@atproto/oauth-provider 0.2.0 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (170) hide show
  1. package/CHANGELOG.md +42 -0
  2. package/dist/account/account-store.d.ts +2 -2
  3. package/dist/assets/app/bundle-manifest.json +3 -3
  4. package/dist/assets/app/main.css +1 -1
  5. package/dist/assets/app/main.js +3 -3
  6. package/dist/assets/app/main.js.map +1 -1
  7. package/dist/assets/assets-middleware.d.ts.map +1 -1
  8. package/dist/assets/assets-middleware.js +4 -2
  9. package/dist/assets/assets-middleware.js.map +1 -1
  10. package/dist/client/client-manager.d.ts.map +1 -1
  11. package/dist/client/client-manager.js +127 -118
  12. package/dist/client/client-manager.js.map +1 -1
  13. package/dist/client/client-utils.d.ts +1 -2
  14. package/dist/client/client-utils.d.ts.map +1 -1
  15. package/dist/client/client-utils.js +3 -12
  16. package/dist/client/client-utils.js.map +1 -1
  17. package/dist/client/client.d.ts +8 -3
  18. package/dist/client/client.d.ts.map +1 -1
  19. package/dist/client/client.js +70 -1
  20. package/dist/client/client.js.map +1 -1
  21. package/dist/constants.d.ts +0 -1
  22. package/dist/constants.d.ts.map +1 -1
  23. package/dist/constants.js +1 -2
  24. package/dist/constants.js.map +1 -1
  25. package/dist/errors/access-denied-error.d.ts +4 -4
  26. package/dist/errors/access-denied-error.d.ts.map +1 -1
  27. package/dist/errors/access-denied-error.js +2 -2
  28. package/dist/errors/access-denied-error.js.map +1 -1
  29. package/dist/errors/account-selection-required-error.d.ts +2 -2
  30. package/dist/errors/account-selection-required-error.d.ts.map +1 -1
  31. package/dist/errors/account-selection-required-error.js.map +1 -1
  32. package/dist/errors/consent-required-error.d.ts +2 -2
  33. package/dist/errors/consent-required-error.d.ts.map +1 -1
  34. package/dist/errors/consent-required-error.js.map +1 -1
  35. package/dist/errors/invalid-authorization-details-error.d.ts +2 -2
  36. package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -1
  37. package/dist/errors/invalid-authorization-details-error.js.map +1 -1
  38. package/dist/errors/invalid-client-id-error.d.ts +1 -1
  39. package/dist/errors/invalid-client-id-error.d.ts.map +1 -1
  40. package/dist/errors/invalid-client-id-error.js +12 -6
  41. package/dist/errors/invalid-client-id-error.js.map +1 -1
  42. package/dist/errors/invalid-client-metadata-error.d.ts +1 -1
  43. package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -1
  44. package/dist/errors/invalid-client-metadata-error.js +11 -3
  45. package/dist/errors/invalid-client-metadata-error.js.map +1 -1
  46. package/dist/errors/invalid-parameters-error.d.ts +2 -2
  47. package/dist/errors/invalid-parameters-error.d.ts.map +1 -1
  48. package/dist/errors/invalid-parameters-error.js.map +1 -1
  49. package/dist/errors/invalid-scope-error.d.ts +9 -0
  50. package/dist/errors/invalid-scope-error.d.ts.map +1 -0
  51. package/dist/errors/invalid-scope-error.js +14 -0
  52. package/dist/errors/invalid-scope-error.js.map +1 -0
  53. package/dist/errors/login-required-error.d.ts +2 -2
  54. package/dist/errors/login-required-error.d.ts.map +1 -1
  55. package/dist/errors/login-required-error.js.map +1 -1
  56. package/dist/lib/html/html.d.ts +1 -1
  57. package/dist/lib/html/html.d.ts.map +1 -1
  58. package/dist/lib/html/html.js +14 -11
  59. package/dist/lib/html/html.js.map +1 -1
  60. package/dist/lib/http/parser.d.ts +9 -2
  61. package/dist/lib/http/parser.d.ts.map +1 -1
  62. package/dist/lib/http/parser.js +15 -7
  63. package/dist/lib/http/parser.js.map +1 -1
  64. package/dist/lib/http/request.d.ts +0 -23
  65. package/dist/lib/http/request.d.ts.map +1 -1
  66. package/dist/lib/http/request.js +1 -11
  67. package/dist/lib/http/request.js.map +1 -1
  68. package/dist/lib/http/stream.d.ts +28 -6
  69. package/dist/lib/http/stream.d.ts.map +1 -1
  70. package/dist/lib/http/stream.js +21 -32
  71. package/dist/lib/http/stream.js.map +1 -1
  72. package/dist/lib/util/authorization-header.d.ts.map +1 -1
  73. package/dist/lib/util/authorization-header.js +1 -1
  74. package/dist/lib/util/authorization-header.js.map +1 -1
  75. package/dist/lib/util/hostname.d.ts +3 -2
  76. package/dist/lib/util/hostname.d.ts.map +1 -1
  77. package/dist/lib/util/hostname.js +12 -8
  78. package/dist/lib/util/hostname.js.map +1 -1
  79. package/dist/metadata/build-metadata.d.ts.map +1 -1
  80. package/dist/metadata/build-metadata.js +2 -1
  81. package/dist/metadata/build-metadata.js.map +1 -1
  82. package/dist/oauth-errors.d.ts +1 -0
  83. package/dist/oauth-errors.d.ts.map +1 -1
  84. package/dist/oauth-errors.js +3 -1
  85. package/dist/oauth-errors.js.map +1 -1
  86. package/dist/oauth-hooks.d.ts +3 -3
  87. package/dist/oauth-hooks.d.ts.map +1 -1
  88. package/dist/oauth-provider.d.ts +20 -22
  89. package/dist/oauth-provider.d.ts.map +1 -1
  90. package/dist/oauth-provider.js +234 -176
  91. package/dist/oauth-provider.js.map +1 -1
  92. package/dist/oauth-verifier.d.ts +2 -2
  93. package/dist/oauth-verifier.d.ts.map +1 -1
  94. package/dist/oauth-verifier.js.map +1 -1
  95. package/dist/output/build-authorize-data.d.ts +2 -2
  96. package/dist/output/build-authorize-data.d.ts.map +1 -1
  97. package/dist/output/send-authorize-redirect.d.ts +2 -4
  98. package/dist/output/send-authorize-redirect.d.ts.map +1 -1
  99. package/dist/output/send-authorize-redirect.js +5 -2
  100. package/dist/output/send-authorize-redirect.js.map +1 -1
  101. package/dist/request/request-data.d.ts +2 -2
  102. package/dist/request/request-data.d.ts.map +1 -1
  103. package/dist/request/request-info.d.ts +2 -2
  104. package/dist/request/request-info.d.ts.map +1 -1
  105. package/dist/request/request-manager.d.ts +4 -4
  106. package/dist/request/request-manager.d.ts.map +1 -1
  107. package/dist/request/request-manager.js +94 -60
  108. package/dist/request/request-manager.js.map +1 -1
  109. package/dist/signer/signed-token-payload.d.ts +122 -122
  110. package/dist/signer/signer.d.ts +41 -40
  111. package/dist/signer/signer.d.ts.map +1 -1
  112. package/dist/signer/signer.js +13 -15
  113. package/dist/signer/signer.js.map +1 -1
  114. package/dist/token/token-claims.d.ts +121 -121
  115. package/dist/token/token-data.d.ts +3 -3
  116. package/dist/token/token-data.d.ts.map +1 -1
  117. package/dist/token/token-manager.d.ts +4 -5
  118. package/dist/token/token-manager.d.ts.map +1 -1
  119. package/dist/token/token-manager.js +96 -72
  120. package/dist/token/token-manager.js.map +1 -1
  121. package/dist/token/verify-token-claims.d.ts +3 -3
  122. package/dist/token/verify-token-claims.d.ts.map +1 -1
  123. package/dist/token/verify-token-claims.js.map +1 -1
  124. package/package.json +7 -6
  125. package/src/assets/app/components/sign-in-form.tsx +31 -2
  126. package/src/assets/app/components/url-viewer.tsx +3 -3
  127. package/src/assets/assets-middleware.ts +4 -2
  128. package/src/client/client-manager.ts +163 -161
  129. package/src/client/client-utils.ts +7 -12
  130. package/src/client/client.ts +112 -3
  131. package/src/constants.ts +0 -2
  132. package/src/errors/access-denied-error.ts +10 -4
  133. package/src/errors/account-selection-required-error.ts +2 -2
  134. package/src/errors/consent-required-error.ts +2 -2
  135. package/src/errors/invalid-authorization-details-error.ts +2 -2
  136. package/src/errors/invalid-client-id-error.ts +15 -4
  137. package/src/errors/invalid-client-metadata-error.ts +15 -3
  138. package/src/errors/invalid-parameters-error.ts +2 -2
  139. package/src/errors/invalid-scope-error.ts +15 -0
  140. package/src/errors/login-required-error.ts +2 -2
  141. package/src/lib/html/html.ts +14 -12
  142. package/src/lib/http/parser.ts +21 -8
  143. package/src/lib/http/request.ts +1 -23
  144. package/src/lib/http/stream.ts +29 -60
  145. package/src/lib/util/authorization-header.ts +5 -2
  146. package/src/lib/util/hostname.ts +9 -5
  147. package/src/metadata/build-metadata.ts +3 -1
  148. package/src/oauth-errors.ts +1 -0
  149. package/src/oauth-hooks.ts +3 -3
  150. package/src/oauth-provider.ts +368 -269
  151. package/src/oauth-verifier.ts +2 -2
  152. package/src/output/build-authorize-data.ts +2 -2
  153. package/src/output/send-authorize-redirect.ts +7 -6
  154. package/src/request/request-data.ts +2 -2
  155. package/src/request/request-info.ts +2 -2
  156. package/src/request/request-manager.ts +129 -103
  157. package/src/signer/signer.ts +24 -25
  158. package/src/token/token-data.ts +3 -3
  159. package/src/token/token-manager.ts +141 -99
  160. package/src/token/verify-token-claims.ts +3 -3
  161. package/dist/request/types.d.ts +0 -328
  162. package/dist/request/types.d.ts.map +0 -1
  163. package/dist/request/types.js +0 -27
  164. package/dist/request/types.js.map +0 -1
  165. package/dist/token/types.d.ts +0 -250
  166. package/dist/token/types.d.ts.map +0 -1
  167. package/dist/token/types.js +0 -36
  168. package/dist/token/types.js.map +0 -1
  169. package/src/request/types.ts +0 -48
  170. package/src/token/types.ts +0 -86
@@ -1 +1 @@
1
- {"version":3,"file":"assets-middleware.d.ts","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EAIX,MAAM,sBAAsB,CAAA;AAI7B,wBAAgB,yBAAyB,IAAI,UAAU,CAkCtD"}
1
+ {"version":3,"file":"assets-middleware.d.ts","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EAIX,MAAM,sBAAsB,CAAA;AAI7B,wBAAgB,yBAAyB,IAAI,UAAU,CAoCtD"}
@@ -17,8 +17,10 @@ function authorizeAssetsMiddleware() {
17
17
  if (!asset)
18
18
  return next();
19
19
  try {
20
- (0, index_js_1.validateFetchSite)(req, res, ['same-origin']);
21
- (0, index_js_1.validateFetchDest)(req, res, ['style', 'script']);
20
+ // Allow "null" (ie. no header) to allow loading assets outside of a
21
+ // fetch context (not from a web page).
