@atproto/oauth-provider 0.6.5 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/dist/access-token/access-token-mode.d.ts +5 -0
- package/dist/access-token/access-token-mode.d.ts.map +1 -0
- package/dist/access-token/access-token-mode.js +9 -0
- package/dist/access-token/access-token-mode.js.map +1 -0
- package/dist/account/account-manager.d.ts +13 -7
- package/dist/account/account-manager.d.ts.map +1 -1
- package/dist/account/account-manager.js +69 -52
- package/dist/account/account-manager.js.map +1 -1
- package/dist/account/account-store.d.ts +88 -77
- package/dist/account/account-store.d.ts.map +1 -1
- package/dist/account/account-store.js +24 -73
- package/dist/account/account-store.js.map +1 -1
- package/dist/account/sign-in-data.d.ts +4 -13
- package/dist/account/sign-in-data.d.ts.map +1 -1
- package/dist/account/sign-in-data.js +9 -9
- package/dist/account/sign-in-data.js.map +1 -1
- package/dist/account/sign-up-input.d.ts +4 -5
- package/dist/account/sign-up-input.d.ts.map +1 -1
- package/dist/account/sign-up-input.js +13 -3
- package/dist/account/sign-up-input.js.map +1 -1
- package/dist/client/client-manager.d.ts +4 -1
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +13 -1
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client-store.d.ts +1 -1
- package/dist/client/client-store.d.ts.map +1 -1
- package/dist/constants.d.ts +5 -1
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +6 -2
- package/dist/constants.js.map +1 -1
- package/dist/customization/branding.d.ts +54 -0
- package/dist/customization/branding.d.ts.map +1 -0
- package/dist/customization/branding.js +13 -0
- package/dist/customization/branding.js.map +1 -0
- package/dist/customization/build-customization-css.d.ts +3 -0
- package/dist/customization/build-customization-css.d.ts.map +1 -0
- package/dist/customization/build-customization-css.js +27 -0
- package/dist/customization/build-customization-css.js.map +1 -0
- package/dist/customization/build-customization-data.d.ts +4 -0
- package/dist/customization/build-customization-data.d.ts.map +1 -0
- package/dist/customization/build-customization-data.js +18 -0
- package/dist/customization/build-customization-data.js.map +1 -0
- package/dist/customization/colors.d.ts +7 -0
- package/dist/customization/colors.d.ts.map +1 -0
- package/dist/customization/colors.js +27 -0
- package/dist/customization/colors.js.map +1 -0
- package/dist/customization/customization.d.ts +129 -0
- package/dist/customization/customization.d.ts.map +1 -0
- package/dist/customization/customization.js +26 -0
- package/dist/customization/customization.js.map +1 -0
- package/dist/customization/links.d.ts +26 -0
- package/dist/customization/links.d.ts.map +1 -0
- package/dist/customization/links.js +12 -0
- package/dist/customization/links.js.map +1 -0
- package/dist/device/device-id.d.ts +1 -0
- package/dist/device/device-id.d.ts.map +1 -1
- package/dist/device/device-id.js +4 -0
- package/dist/device/device-id.js.map +1 -1
- package/dist/device/device-manager.d.ts +6 -36
- package/dist/device/device-manager.d.ts.map +1 -1
- package/dist/device/device-manager.js +49 -43
- package/dist/device/device-manager.js.map +1 -1
- package/dist/device/device-store.d.ts +1 -0
- package/dist/device/device-store.d.ts.map +1 -1
- package/dist/device/device-store.js.map +1 -1
- package/dist/dpop/dpop-manager.d.ts +3 -3
- package/dist/dpop/dpop-nonce.d.ts +3 -3
- package/dist/dpop/dpop-nonce.d.ts.map +1 -1
- package/dist/errors/access-denied-error.d.ts +4 -3
- package/dist/errors/access-denied-error.d.ts.map +1 -1
- package/dist/errors/access-denied-error.js +5 -6
- package/dist/errors/access-denied-error.js.map +1 -1
- package/dist/{output/build-error-payload.d.ts → errors/error-parser.d.ts} +1 -1
- package/dist/errors/error-parser.d.ts.map +1 -0
- package/dist/{output/build-error-payload.js → errors/error-parser.js} +2 -2
- package/dist/errors/error-parser.js.map +1 -0
- package/dist/errors/invalid-grant-error.d.ts +1 -0
- package/dist/errors/invalid-grant-error.d.ts.map +1 -1
- package/dist/errors/invalid-grant-error.js +5 -0
- package/dist/errors/invalid-grant-error.js.map +1 -1
- package/dist/errors/login-required-error.d.ts +1 -0
- package/dist/errors/login-required-error.d.ts.map +1 -1
- package/dist/errors/login-required-error.js +5 -0
- package/dist/errors/login-required-error.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/lib/html/build-document.d.ts +2 -2
- package/dist/lib/html/build-document.d.ts.map +1 -1
- package/dist/lib/html/build-document.js +4 -0
- package/dist/lib/html/build-document.js.map +1 -1
- package/dist/lib/html/hydration-data.d.ts +4 -0
- package/dist/lib/html/hydration-data.d.ts.map +1 -0
- package/dist/{output/backend-data.js → lib/html/hydration-data.js} +8 -8
- package/dist/lib/html/hydration-data.js.map +1 -0
- package/dist/lib/html/tags.d.ts +1 -1
- package/dist/lib/html/tags.d.ts.map +1 -1
- package/dist/lib/html/tags.js +1 -1
- package/dist/lib/html/tags.js.map +1 -1
- package/dist/lib/http/accept.d.ts +2 -2
- package/dist/lib/http/accept.d.ts.map +1 -1
- package/dist/lib/http/accept.js +1 -1
- package/dist/lib/http/accept.js.map +1 -1
- package/dist/lib/http/context.d.ts +2 -4
- package/dist/lib/http/context.d.ts.map +1 -1
- package/dist/lib/http/context.js +29 -4
- package/dist/lib/http/context.js.map +1 -1
- package/dist/lib/http/headers.d.ts +3 -0
- package/dist/lib/http/headers.d.ts.map +1 -0
- package/dist/lib/http/headers.js +14 -0
- package/dist/lib/http/headers.js.map +1 -0
- package/dist/lib/http/index.d.ts +1 -0
- package/dist/lib/http/index.d.ts.map +1 -1
- package/dist/lib/http/index.js +1 -0
- package/dist/lib/http/index.js.map +1 -1
- package/dist/lib/http/middleware.d.ts +1 -1
- package/dist/lib/http/middleware.d.ts.map +1 -1
- package/dist/lib/http/middleware.js +8 -24
- package/dist/lib/http/middleware.js.map +1 -1
- package/dist/lib/http/parser.d.ts +3 -3
- package/dist/lib/http/parser.d.ts.map +1 -1
- package/dist/lib/http/request.d.ts +13 -9
- package/dist/lib/http/request.d.ts.map +1 -1
- package/dist/lib/http/request.js +27 -49
- package/dist/lib/http/request.js.map +1 -1
- package/dist/lib/http/response.d.ts +6 -2
- package/dist/lib/http/response.d.ts.map +1 -1
- package/dist/lib/http/response.js +31 -11
- package/dist/lib/http/response.js.map +1 -1
- package/dist/lib/http/route.d.ts +3 -3
- package/dist/lib/http/route.d.ts.map +1 -1
- package/dist/lib/http/route.js +1 -1
- package/dist/lib/http/route.js.map +1 -1
- package/dist/lib/http/router.d.ts +12 -11
- package/dist/lib/http/router.d.ts.map +1 -1
- package/dist/lib/http/router.js +26 -34
