npm - @atproto/oauth-provider - Versions diffs - 0.2.16 → 0.3.0 - Mend

@atproto/oauth-provider 0.2.16 → 0.3.0

Files changed (230) hide show

package/CHANGELOG.md +34 -0
package/dist/account/account-store.d.ts +1 -1
package/dist/account/account-store.d.ts.map +1 -1
package/dist/account/account-store.js +6 -9
package/dist/account/account-store.js.map +1 -1
package/dist/account/account.d.ts +1 -1
package/dist/account/account.d.ts.map +1 -1
package/dist/assets/app/bundle-manifest.json +2 -2
package/dist/assets/app/main.js +1 -1
package/dist/assets/app/main.js.map +1 -1
package/dist/assets/assets-middleware.d.ts.map +1 -1
package/dist/assets/assets-middleware.js.map +1 -1
package/dist/assets/index.d.ts.map +1 -1
package/dist/assets/index.js +7 -6
package/dist/assets/index.js.map +1 -1
package/dist/client/client-auth.d.ts +1 -1
package/dist/client/client-auth.d.ts.map +1 -1
package/dist/client/client-auth.js +1 -1
package/dist/client/client-auth.js.map +1 -1
package/dist/client/client-manager.d.ts +2 -2
package/dist/client/client-manager.d.ts.map +1 -1
package/dist/client/client-manager.js +8 -10
package/dist/client/client-manager.js.map +1 -1
package/dist/client/client-store.d.ts.map +1 -1
package/dist/client/client-store.js.map +1 -1
package/dist/client/client-utils.d.ts.map +1 -1
package/dist/client/client-utils.js.map +1 -1
package/dist/client/client.d.ts +1 -1
package/dist/client/client.d.ts.map +1 -1
package/dist/client/client.js +1 -1
package/dist/client/client.js.map +1 -1
package/dist/device/device-data.d.ts +7 -8
package/dist/device/device-data.d.ts.map +1 -1
package/dist/device/device-data.js +3 -2
package/dist/device/device-data.js.map +1 -1
package/dist/device/device-id.d.ts.map +1 -1
package/dist/device/device-id.js.map +1 -1
package/dist/device/device-manager.d.ts +104 -19
package/dist/device/device-manager.d.ts.map +1 -1
package/dist/device/device-manager.js +44 -31
package/dist/device/device-manager.js.map +1 -1
package/dist/device/session-id.d.ts.map +1 -1
package/dist/device/session-id.js.map +1 -1
package/dist/dpop/dpop-manager.d.ts.map +1 -1
package/dist/dpop/dpop-manager.js.map +1 -1
package/dist/dpop/dpop-nonce.d.ts.map +1 -1
package/dist/dpop/dpop-nonce.js.map +1 -1
package/dist/errors/invalid-client-metadata-error.js +1 -1
package/dist/errors/invalid-client-metadata-error.js.map +1 -1
package/dist/errors/invalid-token-error.d.ts.map +1 -1
package/dist/errors/invalid-token-error.js +1 -1
package/dist/errors/invalid-token-error.js.map +1 -1
package/dist/errors/www-authenticate-error.d.ts.map +1 -1
package/dist/errors/www-authenticate-error.js.map +1 -1
package/dist/lib/http/accept.d.ts +2 -1
package/dist/lib/http/accept.d.ts.map +1 -1
package/dist/lib/http/accept.js.map +1 -1
package/dist/lib/http/method.d.ts +1 -1
package/dist/lib/http/method.d.ts.map +1 -1
package/dist/lib/http/middleware.d.ts +1 -1
package/dist/lib/http/middleware.d.ts.map +1 -1
package/dist/lib/http/request.d.ts +10 -1
package/dist/lib/http/request.d.ts.map +1 -1
package/dist/lib/http/request.js +40 -2
package/dist/lib/http/request.js.map +1 -1
package/dist/lib/http/response.d.ts +3 -2
package/dist/lib/http/response.d.ts.map +1 -1
package/dist/lib/http/response.js.map +1 -1
package/dist/lib/http/route.d.ts +2 -1
package/dist/lib/http/route.d.ts.map +1 -1
package/dist/lib/http/route.js.map +1 -1
package/dist/lib/http/router.d.ts +2 -1
package/dist/lib/http/router.d.ts.map +1 -1
package/dist/lib/http/router.js.map +1 -1