22
+ (0, index_js_1.validateFetchSite)(req, res, [null, 'same-origin']);
23
+ (0, index_js_1.validateFetchDest)(req, res, [null, 'style', 'script']);
22
24
  }
23
25
  catch (err) {
24
26
  return next(err);
@@ -1 +1 @@
1
- {"version":3,"file":"assets-middleware.js","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":";;;AAAA,mDAK6B;AAE7B,yCAAwD;AAExD,SAAgB,yBAAyB;IACvC,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,4BAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAG7C,CAAA;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,4BAAiB,CAAC,MAAM,CAAC,CAAA;QACzD,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;YAC5C,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QAEnC,IAAI,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAC3B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,YAAY,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;IAC1D,CAAC,CAAA;AACH,CAAC;AAlCD,8DAkCC"}
1
+ {"version":3,"file":"assets-middleware.js","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":";;;AAAA,mDAK6B;AAE7B,yCAAwD;AAExD,SAAgB,yBAAyB;IACvC,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,4BAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAG7C,CAAA;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,4BAAiB,CAAC,MAAM,CAAC,CAAA;QACzD,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,oEAAoE;YACpE,uCAAuC;YACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAA;YAClD,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QAEnC,IAAI,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAC3B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,YAAY,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;IAC1D,CAAC,CAAA;AACH,CAAC;AApCD,8DAoCC"}
@@ -1 +1 @@
1
- {"version":3,"file":"client-manager.d.ts","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,EAIN,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,YAAY,EAEZ,WAAW,EACZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,IAAI,EAAc,MAAM,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EAKL,gCAAgC,EAChC,yBAAyB,EACzB,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,sBAAsB,CAAA;AAO7B,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAepC,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,MAAM,KACR,SAAS,CAAC,wBAAwB,CAAC,CAAA;AAExC,qBAAa,aAAa;IAKtB,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACnE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,GAAG,IAAI;IARpE,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;gBAGvD,cAAc,EAAE,gCAAgC,EAChD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,gBAAgB,EAAE,sBAAsB,GAAG,IAAW,EACzE,SAAS,EAAE,KAAK,EAChB,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAC1C,mBAAmB,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAsB/D;;;OAGG;IACU,SAAS,CAAC,QAAQ,EAAE,MAAM;cA+BvB,iBAAiB,CAC/B,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;cAYf,yBAAyB,CACvC,QAAQ,EAAE,qBAAqB,GAC9B,OAAO,CAAC,mBAAmB,CAAC;cAiBf,6BAA6B,CAC3C,QAAQ,EAAE,yBAAyB,GAClC,OAAO,CAAC,mBAAmB,CAAC;cAYf,uBAAuB,CACrC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;IAS/B;;;;;OAKG;IACH,SAAS,CAAC,sBAAsB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAmetB,8BAA8B,CAC5B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAgDtB,kCAAkC,CAChC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;CAqEvB"}
1
+ {"version":3,"file":"client-manager.d.ts","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,EAMN,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,YAAY,EAEZ,WAAW,EACZ,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,IAAI,EAAc,MAAM,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EAIL,gCAAgC,EAChC,yBAAyB,EACzB,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,sBAAsB,CAAA;AAW7B,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAepC,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,MAAM,KACR,SAAS,CAAC,wBAAwB,CAAC,CAAA;AAExC,qBAAa,aAAa;IAKtB,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACnE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,GAAG,IAAI;IARpE,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;gBAGvD,cAAc,EAAE,gCAAgC,EAChD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,gBAAgB,EAAE,sBAAsB,GAAG,IAAW,EACzE,SAAS,EAAE,KAAK,EAChB,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAC1C,mBAAmB,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAsB/D;;;OAGG;IACU,SAAS,CAAC,QAAQ,EAAE,MAAM;cAiDvB,iBAAiB,CAC/B,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;cAYf,yBAAyB,CACvC,QAAQ,EAAE,qBAAqB,GAC9B,OAAO,CAAC,mBAAmB,CAAC;cAaf,6BAA6B,CAC3C,QAAQ,EAAE,yBAAyB,GAClC,OAAO,CAAC,mBAAmB,CAAC;cAYf,uBAAuB,CACrC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;IAS/B;;;;;OAKG;IACH,SAAS,CAAC,sBAAsB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAwbtB,8BAA8B,CAC5B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAuCtB,kCAAkC,CAChC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;CAwGvB"}
@@ -6,7 +6,7 @@ const pipe_1 = require("@atproto-labs/pipe");
6
6
  const simple_store_1 = require("@atproto-labs/simple-store");
7
7
  const jwk_1 = require("@atproto/jwk");
8
8
  const oauth_types_1 = require("@atproto/oauth-types");
9
- const constants_js_1 = require("../constants.js");
9
+ const zod_1 = require("zod");
10
10
  const invalid_client_metadata_error_js_1 = require("../errors/invalid-client-metadata-error.js");
11
11
  const invalid_redirect_uri_error_js_1 = require("../errors/invalid-redirect-uri-error.js");
12
12
  const oauth_error_js_1 = require("../errors/oauth-error.js");
@@ -57,20 +57,30 @@ class ClientManager {
57
57
  jwks,
58
58
  });
59
59
  const isFirstParty = partialInfo?.isFirstParty ?? false;
60
- const isTrusted = partialInfo?.isTrusted ??