- package/dist/lib/http/router.js.map +1 -1
- package/dist/lib/http/security-headers.js +1 -1
- package/dist/lib/http/security-headers.js.map +1 -1
- package/dist/lib/http/stream.d.ts +3 -3
- package/dist/lib/http/stream.d.ts.map +1 -1
- package/dist/lib/http/types.d.ts +1 -1
- package/dist/lib/http/types.d.ts.map +1 -1
- package/dist/lib/send-web-page.d.ts +8 -0
- package/dist/lib/send-web-page.d.ts.map +1 -0
- package/dist/{output → lib}/send-web-page.js +9 -7
- package/dist/lib/send-web-page.js.map +1 -0
- package/dist/lib/util/authorization-header.d.ts.map +1 -1
- package/dist/lib/util/color.d.ts +32 -0
- package/dist/lib/util/color.d.ts.map +1 -0
- package/dist/lib/util/color.js +116 -0
- package/dist/lib/util/color.js.map +1 -0
- package/dist/lib/util/crypto.d.ts +1 -0
- package/dist/lib/util/crypto.d.ts.map +1 -1
- package/dist/lib/util/crypto.js +8 -3
- package/dist/lib/util/crypto.js.map +1 -1
- package/dist/lib/util/function.d.ts +1 -0
- package/dist/lib/util/function.d.ts.map +1 -1
- package/dist/lib/util/function.js +12 -0
- package/dist/lib/util/function.js.map +1 -1
- package/dist/lib/util/locale.d.ts +20 -0
- package/dist/lib/util/locale.d.ts.map +1 -0
- package/dist/lib/util/locale.js +14 -0
- package/dist/lib/util/locale.js.map +1 -0
- package/dist/lib/util/time.d.ts +1 -1
- package/dist/lib/util/time.d.ts.map +1 -1
- package/dist/lib/util/time.js +1 -1
- package/dist/lib/util/time.js.map +1 -1
- package/dist/lib/util/type.d.ts +22 -0
- package/dist/lib/util/type.d.ts.map +1 -1
- package/dist/lib/util/type.js.map +1 -1
- package/dist/lib/util/ui8.d.ts +4 -0
- package/dist/lib/util/ui8.d.ts.map +1 -0
- package/dist/lib/util/ui8.js +17 -0
- package/dist/lib/util/ui8.js.map +1 -0
- package/dist/lib/util/zod-error.d.ts +2 -0
- package/dist/lib/util/zod-error.d.ts.map +1 -0
- package/dist/lib/util/zod-error.js +16 -0
- package/dist/lib/util/zod-error.js.map +1 -0
- package/dist/oauth-errors.d.ts +22 -22
- package/dist/oauth-errors.d.ts.map +1 -1
- package/dist/oauth-errors.js +37 -45
- package/dist/oauth-errors.js.map +1 -1
- package/dist/oauth-hooks.d.ts +11 -23
- package/dist/oauth-hooks.d.ts.map +1 -1
- package/dist/oauth-hooks.js.map +1 -1
- package/dist/oauth-middleware.d.ts +12 -0
- package/dist/oauth-middleware.d.ts.map +1 -0
- package/dist/oauth-middleware.js +32 -0
- package/dist/oauth-middleware.js.map +1 -0
- package/dist/oauth-provider.d.ts +109 -113
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +124 -542
- package/dist/oauth-provider.js.map +1 -1
- package/dist/oauth-verifier.d.ts +7 -26
- package/dist/oauth-verifier.d.ts.map +1 -1
- package/dist/oauth-verifier.js +6 -16
- package/dist/oauth-verifier.js.map +1 -1
- package/dist/request/code.d.ts.map +1 -1
- package/dist/request/request-data.d.ts +2 -4
- package/dist/request/request-data.d.ts.map +1 -1
- package/dist/request/request-data.js.map +1 -1
- package/dist/request/request-manager.d.ts +4 -2
- package/dist/request/request-manager.d.ts.map +1 -1
- package/dist/request/request-manager.js +9 -8
- package/dist/request/request-manager.js.map +1 -1
- package/dist/request/request-store.d.ts +6 -0
- package/dist/request/request-store.d.ts.map +1 -1
- package/dist/request/request-store.js +3 -1
- package/dist/request/request-store.js.map +1 -1
- package/dist/result/authorization-redirect-parameters.d.ts +18 -0
- package/dist/result/authorization-redirect-parameters.d.ts.map +1 -0
- package/dist/result/authorization-redirect-parameters.js +3 -0
- package/dist/result/authorization-redirect-parameters.js.map +1 -0
- package/dist/result/authorization-result-authorize-page.d.ts +13 -0
- package/dist/result/authorization-result-authorize-page.d.ts.map +1 -0
- package/dist/result/authorization-result-authorize-page.js +3 -0
- package/dist/result/authorization-result-authorize-page.js.map +1 -0
- package/dist/result/authorization-result-redirect.d.ts +8 -0
- package/dist/result/authorization-result-redirect.d.ts.map +1 -0
- package/dist/result/authorization-result-redirect.js +3 -0
- package/dist/result/authorization-result-redirect.js.map +1 -0
- package/dist/router/assets/assets-manifest.d.ts +10 -0
- package/dist/router/assets/assets-manifest.d.ts.map +1 -0
- package/dist/router/assets/assets-manifest.js +77 -0
- package/dist/router/assets/assets-manifest.js.map +1 -0
- package/dist/router/assets/assets.d.ts +16 -0
- package/dist/router/assets/assets.d.ts.map +1 -0
- package/dist/router/assets/assets.js +43 -0
- package/dist/router/assets/assets.js.map +1 -0
- package/dist/router/assets/csrf.d.ts +4 -0
- package/dist/router/assets/csrf.d.ts.map +1 -0
- package/dist/router/assets/csrf.js +51 -0
- package/dist/router/assets/csrf.js.map +1 -0
- package/dist/router/assets/send-account-page.d.ts +7 -0
- package/dist/router/assets/send-account-page.d.ts.map +1 -0
- package/dist/router/assets/send-account-page.js +34 -0
- package/dist/router/assets/send-account-page.js.map +1 -0
- package/dist/router/assets/send-authorization-page.d.ts +5 -0
- package/dist/router/assets/send-authorization-page.d.ts.map +1 -0
- package/dist/router/assets/send-authorization-page.js +49 -0
- package/dist/router/assets/send-authorization-page.js.map +1 -0
- package/dist/router/assets/send-error-page.d.ts +4 -0
- package/dist/router/assets/send-error-page.d.ts.map +1 -0
- package/dist/router/assets/send-error-page.js +34 -0
- package/dist/router/assets/send-error-page.js.map +1 -0
- package/dist/router/create-account-page-middleware.d.ts +6 -0
- package/dist/router/create-account-page-middleware.d.ts.map +1 -0
- package/dist/router/create-account-page-middleware.js +39 -0
- package/dist/router/create-account-page-middleware.js.map +1 -0
- package/dist/router/create-api-middleware.d.ts +8 -0
- package/dist/router/create-api-middleware.d.ts.map +1 -0
- package/dist/router/create-api-middleware.js +501 -0
- package/dist/router/create-api-middleware.js.map +1 -0
- package/dist/router/create-authorization-page-middleware.d.ts +6 -0
- package/dist/router/create-authorization-page-middleware.d.ts.map +1 -0
- package/dist/router/create-authorization-page-middleware.js +104 -0
- package/dist/router/create-authorization-page-middleware.js.map +1 -0
- package/dist/router/create-oauth-middleware.d.ts +6 -0
- package/dist/router/create-oauth-middleware.d.ts.map +1 -0
- package/dist/router/create-oauth-middleware.js +142 -0
- package/dist/router/create-oauth-middleware.js.map +1 -0
- package/dist/router/error-handler.d.ts +3 -0
- package/dist/router/error-handler.d.ts.map +1 -0
- package/dist/{account/account.js → router/error-handler.js} +1 -1
- package/dist/router/error-handler.js.map +1 -0