package/dist/lib/http/stream.d.ts +1 -1
package/dist/lib/http/stream.d.ts.map +1 -1
package/dist/lib/http/stream.js +1 -1
package/dist/lib/http/stream.js.map +1 -1
package/dist/lib/http/types.d.ts +0 -1
package/dist/lib/http/types.d.ts.map +1 -1
package/dist/lib/util/authorization-header.d.ts.map +1 -1
package/dist/lib/util/authorization-header.js +1 -1
package/dist/lib/util/authorization-header.js.map +1 -1
package/dist/lib/util/function.d.ts +8 -0
package/dist/lib/util/function.d.ts.map +1 -1
package/dist/lib/util/function.js +1 -1
package/dist/lib/util/function.js.map +1 -1
package/dist/lib/util/hostname.d.ts.map +1 -1
package/dist/lib/util/time.d.ts +7 -1
package/dist/lib/util/time.d.ts.map +1 -1
package/dist/lib/util/time.js +23 -12
package/dist/lib/util/time.js.map +1 -1
package/dist/metadata/build-metadata.d.ts.map +1 -1
package/dist/metadata/build-metadata.js.map +1 -1
package/dist/oauth-hooks.d.ts +56 -4
package/dist/oauth-hooks.d.ts.map +1 -1
package/dist/oauth-hooks.js +8 -0
package/dist/oauth-hooks.js.map +1 -1
package/dist/oauth-provider.d.ts +13 -10
package/dist/oauth-provider.d.ts.map +1 -1
package/dist/oauth-provider.js +36 -58
package/dist/oauth-provider.js.map +1 -1
package/dist/oauth-verifier.d.ts +1 -1
package/dist/oauth-verifier.d.ts.map +1 -1
package/dist/oauth-verifier.js.map +1 -1
package/dist/output/build-authorize-data.d.ts.map +1 -1
package/dist/output/build-authorize-data.js.map +1 -1
package/dist/output/build-error-payload.d.ts.map +1 -1
package/dist/output/build-error-payload.js +1 -1
package/dist/output/build-error-payload.js.map +1 -1
package/dist/output/output-manager.d.ts +1 -1
package/dist/output/output-manager.d.ts.map +1 -1
package/dist/output/output-manager.js.map +1 -1
package/dist/output/send-authorize-redirect.d.ts +1 -1
package/dist/output/send-authorize-redirect.d.ts.map +1 -1
package/dist/output/send-authorize-redirect.js.map +1 -1
package/dist/output/send-web-page.d.ts +1 -1
package/dist/output/send-web-page.d.ts.map +1 -1
package/dist/output/send-web-page.js.map +1 -1
package/dist/replay/replay-store-redis.d.ts.map +1 -1
package/dist/replay/replay-store-redis.js.map +1 -1
package/dist/request/code.d.ts.map +1 -1
package/dist/request/code.js.map +1 -1
package/dist/request/request-data.d.ts.map +1 -1
package/dist/request/request-data.js.map +1 -1
package/dist/request/request-id.d.ts.map +1 -1
package/dist/request/request-id.js.map +1 -1
package/dist/request/request-info.d.ts +1 -1
package/dist/request/request-info.d.ts.map +1 -1
package/dist/request/request-manager.d.ts +2 -1
package/dist/request/request-manager.d.ts.map +1 -1
package/dist/request/request-manager.js +10 -2
package/dist/request/request-manager.js.map +1 -1
package/dist/request/request-store-memory.d.ts +1 -1
package/dist/request/request-store-memory.d.ts.map +1 -1
package/dist/request/request-store-redis.d.ts +1 -1
package/dist/request/request-store-redis.d.ts.map +1 -1
package/dist/request/request-store-redis.js.map +1 -1
package/dist/request/request-uri.d.ts.map +1 -1
package/dist/request/request-uri.js.map +1 -1
package/dist/signer/signed-token-payload.d.ts +1 -1
package/dist/signer/signed-token-payload.d.ts.map +1 -1
package/dist/signer/signed-token-payload.js +2 -5
package/dist/signer/signed-token-payload.js.map +1 -1
package/dist/signer/signer.d.ts +1 -1
package/dist/signer/signer.d.ts.map +1 -1
package/dist/signer/signer.js.map +1 -1
package/dist/token/refresh-token.d.ts.map +1 -1
