dist/errors/account-selection-required-error.d.ts +2 -2
- package/dist/errors/account-selection-required-error.d.ts.map +1 -1
- package/dist/errors/account-selection-required-error.js.map +1 -1
- package/dist/errors/consent-required-error.d.ts +2 -2
- package/dist/errors/consent-required-error.d.ts.map +1 -1
- package/dist/errors/consent-required-error.js.map +1 -1
- package/dist/errors/invalid-authorization-details-error.d.ts +2 -2
- package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -1
- package/dist/errors/invalid-authorization-details-error.js.map +1 -1
- package/dist/errors/invalid-client-id-error.d.ts +1 -1
- package/dist/errors/invalid-client-id-error.d.ts.map +1 -1
- package/dist/errors/invalid-client-id-error.js +12 -6
- package/dist/errors/invalid-client-id-error.js.map +1 -1
- package/dist/errors/invalid-client-metadata-error.d.ts +1 -1
- package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -1
- package/dist/errors/invalid-client-metadata-error.js +11 -3
- package/dist/errors/invalid-client-metadata-error.js.map +1 -1
- package/dist/errors/invalid-parameters-error.d.ts +2 -2
- package/dist/errors/invalid-parameters-error.d.ts.map +1 -1
- package/dist/errors/invalid-parameters-error.js.map +1 -1
- package/dist/errors/invalid-scope-error.d.ts +9 -0
- package/dist/errors/invalid-scope-error.d.ts.map +1 -0
- package/dist/errors/invalid-scope-error.js +14 -0
- package/dist/errors/invalid-scope-error.js.map +1 -0
- package/dist/errors/login-required-error.d.ts +2 -2
- package/dist/errors/login-required-error.d.ts.map +1 -1
- package/dist/errors/login-required-error.js.map +1 -1
- package/dist/lib/html/html.d.ts +1 -1
- package/dist/lib/html/html.d.ts.map +1 -1
- package/dist/lib/html/html.js +14 -11
- package/dist/lib/html/html.js.map +1 -1
- package/dist/lib/http/parser.d.ts +9 -2
- package/dist/lib/http/parser.d.ts.map +1 -1
- package/dist/lib/http/parser.js +15 -7
- package/dist/lib/http/parser.js.map +1 -1
- package/dist/lib/http/request.d.ts +0 -23
- package/dist/lib/http/request.d.ts.map +1 -1
- package/dist/lib/http/request.js +1 -11
- package/dist/lib/http/request.js.map +1 -1
- package/dist/lib/http/stream.d.ts +28 -6
- package/dist/lib/http/stream.d.ts.map +1 -1
- package/dist/lib/http/stream.js +21 -32
- package/dist/lib/http/stream.js.map +1 -1
- package/dist/lib/util/authorization-header.d.ts.map +1 -1
- package/dist/lib/util/authorization-header.js +1 -1
- package/dist/lib/util/authorization-header.js.map +1 -1
- package/dist/lib/util/hostname.d.ts +3 -2
- package/dist/lib/util/hostname.d.ts.map +1 -1
- package/dist/lib/util/hostname.js +12 -8
- package/dist/lib/util/hostname.js.map +1 -1
- package/dist/metadata/build-metadata.d.ts.map +1 -1
- package/dist/metadata/build-metadata.js +2 -1
- package/dist/metadata/build-metadata.js.map +1 -1
- package/dist/oauth-errors.d.ts +1 -0
- package/dist/oauth-errors.d.ts.map +1 -1
- package/dist/oauth-errors.js +3 -1
- package/dist/oauth-errors.js.map +1 -1
- package/dist/oauth-hooks.d.ts +3 -3
- package/dist/oauth-hooks.d.ts.map +1 -1
- package/dist/oauth-provider.d.ts +20 -22
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +234 -176
- package/dist/oauth-provider.js.map +1 -1
- package/dist/oauth-verifier.d.ts +2 -2
- package/dist/oauth-verifier.d.ts.map +1 -1
- package/dist/oauth-verifier.js.map +1 -1
- package/dist/output/build-authorize-data.d.ts +2 -2
- package/dist/output/build-authorize-data.d.ts.map +1 -1
- package/dist/output/send-authorize-redirect.d.ts +2 -4
- package/dist/output/send-authorize-redirect.d.ts.map +1 -1
- package/dist/output/send-authorize-redirect.js +5 -2
- package/dist/output/send-authorize-redirect.js.map +1 -1
- package/dist/request/request-data.d.ts +2 -2
- package/dist/request/request-data.d.ts.map +1 -1
- package/dist/request/request-info.d.ts +2 -2