- package/dist/router/middleware-options.d.ts +6 -0
- package/dist/router/middleware-options.d.ts.map +1 -0
- package/dist/router/middleware-options.js +3 -0
- package/dist/router/middleware-options.js.map +1 -0
- package/dist/router/send-redirect.d.ts +16 -0
- package/dist/router/send-redirect.d.ts.map +1 -0
- package/dist/{output/send-authorize-redirect.js → router/send-redirect.js} +40 -24
- package/dist/router/send-redirect.js.map +1 -0
- package/dist/{token/token-claims.d.ts → signer/api-token-payload.d.ts} +237 -232
- package/dist/signer/api-token-payload.d.ts.map +1 -0
- package/dist/signer/api-token-payload.js +17 -0
- package/dist/signer/api-token-payload.js.map +1 -0
- package/dist/signer/signed-token-payload.d.ts +164 -159
- package/dist/signer/signed-token-payload.d.ts.map +1 -1
- package/dist/signer/signed-token-payload.js +10 -16
- package/dist/signer/signed-token-payload.js.map +1 -1
- package/dist/signer/signer.d.ts +42 -11246
- package/dist/signer/signer.d.ts.map +1 -1
- package/dist/signer/signer.js +30 -15
- package/dist/signer/signer.js.map +1 -1
- package/dist/token/refresh-token.d.ts.map +1 -1
- package/dist/token/token-data.d.ts +1 -1
- package/dist/token/token-data.d.ts.map +1 -1
- package/dist/token/token-id.d.ts.map +1 -1
- package/dist/token/token-manager.d.ts +28 -26
- package/dist/token/token-manager.d.ts.map +1 -1
- package/dist/token/token-manager.js +138 -196
- package/dist/token/token-manager.js.map +1 -1
- package/dist/token/token-store.d.ts +4 -4
- package/dist/token/token-store.d.ts.map +1 -1
- package/dist/token/token-store.js +1 -0
- package/dist/token/token-store.js.map +1 -1
- package/dist/token/verify-token-claims.d.ts +3 -3
- package/dist/token/verify-token-claims.d.ts.map +1 -1
- package/dist/token/verify-token-claims.js +1 -1
- package/dist/token/verify-token-claims.js.map +1 -1
- package/dist/types/email-otp.d.ts +3 -0
- package/dist/types/email-otp.d.ts.map +1 -0
- package/dist/types/email-otp.js +6 -0
- package/dist/types/email-otp.js.map +1 -0
- package/dist/types/email.d.ts +3 -0
- package/dist/types/email.d.ts.map +1 -0
- package/dist/types/email.js +29 -0
- package/dist/types/email.js.map +1 -0
- package/dist/types/handle.d.ts +3 -0
- package/dist/types/handle.d.ts.map +1 -0
- package/dist/types/handle.js +22 -0
- package/dist/types/handle.js.map +1 -0
- package/dist/types/invite-code.d.ts +4 -0
- package/dist/types/invite-code.d.ts.map +1 -0
- package/dist/types/invite-code.js +6 -0
- package/dist/types/invite-code.js.map +1 -0
- package/dist/types/password.d.ts +4 -0
- package/dist/types/password.d.ts.map +1 -0
- package/dist/types/password.js +7 -0
- package/dist/types/password.js.map +1 -0
- package/package.json +11 -8
- package/src/access-token/access-token-mode.ts +4 -0
- package/src/account/account-manager.ts +105 -75
- package/src/account/account-store.ts +118 -114
- package/src/account/sign-in-data.ts +10 -10
- package/src/account/sign-up-input.ts +13 -4
- package/src/client/client-manager.ts +34 -2
- package/src/client/client-store.ts +1 -1
- package/src/constants.ts +6 -1
- package/src/customization/branding.ts +12 -0
- package/src/customization/build-customization-css.ts +30 -0
- package/src/customization/build-customization-data.ts +22 -0
- package/src/customization/colors.ts +30 -0
- package/src/customization/customization.ts +25 -0
- package/src/customization/links.ts +10 -0
- package/src/device/device-id.ts +5 -0
- package/src/device/device-manager.ts +76 -66
- package/src/device/device-store.ts +2 -0
- package/src/errors/access-denied-error.ts +24 -17
- package/src/{output/build-error-payload.ts → errors/error-parser.ts} +1 -1
- package/src/errors/invalid-grant-error.ts +5 -0
- package/src/errors/login-required-error.ts +10 -0
- package/src/index.ts +1 -0
- package/src/lib/html/build-document.ts +6 -4
- package/src/{output/backend-data.ts → lib/html/hydration-data.ts} +7 -5
- package/src/lib/html/tags.ts +2 -2
- package/src/lib/http/accept.ts +3 -3
- package/src/lib/http/context.ts +41 -10
- package/src/lib/http/headers.ts +15 -0
- package/src/lib/http/index.ts +1 -0
- package/src/lib/http/middleware.ts +8 -23
- package/src/lib/http/request.ts +40 -75
- package/src/lib/http/response.ts +39 -15
- package/src/lib/http/route.ts +8 -5
- package/src/lib/http/router.ts +40 -46
- package/src/lib/http/security-headers.ts +1 -1
- package/src/lib/http/types.ts +1 -6
- package/src/{output → lib}/send-web-page.ts +10 -9
- package/src/lib/util/color.ts +132 -0
- package/src/lib/util/crypto.ts +9 -4
- package/src/lib/util/function.ts +14 -0
- package/src/lib/util/locale.ts +18 -0
- package/src/lib/util/time.ts +3 -4
- package/src/lib/util/type.ts +24 -0
- package/src/lib/util/ui8.ts +14 -0
- package/src/lib/util/zod-error.ts +14 -0
- package/src/oauth-errors.ts +22 -22
- package/src/oauth-hooks.ts +11 -24
- package/src/oauth-middleware.ts +53 -0
- package/src/oauth-provider.ts +290 -1061
- package/src/oauth-verifier.ts +9 -55
- package/src/request/request-data.ts +5 -4
- package/src/request/request-manager.ts +11 -11
- package/src/request/request-store.ts +7 -0
- package/src/result/authorization-redirect-parameters.ts +24 -0
- package/src/result/authorization-result-authorize-page.ts +14 -0
- package/src/result/authorization-result-redirect.ts +8 -0
- package/src/router/assets/assets-manifest.ts +108 -0
- package/src/router/assets/assets.ts +54 -0
- package/src/router/assets/csrf.ts +63 -0
- package/src/router/assets/send-account-page.ts +43 -0
- package/src/router/assets/send-authorization-page.ts +62 -0
- package/src/router/assets/send-error-page.ts +42 -0
- package/src/router/create-account-page-middleware.ts +69 -0
- package/src/router/create-api-middleware.ts +814 -0
- package/src/router/create-authorization-page-middleware.ts +173 -0
- package/src/router/create-oauth-middleware.ts +247 -0
- package/src/router/error-handler.ts +6 -0
- package/src/router/middleware-options.ts +9 -0
- package/src/router/send-redirect.ts +142 -0
- package/src/signer/api-token-payload.ts +18 -0
- package/src/signer/signed-token-payload.ts +18 -28
- package/src/signer/signer.ts +49 -34
- package/src/token/token-data.ts +1 -1
- package/src/token/token-manager.ts +190 -239
- package/src/token/token-store.ts +6 -4
- package/src/token/verify-token-claims.ts +4 -4
- package/src/types/email-otp.ts +3 -0
- package/src/types/email.ts +26 -0
- package/src/types/handle.ts +18 -0
- package/src/types/invite-code.ts +4 -0
- package/src/types/password.ts +4 -0
- package/tsconfig.build.tsbuildinfo +1 -0
- package/tsconfig.json +1 -1
- package/dist/access-token/access-token-type.d.ts +0 -6