package/dist/token/refresh-token.js.map +1 -1
package/dist/token/token-claims.d.ts +1 -1
package/dist/token/token-claims.d.ts.map +1 -1
package/dist/token/token-claims.js +2 -5
package/dist/token/token-claims.js.map +1 -1
package/dist/token/token-data.d.ts.map +1 -1
package/dist/token/token-id.d.ts.map +1 -1
package/dist/token/token-id.js.map +1 -1
package/dist/token/token-manager.d.ts +3 -2
package/dist/token/token-manager.d.ts.map +1 -1
package/dist/token/token-manager.js +40 -25
package/dist/token/token-manager.js.map +1 -1
package/dist/token/verify-token-claims.d.ts.map +1 -1
package/dist/token/verify-token-claims.js.map +1 -1
package/package.json +13 -12
package/rollup.config.js +4 -5
package/src/account/account-store.ts +1 -2
package/src/account/account.ts +1 -1
package/src/assets/app/hooks/use-api.ts +1 -2
package/src/assets/app/lib/api.ts +0 -1
package/src/assets/assets-middleware.ts +0 -1
package/src/assets/index.ts +2 -3
package/src/client/client-auth.ts +1 -2
package/src/client/client-manager.ts +22 -25
package/src/client/client-store.ts +0 -1
package/src/client/client-utils.ts +0 -1
package/src/client/client.ts +13 -14
package/src/device/device-data.ts +3 -3
package/src/device/device-id.ts +0 -1
package/src/device/device-manager.ts +94 -79
package/src/device/session-id.ts +0 -1
package/src/dpop/dpop-manager.ts +0 -2
package/src/dpop/dpop-nonce.ts +0 -1
package/src/errors/invalid-client-metadata-error.ts +1 -1
package/src/errors/invalid-token-error.ts +1 -2
package/src/errors/www-authenticate-error.ts +0 -1
package/src/lib/http/accept.ts +2 -7
package/src/lib/http/method.ts +1 -1
package/src/lib/http/middleware.ts +1 -1
package/src/lib/http/request.ts +66 -4
package/src/lib/http/response.ts +3 -3
package/src/lib/http/route.ts +2 -1
package/src/lib/http/router.ts +2 -1
package/src/lib/http/stream.ts +4 -5
package/src/lib/http/types.ts +0 -1
package/src/lib/util/authorization-header.ts +1 -2
package/src/lib/util/function.ts +19 -2
package/src/lib/util/hostname.ts +1 -1
package/src/lib/util/time.ts +35 -18
package/src/metadata/build-metadata.ts +0 -1
package/src/oauth-hooks.ts +73 -14
package/src/oauth-provider.ts +77 -37
package/src/oauth-verifier.ts +1 -2
package/src/output/build-authorize-data.ts +0 -1
package/src/output/build-error-payload.ts +1 -2
package/src/output/output-manager.ts +3 -4
package/src/output/send-authorize-redirect.ts +1 -2
package/src/output/send-web-page.ts +3 -4
package/src/replay/replay-manager.ts +1 -1
package/src/replay/replay-store-redis.ts +0 -1
package/src/request/code.ts +0 -1
package/src/request/request-data.ts +0 -1
package/src/request/request-id.ts +0 -1
package/src/request/request-info.ts +1 -1
package/src/request/request-manager.ts +16 -6
package/src/request/request-store-memory.ts +1 -1
package/src/request/request-store-redis.ts +1 -2
package/src/request/request-uri.ts +0 -1
package/src/signer/signed-token-payload.ts +1 -2
package/src/signer/signer.ts +1 -2
package/src/token/refresh-token.ts +0 -1
package/src/token/token-claims.ts +1 -2
package/src/token/token-data.ts +0 -1
package/src/token/token-id.ts +0 -1
package/src/token/token-manager.ts +53 -25
package/src/token/verify-token-claims.ts +0 -1
package/tsconfig.backend.tsbuildinfo +1 -1
package/dist/device/device-details.d.ts +0 -16
package/dist/device/device-details.d.ts.map +0 -1
package/dist/device/device-details.js +0 -34
package/dist/device/device-details.js.map +0 -1
package/src/device/device-details.ts +0 -43