- package/dist/request/request-info.d.ts.map +1 -1
- package/dist/request/request-manager.d.ts +4 -4
- package/dist/request/request-manager.d.ts.map +1 -1
- package/dist/request/request-manager.js +94 -60
- package/dist/request/request-manager.js.map +1 -1
- package/dist/signer/signed-token-payload.d.ts +122 -122
- package/dist/signer/signer.d.ts +41 -40
- package/dist/signer/signer.d.ts.map +1 -1
- package/dist/signer/signer.js +13 -15
- package/dist/signer/signer.js.map +1 -1
- package/dist/token/token-claims.d.ts +121 -121
- package/dist/token/token-data.d.ts +3 -3
- package/dist/token/token-data.d.ts.map +1 -1
- package/dist/token/token-manager.d.ts +4 -5
- package/dist/token/token-manager.d.ts.map +1 -1
- package/dist/token/token-manager.js +96 -72
- package/dist/token/token-manager.js.map +1 -1
- package/dist/token/verify-token-claims.d.ts +3 -3
- package/dist/token/verify-token-claims.d.ts.map +1 -1
- package/dist/token/verify-token-claims.js.map +1 -1
- package/package.json +7 -6
- package/src/assets/app/components/sign-in-form.tsx +31 -2
- package/src/assets/app/components/url-viewer.tsx +3 -3
- package/src/assets/assets-middleware.ts +4 -2
- package/src/client/client-manager.ts +163 -161
- package/src/client/client-utils.ts +7 -12
- package/src/client/client.ts +112 -3
- package/src/constants.ts +0 -2
- package/src/errors/access-denied-error.ts +10 -4
- package/src/errors/account-selection-required-error.ts +2 -2
- package/src/errors/consent-required-error.ts +2 -2
- package/src/errors/invalid-authorization-details-error.ts +2 -2
- package/src/errors/invalid-client-id-error.ts +15 -4
- package/src/errors/invalid-client-metadata-error.ts +15 -3
- package/src/errors/invalid-parameters-error.ts +2 -2
- package/src/errors/invalid-scope-error.ts +15 -0
- package/src/errors/login-required-error.ts +2 -2
- package/src/lib/html/html.ts +14 -12
- package/src/lib/http/parser.ts +21 -8
- package/src/lib/http/request.ts +1 -23
- package/src/lib/http/stream.ts +29 -60
- package/src/lib/util/authorization-header.ts +5 -2
- package/src/lib/util/hostname.ts +9 -5
- package/src/metadata/build-metadata.ts +3 -1
- package/src/oauth-errors.ts +1 -0
- package/src/oauth-hooks.ts +3 -3
- package/src/oauth-provider.ts +368 -269
- package/src/oauth-verifier.ts +2 -2
- package/src/output/build-authorize-data.ts +2 -2
- package/src/output/send-authorize-redirect.ts +7 -6
- package/src/request/request-data.ts +2 -2
- package/src/request/request-info.ts +2 -2
- package/src/request/request-manager.ts +129 -103
- package/src/signer/signer.ts +24 -25
- package/src/token/token-data.ts +3 -3
- package/src/token/token-manager.ts +141 -99
- package/src/token/verify-token-claims.ts +3 -3
- package/dist/request/types.d.ts +0 -328
- package/dist/request/types.d.ts.map +0 -1
- package/dist/request/types.js +0 -27
- package/dist/request/types.js.map +0 -1
- package/dist/token/types.d.ts +0 -250
- package/dist/token/types.d.ts.map +0 -1
- package/dist/token/types.js +0 -36
- package/dist/token/types.js.map +0 -1
- package/src/request/types.ts +0 -48
- package/src/token/types.ts +0 -86
package/src/request/types.ts
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
import { signedJwtSchema, unsignedJwtSchema } from '@atproto/jwk'
|
2
|
-
import {
|
3
|
-
oauthAuthenticationRequestParametersSchema,
|
4
|
-
oauthClientIdentificationSchema,
|
5
|
-
} from '@atproto/oauth-types'
|
6
|
-
import { z } from 'zod'
|
7
|
-
|
8
|
-
import { requestUriSchema } from './request-uri.js'
|
9
|
-
|
10
|
-
export const authorizationRequestJarSchema = z.object({
|
11
|
-
/**
|
12
|
-
* AuthorizationRequest inside a JWT:
|
13
|
-
* - "iat" is required and **MUST** be less than one minute
|
14
|
-
*
|
15
|
-
* @see {@link https://datatracker.ietf.org/doc/html/rfc9101}
|
16
|
-
*/
|
17
|
-
request: z.union([signedJwtSchema, unsignedJwtSchema]),
|
18
|
-
})
|
19