61
- (isFirstParty ||
62
- // If the client was loaded from the store, we consider it trusted:
63
- (!(0, oauth_types_1.isOAuthClientIdLoopback)(clientId) &&
64
- !(0, oauth_types_1.isOAuthClientIdDiscoverable)(clientId)));
60
+ const isTrusted = partialInfo?.isTrusted ?? isFirstParty;
65
61
  return new client_js_1.Client(clientId, metadata, jwks, { isFirstParty, isTrusted });
66
62
  }
67
63
  catch (err) {
68
- if (err instanceof oauth_error_js_1.OAuthError)
64
+ if (err instanceof oauth_error_js_1.OAuthError) {
69
65
  throw err;
66
+ }
67
+ if (err instanceof fetch_1.FetchError) {
68
+ const message = err instanceof fetch_1.FetchResponseError || err.statusCode !== 500
69
+ ? // Only expose 500 message if it was generated on another server
70
+ `Failed to fetch client information: ${err.message}`
71
+ : `Failed to fetch client information due to an internal error`;
72
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(message, err);
73
+ }
74
+ if (err instanceof zod_1.ZodError) {
75
+ const issues = err.issues
76
+ .map(({ path, message }) => `Validation${path.length ? ` of "${path.join('.')}"` : ''} failed with error: ${message}`)
77
+ .join(' ');
78
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(issues || err.message, err);
79
+ }
70
80
  if (err?.['code'] === 'DEPTH_ZERO_SELF_SIGNED_CERT') {
71
81
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Self-signed certificate', err);
72
82
  }
73
- throw invalid_client_metadata_error_js_1.InvalidClientMetadataError.from(err);
83
+ throw invalid_client_metadata_error_js_1.InvalidClientMetadataError.from(err, `Unable to load client information for "${clientId}"`);
74
84
  }
75
85
  }
76
86
  async getClientMetadata(clientId) {
@@ -90,11 +100,8 @@ class ClientManager {
90
100
  if (!loopbackMetadata) {
91
101
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Loopback clients are not allowed');
92
102
  }
93
- const result = oauth_types_1.oauthClientMetadataSchema.safeParse(await loopbackMetadata(clientId));
94
- if (!result.success) {
95
- throw invalid_client_metadata_error_js_1.InvalidClientMetadataError.from(result.error);
96
- }
97
- return this.validateClientMetadata(clientId, result.data);
103
+ const metadata = oauth_types_1.oauthClientMetadataSchema.parse(await loopbackMetadata(clientId));
104
+ return this.validateClientMetadata(clientId, metadata);
98
105
  }
99
106
  async getDiscoverableClientMetadata(clientId) {
100
107
  const metadataUrl = (0, client_utils_js_1.parseDiscoverableClientId)(clientId);
@@ -136,22 +143,28 @@ class ClientManager {
136
143
  const clientUriUrl = metadata.client_uri
137
144
  ? new URL(metadata.client_uri)
138
145
  : null;
139
- const clientUriParsed = clientUriUrl ? (0, hostname_js_1.parseUrlDomain)(clientUriUrl) : null;
140
- if (clientUriUrl && !clientUriParsed) {
141
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('client_uri must be a valid URL');
146
+ const clientUriDomain = clientUriUrl
147
+ ? (0, hostname_js_1.parseUrlPublicSuffix)(clientUriUrl)
148
+ : null;
149
+ if (clientUriUrl && !clientUriDomain) {
150
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('client_uri hostname is invalid');
151
+ }
152
+ const scopes = metadata.scope?.split(' ');
153
+ if (!scopes) {
154
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Missing scope property');
155
+ }
156
+ if (!scopes.includes('atproto')) {
157
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Missing "atproto" scope');
142
158
  }
143
- const scopes = metadata.scope?.split(' ').filter(Boolean);
144
159
  const dupScope = scopes?.find(isDuplicate);
145
160
  if (dupScope) {
146
161
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Duplicate scope "${dupScope}"`);
147
162
  }
148
- if (scopes) {
149
- for (const scope of scopes) {
150
- // Note, once we have dynamic scopes, this check will need to be
151
- // updated to check against the server's supported scopes.
152
- if (!this.serverMetadata.scopes_supported?.includes(scope)) {
153
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported scope "${scope}"`);
154
- }
163
+ for (const scope of scopes) {
164
+ // Note, once we have dynamic scopes, this check will need to be
165
+ // updated to check against the server's supported scopes.
166
+ if (!this.serverMetadata.scopes_supported?.includes(scope)) {
167
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported scope "${scope}"`);
155
168
  }
156
169
  }
157
170
  const dupGrantType = metadata.grant_types.find(isDuplicate);
@@ -160,12 +173,18 @@ class ClientManager {
160
173
  }
161
174
  for (const grantType of metadata.grant_types) {
162
175
  switch (grantType) {
163
- case 'authorization_code':
164
- case 'refresh_token':
165
- continue;
166
176
  case 'implicit':
167
- case 'password':
177
+ // Never allowed (unsafe)
168
178
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Grant type "${grantType}" is not allowed`);
179
+ // @TODO: Add support (e.g. for first party client)
180
+ // case 'client_credentials':
181
+ // case 'password':
182
+ case 'authorization_code':
183
+ case 'refresh_token':
184
+ if (!this.serverMetadata.grant_types_supported?.includes(grantType)) {
185
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported grant type "${grantType}"`);
186
+ }
187
+ break;
169
188
  default:
170
189
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Grant type "${grantType}" is not supported`);
171
190
  }
@@ -213,30 +232,13 @@ class ClientManager {
213
232
  if (metadata.dpop_bound_access_tokens !== true) {
214
233
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('"dpop_bound_access_tokens" must be true');
215
234
  }
216
- for (const responseType of metadata.response_types) {
217
- if (responseType.includes('id_token')) {
218
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`OpenID Connect response type "${responseType}" is not supported`);
219
- }
220
- // ATPROTO spec requires the use of PKCE
221
- if (responseType !== 'code') {
222
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported response type "${responseType}"`);
223
- }
224
- // Consistency check
225
- if (responseType === 'code' &&
226
- !metadata.grant_types.includes('authorization_code')) {
227
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Response type "${responseType}" requires the "authorization_code" grant type`);
228
- }
235
+ // ATPROTO spec requires the use of PKCE, does not support OIDC
236
+ if (!metadata.response_types.includes('code')) {
237
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('response_types must include "code"');
229
238
  }
230
- if (metadata.application_type === 'native') {
231
- // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
232
- //
233
- // > Except when using a mechanism like Dynamic Client Registration
234
- // > [RFC7591] to provision per-instance secrets, native apps are
235
- // > classified as public clients, as defined by Section 2.1 of OAuth 2.0
236
- // > [RFC6749]; they MUST be registered with the authorization server as
237
- // > such. Authorization servers MUST record the client type in the
238
- // > client registration details in order to identify and process requests
239
- // > accordingly.
239
+ else if (!metadata.grant_types.includes('authorization_code')) {
240
+ // Consistency check
241
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`The "code" response type requires that "grant_types" contains "authorization_code"`);
240
242
  }
241
243
  if (metadata.authorization_details_types?.length) {
242
244
  const dupAuthDetailsType = metadata.authorization_details_types.find(isDuplicate);
@@ -275,36 +277,6 @@ class ClientManager {
275
277
  }
276
278
  }
277
279
  }
278
- if (metadata.application_type === 'native') {
279
- // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2
280
- //
281
- // > Native Clients [as defined by "application_type"] MUST only
282
- // > register redirect_uris using custom URI schemes or loopback URLs
283
- // > using the http scheme; loopback URLs use localhost or the IP
284
- // > loopback literals 127.0.0.1 or [::1] as the hostname.
285
- for (const redirectUri of metadata.redirect_uris) {
286
- const url = (0, client_utils_js_1.parseRedirectUri)(redirectUri);
287
- if (url.protocol !== 'http:') {
288
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Native clients must use HTTP redirect URIs (got ${url})`);
289
- }
290
- if (!(0, oauth_types_1.isLoopbackHost)(url.hostname) && !isPrivateUseUriScheme(url)) {
291
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError('Loopback redirect URIs are only allowed for native apps');
292
- }
293
- }
294
- }
295
- if (metadata.application_type === 'native') {
296
- // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2
297
- //
298
- // > Authorization Servers MAY reject Redirection URI values using
299
- // > the http scheme, other than the loopback case for Native
300
- // > Clients.
301
- for (const redirectUri of metadata.redirect_uris) {
302
- const url = (0, client_utils_js_1.parseRedirectUri)(redirectUri);
303
- if (url.protocol === 'http:' && !(0, oauth_types_1.isLoopbackUrl)(url)) {
304
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Native clients must not use HTTP redirect URIs (got ${url})`);
305
- }
306
- }
307
- }
308
280
  for (const redirectUri of metadata.redirect_uris) {
309
281
  const url = (0, client_utils_js_1.parseRedirectUri)(redirectUri);
310
282
  if (url.username || url.password) {
@@ -326,15 +298,9 @@ class ClientManager {
326
298
  // > resolution on the user's device.
327
299
  throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Loopback redirect URI ${url} is not allowed (use explicit IPs instead)`);
328
300
  }
329
- // falls through
330
301
  case url.hostname === '127.0.0.1':
331
302
  case url.hostname === '[::1]': {
332
- // https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
333
- //
334
- // > Loopback redirect URIs use the "http" scheme and are constructed
335
- // > with the loopback IP literal and whatever port the client is
336
- // > listening on. That is, "http://127.0.0.1:{port}/{path}" for IPv4,
337
- // > and "http://[::1]:{port}/{path}" for IPv6.
303
+ // Only allowed for native apps
338
304
  if (metadata.application_type !== 'native') {
339
305
  throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Loopback redirect URIs are only allowed for native apps`);
340
306
  }
@@ -353,6 +319,12 @@ class ClientManager {
353
319
  // "compareRedirectUri()".
354
320
  }
355
321
  if (url.protocol !== 'http:') {
322
+ // https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
323
+ //
324
+ // > Loopback redirect URIs use the "http" scheme and are constructed
325
+ // > with the loopback IP literal and whatever port the client is
326
+ // > listening on. That is, "http://127.0.0.1:{port}/{path}" for IPv4,
327
+ // > and "http://[::1]:{port}/{path}" for IPv6.
356
328
  throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Loopback redirect URI ${url} must use HTTP`);
357
329
  }
358
330
  break;
@@ -365,13 +337,18 @@ class ClientManager {
365
337
  // > target Request Object is signed in a way that is verifiable by
366
338
  // > the OP.
367
339
  //
368
- // TODO: Should we allow this (and check for signed request objects)?