- package/dist/access-token/access-token-type.d.ts.map +0 -1
- package/dist/access-token/access-token-type.js +0 -10
- package/dist/access-token/access-token-type.js.map +0 -1
- package/dist/account/account.d.ts +0 -2
- package/dist/account/account.d.ts.map +0 -1
- package/dist/account/account.js.map +0 -1
- package/dist/assets/assets-middleware.d.ts +0 -5
- package/dist/assets/assets-middleware.d.ts.map +0 -1
- package/dist/assets/assets-middleware.js +0 -41
- package/dist/assets/assets-middleware.js.map +0 -1
- package/dist/lib/locale.d.ts +0 -15
- package/dist/lib/locale.d.ts.map +0 -1
- package/dist/lib/locale.js +0 -17
- package/dist/lib/locale.js.map +0 -1
- package/dist/output/backend-data.d.ts +0 -4
- package/dist/output/backend-data.d.ts.map +0 -1
- package/dist/output/backend-data.js.map +0 -1
- package/dist/output/build-authorize-data.d.ts +0 -29
- package/dist/output/build-authorize-data.d.ts.map +0 -1
- package/dist/output/build-authorize-data.js +0 -21
- package/dist/output/build-authorize-data.js.map +0 -1
- package/dist/output/build-customization-data.d.ts +0 -234
- package/dist/output/build-customization-data.d.ts.map +0 -1
- package/dist/output/build-customization-data.js +0 -174
- package/dist/output/build-customization-data.js.map +0 -1
- package/dist/output/build-error-data.d.ts +0 -3
- package/dist/output/build-error-data.d.ts.map +0 -1
- package/dist/output/build-error-data.js +0 -10
- package/dist/output/build-error-data.js.map +0 -1
- package/dist/output/build-error-payload.d.ts.map +0 -1
- package/dist/output/build-error-payload.js.map +0 -1
- package/dist/output/output-manager.d.ts +0 -28
- package/dist/output/output-manager.d.ts.map +0 -1
- package/dist/output/output-manager.js +0 -134
- package/dist/output/output-manager.js.map +0 -1
- package/dist/output/send-authorize-redirect.d.ts +0 -25
- package/dist/output/send-authorize-redirect.d.ts.map +0 -1
- package/dist/output/send-authorize-redirect.js.map +0 -1
- package/dist/output/send-web-page.d.ts +0 -8
- package/dist/output/send-web-page.d.ts.map +0 -1
- package/dist/output/send-web-page.js.map +0 -1
- package/dist/token/token-claims.d.ts.map +0 -1
- package/dist/token/token-claims.js +0 -27
- package/dist/token/token-claims.js.map +0 -1
- package/src/access-token/access-token-type.ts +0 -5
- package/src/account/account.ts +0 -1
- package/src/assets/assets-middleware.ts +0 -44
- package/src/lib/locale.ts +0 -21
- package/src/output/build-authorize-data.ts +0 -53
- package/src/output/build-customization-data.ts +0 -217
- package/src/output/build-error-data.ts +0 -8
- package/src/output/output-manager.ts +0 -188
- package/src/output/send-authorize-redirect.ts +0 -137
- package/src/token/token-claims.ts +0 -30
- package/tsconfig.backend.tsbuildinfo +0 -1
- /package/{tsconfig.backend.json → tsconfig.build.json} +0 -0
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TokenManager = void 0;
|
|
3
|
+
exports.TokenManager = exports.Signer = exports.AccessTokenMode = void 0;
|
|
4
4
|
const node_crypto_1 = require("node:crypto");
|
|
5
5
|
const jwk_1 = require("@atproto/jwk");
|
|
6
6
|
const oauth_types_1 = require("@atproto/oauth-types");
|
|
7
|
-
const
|
|
7
|
+
const access_token_mode_js_1 = require("../access-token/access-token-mode.js");
|
|
8
|
+
Object.defineProperty(exports, "AccessTokenMode", { enumerable: true, get: function () { return access_token_mode_js_1.AccessTokenMode; } });
|
|
8
9
|
const constants_js_1 = require("../constants.js");
|
|
9
10
|
const invalid_dpop_key_binding_error_js_1 = require("../errors/invalid-dpop-key-binding-error.js");
|
|
10
11
|
const invalid_dpop_proof_error_js_1 = require("../errors/invalid-dpop-proof-error.js");
|
|
@@ -14,6 +15,8 @@ const invalid_token_error_js_1 = require("../errors/invalid-token-error.js");
|
|
|
14
15
|
const date_js_1 = require("../lib/util/date.js");
|
|
15
16
|
const function_js_1 = require("../lib/util/function.js");
|
|
16
17
|
const code_js_1 = require("../request/code.js");
|
|
18
|
+
const signer_js_1 = require("../signer/signer.js");
|
|
19
|
+
Object.defineProperty(exports, "Signer", { enumerable: true, get: function () { return signer_js_1.Signer; } });
|
|
17
20
|
const refresh_token_js_1 = require("./refresh-token.js");
|
|
18
21
|
const token_id_js_1 = require("./token-id.js");
|
|
19
22
|
const verify_token_claims_js_1 = require("./verify-token-claims.js");
|
|
@@ -21,25 +24,34 @@ class TokenManager {
|
|
|
21
24
|
store;
|
|
22
25
|
signer;
|
|
23
26
|
hooks;
|
|
24
|
-
|
|
27
|
+
accessTokenMode;
|
|
25
28
|
tokenMaxAge;
|
|
26
|
-
constructor(store, signer, hooks,
|
|
29
|
+
constructor(store, signer, hooks, accessTokenMode, tokenMaxAge = constants_js_1.TOKEN_MAX_AGE) {
|
|
27
30
|
this.store = store;
|
|
28
31
|
this.signer = signer;
|
|
29
32
|
this.hooks = hooks;
|
|
30
|
-
this.
|
|
33
|
+
this.accessTokenMode = accessTokenMode;
|
|
31
34
|
this.tokenMaxAge = tokenMaxAge;
|
|
32
35
|
}
|
|
33
36
|
createTokenExpiry(now = new Date()) {
|
|
34
37
|
return new Date(now.getTime() + this.tokenMaxAge);
|
|
35
38
|
}
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
39
|
+
async buildAccessToken(tokenId, account, client, parameters, options) {
|
|
40
|
+
return this.signer.createAccessToken({
|
|
41
|
+
jti: tokenId,
|
|
42
|
+
sub: account.sub,
|
|
43
|
+
exp: (0, date_js_1.dateToEpoch)(options.expiresAt),
|
|
44
|
+
iat: (0, date_js_1.dateToEpoch)(options.now),
|
|
45
|
+
cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
|
|
46
|
+
...(this.accessTokenMode === access_token_mode_js_1.AccessTokenMode.stateless && {
|
|
47
|
+
aud: account.aud,
|
|
48
|
+
scope: parameters.scope,
|
|
49
|
+
// https://datatracker.ietf.org/doc/html/rfc8693#section-4.3
|
|
50
|
+
client_id: client.id,
|
|
51
|
+
}),
|
|
52
|
+
});
|
|
41
53
|
}
|
|
42
|
-
async create(client, clientAuth, clientMetadata, account,
|
|
54
|
+
async create(client, clientAuth, clientMetadata, account, deviceId, parameters, input, dpopJkt) {
|
|
43
55
|
// @NOTE the atproto specific DPoP requirement is enforced though the
|
|
44
56
|
// "dpop_bound_access_tokens" metadata, which is enforced by the
|
|
45
57
|
// ClientManager class.
|
|
@@ -71,9 +83,11 @@ class TokenManager {
|
|
|
71
83
|
if (!(0, code_js_1.isCode)(input.code)) {
|
|
72
84
|
throw new invalid_grant_error_js_1.InvalidGrantError('Invalid code');
|
|
73
85
|
}
|
|
86
|
+
// @NOTE not using `this.findByCode` because we want to delete the token
|
|
87
|
+
// if it still exists (rather than throwing if the code is invalid).
|
|
74
88
|
const tokenInfo = await this.store.findTokenByCode(input.code);
|
|
75
89
|
if (tokenInfo) {
|
|
76
|
-
await this.