package/src/request/request-manager.ts CHANGED Viewed

@@ -3,7 +3,6 @@ import {
   OAuthAuthorizationRequestParameters,
   OAuthAuthorizationServerMetadata,
 } from '@atproto/oauth-types'
 import { Account } from '../account/account.js'
 import { ClientAuth } from '../client/client-auth.js'
 import { ClientId } from '../client/client-id.js'
@@ -20,22 +19,24 @@ import { InvalidAuthorizationDetailsError } from '../errors/invalid-authorizatio
 import { InvalidGrantError } from '../errors/invalid-grant-error.js'
 import { InvalidParametersError } from '../errors/invalid-parameters-error.js'
 import { InvalidRequestError } from '../errors/invalid-request-error.js'
+import { InvalidScopeError } from '../errors/invalid-scope-error.js'
+import { RequestMetadata } from '../lib/http/request.js'
+import { callAsync } from '../lib/util/function.js'
 import { OAuthHooks } from '../oauth-hooks.js'
 import { Signer } from '../signer/signer.js'
 import { Code, generateCode } from './code.js'
 import {
-  isRequestDataAuthorized,
   RequestDataAuthorized,
+  isRequestDataAuthorized,
 } from './request-data.js'
 import { generateRequestId } from './request-id.js'
 import { RequestInfo } from './request-info.js'
 import { RequestStore, UpdateRequestData } from './request-store.js'
 import {
+  RequestUri,
   decodeRequestUri,
   encodeRequestUri,
-  RequestUri,
 } from './request-uri.js'
-import { InvalidScopeError } from '../errors/invalid-scope-error.js'
 export class RequestManager {
   constructor(
@@ -370,10 +371,11 @@ export class RequestManager {
   }
   async setAuthorized(
-    client: Client,
     uri: RequestUri,
-    deviceId: DeviceId,
+    client: Client,
     account: Account,
+    deviceId: DeviceId,
+    deviceMetadata: RequestMetadata,
   ): Promise<Code> {
     const id = decodeRequestUri(uri)
@@ -414,6 +416,14 @@ export class RequestManager {
         expiresAt: new Date(Date.now() + AUTHORIZATION_INACTIVITY_TIMEOUT),
       })
+      await callAsync(this.hooks.onAuthorized, {
+        client,
+        account,
+        parameters: data.parameters,
+        deviceId,
+        deviceMetadata,
+      })
       return code
     } catch (err) {
       await this.store.deleteRequest(id)

package/src/request/request-store-memory.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Code } from './code.js'
-import { RequestId } from './request-id.js'
 import { RequestData } from './request-data.js'
+import { RequestId } from './request-id.js'
 import { RequestStore } from './request-store.js'
 export class RequestStoreMemory implements RequestStore {

package/src/request/request-store-redis.ts CHANGED Viewed

@@ -1,12 +1,11 @@
 import type { Redis } from 'ioredis'
 import { CreateRedisOptions, createRedis } from '../lib/redis.js'
 import { Code } from './code.js'
 import { RequestData } from './request-data.js'
 import { RequestId, requestIdSchema } from './request-id.js'
 import { RequestStore } from './request-store.js'
-export type { Redis, CreateRedisOptions }
+export type { CreateRedisOptions, Redis }
 export type ReplayStoreRedisOptions = {
   redis: CreateRedisOptions

package/src/request/request-uri.ts CHANGED Viewed

@@ -1,5 +1,4 @@
 import { z } from 'zod'
 import { RequestId, requestIdSchema } from './request-id.js'
 export const REQUEST_URI_PREFIX = 'urn:ietf:params:oauth:request_uri:'

package/src/signer/signed-token-payload.ts CHANGED Viewed

@@ -1,6 +1,5 @@
+import { z } from 'zod'
 import { jwtPayloadSchema } from '@atproto/jwk'
-import z from 'zod'
 import { clientIdSchema } from '../client/client-id.js'
 import { Simplify } from '../lib/util/type.js'
 import { subSchema } from '../oidc/sub.js'

package/src/signer/signer.ts CHANGED Viewed

@@ -7,10 +7,9 @@ import {
   VerifyOptions,
 } from '@atproto/jwk'
 import {
-  OAuthAuthorizationRequestParameters,
   OAuthAuthorizationDetails,
+  OAuthAuthorizationRequestParameters,
 } from '@atproto/oauth-types'
 import { Client } from '../client/client.js'
 import { dateToEpoch } from '../lib/util/date.js'
 import { TokenId } from '../token/token-id.js'

package/src/token/refresh-token.ts CHANGED Viewed

@@ -1,5 +1,4 @@
 import { z } from 'zod'
 import {
   REFRESH_TOKEN_BYTES_LENGTH,
   REFRESH_TOKEN_PREFIX,

package/src/token/token-claims.ts CHANGED Viewed

@@ -1,6 +1,5 @@
+import { z } from 'zod'
 import { jwtPayloadSchema } from '@atproto/jwk'
-import z from 'zod'
 import { clientIdSchema } from '../client/client-id.js'
 import { Simplify } from '../lib/util/type.js'
 import { subSchema } from '../oidc/sub.js'

package/src/token/token-data.ts CHANGED Viewed

@@ -2,7 +2,6 @@ import {
   OAuthAuthorizationDetails,
   OAuthAuthorizationRequestParameters,
 } from '@atproto/oauth-types'
 import { ClientAuth } from '../client/client-auth.js'
 import { ClientId } from '../client/client-id.js'
 import { DeviceId } from '../device/device-id.js'

package/src/token/token-id.ts CHANGED Viewed

@@ -1,5 +1,4 @@
 import { z } from 'zod'
 import { TOKEN_ID_BYTES_LENGTH, TOKEN_ID_PREFIX } from '../constants.js'
 import { randomHexId } from '../lib/util/crypto.js'