369
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Non loopback redirect URI ${url} must use HTTPS`);
340
+ // OIDC/Request Object are not supported. ATproto spec should not
341
+ // allow HTTP redirect URIs either.
342
+ // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2
343
+ //
344
+ // > Authorization Servers MAY reject Redirection URI values using
345
+ // > the http scheme, other than the loopback case for Native
346
+ // > Clients.
347
+ throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError('Only loopback redirect URIs are allowed to use the "http" scheme');
370
348
  }
371
349
  case url.protocol === 'https:': {
372
- const redirectUriDomain = (0, hostname_js_1.parseUrlDomain)(url);
373
- if (!redirectUriDomain) {
374
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Redirect URI ${url} must be a valid URL`);
350
+ if (!(0, hostname_js_1.isInternetUrl)(url)) {
351
+ throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Redirect URI "${url}"'s domain name must belong to the Public Suffix List (PSL)`);
375
352
  }
376
353
  // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
377
354
  //
@@ -381,16 +358,28 @@ class ClientManager {
381
358
  // > where two apps claim the same private-use URI scheme (where one
382
359
  // > app is acting maliciously).
383
360
  //
384
- // Although this only applies to "native" clients (extract being from
385
- // rfc8252), we apply this rule to "web" clients as well.
386
- if (!clientUriParsed) {
387
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('client_uri is required for HTTPS redirect URIs');
388
- }
389
- else {
390
- if (redirectUriDomain.domain !== clientUriParsed.domain) {
391
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Redirect URI ${url} must be under the same domain as client_uri ${metadata.client_uri}`);
392
- }
393
- }
361
+ // We can't enforce this here (in generic client validation) because
362
+ // we don't have a concept of generic proven ownership.
363
+ //
364
+ // Discoverable clients, however, will have this check covered in the
365
+ // `validateDiscoverableClientMetadata`, by using the client_id's
366
+ // domain as "proven ownership".
367
+ // The following restriction from OIDC is *not* enforced for clients
368
+ // as it prevents "App Links" / "Apple Universal Links" from being
369
+ // used as redirect URIs.
370
+ //
371
+ // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2
372
+ //
373
+ // > Native Clients [as defined by "application_type"] MUST only
374
+ // > register redirect_uris using custom URI schemes or loopback URLs
375
+ // > using the http scheme; loopback URLs use localhost or the IP
376
+ // > loopback literals 127.0.0.1 or [::1] as the hostname.
377
+ //
378
+ // if (metadata.application_type === 'native') {
379
+ // throw new InvalidRedirectUriError(
380
+ // `Native clients must use custom URI schemes or loopback URLs`,
381
+ // )
382
+ // }
394
383
  break;
395
384
  }
396
385
  case isPrivateUseUriScheme(url): {
@@ -403,10 +392,6 @@ class ClientManager {
403
392
  if (metadata.application_type !== 'native') {
404
393
  throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Private-Use URI Scheme redirect URI are only allowed for native apps`);
405
394
  }
406
- const redirectUriDomain = (0, hostname_js_1.parseDomain)(reverseDomain(url.protocol.slice(0, -1)));
407
- if (!redirectUriDomain) {
408
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Private-use URI Scheme redirect URI must be based on a valid domain name`);
409
- }
410
395
  // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
411
396
  //
412
397
  // > In addition to the collision-resistant properties, requiring a
@@ -414,13 +399,13 @@ class ClientManager {
414
399
  // > the app can help to prove ownership in the event of a dispute
415
400
  // > where two apps claim the same private-use URI scheme (where one
416
401
  // > app is acting maliciously).
417
- if (!clientUriParsed) {
418
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('client_uri is required for native apps using private-use URI Scheme redirect URIs');
419
- }
420
- else {
421
- if (redirectUriDomain.domain !== clientUriParsed.domain) {
422
- throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Private-Use URI Scheme redirect URI ${url} must be under the same domain as client_uri ${metadata.client_uri}`);
423
- }
402
+ //
403
+ // We can't check for ownership here (as there is no concept of
404
+ // proven ownership in the generic client validation), but we can
405
+ // check that the domain is a valid domain name.
406
+ const urlDomain = reverseDomain(url.protocol.slice(0, -1));
407
+ if (!(0, hostname_js_1.isInternetHost)(urlDomain)) {
408
+ throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Private-use URI Scheme redirect URI must be based on a valid domain name`);
424
409
  }
425
410
  // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1
426
411
  //
@@ -461,10 +446,6 @@ class ClientManager {
461
446
  if (metadata.application_type !== 'native') {
462
447
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Loopback clients must have application_type "native"');
463
448
  }
464
- if (!constants_js_1.ALLOW_LOOPBACK_CLIENT_REFRESH_TOKEN &&
465
- metadata.grant_types.includes('refresh_token')) {
466
- throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Loopback clients are not allowed to use the "refresh_token" grant type');
467
- }
468
449
  const method = metadata[`token_endpoint_auth_method`];
469
450
  if (method !== 'none') {
470
451
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Loopback clients are not allowed to use "token_endpoint_auth_method" ${method}`);
@@ -505,14 +486,27 @@ class ClientManager {
505
486
  }
506
487
  const method = metadata[`token_endpoint_auth_method`];
507
488
  switch (method) {
489
+ case 'none':
490
+ case 'private_key_jwt':
491
+ case undefined:
492
+ break;
508
493
  case 'client_secret_post':
509
494
  case 'client_secret_basic':
510
495
  case 'client_secret_jwt':
511
496
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Client authentication method "${method}" is not allowed for discoverable clients`);
497
+ default:
498
+ throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported client authentication method "${method}"`);
512
499
  }
513
500
  for (const redirectUri of metadata.redirect_uris) {
514
501
  const url = (0, client_utils_js_1.parseRedirectUri)(redirectUri);
515
502
  if (isPrivateUseUriScheme(url)) {
503
+ // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
504
+ //
505
+ // > In addition to the collision-resistant properties, requiring a
506
+ // > URI scheme based on a domain name that is under the control of
507
+ // > the app can help to prove ownership in the event of a dispute
508
+ // > where two apps claim the same private-use URI scheme (where one
509
+ // > app is acting maliciously).
516
510
  // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html
517
511
  //
518
512
  // Fully qualified domain name (FQDN) of the client_id, in reverse
@@ -523,6 +517,21 @@ class ClientManager {
523
517
  throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Private-Use URI Scheme redirect URI, for discoverable client metadata, must be the fully qualified domain name (FQDN) of the client_id, in reverse order (${protocol})`);
524
518
  }
525
519
  }
520
+ if (url.protocol === 'https:') {
521
+ // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
522
+ //
523
+ // > In addition to the collision-resistant properties, requiring a
524
+ // > URI scheme based on a domain name that is under the control of
525
+ // > the app can help to prove ownership in the event of a dispute
526
+ // > where two apps claim the same private-use URI scheme (where one
527
+ // > app is acting maliciously).
528
+ //
529
+ // Although this only applies to "native" clients (extract being from
530
+ // rfc8252), we apply this rule to "web" clients as well.