|
|
90
|
+
await this.deleteToken(tokenInfo.id);
|
|
77
91
|
throw new invalid_grant_error_js_1.InvalidGrantError(`Code replayed`);
|
|
78
92
|
}
|
|
79
93
|
code = input.code;
|
|
@@ -113,10 +127,6 @@ class TokenManager {
|
|
|
113
127
|
else if (input.code_verifier !== undefined) {
|
|
114
128
|
throw new invalid_request_error_js_1.InvalidRequestError("code_challenge parameter wasn't provided");
|
|
115
129
|
}
|
|
116
|
-
if (!device) {
|
|
117
|
-
// Fool-proofing (authorization_code grant should always have a device)
|
|
118
|
-
throw new invalid_request_error_js_1.InvalidRequestError('consent was not given for this device');
|
|
119
|
-
}
|
|
120
130
|
break;
|
|
121
131
|
}
|
|
122
132
|
default: {
|
|
@@ -131,82 +141,58 @@ class TokenManager {
|
|
|
131
141
|
: undefined;
|
|
132
142
|
const now = new Date();
|
|
133
143
|
const expiresAt = this.createTokenExpiry(now);
|
|
134
|
-
const authorizationDetails = await (0, function_js_1.callAsync)(this.hooks.getAuthorizationDetails, {
|
|
135
|
-
client,
|
|
136
|
-
clientAuth,
|
|
137
|
-
clientMetadata,
|
|
138
|
-
parameters,
|
|
139
|
-
account,
|
|
140
|
-
});
|
|
141
144
|
const tokenData = {
|
|
142
145
|
createdAt: now,
|
|
143
146
|
updatedAt: now,
|
|
144
147
|
expiresAt,
|
|
145
148
|
clientId: client.id,
|
|
146
149
|
clientAuth,
|
|
147
|
-
deviceId
|
|
150
|
+
deviceId,
|
|
148
151
|
sub: account.sub,
|
|
149
152
|
parameters,
|
|
150
|
-
details:
|
|
153
|
+
details: null,
|
|
151
154
|
code,
|
|
152
155
|
};
|
|
153
156
|
await this.store.createToken(tokenId, tokenData, refreshToken);
|
|
154
157
|
try {
|
|
155
|
-
const accessToken =
|
|
156
|
-
|
|
157
|
-
: await this.signer.accessToken(client, parameters, {
|
|
158
|
-
// We don't specify the alg here. We suppose the Resource server will be
|
|
159
|
-
// able to verify the token using any alg.
|
|
160
|
-
aud: account.aud,
|
|
161
|
-
sub: account.sub,
|
|
162
|
-
alg: undefined,
|
|
163
|
-
exp: expiresAt,
|
|
164
|
-
iat: now,
|
|
165
|
-
jti: tokenId,
|
|
166
|
-
cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
|
|
167
|
-
authorization_details: authorizationDetails,
|
|
168
|
-
});
|
|
169
|
-
const response = await this.buildTokenResponse(client, accessToken, refreshToken, expiresAt, parameters, account, authorizationDetails);
|
|
158
|
+
const accessToken = await this.buildAccessToken(tokenId, account, client, parameters, { now, expiresAt });
|
|
159
|
+
const response = await this.buildTokenResponse(client, accessToken, refreshToken, expiresAt, parameters, account.sub);
|
|
170
160
|
await (0, function_js_1.callAsync)(this.hooks.onTokenCreated, {
|
|
171
161
|
client,
|
|
172
162
|
clientAuth,
|
|
173
163
|
clientMetadata,
|
|
174
164
|
account,
|
|
175
165
|
parameters,
|
|
176
|
-
deviceId: device ? device.id : null,
|
|
177
166
|
});
|
|
178
167
|
return response;
|
|
179
168
|
}
|
|
180
169
|
catch (err) {
|
|
181
170
|
// Just in case the token could not be issued, we delete it from the store
|
|
182
|
-
await this.
|
|
171
|
+
await this.deleteToken(tokenId);
|
|
183
172
|
throw err;
|
|
184
173
|
}
|
|
185
174
|
}
|
|
186
|
-
|
|
187
|
-
|
|
175
|
+
buildTokenResponse(client, accessToken, refreshToken, expiresAt, parameters, sub) {
|
|
176
|
+
return {
|
|
188
177
|
access_token: accessToken,
|
|
189
178
|
token_type: parameters.dpop_jkt ? 'DPoP' : 'Bearer',
|
|
190
179
|
refresh_token: refreshToken,
|
|
191
180
|
scope: parameters.scope,
|
|
192
|
-
|
|
181
|
+
// @NOTE using a getter so that the value gets computed when the JSON
|
|
182
|
+
// response is generated, allowing to value to be as accurate as possible.
|
|
193
183
|
get expires_in() {
|
|
194
184
|
return (0, date_js_1.dateToRelativeSeconds)(expiresAt);
|
|
195
185
|
},
|
|
196
186
|
// ATPROTO extension: add the sub claim to the token response to allow
|
|
197
187
|
// clients to resolve the PDS url (audience) using the did resolution
|
|
198
188
|
// mechanism.
|
|
199
|
-
sub
|
|
189
|
+
sub,
|
|
200
190
|
};
|
|
201
|
-
return tokenResponse;
|
|
202
191
|
}
|
|
203
192
|
async validateAccess(client, clientAuth, tokenInfo) {
|
|
204
193
|
if (tokenInfo.data.clientId !== client.id) {
|
|
205
194
|
throw new invalid_grant_error_js_1.InvalidGrantError(`Token was not issued to this client`);
|
|
206
195
|
}
|
|
207
|
-
if (tokenInfo.info?.authorizedClients.includes(client.id) === false) {
|
|
208
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`Client no longer trusted by user`);
|
|
209
|
-
}
|
|
210
196
|
if (tokenInfo.data.clientAuth.method !== clientAuth.method) {
|
|
211
197
|
throw new invalid_grant_error_js_1.InvalidGrantError(`Client authentication method mismatch`);
|
|
212
198
|
}
|
|
@@ -214,27 +200,40 @@ class TokenManager {
|
|
|
214
200
|
throw new invalid_grant_error_js_1.InvalidGrantError(`Client authentication mismatch`);
|
|
215
201
|
}
|
|
216
202
|
}
|
|
203
|
+
async validateRefresh(client, clientAuth, { data }) {
|
|
204
|
+
// @TODO This value should be computable even if we don't have the "client"
|
|
205
|
+
// (because fetching client info could be flaky). Instead, all the info
|
|
206
|
+
// needed should be stored in the token info.
|
|
207
|
+
const allowLongerLifespan = client.info.isFirstParty || data.clientAuth.method !== 'none';
|
|
208
|
+
const lifetime = allowLongerLifespan
|
|
209
|
+
? constants_js_1.AUTHENTICATED_REFRESH_LIFETIME
|
|
210
|
+
: constants_js_1.UNAUTHENTICATED_REFRESH_LIFETIME;
|
|
211
|
+
if (data.createdAt.getTime() + lifetime < Date.now()) {
|
|
212
|
+
throw new invalid_grant_error_js_1.InvalidGrantError(`Refresh token expired`);
|
|
213
|
+
}
|
|
214
|
+
const inactivityTimeout = allowLongerLifespan
|
|
215
|
+
? constants_js_1.AUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT
|
|
216
|
+
: constants_js_1.UNAUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT;
|
|
217
|
+
if (data.updatedAt.getTime() + inactivityTimeout < Date.now()) {
|
|
218
|
+
throw new invalid_grant_error_js_1.InvalidGrantError(`Refresh token exceeded inactivity timeout`);
|
|
219
|
+
}
|
|
220
|
+
}
|
|
217
221
|
async refresh(client, clientAuth, clientMetadata, input, dpopJkt) {
|
|
218
222
|
const refreshTokenParsed = refresh_token_js_1.refreshTokenSchema.safeParse(input.refresh_token);
|
|
219
223
|
if (!refreshTokenParsed.success) {
|
|
220
224
|
throw new invalid_request_error_js_1.InvalidRequestError('Invalid refresh token');
|
|
221
225
|
}
|
|
222
226
|
const refreshToken = refreshTokenParsed.data;
|
|
223
|
-
const tokenInfo = await this.