|
-
|
20
|
-
export type AuthorizationRequestJar = z.infer<
|
21
|
-
typeof authorizationRequestJarSchema
|
22
|
-
>
|
23
|
-
|
24
|
-
export const pushedAuthorizationRequestSchema = z.intersection(
|
25
|
-
oauthClientIdentificationSchema,
|
26
|
-
z.union([
|
27
|
-
oauthAuthenticationRequestParametersSchema,
|
28
|
-
authorizationRequestJarSchema,
|
29
|
-
//
|
30
|
-
]),
|
31
|
-
)
|
32
|
-
|
33
|
-
export type PushedAuthorizationRequest = z.infer<
|
34
|
-
typeof pushedAuthorizationRequestSchema
|
35
|
-
>
|
36
|
-
|
37
|
-
export const authorizationRequestQuerySchema = z.intersection(
|
38
|
-
oauthClientIdentificationSchema,
|
39
|
-
z.union([
|
40
|
-
oauthAuthenticationRequestParametersSchema,
|
41
|
-
authorizationRequestJarSchema,
|
42
|
-
z.object({ request_uri: requestUriSchema }),
|
43
|
-
]),
|
44
|
-
)
|
45
|
-
|
46
|
-
export type AuthorizationRequestQuery = z.infer<
|
47
|
-
typeof authorizationRequestQuerySchema
|
48
|
-
>
|
package/src/token/types.ts
DELETED
@@ -1,86 +0,0 @@
|
|
1
|
-
import {
|
2
|
-
OAuthAuthorizationDetails,
|
3
|
-
OAuthTokenType,
|
4
|
-
accessTokenSchema,
|
5
|
-
oauthClientIdentificationSchema,
|
6
|
-
} from '@atproto/oauth-types'
|
7
|
-
import { z } from 'zod'
|
8
|
-
|
9
|
-
import { clientIdSchema } from '../client/client-id.js'
|
10
|
-
import { codeSchema } from '../request/code.js'
|
11
|
-
import { refreshTokenSchema } from './refresh-token.js'
|
12
|
-
|
13
|
-
export const codeGrantRequestSchema = z.intersection(
|
14
|
-
oauthClientIdentificationSchema,
|
15
|
-
z.object({
|
16
|
-
grant_type: z.literal('authorization_code'),
|
17
|
-
code: codeSchema,
|
18
|
-
/** @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1} */
|
19
|
-
code_verifier: z
|
20
|
-
.string()
|
21
|
-
.min(43)
|
22
|
-
.max(128)
|
23
|
-
.regex(/^[a-zA-Z0-9-._~]+$/),
|
24
|
-
redirect_uri: z.string().url(),
|
25
|
-
// request_uri ???
|
26
|
-
}),
|
27
|
-
)
|
28
|
-
|
29
|
-
export type CodeGrantRequest = z.infer<typeof codeGrantRequestSchema>
|
30
|
-
|
31
|
-
export const refreshGrantRequestSchema = z.intersection(
|
32
|
-
oauthClientIdentificationSchema,
|
33
|
-
z.object({
|
34
|
-
grant_type: z.literal('refresh_token'),
|
35
|
-
refresh_token: refreshTokenSchema,
|
36
|
-
client_id: clientIdSchema,
|
37
|
-
}),
|
38
|
-
)
|
39
|
-
|
40
|
-
export type RefreshGrantRequest = z.infer<typeof refreshGrantRequestSchema>
|
41
|
-
|
42
|
-
export const tokenRequestSchema = z.union([
|
43
|
-
codeGrantRequestSchema,
|
44
|
-
refreshGrantRequestSchema,
|
45
|
-
])
|
46
|
-
|
47
|
-
export type TokenRequest = z.infer<typeof tokenRequestSchema>
|
48
|
-
|
49
|
-
export const tokenIdentification = z.object({
|
50
|
-
token: z.union([accessTokenSchema, refreshTokenSchema]),
|
51
|
-
token_type_hint: z.enum(['access_token', 'refresh_token']).optional(),
|
52
|
-
})
|
53
|
-
|
54
|
-
export type TokenIdentification = z.infer<typeof tokenIdentification>
|
55
|
-
|
56
|
-
export const revokeSchema = tokenIdentification
|
57
|
-
|
58
|
-
export type Revoke = z.infer<typeof revokeSchema>
|
59
|
-
|
60
|
-
export const introspectSchema = z.intersection(
|
61
|
-
oauthClientIdentificationSchema,
|
62
|
-
tokenIdentification,
|
63
|
-
)
|
64
|
-
|
65
|
-
export type Introspect = z.infer<typeof introspectSchema>
|
66
|
-
|
67
|
-
// https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
|
68
|
-
export type IntrospectionResponse =
|
69
|
-
| { active: false }
|
70
|
-
| {
|
71
|
-
active: true
|
72
|
-
|
73
|
-
scope?: string
|
74
|
-
client_id?: string
|
75
|
-
username?: string
|
76
|
-
token_type?: OAuthTokenType
|
77
|
-
authorization_details?: OAuthAuthorizationDetails
|
78
|
-
|
79
|
-
aud?: string | [string, ...string[]]
|
80
|
-
exp?: number
|
81
|
-
iat?: number
|
82
|
-
iss?: string
|
83
|
-
jti?: string
|
84
|
-
nbf?: number
|
85
|
-
sub?: string
|
86
|
-
}
|