531
+ if (url.hostname !== clientIdUrl.hostname) {
532
+ throw new invalid_redirect_uri_error_js_1.InvalidRedirectUriError(`Redirect URI ${url} must be under the same domain as client_id ${metadata.client_uri}`);
533
+ }
534
+ }
526
535
  }
527
536
  return metadata;
528
537
  }
@@ -1 +1 @@
1
- {"version":3,"file":"client-manager.js","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":";;;AAAA,+CAM4B;AAC5B,6CAAyC;AACzC,6DAImC;AACnC,sCAAuD;AACvD,sDAW6B;AAE7B,kDAAqE;AACrE,iGAAuF;AACvF,2FAAiF;AACjF,6DAAqD;AACrD,yDAAqE;AAKrE,uDAA+E;AAC/E,2CAAoC;AAEpC,MAAM,oBAAoB,GAAG,IAAA,WAAI,EAC/B,IAAA,wBAAgB,GAAE;AAClB,8IAA8I;AAC9I,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,IAAI,CAAC,EAC5C,IAAA,6BAAqB,EAAC,uCAAyB,CAAC,CACjD,CAAA;AAED,MAAM,gBAAgB,GAAG,IAAA,WAAI,EAC3B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,EAC7C,IAAA,6BAAqB,EAAC,gBAAU,CAAC,CAClC,CAAA;AAMD,MAAa,aAAa;IAKH;IACA;IACA;IACA;IACA;IARF,IAAI,CAA4B;IAChC,cAAc,CAA2C;IAE5E,YACqB,cAAgD,EAChD,MAAc,EACd,KAAiB,EACjB,KAAyB,EACzB,mBAAkD,IAAI,EACzE,SAAgB,EAChB,eAA0C,EAC1C,mBAA6D;QAP1C,mBAAc,GAAd,cAAc,CAAkC;QAChD,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,UAAK,GAAL,KAAK,CAAoB;QACzB,qBAAgB,GAAhB,gBAAgB,CAAsC;QAKzE,MAAM,KAAK,GAAG,IAAA,iBAAS,EAAC,SAAS,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAC9D,gBAAgB,CACjB,CAAA;YAED,OAAO,IAAI,CAAA;QACb,CAAC,EAAE,eAAe,CAAC,CAAA;QAEnB,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAClE,oBAAoB,CACrB,CAAA;YAED,+DAA+D;YAC/D,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACnD,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,SAAS,CAAC,QAAgB;QACrC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAA;YAEvD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ;gBAC5B,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAA;YAEb,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,QAAQ,EAAE;gBAC5D,QAAQ;gBACR,IAAI;aACL,CAAC,CAAA;YAEF,MAAM,YAAY,GAAG,WAAW,EAAE,YAAY,IAAI,KAAK,CAAA;YACvD,MAAM,SAAS,GACb,WAAW,EAAE,SAAS;gBACtB,CAAC,YAAY;oBACX,mEAAmE;oBACnE,CAAC,CAAC,IAAA,qCAAuB,EAAC,QAAQ,CAAC;wBACjC,CAAC,IAAA,yCAA2B,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;YAE9C,OAAO,IAAI,kBAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAA;QAC1E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,2BAAU;gBAAE,MAAM,GAAG,CAAA;YACxC,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,6BAA6B,EAAE,CAAC;gBACpD,MAAM,IAAI,6DAA0B,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAA;YACtE,CAAC;YACD,MAAM,6DAA0B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,QAAkB;QAElB,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;aAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,QAA+B;QAE/B,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAA;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAAC,kCAAkC,CAAC,CAAA;QAC1E,CAAC;QAED,MAAM,MAAM,GAAG,uCAAyB,CAAC,SAAS,CAChD,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CACjC,CAAA;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,6DAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACrD,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3D,CAAC;IAES,KAAK,CAAC,6BAA6B,CAC3C,QAAmC;QAEnC,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAEhE,sEAAsE;QACtE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,OAAO,QAAQ,CAAA;IACjB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,QAAkB;QAElB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YACtD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAED;;;;;OAKG;IACO,sBAAsB,CAC9B,QAAkB,EAClB,QAA6B;QAE7B,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,6DAA0B,CAClC,0CAA0C,CAC3C,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,CAAC,IAAI;YACd,iBAAiB;YACjB,8BAA8B;YAC9B,8BAA8B;YAC9B,iCAAiC;SACzB,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,6DAA0B,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU;YACtC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,CAAC,IAAI,CAAA;QACR,MAAM,eAAe,GAAG,YAAY,CAAC,CAAC,CAAC,IAAA,4BAAc,EAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAE1E,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;YACrC,MAAM,IAAI,6DAA0B,CAAC,gCAAgC,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAEzD,MAAM,QAAQ,GAAG,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,6DAA0B,CAAC,oBAAoB,QAAQ,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,gEAAgE;gBAChE,0DAA0D;gBAC1D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC3D,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,KAAK,GAAG,CAAC,CAAA;gBACtE,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,6DAA0B,CAClC,yBAAyB,YAAY,GAAG,CACzC,CAAA;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC7C,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,eAAe;oBAClB,SAAQ;gBACV,KAAK,UAAU,CAAC;gBAChB,KAAK,UAAU;oBACb,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,kBAAkB,CAC3C,CAAA;gBACH;oBACE,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,oBAAoB,CAC7C,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,6DAA0B,CAAC,0BAA0B,CAAC,CAAA;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,SAAS;gBACZ,MAAM,IAAI,6DAA0B,CAClC,oDAAoD,CACrD,CAAA;YAEH,KAAK,MAAM;gBACT,IAAI,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC7C,MAAM,IAAI,6DAA0B,CAClC,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP,KAAK,iBAAiB;gBACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACzC,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,6DAA0B,CAClC,+DAA+D,CAChE,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC9C,MAAM,IAAI,6DAA0B,CAClC,yDAAyD,CAC1D,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP;gBACE,MAAM,IAAI,6DAA0B,CAClC,GAAG,MAAM,oFAAoF,CAC9F,CAAA;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,oCAAoC,EAAE,CAAC;YAClD,MAAM,IAAI,6DAA0B,CAClC,mDAAmD,CACpD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,0CAA0C,EAAE,CAAC;YACxD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,oCAAoC;YAC7C,CAAC,QAAQ,CAAC,oCAAoC,EAC9C,CAAC;YACD,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,CAAC,wBAAwB,KAAK,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,KAAK,MAAM,YAAY,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YACnD,IAAI,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtC,MAAM,IAAI,6DAA0B,CAClC,iCAAiC,YAAY,oBAAoB,CAClE,CAAA;YACH,CAAC;YAED,wCAAwC;YACxC,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;gBAC5B,MAAM,IAAI,6DAA0B,CAClC,8BAA8B,YAAY,GAAG,CAC9C,CAAA;YACH,CAAC;YAED,oBAAoB;YACpB,IACE,YAAY,KAAK,MAAM;gBACvB,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EACpD,CAAC;gBACD,MAAM,IAAI,6DAA0B,CAClC,kBAAkB,YAAY,gDAAgD,CAC/E,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,4DAA4D;YAC5D,EAAE;YACF,mEAAmE;YACnE,iEAAiE;YACjE,yEAAyE;YACzE,wEAAwE;YACxE,oEAAoE;YACpE,0EAA0E;YAC1E,iBAAiB;QACnB,CAAC;QAED,IAAI,QAAQ,CAAC,2BAA2B,EAAE,MAAM,EAAE,CAAC;YACjD,MAAM,kBAAkB,GACtB,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,kBAAkB,GAAG,CAC/D,CAAA;YACH,CAAC;YAED,MAAM,kCAAkC,GACtC,IAAI,CAAC,cAAc,CAAC,qCAAqC,CAAA;YAC3D,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACxC,MAAM,IAAI,6DAA0B,CAClC,+CAA+C,CAChD,CAAA;YACH,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,2BAA2B,EAAE,CAAC;gBACxD,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,IAAI,GAAG,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;YACpC,mEAAmE;YAEnE,MAAM,IAAI,6DAA0B,CAClC,uCAAuC,CACxC,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,KAAK;YACnC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EACzC,CAAC;YACD,8EAA8E;YAC9E,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,gEAAgE;YAChE,cAAc;YAEd,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,uDAAuB,CAC/B,oDAAoD,CACrD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,8EAA8E;YAC9E,EAAE;YACF,gEAAgE;YAChE,qEAAqE;YACrE,iEAAiE;YACjE,0DAA0D;YAE1D,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC7B,MAAM,IAAI,uDAAuB,CAC/B,mDAAmD,GAAG,GAAG,CAC1D,CAAA;gBACH,CAAC;gBAED,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjE,MAAM,IAAI,uDAAuB,CAC/B,yDAAyD,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,8EAA8E;YAC9E,EAAE;YACF,kEAAkE;YAClE,6DAA6D;YAC7D,aAAa;YAEb,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAA,2BAAa,EAAC,GAAG,CAAC,EAAE,CAAC;oBACpD,MAAM,IAAI,uDAAuB,CAC/B,uDAAuD,GAAG,GAAG,CAC9D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,+BAA+B,CACnD,CAAA;YACH,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACb,gEAAgE;gBAEhE,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC;oBAClC,4DAA4D;oBAC5D,EAAE;oBACF,+CAA+C;oBAC/C,wEAAwE;oBACxE,oEAAoE;oBACpE,wEAAwE;oBACxE,oEAAoE;oBACpE,kEAAkE;oBAClE,qEAAqE;oBACrE,qCAAqC;oBACrC,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,4CAA4C,CACzE,CAAA;gBACH,CAAC;gBACD,gBAAgB;gBAChB,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;gBAClC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,4DAA4D;oBAC5D,EAAE;oBACF,qEAAqE;oBACrE,iEAAiE;oBACjE,sEAAsE;oBACtE,+CAA+C;oBAE/C,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,yDAAyD,CAC1D,CAAA;oBACH,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,4DAA4D;wBAC5D,EAAE;wBACF,oEAAoE;wBACpE,8DAA8D;wBAC9D,gEAAgE;wBAChE,0DAA0D;wBAC1D,EAAE;wBACF,gEAAgE;wBAChE,+DAA+D;wBAC/D,+DAA+D;wBAC/D,oDAAoD;wBACpD,0BAA0B;oBAC5B,CAAC;oBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBAC7B,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,gBAAgB,CAC7C,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED,yCAAyC;gBAEzC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,mEAAmE;oBACnE,YAAY;oBACZ,EAAE;oBACF,qEAAqE;oBACrE,MAAM,IAAI,uDAAuB,CAC/B,6BAA6B,GAAG,iBAAiB,CAClD,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC;oBAC/B,MAAM,iBAAiB,GAAG,IAAA,4BAAc,EAAC,GAAG,CAAC,CAAA;oBAC7C,IAAI,CAAC,iBAAiB,EAAE,CAAC;wBACvB,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,sBAAsB,CAC1C,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,qEAAqE;oBACrE,yDAAyD;oBACzD,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;oBACH,CAAC;yBAAM,CAAC;wBACN,IAAI,iBAAiB,CAAC,MAAM,KAAK,eAAe,CAAC,MAAM,EAAE,CAAC;4BACxD,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,gDAAgD,QAAQ,CAAC,UAAU,EAAE,CACzF,CAAA;wBACH,CAAC;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED,KAAK,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAChC,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,iEAAiE;oBACjE,iEAAiE;oBACjE,2CAA2C;oBAE3C,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,sEAAsE,CACvE,CAAA;oBACH,CAAC;oBAED,MAAM,iBAAiB,GAAG,IAAA,yBAAW,EACnC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CACzC,CAAA;oBAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;wBACvB,MAAM,IAAI,uDAAuB,CAC/B,0EAA0E,CAC3E,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,MAAM,IAAI,6DAA0B,CAClC,mFAAmF,CACpF,CAAA;oBACH,CAAC;yBAAM,CAAC;wBACN,IAAI,iBAAiB,CAAC,MAAM,KAAK,eAAe,CAAC,MAAM,EAAE,CAAC;4BACxD,MAAM,IAAI,uDAAuB,CAC/B,uCAAuC,GAAG,gDAAgD,QAAQ,CAAC,UAAU,EAAE,CAChH,CAAA;wBACH,CAAC;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,qEAAqE;oBACrE,sEAAsE;oBACtE,6DAA6D;oBAC7D,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;wBACxC,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,IAAI,EACR,CAAC;wBACD,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,GAAG,CAAC,QAAQ,SAAS,CACpE,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED;oBACE,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,+CAA+C;oBAC/C,MAAM,IAAI,uDAAuB,CAC/B,gCAAgC,GAAG,CAAC,QAAQ,GAAG,CAChD,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,QAAQ,CAAA;QACjB,CAAC;IACH,CAAC;IAED,8BAA8B,CAC5B,QAA+B,EAC/B,QAA6B;QAE7B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,IACE,CAAC,kDAAmC;YACpC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,EAC9C,CAAC;YACD,MAAM,IAAI,6DAA0B,CAClC,wEAAwE,CACzE,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAClC,wEAAwE,MAAM,EAAE,CACjF,CAAA;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,CAC/C,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uDAAuB,CAC/B,kDAAkD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,kCAAkC,CAChC,QAAmC,EACnC,QAA6B;QAE7B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,kIAAkI;YAClI,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,kIAAkI;YAClI,EAAE;YACF,sEAAsE;YACtE,yBAAyB;YAEzB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAEjD,IAAI,YAAY,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;YACH,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACnD,IACE,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAC9B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACjC,CAAC,CAAC,YAAY,CAAC,QAAQ;oBACvB,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,GAAG,CAChC,EACD,CAAC;oBACD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,oBAAoB,CAAC;YAC1B,KAAK,qBAAqB,CAAC;YAC3B,KAAK,mBAAmB;gBACtB,MAAM,IAAI,6DAA0B,CAClC,iCAAiC,MAAM,2CAA2C,CACnF,CAAA;QACL,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,kIAAkI;gBAClI,EAAE;gBACF,kEAAkE;gBAClE,mEAAmE;gBACnE,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,GAAG,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAA;gBAC1D,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,6JAA6J,QAAQ,GAAG,CACzK,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;CACF;AAtuBD,sCAsuBC;AAED,SAAS,WAAW,CAElB,KAAQ,EAAE,KAAa,EAAE,KAAU;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAQ;IACrC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,OAA0B;IAClE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAA;IAC7D,IAAI,OAAO,EAAE,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC9D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,OAAO;QACP,MAAM,EAAE,OAAO,EAAE,MAAM;QACvB,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAA;AACJ,CAAC"}
1
+ {"version":3,"file":"client-manager.js","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":";;;AAAA,+CAQ4B;AAC5B,6CAAyC;AACzC,6DAImC;AACnC,sCAAuD;AACvD,sDAU6B;AAC7B,6BAA8B;AAE9B,iGAAuF;AACvF,2FAAiF;AACjF,6DAAqD;AACrD,yDAIgC;AAKhC,uDAA+E;AAC/E,2CAAoC;AAEpC,MAAM,oBAAoB,GAAG,IAAA,WAAI,EAC/B,IAAA,wBAAgB,GAAE;AAClB,8IAA8I;AAC9I,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,IAAI,CAAC,EAC5C,IAAA,6BAAqB,EAAC,uCAAyB,CAAC,CACjD,CAAA;AAED,MAAM,gBAAgB,GAAG,IAAA,WAAI,EAC3B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,EAC7C,IAAA,6BAAqB,EAAC,gBAAU,CAAC,CAClC,CAAA;AAMD,MAAa,aAAa;IAKH;IACA;IACA;IACA;IACA;IARF,IAAI,CAA4B;IAChC,cAAc,CAA2C;IAE5E,YACqB,cAAgD,EAChD,MAAc,EACd,KAAiB,EACjB,KAAyB,EACzB,mBAAkD,IAAI,EACzE,SAAgB,EAChB,eAA0C,EAC1C,mBAA6D;QAP1C,mBAAc,GAAd,cAAc,CAAkC;QAChD,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,UAAK,GAAL,KAAK,CAAoB;QACzB,qBAAgB,GAAhB,gBAAgB,CAAsC;QAKzE,MAAM,KAAK,GAAG,IAAA,iBAAS,EAAC,SAAS,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAC9D,gBAAgB,CACjB,CAAA;YAED,OAAO,IAAI,CAAA;QACb,CAAC,EAAE,eAAe,CAAC,CAAA;QAEnB,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAClE,oBAAoB,CACrB,CAAA;YAED,+DAA+D;YAC/D,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACnD,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,SAAS,CAAC,QAAgB;QACrC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAA;YAEvD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ;gBAC5B,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAA;YAEb,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,QAAQ,EAAE;gBAC5D,QAAQ;gBACR,IAAI;aACL,CAAC,CAAA;YAEF,MAAM,YAAY,GAAG,WAAW,EAAE,YAAY,IAAI,KAAK,CAAA;YACvD,MAAM,SAAS,GAAG,WAAW,EAAE,SAAS,IAAI,YAAY,CAAA;YAExD,OAAO,IAAI,kBAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAA;QAC1E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;gBAC9B,MAAM,GAAG,CAAA;YACX,CAAC;YACD,IAAI,GAAG,YAAY,kBAAU,EAAE,CAAC;gBAC9B,MAAM,OAAO,GACX,GAAG,YAAY,0BAAkB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG;oBACzD,CAAC,CAAC,gEAAgE;wBAChE,uCAAuC,GAAG,CAAC,OAAO,EAAE;oBACtD,CAAC,CAAC,6DAA6D,CAAA;gBACnE,MAAM,IAAI,6DAA0B,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACpD,CAAC;YACD,IAAI,GAAG,YAAY,cAAQ,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM;qBACtB,GAAG,CACF,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CACpB,aAAa,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAuB,OAAO,EAAE,CAC5F;qBACA,IAAI,CAAC,GAAG,CAAC,CAAA;gBACZ,MAAM,IAAI,6DAA0B,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YAClE,CAAC;YACD,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,6BAA6B,EAAE,CAAC;gBACpD,MAAM,IAAI,6DAA0B,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAA;YACtE,CAAC;YAED,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,0CAA0C,QAAQ,GAAG,CACtD,CAAA;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,QAAkB;QAElB,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;aAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,QAA+B;QAE/B,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAA;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAAC,kCAAkC,CAAC,CAAA;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,uCAAyB,CAAC,KAAK,CAC9C,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CACjC,CAAA;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACxD,CAAC;IAES,KAAK,CAAC,6BAA6B,CAC3C,QAAmC;QAEnC,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAEhE,sEAAsE;QACtE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,OAAO,QAAQ,CAAA;IACjB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,QAAkB;QAElB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YACtD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAED;;;;;OAKG;IACO,sBAAsB,CAC9B,QAAkB,EAClB,QAA6B;QAE7B,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,6DAA0B,CAClC,0CAA0C,CAC3C,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,CAAC,IAAI;YACd,iBAAiB;YACjB,8BAA8B;YAC9B,8BAA8B;YAC9B,iCAAiC;SACzB,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,6DAA0B,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU;YACtC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,CAAC,IAAI,CAAA;QACR,MAAM,eAAe,GAAG,YAAY;YAClC,CAAC,CAAC,IAAA,kCAAoB,EAAC,YAAY,CAAC;YACpC,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;YACrC,MAAM,IAAI,6DAA0B,CAAC,gCAAgC,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,6DAA0B,CAAC,wBAAwB,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,6DAA0B,CAAC,yBAAyB,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,6DAA0B,CAAC,oBAAoB,QAAQ,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,gEAAgE;YAChE,0DAA0D;YAC1D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,KAAK,GAAG,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,6DAA0B,CAClC,yBAAyB,YAAY,GAAG,CACzC,CAAA;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC7C,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,UAAU;oBACb,yBAAyB;oBACzB,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,kBAAkB,CAC3C,CAAA;gBAEH,mDAAmD;gBACnD,6BAA6B;gBAC7B,mBAAmB;gBACnB,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,eAAe;oBAClB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,qBAAqB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBACpE,MAAM,IAAI,6DAA0B,CAClC,2BAA2B,SAAS,GAAG,CACxC,CAAA;oBACH,CAAC;oBACD,MAAK;gBAEP;oBACE,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,oBAAoB,CAC7C,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,6DAA0B,CAAC,0BAA0B,CAAC,CAAA;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,SAAS;gBACZ,MAAM,IAAI,6DAA0B,CAClC,oDAAoD,CACrD,CAAA;YAEH,KAAK,MAAM;gBACT,IAAI,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC7C,MAAM,IAAI,6DAA0B,CAClC,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP,KAAK,iBAAiB;gBACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACzC,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,6DAA0B,CAClC,+DAA+D,CAChE,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC9C,MAAM,IAAI,6DAA0B,CAClC,yDAAyD,CAC1D,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP;gBACE,MAAM,IAAI,6DAA0B,CAClC,GAAG,MAAM,oFAAoF,CAC9F,CAAA;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,oCAAoC,EAAE,CAAC;YAClD,MAAM,IAAI,6DAA0B,CAClC,mDAAmD,CACpD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,0CAA0C,EAAE,CAAC;YACxD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,oCAAoC;YAC7C,CAAC,QAAQ,CAAC,oCAAoC,EAC9C,CAAC;YACD,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,CAAC,wBAAwB,KAAK,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,6DAA0B,CAAC,oCAAoC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAChE,oBAAoB;YACpB,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,2BAA2B,EAAE,MAAM,EAAE,CAAC;YACjD,MAAM,kBAAkB,GACtB,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,kBAAkB,GAAG,CAC/D,CAAA;YACH,CAAC;YAED,MAAM,kCAAkC,GACtC,IAAI,CAAC,cAAc,CAAC,qCAAqC,CAAA;YAC3D,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACxC,MAAM,IAAI,6DAA0B,CAClC,+CAA+C,CAChD,CAAA;YACH,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,2BAA2B,EAAE,CAAC;gBACxD,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,IAAI,GAAG,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;YACpC,mEAAmE;YAEnE,MAAM,IAAI,6DAA0B,CAClC,uCAAuC,CACxC,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,KAAK;YACnC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EACzC,CAAC;YACD,8EAA8E;YAC9E,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,gEAAgE;YAChE,cAAc;YAEd,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,uDAAuB,CAC/B,oDAAoD,CACrD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,+BAA+B,CACnD,CAAA;YACH,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACb,gEAAgE;gBAEhE,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC;oBAClC,4DAA4D;oBAC5D,EAAE;oBACF,+CAA+C;oBAC/C,wEAAwE;oBACxE,oEAAoE;oBACpE,wEAAwE;oBACxE,oEAAoE;oBACpE,kEAAkE;oBAClE,qEAAqE;oBACrE,qCAAqC;oBACrC,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,4CAA4C,CACzE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;gBAClC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,+BAA+B;oBAC/B,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,yDAAyD,CAC1D,CAAA;oBACH,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,4DAA4D;wBAC5D,EAAE;wBACF,oEAAoE;wBACpE,8DAA8D;wBAC9D,gEAAgE;wBAChE,0DAA0D;wBAC1D,EAAE;wBACF,gEAAgE;wBAChE,+DAA+D;wBAC/D,+DAA+D;wBAC/D,oDAAoD;wBACpD,0BAA0B;oBAC5B,CAAC;oBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBAC7B,4DAA4D;wBAC5D,EAAE;wBACF,qEAAqE;wBACrE,iEAAiE;wBACjE,sEAAsE;wBACtE,+CAA+C;wBAC/C,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,gBAAgB,CAC7C,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED,yCAAyC;gBAEzC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,mEAAmE;oBACnE,YAAY;oBACZ,EAAE;oBACF,iEAAiE;oBACjE,mCAAmC;oBAEnC,8EAA8E;oBAC9E,EAAE;oBACF,kEAAkE;oBAClE,6DAA6D;oBAC7D,aAAa;oBACb,MAAM,IAAI,uDAAuB,CAC/B,kEAAkE,CACnE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC;oBAC/B,IAAI,CAAC,IAAA,2BAAa,EAAC,GAAG,CAAC,EAAE,CAAC;wBACxB,MAAM,IAAI,uDAAuB,CAC/B,iBAAiB,GAAG,6DAA6D,CAClF,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,oEAAoE;oBACpE,uDAAuD;oBACvD,EAAE;oBACF,qEAAqE;oBACrE,iEAAiE;oBACjE,gCAAgC;oBAEhC,oEAAoE;oBACpE,kEAAkE;oBAClE,yBAAyB;oBACzB,EAAE;oBACF,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,qEAAqE;oBACrE,iEAAiE;oBACjE,0DAA0D;oBAC1D,EAAE;oBACF,gDAAgD;oBAChD,uCAAuC;oBACvC,qEAAqE;oBACrE,MAAM;oBACN,IAAI;oBAEJ,MAAK;gBACP,CAAC;gBAED,KAAK,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAChC,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,iEAAiE;oBACjE,iEAAiE;oBACjE,2CAA2C;oBAE3C,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,sEAAsE,CACvE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,+DAA+D;oBAC/D,iEAAiE;oBACjE,gDAAgD;oBAEhD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;oBAE1D,IAAI,CAAC,IAAA,4BAAc,EAAC,SAAS,CAAC,EAAE,CAAC;wBAC/B,MAAM,IAAI,uDAAuB,CAC/B,0EAA0E,CAC3E,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,qEAAqE;oBACrE,sEAAsE;oBACtE,6DAA6D;oBAC7D,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;wBACxC,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,IAAI,EACR,CAAC;wBACD,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,GAAG,CAAC,QAAQ,SAAS,CACpE,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED;oBACE,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,+CAA+C;oBAC/C,MAAM,IAAI,uDAAuB,CAC/B,gCAAgC,GAAG,CAAC,QAAQ,GAAG,CAChD,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,QAAQ,CAAA;QACjB,CAAC;IACH,CAAC;IAED,8BAA8B,CAC5B,QAA+B,EAC/B,QAA6B;QAE7B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAClC,wEAAwE,MAAM,EAAE,CACjF,CAAA;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,CAC/C,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uDAAuB,CAC/B,kDAAkD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,kCAAkC,CAChC,QAAmC,EACnC,QAA6B;QAE7B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,kIAAkI;YAClI,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,kIAAkI;YAClI,EAAE;YACF,sEAAsE;YACtE,yBAAyB;YAEzB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAEjD,IAAI,YAAY,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;YACH,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACnD,IACE,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAC9B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACjC,CAAC,CAAC,YAAY,CAAC,QAAQ;oBACvB,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,GAAG,CAChC,EACD,CAAC;oBACD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,4BAA4B,CAAC,CAAA;QACrD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,MAAM,CAAC;YACZ,KAAK,iBAAiB,CAAC;YACvB,KAAK,SAAS;gBACZ,MAAK;YACP,KAAK,oBAAoB,CAAC;YAC1B,KAAK,qBAAqB,CAAC;YAC3B,KAAK,mBAAmB;gBACtB,MAAM,IAAI,6DAA0B,CAClC,iCAAiC,MAAM,2CAA2C,CACnF,CAAA;YACH;gBACE,MAAM,IAAI,6DAA0B,CAClC,6CAA6C,MAAM,GAAG,CACvD,CAAA;QACL,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,4DAA4D;gBAC5D,EAAE;gBACF,mEAAmE;gBACnE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,gCAAgC;gBAEhC,kIAAkI;gBAClI,EAAE;gBACF,kEAAkE;gBAClE,mEAAmE;gBACnE,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,GAAG,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAA;gBAC1D,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,6JAA6J,QAAQ,GAAG,CACzK,CAAA;gBACH,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC9B,4DAA4D;gBAC5D,EAAE;gBACF,mEAAmE;gBACnE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,gCAAgC;gBAChC,EAAE;gBACF,qEAAqE;gBACrE,yDAAyD;gBAEzD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC,QAAQ,EAAE,CAAC;oBAC1C,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,+CAA+C,QAAQ,CAAC,UAAU,EAAE,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;CACF;AAnuBD,sCAmuBC;AAED,SAAS,WAAW,CAElB,KAAQ,EAAE,KAAa,EAAE,KAAU;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAQ;IACrC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,OAA0B;IAClE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAA;IAC7D,IAAI,OAAO,EAAE,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC9D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,OAAO;QACP,MAAM,EAAE,OAAO,EAAE,MAAM;QACvB,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAA;AACJ,CAAC"}
@@ -1,6 +1,5 @@
1
1
  /// <reference types="node" />
2
- import { OAuthClientIdDiscoverable, OAuthClientIdLoopback } from '@atproto/oauth-types';
2
+ import { OAuthClientIdDiscoverable } from '@atproto/oauth-types';
3
3
  export declare function parseRedirectUri(redirectUri: string): URL;
4
4
  export declare function parseDiscoverableClientId(clientId: OAuthClientIdDiscoverable): URL;
5
- export declare function parseLoopbackClientId(clientId: OAuthClientIdLoopback): URL;
6
5
  //# sourceMappingURL=client-utils.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"client-utils.d.ts","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";AAAA,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EAGtB,MAAM,sBAAsB,CAAA;AAM7B,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAMzD;AAED,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,yBAAyB,GAClC,GAAG,CAaL;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,qBAAqB,GAAG,GAAG,CAM1E"}
1
+ {"version":3,"file":"client-utils.d.ts","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";AAAA,OAAO,EACL,yBAAyB,EAE1B,MAAM,sBAAsB,CAAA;AAM7B,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAMzD;AAED,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,yBAAyB,GAClC,GAAG,CAkBL"}
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.parseLoopbackClientId = exports.parseDiscoverableClientId = exports.parseRedirectUri = void 0;
3
+ exports.parseDiscoverableClientId = exports.parseRedirectUri = void 0;
4
4
  const oauth_types_1 = require("@atproto/oauth-types");
5
5
  const invalid_client_id_error_js_1 = require("../errors/invalid-client-id-error.js");
6
6
  const invalid_redirect_uri_error_js_1 = require("../errors/invalid-redirect-uri-error.js");
@@ -19,22 +19,13 @@ function parseDiscoverableClientId(clientId) {
19
19
  const url = (0, oauth_types_1.parseOAuthDiscoverableClientId)(clientId);
20
20
  // Extra validation, prevent usage of invalid internet domain names.