package/src/token/token-manager.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { createHash } from 'node:crypto'
 import { isSignedJwt } from '@atproto/jwk'
 import {
   CLIENT_ASSERTION_TYPE_JWT_BEARER,
@@ -10,8 +11,6 @@ import {
   OAuthTokenResponse,
   OAuthTokenType,
 } from '@atproto/oauth-types'
-import { createHash } from 'node:crypto'
 import { AccessTokenType } from '../access-token/access-token-type.js'
 import { DeviceAccountInfo } from '../account/account-store.js'
 import { Account } from '../account/account.js'
@@ -30,6 +29,7 @@ import { InvalidDpopProofError } from '../errors/invalid-dpop-proof-error.js'
 import { InvalidGrantError } from '../errors/invalid-grant-error.js'
 import { InvalidRequestError } from '../errors/invalid-request-error.js'
 import { InvalidTokenError } from '../errors/invalid-token-error.js'
+import { RequestMetadata } from '../lib/http/request.js'
 import { dateToEpoch, dateToRelativeSeconds } from '../lib/util/date.js'
 import { callAsync } from '../lib/util/function.js'
 import { OAuthHooks } from '../oauth-hooks.js'
@@ -83,6 +83,7 @@ export class TokenManager {
   async create(
     client: Client,
     clientAuth: ClientAuth,
+    clientMetadata: RequestMetadata,
     account: Account,
     device: null | { id: DeviceId; info: DeviceAccountInfo },
     parameters: OAuthAuthorizationRequestParameters,
@@ -208,13 +209,16 @@ export class TokenManager {
     const now = new Date()
     const expiresAt = this.createTokenExpiry(now)
-    const authorizationDetails = this.hooks.onAuthorizationDetails
-      ? await callAsync(this.hooks.onAuthorizationDetails, {
-          client,
-          parameters,
-          account,
-        })
-      : undefined
+    const authorizationDetails = await callAsync(
+      this.hooks.getAuthorizationDetails,
+      {
+        client,
+        clientAuth,
+        clientMetadata,
+        parameters,
+        account,
+      },
+    )
     const tokenData: TokenData = {
       createdAt: now,
@@ -247,7 +251,7 @@ export class TokenManager {
             authorization_details: authorizationDetails,
           })
-      return this.buildTokenResponse(
+      const response = await this.buildTokenResponse(
         client,
         accessToken,
         refreshToken,
@@ -256,6 +260,17 @@ export class TokenManager {
         account,
         authorizationDetails,
       )
+      await callAsync(this.hooks.onTokenCreated, {
+        client,
+        clientAuth,
+        clientMetadata,
+        account,
+        parameters,
+        deviceId: device ? device.id : null,
+      })
+      return response
     } catch (err) {
       // Just in case the token could not be issued, we delete it from the store
       await this.store.deleteToken(tokenId)
@@ -317,6 +332,7 @@ export class TokenManager {
   async refresh(
     client: Client,
     clientAuth: ClientAuth,
+    clientMetadata: RequestMetadata,
     input: OAuthRefreshTokenGrantTokenRequest,
     dpopJkt: null | string,
   ): Promise<OAuthTokenResponse> {
@@ -378,13 +394,16 @@ export class TokenManager {
         throw new InvalidGrantError(`Refresh token expired`)
       }
-      const authorization_details = this.hooks.onAuthorizationDetails
-        ? await callAsync(this.hooks.onAuthorizationDetails, {
-            client,
-            parameters,
-            account,
-          })
-        : undefined
+      const authorizationDetails = await callAsync(
+        this.hooks.getAuthorizationDetails,
+        {
+          client,
+          clientAuth,
+          clientMetadata,
+          parameters,
+          account,
+        },
+      )
       const nextTokenId = await generateTokenId()
       const nextRefreshToken = await generateRefreshToken()
@@ -427,24 +446,33 @@ export class TokenManager {
             iat: now,
             jti: nextTokenId,
             cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
-            authorization_details,
+            authorization_details: authorizationDetails,
           })
-      return this.buildTokenResponse(
+      const response = await this.buildTokenResponse(
         client,
         accessToken,
         nextRefreshToken,
         expiresAt,
         parameters,
         account,
-        authorization_details,
+        authorizationDetails,
       )
+      await callAsync(this.hooks.onTokenRefreshed, {
+        client,
+        clientAuth,
+        clientMetadata,
+        account,
+        parameters,
+        deviceId: tokenInfo.data.deviceId,
+      })
+      return response
     } catch (err) {
-      if (err instanceof InvalidRequestError) {
-        // Consider the refresh token might be compromised if sanity checks
-        // failed.
-        await this.store.deleteToken(tokenInfo.id)
-      }
+      // Just in case the token could not be refreshed, we delete it from the store
+      await this.store.deleteToken(tokenInfo.id)
       throw err
     }
   }