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
+
const tokenInfo = await this.findByRefreshToken(refreshToken).catch((err) => {
|
|
228
|
+
throw invalid_grant_error_js_1.InvalidGrantError.from(err, err instanceof invalid_request_error_js_1.InvalidRequestError
|
|
229
|
+
? err.error_description
|
|
230
|
+
: 'Invalid refresh token');
|
|
231
|
+
});
|
|
227
232
|
const { account, data } = tokenInfo;
|
|
228
233
|
const { parameters } = data;
|
|
229
234
|
try {
|
|
230
|
-
if (tokenInfo.currentRefreshToken !== refreshToken) {
|
|
231
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`refresh token replayed`);
|
|
232
|
-
}
|
|
233
235
|
await this.validateAccess(client, clientAuth, tokenInfo);
|
|
234
|
-
|
|
235
|
-
// Fool-proofing (should never happen)
|
|
236
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`Invalid grant type`);
|
|
237
|
-
}
|
|
236
|
+
await this.validateRefresh(client, clientAuth, tokenInfo);
|
|
238
237
|
if (!client.metadata.grant_types.includes(input.grant_type)) {
|
|
239
238
|
// In case the client metadata was updated after the token was issued
|
|
240
239
|
throw new invalid_grant_error_js_1.InvalidGrantError(`This client is not allowed to use the "${input.grant_type}" grant type`);
|
|
@@ -247,26 +246,6 @@ class TokenManager {
|
|
|
247
246
|
throw new invalid_dpop_key_binding_error_js_1.InvalidDpopKeyBindingError();
|
|
248
247
|
}
|
|
249
248
|
}
|
|
250
|
-
const lastActivity = data.updatedAt;
|
|
251
|
-
const inactivityTimeout = clientAuth.method === 'none' && !client.info.isFirstParty
|
|
252
|
-
? constants_js_1.UNAUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT
|
|
253
|
-
: constants_js_1.AUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT;
|
|
254
|
-
if (lastActivity.getTime() + inactivityTimeout < Date.now()) {
|
|
255
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`Refresh token exceeded inactivity timeout`);
|
|
256
|
-
}
|
|
257
|
-
const lifetime = clientAuth.method === 'none' && !client.info.isFirstParty
|
|
258
|
-
? constants_js_1.UNAUTHENTICATED_REFRESH_LIFETIME
|
|
259
|
-
: constants_js_1.AUTHENTICATED_REFRESH_LIFETIME;
|
|
260
|
-
if (data.createdAt.getTime() + lifetime < Date.now()) {
|
|
261
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`Refresh token expired`);
|
|
262
|
-
}
|
|
263
|
-
const authorizationDetails = await (0, function_js_1.callAsync)(this.hooks.getAuthorizationDetails, {
|
|
264
|
-
client,
|
|
265
|
-
clientAuth,
|
|
266
|
-
clientMetadata,
|
|
267
|
-
parameters,
|
|
268
|
-
account,
|
|
269
|
-
});
|
|
270
249
|
const nextTokenId = await (0, token_id_js_1.generateTokenId)();
|
|
271
250
|
const nextRefreshToken = await (0, refresh_token_js_1.generateRefreshToken)();
|
|
272
251
|
const now = new Date();
|
|
@@ -288,156 +267,119 @@ class TokenManager {
|
|
|
288
267
|
// a valid DPoP proof.
|
|
289
268
|
clientAuth,
|
|
290
269
|
});
|
|
291
|
-
const accessToken =
|
|
292
|
-
|
|
293
|
-
: await this.signer.accessToken(client, parameters, {
|
|
294
|
-
// We don't specify the alg here. We suppose the Resource server will be
|
|
295
|
-
// able to verify the token using any alg.
|
|
296
|
-
aud: account.aud,
|
|
297
|
-
sub: account.sub,
|
|
298
|
-
alg: undefined,
|
|
299
|
-
exp: expiresAt,
|
|
300
|
-
iat: now,
|
|
301
|
-
jti: nextTokenId,
|
|
302
|
-
cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
|
|
303
|
-
authorization_details: authorizationDetails,
|
|
304
|
-
});
|
|
305
|
-
const response = await this.buildTokenResponse(client, accessToken, nextRefreshToken, expiresAt, parameters, account, authorizationDetails);
|
|
270
|
+
const accessToken = await this.buildAccessToken(nextTokenId, account, client, parameters, { now, expiresAt });
|
|
271
|
+
const response = await this.buildTokenResponse(client, accessToken, nextRefreshToken, expiresAt, parameters, account.sub);
|
|
306
272
|
await (0, function_js_1.callAsync)(this.hooks.onTokenRefreshed, {
|
|
307
273
|
client,
|
|
308
274
|
clientAuth,
|
|
309
275
|
clientMetadata,
|
|
310
276
|
account,
|
|
311
277
|
parameters,
|
|
312
|
-
deviceId: tokenInfo.data.deviceId,
|
|
313
278
|
});
|
|
314
279
|
return response;
|
|
315
280
|
}
|
|
316
281
|
catch (err) {
|
|
317
282
|
// Just in case the token could not be refreshed, we delete it from the store
|
|
318
|
-
await this.
|
|
283
|
+
await this.deleteToken(tokenInfo.id);
|
|
319
284
|
throw err;
|
|
320
285
|
}
|
|
321
286
|
}
|
|
322
287
|
/**
|
|
323
|
-
* @
|
|
288
|
+
* @note The token validity is not guaranteed. The caller must ensure that the
|
|
289
|
+
* token is valid before using the returned token info.
|
|
324
290
|
*/
|
|
325
|
-
async
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
await this.store.deleteToken(token);
|
|
329
|
-
return;
|
|
330
|
-
}
|
|
331
|
-
case (0, jwk_1.isSignedJwt)(token): {
|
|
332
|
-
const { payload } = await this.signer.verify(token, {
|
|
333
|
-
clockTolerance: Infinity,
|
|
334
|
-
requiredClaims: ['jti'],
|
|
335
|
-
});
|
|
336
|
-
const tokenId = token_id_js_1.tokenIdSchema.parse(payload.jti);
|
|
337
|
-
await this.store.deleteToken(tokenId);
|
|
338
|
-
return;
|
|
339
|
-
}
|
|
340
|
-
case (0, refresh_token_js_1.isRefreshToken)(token): {
|
|
341
|
-
const tokenInfo = await this.store.findTokenByRefreshToken(token);
|
|
342
|
-
if (tokenInfo)
|
|
343
|
-
await this.store.deleteToken(tokenInfo.id);
|
|
344
|
-
return;
|
|
345
|
-
}
|
|
346
|
-
case (0, code_js_1.isCode)(token): {
|
|
347
|
-
const tokenInfo = await this.store.findTokenByCode(token);
|
|
348
|
-
if (tokenInfo)
|
|
349
|
-
await this.store.deleteToken(tokenInfo.id);
|
|
350
|
-
return;
|
|
351
|
-
}
|
|
352
|
-
default:
|
|
353
|
-
// No error should be returned if the token is not valid
|
|
354
|
-
return;
|
|
291
|
+
async findToken(token) {
|
|
292
|
+
if ((0, token_id_js_1.isTokenId)(token)) {
|
|
293
|
+
return this.getTokenInfo(token);
|
|
355
294
|
}
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
* Allows an (authenticated) client to obtain information about a token.
|
|
359
|
-
*
|
|
360
|
-
* @see {@link https://datatracker.ietf.org/doc/html/rfc7662 RFC7662}
|
|
361
|
-
*/
|
|
362
|
-
async clientTokenInfo(client, clientAuth, token) {
|
|
363
|
-
const tokenInfo = await this.findTokenInfo(token);
|
|
364
|
-
if (!tokenInfo) {
|
|
365
|
-
throw new invalid_grant_error_js_1.InvalidGrantError(`Invalid token`);
|
|
295
|
+
else if ((0, code_js_1.isCode)(token)) {
|
|
296
|
+
return this.findByCode(token);
|
|
366
297
|
}
|
|
367
|
-
|
|
368
|
-
|
|
298
|
+
else if ((0, refresh_token_js_1.isRefreshToken)(token)) {
|
|
299
|
+
return this.findByRefreshToken(token);
|
|
369
300
|
}
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
301
|
+
else if ((0, jwk_1.isSignedJwt)(token)) {
|
|
302
|
+
return this.findBySignedJwt(token);
|
|
303
|
+
}
|
|
304
|
+
else {
|
|
305
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`Invalid token`);
|
|
373
306
|
}
|
|
374
|
-
|
|
375
|
-
|
|
307
|
+
}
|
|
308
|
+
async findBySignedJwt(token) {
|
|
309
|
+
const { payload } = await this.signer.verifyAccessToken(token, {
|
|
310
|
+
clockTolerance: Infinity,
|
|
311
|
+
});
|
|
312
|
+
const tokenInfo = await this.getTokenInfo(payload.jti);
|
|
313
|
+
// Fool-proof: Invalid store implementation ?