21
21
  if (!(0, hostname_js_1.isInternetHost)(url.hostname)) {
22
- throw new invalid_client_id_error_js_1.InvalidClientIdError('ClientID is not a valid internet address');
22
+ throw new invalid_client_id_error_js_1.InvalidClientIdError("The client_id's TLD must belong to the Public Suffix List (PSL)");
23
23
  }
24
24
  return url;
25
25
  }
26
26
  catch (err) {
27
- throw invalid_client_id_error_js_1.InvalidClientIdError.from(err);
27
+ throw invalid_client_id_error_js_1.InvalidClientIdError.from(err, 'Invalid discoverable client identifier');
28
28
  }
29
29
  }
30
30
  exports.parseDiscoverableClientId = parseDiscoverableClientId;
31
- function parseLoopbackClientId(clientId) {
32
- try {
33
- return (0, oauth_types_1.parseOAuthLoopbackClientId)(clientId);
34
- }
35
- catch (err) {
36
- throw invalid_client_id_error_js_1.InvalidClientIdError.from(err);
37
- }
38
- }
39
- exports.parseLoopbackClientId = parseLoopbackClientId;
40
31
  //# sourceMappingURL=client-utils.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"client-utils.js","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";;;AAAA,sDAK6B;AAE7B,qFAA2E;AAC3E,2FAAiF;AACjF,yDAAwD;AAExD,SAAgB,gBAAgB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,uDAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,CAAC;AACH,CAAC;AAND,4CAMC;AAED,SAAgB,yBAAyB,CACvC,QAAmC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4CAA8B,EAAC,QAAQ,CAAC,CAAA;QAEpD,oEAAoE;QACpE,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iDAAoB,CAAC,0CAA0C,CAAC,CAAA;QAC5E,CAAC;QAED,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,iDAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACtC,CAAC;AACH,CAAC;AAfD,8DAeC;AAED,SAAgB,qBAAqB,CAAC,QAA+B;IACnE,IAAI,CAAC;QACH,OAAO,IAAA,wCAA0B,EAAC,QAAQ,CAAC,CAAA;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,iDAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACtC,CAAC;AACH,CAAC;AAND,sDAMC"}
1
+ {"version":3,"file":"client-utils.js","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAE7B,qFAA2E;AAC3E,2FAAiF;AACjF,yDAAwD;AAExD,SAAgB,gBAAgB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,uDAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,CAAC;AACH,CAAC;AAND,4CAMC;AAED,SAAgB,yBAAyB,CACvC,QAAmC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4CAA8B,EAAC,QAAQ,CAAC,CAAA;QAEpD,oEAAoE;QACpE,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iDAAoB,CAC5B,iEAAiE,CAClE,CAAA;QACH,CAAC;QAED,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,iDAAoB,CAAC,IAAI,CAC7B,GAAG,EACH,wCAAwC,CACzC,CAAA;IACH,CAAC;AACH,CAAC;AApBD,8DAoBC"}
@@ -1,5 +1,5 @@
1
1
  import { Jwks } from '@atproto/jwk';
2
- import { OAuthClientIdentification, OAuthClientMetadata } from '@atproto/oauth-types';
2
+ import { OAuthAuthorizationRequestParameters, OAuthClientCredentials, OAuthClientMetadata } from '@atproto/oauth-types';
3
3
  import { type JWTPayload, type JWTVerifyOptions, type JWTVerifyResult, type KeyLike, type ResolvedKey, type UnsecuredResult } from 'jose';
4
4
  import { ClientAuth } from './client-auth.js';
5
5
  import { ClientId } from './client-id.js';
@@ -20,10 +20,10 @@ export declare class Client {
20
20
  protected jwtVerify<PayloadType = JWTPayload>(token: string, options?: Omit<JWTVerifyOptions, 'issuer'>): Promise<JWTVerifyResult<PayloadType> & ResolvedKey<KeyLike>>;
21
21
  /**
22
22
  * @see {@link https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1}
23
- * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bearer-11#section-3}
23
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
24
24
  * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}
25
25
  */
26
- verifyCredentials(input: OAuthClientIdentification, checks: {
26
+ verifyCredentials(input: OAuthClientCredentials, checks: {
27
27
  audience: string;
28
28
  }): Promise<{
29
29
  clientAuth: ClientAuth;
@@ -36,5 +36,10 @@ export declare class Client {
36
36
  * during the initial token request.
37
37
  */
38
38
  validateClientAuth(clientAuth: ClientAuth): Promise<boolean>;
39
+ /**
40
+ * Validates the request parameters against the client metadata.
41
+ */
42
+ validateRequest(parameters: Readonly<OAuthAuthorizationRequestParameters>): Readonly<OAuthAuthorizationRequestParameters>;
43
+ get defaultRedirectUri(): string | undefined;
39
44
  }
40
45
  //# sourceMappingURL=client.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EAEL,yBAAyB,EACzB,mBAAmB,EACpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAML,KAAK,UAAU,EAEf,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,eAAe,EACrB,MAAM,MAAM,CAAA;AAMb,OAAO,EAAE,UAAU,EAAqB,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAI7C,qBAAa,MAAM;aASC,EAAE,EAAE,QAAQ;aACZ,QAAQ,EAAE,mBAAmB;aAC7B,IAAI,EAAE,SAAS,GAAG,IAAI;aACtB,IAAI,EAAE,UAAU;IAXlC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,sBAAsB,uCAAuC;IAE7E,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAiB;gBAGzB,EAAE,EAAE,QAAQ,EACZ,QAAQ,EAAE,mBAAmB,EAC7B,IAAI,EAAE,SAAS,GAAG,IAAoB,EACtC,IAAI,EAAE,UAAU;IASrB,mBAAmB,CAAC,GAAG,EAAE,MAAM;cA8B5B,kBAAkB,CAAC,WAAW,GAAG,UAAU,EACzD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GACzC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;cAOxB,SAAS,CAAC,WAAW,GAAG,UAAU,EAChD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GACzC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAO/D;;;;OAIG;IACU,iBAAiB,CAC5B,KAAK,EAAE,yBAAyB,EAChC,MAAM,EAAE;QACN,QAAQ,EAAE,MAAM,CAAA;KACjB,GACA,OAAO,CAAC;QACT,UAAU,EAAE,UAAU,CAAA;QAEtB,KAAK,CAAC,EAAE,MAAM,CAAA;KACf,CAAC;IAsEF;;;;;OAKG;IACU,kBAAkB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;CA4B1E"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EAEL,mCAAmC,EACnC,sBAAsB,EACtB,mBAAmB,EACpB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAML,KAAK,UAAU,EAEf,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,eAAe,EACrB,MAAM,MAAM,CAAA;AAUb,OAAO,EAAE,UAAU,EAAqB,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAI7C,qBAAa,MAAM;aASC,EAAE,EAAE,QAAQ;aACZ,QAAQ,EAAE,mBAAmB;aAC7B,IAAI,EAAE,SAAS,GAAG,IAAI;aACtB,IAAI,EAAE,UAAU;IAXlC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,sBAAsB,uCAAuC;IAE7E,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAiB;gBAGzB,EAAE,EAAE,QAAQ,EACZ,QAAQ,EAAE,mBAAmB,EAC7B,IAAI,EAAE,SAAS,GAAG,IAAoB,EACtC,IAAI,EAAE,UAAU;IASrB,mBAAmB,CAAC,GAAG,EAAE,MAAM;cA8B5B,kBAAkB,CAAC,WAAW,GAAG,UAAU,EACzD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GACzC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;cAOxB,SAAS,CAAC,WAAW,GAAG,UAAU,EAChD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GACzC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAO/D;;;;OAIG;IACU,iBAAiB,CAC5B,KAAK,EAAE,sBAAsB,EAC7B,MAAM,EAAE;QACN,QAAQ,EAAE,MAAM,CAAA;KACjB,GACA,OAAO,CAAC;QACT,UAAU,EAAE,UAAU,CAAA;QAEtB,KAAK,CAAC,EAAE,MAAM,CAAA;KACf,CAAC;IAsEF;;;;;OAKG;IACU,kBAAkB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BzE;;OAEG;IACI,eAAe,CACpB,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,GACxD,QAAQ,CAAC,mCAAmC,CAAC;IA8FhD,IAAI,kBAAkB,IAAI,MAAM,GAAG,SAAS,CAG3C;CACF"}