package/src/token/verify-token-claims.ts CHANGED Viewed

@@ -1,5 +1,4 @@
 import { OAuthAccessToken, OAuthTokenType } from '@atproto/oauth-types'
 import { InvalidDpopKeyBindingError } from '../errors/invalid-dpop-key-binding-error.js'
 import { InvalidDpopProofError } from '../errors/invalid-dpop-proof-error.js'
 import { asArray } from '../lib/util/cast.js'

package/tsconfig.backend.tsbuildinfo CHANGED Viewed

	@@ -1 +1 @@
1	- {"root":["./src/constants.ts","./src/index.ts","./src/oauth-client.ts","./src/oauth-dpop.ts","./src/oauth-errors.ts","./src/oauth-hooks.ts","./src/oauth-provider.ts","./src/oauth-store.ts","./src/oauth-verifier.ts","./src/access-token/access-token-type.ts","./src/account/account-manager.ts","./src/account/account-store.ts","./src/account/account.ts","./src/assets/asset.ts","./src/assets/assets-middleware.ts","./src/assets/index.ts","./src/client/client-auth.ts","./src/client/client-data.ts","./src/client/client-id.ts","./src/client/client-info.ts","./src/client/client-manager.ts","./src/client/client-store.ts","./src/client/client-utils.ts","./src/client/client.ts","./src/device/device-data.ts","./src/device/device-~~details.ts","./src/device/device-~~id.ts","./src/device/device-manager.ts","./src/device/device-store.ts","./src/device/session-id.ts","./src/dpop/dpop-manager.ts","./src/dpop/dpop-nonce.ts","./src/errors/access-denied-error.ts","./src/errors/account-selection-required-error.ts","./src/errors/consent-required-error.ts","./src/errors/invalid-authorization-details-error.ts","./src/errors/invalid-client-error.ts","./src/errors/invalid-client-id-error.ts","./src/errors/invalid-client-metadata-error.ts","./src/errors/invalid-dpop-key-binding-error.ts","./src/errors/invalid-dpop-proof-error.ts","./src/errors/invalid-grant-error.ts","./src/errors/invalid-parameters-error.ts","./src/errors/invalid-redirect-uri-error.ts","./src/errors/invalid-request-error.ts","./src/errors/invalid-scope-error.ts","./src/errors/invalid-token-error.ts","./src/errors/login-required-error.ts","./src/errors/oauth-error.ts","./src/errors/second-authentication-factor-required-error.ts","./src/errors/unauthorized-client-error.ts","./src/errors/use-dpop-nonce-error.ts","./src/errors/www-authenticate-error.ts","./src/lib/redis.ts","./src/lib/html/build-document.ts","./src/lib/html/escapers.ts","./src/lib/html/html.ts","./src/lib/html/index.ts","./src/lib/html/tags.ts","./src/lib/html/util.ts","./src/lib/http/accept.ts","./src/lib/http/context.ts","./src/lib/http/index.ts","./src/lib/http/method.ts","./src/lib/http/middleware.ts","./src/lib/http/parser.ts","./src/lib/http/path.ts","./src/lib/http/request.ts","./src/lib/http/response.ts","./src/lib/http/route.ts","./src/lib/http/router.ts","./src/lib/http/stream.ts","./src/lib/http/types.ts","./src/lib/http/url.ts","./src/lib/util/authorization-header.ts","./src/lib/util/cast.ts","./src/lib/util/crypto.ts","./src/lib/util/date.ts","./src/lib/util/function.ts","./src/lib/util/hostname.ts","./src/lib/util/redirect-uri.ts","./src/lib/util/time.ts","./src/lib/util/type.ts","./src/lib/util/well-known.ts","./src/metadata/build-metadata.ts","./src/oidc/sub.ts","./src/output/build-authorize-data.ts","./src/output/build-error-payload.ts","./src/output/customization.ts","./src/output/output-manager.ts","./src/output/send-authorize-redirect.ts","./src/output/send-web-page.ts","./src/replay/replay-manager.ts","./src/replay/replay-store-memory.ts","./src/replay/replay-store-redis.ts","./src/replay/replay-store.ts","./src/request/code.ts","./src/request/request-data.ts","./src/request/request-id.ts","./src/request/request-info.ts","./src/request/request-manager.ts","./src/request/request-store-memory.ts","./src/request/request-store-redis.ts","./src/request/request-store.ts","./src/request/request-uri.ts","./src/signer/signed-token-payload.ts","./src/signer/signer.ts","./src/token/refresh-token.ts","./src/token/token-claims.ts","./src/token/token-data.ts","./src/token/token-id.ts","./src/token/token-manager.ts","./src/token/token-store.ts","./src/token/verify-token-claims.ts"],"version":"5.6.3"}
1	+ {"root":["./src/constants.ts","./src/index.ts","./src/oauth-client.ts","./src/oauth-dpop.ts","./src/oauth-errors.ts","./src/oauth-hooks.ts","./src/oauth-provider.ts","./src/oauth-store.ts","./src/oauth-verifier.ts","./src/access-token/access-token-type.ts","./src/account/account-manager.ts","./src/account/account-store.ts","./src/account/account.ts","./src/assets/asset.ts","./src/assets/assets-middleware.ts","./src/assets/index.ts","./src/client/client-auth.ts","./src/client/client-data.ts","./src/client/client-id.ts","./src/client/client-info.ts","./src/client/client-manager.ts","./src/client/client-store.ts","./src/client/client-utils.ts","./src/client/client.ts","./src/device/device-data.ts","./src/device/device-id.ts","./src/device/device-manager.ts","./src/device/device-store.ts","./src/device/session-id.ts","./src/dpop/dpop-manager.ts","./src/dpop/dpop-nonce.ts","./src/errors/access-denied-error.ts","./src/errors/account-selection-required-error.ts","./src/errors/consent-required-error.ts","./src/errors/invalid-authorization-details-error.ts","./src/errors/invalid-client-error.ts","./src/errors/invalid-client-id-error.ts","./src/errors/invalid-client-metadata-error.ts","./src/errors/invalid-dpop-key-binding-error.ts","./src/errors/invalid-dpop-proof-error.ts","./src/errors/invalid-grant-error.ts","./src/errors/invalid-parameters-error.ts","./src/errors/invalid-redirect-uri-error.ts","./src/errors/invalid-request-error.ts","./src/errors/invalid-scope-error.ts","./src/errors/invalid-token-error.ts","./src/errors/login-required-error.ts","./src/errors/oauth-error.ts","./src/errors/second-authentication-factor-required-error.ts","./src/errors/unauthorized-client-error.ts","./src/errors/use-dpop-nonce-error.ts","./src/errors/www-authenticate-error.ts","./src/lib/redis.ts","./src/lib/html/build-document.ts","./src/lib/html/escapers.ts","./src/lib/html/html.ts","./src/lib/html/index.ts","./src/lib/html/tags.ts","./src/lib/html/util.ts","./src/lib/http/accept.ts","./src/lib/http/context.ts","./src/lib/http/index.ts","./src/lib/http/method.ts","./src/lib/http/middleware.ts","./src/lib/http/parser.ts","./src/lib/http/path.ts","./src/lib/http/request.ts","./src/lib/http/response.ts","./src/lib/http/route.ts","./src/lib/http/router.ts","./src/lib/http/stream.ts","./src/lib/http/types.ts","./src/lib/http/url.ts","./src/lib/util/authorization-header.ts","./src/lib/util/cast.ts","./src/lib/util/crypto.ts","./src/lib/util/date.ts","./src/lib/util/function.ts","./src/lib/util/hostname.ts","./src/lib/util/redirect-uri.ts","./src/lib/util/time.ts","./src/lib/util/type.ts","./src/lib/util/well-known.ts","./src/metadata/build-metadata.ts","./src/oidc/sub.ts","./src/output/build-authorize-data.ts","./src/output/build-error-payload.ts","./src/output/customization.ts","./src/output/output-manager.ts","./src/output/send-authorize-redirect.ts","./src/output/send-web-page.ts","./src/replay/replay-manager.ts","./src/replay/replay-store-memory.ts","./src/replay/replay-store-redis.ts","./src/replay/replay-store.ts","./src/request/code.ts","./src/request/request-data.ts","./src/request/request-id.ts","./src/request/request-info.ts","./src/request/request-manager.ts","./src/request/request-store-memory.ts","./src/request/request-store-redis.ts","./src/request/request-store.ts","./src/request/request-uri.ts","./src/signer/signed-token-payload.ts","./src/signer/signer.ts","./src/token/refresh-token.ts","./src/token/token-claims.ts","./src/token/token-data.ts","./src/token/token-id.ts","./src/token/token-manager.ts","./src/token/token-store.ts","./src/token/verify-token-claims.ts"],"version":"5.6.3"}

package/dist/device/device-details.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import { IncomingMessage } from 'node:http';
-import { z } from 'zod';
-export declare const deviceDetailsSchema: z.ZodObject<{
-    userAgent: z.ZodNullable<z.ZodString>;
-    ipAddress: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    userAgent: string | null;
-    ipAddress: string;
-}, {
-    userAgent: string | null;
-    ipAddress: string;
-}>;
-export type DeviceDetails = z.infer<typeof deviceDetailsSchema>;
-export declare function extractDeviceDetails(req: IncomingMessage, trustProxy: boolean): DeviceDetails;
-export declare function extractIpAddress(req: IncomingMessage, trustProxy: boolean): string | undefined;
-//# sourceMappingURL=device-details.d.ts.map

package/dist/device/device-details.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"device-details.d.ts","sourceRoot":"","sources":["../../src/device/device-details.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE3C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,mBAAmB;;;;;;;;;EAG9B,CAAA;AACF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,eAAe,EACpB,UAAU,EAAE,OAAO,GAClB,aAAa,CASf;AAED,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,eAAe,EACpB,UAAU,EAAE,OAAO,GAClB,MAAM,GAAG,SAAS,CAepB"}

package/dist/device/device-details.js DELETED Viewed

@@ -1,34 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deviceDetailsSchema = void 0;
-exports.extractDeviceDetails = extractDeviceDetails;
-exports.extractIpAddress = extractIpAddress;
-const zod_1 = require("zod");
-exports.deviceDetailsSchema = zod_1.z.object({
-    userAgent: zod_1.z.string().nullable(),
-    ipAddress: zod_1.z.string(),
-});
-function extractDeviceDetails(req, trustProxy) {
-    const userAgent = req.headers['user-agent'] || null;
-    const ipAddress = extractIpAddress(req, trustProxy) || null;
-    if (!ipAddress) {
-        throw new Error('Could not determine IP address');
-    }
-    return { userAgent, ipAddress };
-}
-function extractIpAddress(req, trustProxy) {
-    // Express app compatibility
-    if ('ip' in req && typeof req.ip === 'string') {
-        return req.ip;
-    }
-    if (trustProxy) {
-        const forwardedFor = req.headers['x-forwarded-for'];
-        if (typeof forwardedFor === 'string') {
-            const firstForward = forwardedFor.split(',')[0].trim();
-            if (firstForward)
-                return firstForward;
-        }
-    }
-    return req.socket.remoteAddress;
-}
-//# sourceMappingURL=device-details.js.map

package/dist/device/device-details.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"device-details.js","sourceRoot":"","sources":["../../src/device/device-details.ts"],"names":[],"mappings":";;;AAUA,oDAYC;AAED,4CAkBC;AAxCD,6BAAuB;AAEV,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA;AAGF,SAAgB,oBAAoB,CAClC,GAAoB,EACpB,UAAmB;IAEnB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI,CAAA;IACnD,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,IAAI,CAAA;IAE3D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA;AACjC,CAAC;AAED,SAAgB,gBAAgB,CAC9B,GAAoB,EACpB,UAAmB;IAEnB,4BAA4B;IAC5B,IAAI,IAAI,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,GAAG,CAAC,EAAE,CAAA;IACf,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;QACnD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;YACvD,IAAI,YAAY;gBAAE,OAAO,YAAY,CAAA;QACvC,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC,MAAM,CAAC,aAAa,CAAA;AACjC,CAAC"}

package/src/device/device-details.ts DELETED Viewed

@@ -1,43 +0,0 @@
-import { IncomingMessage } from 'node:http'
-import { z } from 'zod'
-export const deviceDetailsSchema = z.object({
-  userAgent: z.string().nullable(),
-  ipAddress: z.string(),
-})
-export type DeviceDetails = z.infer<typeof deviceDetailsSchema>
-export function extractDeviceDetails(
-  req: IncomingMessage,
-  trustProxy: boolean,
-): DeviceDetails {
-  const userAgent = req.headers['user-agent'] || null
-  const ipAddress = extractIpAddress(req, trustProxy) || null
-  if (!ipAddress) {
-    throw new Error('Could not determine IP address')
-  }
-  return { userAgent, ipAddress }
-}
-export function extractIpAddress(
-  req: IncomingMessage,
-  trustProxy: boolean,
-): string | undefined {
-  // Express app compatibility
-  if ('ip' in req && typeof req.ip === 'string') {
-    return req.ip
-  }
-  if (trustProxy) {
-    const forwardedFor = req.headers['x-forwarded-for']
-    if (typeof forwardedFor === 'string') {
-      const firstForward = forwardedFor.split(',')[0]!.trim()
-      if (firstForward) return firstForward
-    }
-  }
-  return req.socket.remoteAddress
-}