|
|
314
|
+
if (payload.sub !== tokenInfo.account.sub) {
|
|
315
|
+
await this.deleteToken(tokenInfo.id);
|
|
316
|
+
throw new Error(`Account sub (${tokenInfo.account.sub}) does not match token sub (${payload.sub})`);
|
|
376
317
|
}
|
|
377
318
|
return tokenInfo;
|
|
378
319
|
}
|
|
379
|
-
async
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
if (!payload)
|
|
388
|
-
return null;
|
|
389
|
-
const tokenInfo = await this.store.readToken(payload.jti);
|
|
390
|
-
if (!tokenInfo)
|
|
391
|
-
return null;
|
|
392
|
-
// Audience changed (e.g. user was moved to another resource server)
|
|
393
|
-
if (payload.aud !== tokenInfo.account.aud) {
|
|
394
|
-
return null;
|
|
395
|
-
}
|
|
396
|
-
// Invalid store implementation ?
|
|
397
|
-
if (payload.sub !== tokenInfo.account.sub) {
|
|
398
|
-
throw new Error(`Account sub (${tokenInfo.account.sub}) does not match token sub (${payload.sub})`);
|
|
399
|
-
}
|
|
400
|
-
return tokenInfo;
|
|
401
|
-
}
|
|
402
|
-
case (0, refresh_token_js_1.isRefreshToken)(token): {
|
|
403
|
-
const tokenInfo = await this.store.findTokenByRefreshToken(token);
|
|
404
|
-
if (!tokenInfo?.currentRefreshToken)
|
|
405
|
-
return null;
|
|
406
|
-
if (tokenInfo.currentRefreshToken !== token)
|
|
407
|
-
return null;
|
|
408
|
-
return tokenInfo;
|
|
409
|
-
}
|
|
410
|
-
default:
|
|
411
|
-
// Should never happen
|
|
412
|
-
return null;
|
|
320
|
+
async findByRefreshToken(token) {
|
|
321
|
+
const tokenInfo = await this.store.findTokenByRefreshToken(token);
|
|
322
|
+
if (!tokenInfo) {
|
|
323
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`Invalid refresh token`);
|
|
324
|
+
}
|
|
325
|
+
if (tokenInfo.currentRefreshToken !== token) {
|
|
326
|
+
await this.deleteToken(tokenInfo.id);
|
|
327
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`Refresh token replayed`);
|
|
413
328
|
}
|
|
329
|
+
return tokenInfo;
|
|
414
330
|
}
|
|
415
|
-
async
|
|
416
|
-
const tokenInfo = await this.store.
|
|
331
|
+
async findByCode(code) {
|
|
332
|
+
const tokenInfo = await this.store.findTokenByCode(code);
|
|
417
333
|
if (!tokenInfo) {
|
|
418
|
-
throw new
|
|
334
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`Invalid code`);
|
|
419
335
|
}
|
|
420
|
-
|
|
421
|
-
|
|
336
|
+
return tokenInfo;
|
|
337
|
+
}
|
|
338
|
+
async deleteToken(tokenId) {
|
|
339
|
+
return this.store.deleteToken(tokenId);
|
|
340
|
+
}
|
|
341
|
+
async getTokenInfo(tokenId) {
|
|
342
|
+
const tokenInfo = await this.store.readToken(tokenId);
|
|
343
|
+
if (!tokenInfo) {
|
|
344
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`Invalid token`);
|
|
422
345
|
}
|
|
423
346
|
return tokenInfo;
|
|
424
347
|
}
|
|
425
|
-
async
|
|
426
|
-
const tokenInfo = await this.getTokenInfo(
|
|
427
|
-
|
|
348
|
+
async verifyToken(token, tokenType, tokenId, dpopJkt, verifyOptions) {
|
|
349
|
+
const tokenInfo = await this.getTokenInfo(tokenId).catch((err) => {
|
|
350
|
+
throw invalid_token_error_js_1.InvalidTokenError.from(err, tokenType);
|
|
351
|
+
});
|
|
352
|
+
if (isCurrentTokenExpired(tokenInfo)) {
|
|
353
|
+
await this.deleteToken(tokenId);
|
|
354
|
+
throw new invalid_token_error_js_1.InvalidTokenError(tokenType, `Token expired`);
|
|
355
|
+
}
|
|
356
|
+
const { account, data } = tokenInfo;
|
|
357
|
+
const { parameters } = data;
|
|
428
358
|
// Construct a list of claim, as if the token was a JWT.
|
|
429
359
|
const claims = {
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
client_id: tokenInfo.data.clientId,
|
|
360
|
+
iss: this.signer.issuer,
|
|
361
|
+
jti: tokenId,
|
|
362
|
+
sub: account.sub,
|
|
363
|
+
exp: (0, date_js_1.dateToEpoch)(data.expiresAt),
|
|
364
|
+
iat: (0, date_js_1.dateToEpoch)(data.updatedAt),
|
|
436
365
|
cnf: parameters.dpop_jkt ? { jkt: parameters.dpop_jkt } : undefined,
|
|
366
|
+
// These are not stored in the JWT access token in "light" access token
|
|
367
|
+
// mode. See `buildAccessToken`.
|
|
368
|
+
aud: account.aud,
|
|
369
|
+
scope: parameters.scope,
|
|
370
|
+
client_id: data.clientId,
|
|
437
371
|
};
|
|
438
|
-
|
|
439
|
-
|
|
372
|
+
return (0, verify_token_claims_js_1.verifyTokenClaims)(token, tokenId, tokenType, dpopJkt, claims, verifyOptions);
|
|
373
|
+
}
|
|
374
|
+
async listAccountTokens(sub) {
|
|
375
|
+
const results = await this.store.listAccountTokens(sub);
|
|
376
|
+
return results
|
|
377
|
+
.filter((tokenInfo) => tokenInfo.account.sub === sub) // Fool proof
|
|
378
|
+
.filter((tokenInfo) => !isCurrentTokenExpired(tokenInfo));
|
|
440
379
|
}
|
|
441
380
|
}
|
|
442
381
|
exports.TokenManager = TokenManager;
|
|
382
|
+
function isCurrentTokenExpired(tokenInfo) {
|
|
383
|
+
return tokenInfo.data.expiresAt.getTime() < Date.now();
|
|
384
|
+
}
|
|
443
385
|
//# sourceMappingURL=token-manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,sCAA0C;AAC1C,sDAU6B;AAC7B,+EAAsE;AAKtE,kDAMwB;AAExB,mGAAwF;AACxF,uFAA6E;AAC7E,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AAEpE,iDAAwE;AACxE,yDAAmD;AAEnD,gDAAiD;AAEjD,yDAI2B;AAG3B,+CAKsB;AAEtB,qEAIiC;AAMjC,MAAa,YAAY;IAEF;IACA;IACA;IACA;IACA;IALrB,YACqB,KAAiB,EACjB,MAAc,EACd,KAAiB,EACjB,eAAgC,EAChC,cAAc,4BAAa;QAJ3B,UAAK,GAAL,KAAK,CAAY;QACjB,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,oBAAe,GAAf,eAAe,CAAiB;QAChC,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE;QAC1C,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IACnD,CAAC;IAES,iBAAiB,CAAC,OAAgB;QAC1C,IAAI,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,IAAI,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,GAAG,CAAA;QAC3C,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,GAAG,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,MAAc,EACd,UAAsB,EACtB,cAA+B,EAC/B,OAAgB,EAChB,MAAwD,EACxD,UAA+C,EAC/C,KAGkC,EAClC,OAAsB;QAEtB,qEAAqE;QACrE,gEAAgE;QAChE,uBAAuB;QACvB,IAAI,MAAM,CAAC,QAAQ,CAAC,wBAAwB,IAAI,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACzB,iEAAiE;YACjE,+DAA+D;YAC/D,yBAAyB;YACzB,IAAI,OAAO;gBAAE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAChE,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;QACxC,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,8CAAgC,EAAE,CAAC;YAC3D,kEAAkE;YAClE,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,8CAAmB,CAC3B,8EAA8E,CAC/E,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;QACH,CAAC;QAED,IAAI,IAAI,GAAgB,IAAI,CAAA;QAE5B,QAAQ,KAAK,CAAC,UAAU,EAAE,CAAC;YACzB,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,IAAI,CAAC,IAAA,gBAAM,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxB,MAAM,IAAI,0CAAiB,CAAC,cAAc,CAAC,CAAA;gBAC7C,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC9D,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBAC1C,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;gBAC9C,CAAC;gBAED,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;gBAEjB,IAAI,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY,EAAE,CAAC;oBACnD,MAAM,IAAI,0CAAiB,CACzB,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBAED,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC9B,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;wBACzB,MAAM,IAAI,0CAAiB,CAAC,2BAA2B,CAAC,CAAA;oBAC1D,CAAC;oBACD,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;wBACpC,MAAM,IAAI,0CAAiB,CAAC,yBAAyB,CAAC,CAAA;oBACxD,CAAC;oBACD,QAAQ,UAAU,CAAC,qBAAqB,IAAI,OAAO,EAAE,CAAC;wBACpD,KAAK,OAAO,CAAC,CAAC,CAAC;4BACb,IAAI,UAAU,CAAC,cAAc,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;gCACtD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;4BACtD,CAAC;4BACD,MAAK;wBACP,CAAC;wBACD,KAAK,MAAM,CAAC,CAAC,CAAC;4BACZ,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,UAAU,CAAC,cAAc,EACzB,QAAQ,CACT,CAAA;4BACD,MAAM,iBAAiB,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;iCAC3C,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC;iCAC3B,MAAM,EAAE,CAAA;4BACX,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gCACpD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;4BACtD,CAAC;4BACD,MAAK;wBACP,CAAC;wBACD,OAAO,CAAC,CAAC,CAAC;4BACR,qEAAqE;4BACrE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;wBACtD,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC7C,MAAM,IAAI,8CAAmB,CAC3B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,uEAAuE;oBACvE,MAAM,IAAI,8CAAmB,CAAC,uCAAuC,CAAC,CAAA;gBACxE,CAAC;gBAED,MAAK;YACP,CAAC;YAED,OAAO,CAAC,CAAC,CAAC;gBACR,qEAAqE;gBACrE,wBAAwB;gBACxB,MAAM,IAAI,8CAAmB,CAC3B,2BAA2B,KAAK,CAAC,UAAU,GAAG,CAC/C,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;QACvC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC;YACxE,CAAC,CAAC,MAAM,IAAA,uCAAoB,GAAE;YAC9B,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QAE7C,MAAM,oBAAoB,GAAG,MAAM,IAAA,uBAAS,EAC1C,IAAI,CAAC,KAAK,CAAC,uBAAuB,EAClC;YACE,MAAM;YACN,UAAU;YACV,cAAc;YACd,UAAU;YACV,OAAO;SACR,CACF,CAAA;QAED,MAAM,SAAS,GAAc;YAC3B,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,UAAU;YACV,OAAO,EAAE,oBAAoB,IAAI,IAAI;YACrC,IAAI;SACL,CAAA;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC,CAAA;QAE9D,IAAI,CAAC;YACH,MAAM,WAAW,GAAqB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;gBACpE,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE;oBAChD,wEAAwE;oBACxE,0CAA0C;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,GAAG;oBACR,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBACnE,qBAAqB,EAAE,oBAAoB;iBAC5C,CAAC,CAAA;YAEN,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC5C,MAAM,EACN,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,EACV,OAAO,EACP,oBAAoB,CACrB,CAAA;YAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;gBACzC,MAAM;gBACN,UAAU;gBACV,cAAc;gBACd,OAAO;gBACP,UAAU;gBACV,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;aACpC,CAAC,CAAA;YAEF,OAAO,QAAQ,CAAA;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0EAA0E;YAC1E,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YAErC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,MAAc,EACd,WAA6B,EAC7B,YAAgC,EAChC,SAAe,EACf,UAA+C,EAC/C,OAAgB,EAChB,oBAAgC;QAEhC,MAAM,aAAa,GAAuB;YACxC,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,qBAAqB,EAAE,oBAAoB;YAC3C,IAAI,UAAU;gBACZ,OAAO,IAAA,+BAAqB,EAAC,SAAS,CAAC,CAAA;YACzC,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,aAAa;YACb,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAA;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;IAES,KAAK,CAAC,cAAc,CAC5B,MAAc,EACd,UAAsB,EACtB,SAAoB;QAEpB,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,0CAAiB,CAAC,qCAAqC,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,0CAAiB,CAAC,kCAAkC,CAAC,CAAA;QACjE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,0CAAiB,CAAC,uCAAuC,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,0CAAiB,CAAC,gCAAgC,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAc,EACd,UAAsB,EACtB,cAA+B,EAC/B,KAAyC,EACzC,OAAsB;QAEtB,MAAM,kBAAkB,GAAG,qCAAkB,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;QAC5E,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,8CAAmB,CAAC,uBAAuB,CAAC,CAAA;QACxD,CAAC;QACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAA;QAE5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,YAAY,CAAC,CAAA;QACxE,IAAI,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC;YACpC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;QACnC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAE3B,IAAI,CAAC;YACH,IAAI,SAAS,CAAC,mBAAmB,KAAK,YAAY,EAAE,CAAC;gBACnD,MAAM,IAAI,0CAAiB,CAAC,wBAAwB,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;YAExD,IAAI,KAAK,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;gBACzC,sCAAsC;gBACtC,MAAM,IAAI,0CAAiB,CAAC,oBAAoB,CAAC,CAAA;YACnD,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC5D,qEAAqE;gBACrE,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;YACH,CAAC;YAED,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;gBACxD,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;gBACxC,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAA;YACnC,MAAM,iBAAiB,GACrB,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,yDAA0C;gBAC5C,CAAC,CAAC,uDAAwC,CAAA;YAC9C,IAAI,YAAY,CAAC,OAAO,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC5D,MAAM,IAAI,0CAAiB,CAAC,2CAA2C,CAAC,CAAA;YAC1E,CAAC;YAED,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBACvD,CAAC,CAAC,+CAAgC;gBAClC,CAAC,CAAC,6CAA8B,CAAA;YACpC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACrD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,oBAAoB,GAAG,MAAM,IAAA,uBAAS,EAC1C,IAAI,CAAC,KAAK,CAAC,uBAAuB,EAClC;gBACE,MAAM;gBACN,UAAU;gBACV,cAAc;gBACd,UAAU;gBACV,OAAO;aACR,CACF,CAAA;YAED,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;YAC3C,MAAM,gBAAgB,GAAG,MAAM,IAAA,uCAAoB,GAAE,CAAA;YAErD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;YAE7C,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAC1B,SAAS,CAAC,EAAE,EACZ,WAAW,EACX,gBAAgB,EAChB;gBACE,SAAS,EAAE,GAAG;gBACd,SAAS;gBACT,mEAAmE;gBACnE,iEAAiE;gBACjE,kEAAkE;gBAClE,+DAA+D;gBAC/D,iEAAiE;gBACjE,kEAAkE;gBAClE,sEAAsE;gBACtE,mEAAmE;gBACnE,sEAAsE;gBACtE,oEAAoE;gBACpE,qEAAqE;gBACrE,sBAAsB;gBACtB,UAAU;aACX,CACF,CAAA;YAED,MAAM,WAAW,GAAqB,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;gBACpE,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE;oBAChD,wEAAwE;oBACxE,0CAA0C;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,GAAG;oBACR,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBACnE,qBAAqB,EAAE,oBAAoB;iBAC5C,CAAC,CAAA;YAEN,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC5C,MAAM,EACN,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,UAAU,EACV,OAAO,EACP,oBAAoB,CACrB,CAAA;YAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE;gBAC3C,MAAM;gBACN,UAAU;gBACV,cAAc;gBACd,OAAO;gBACP,UAAU;gBACV,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;aAClC,CAAC,CAAA;YAEF,OAAO,QAAQ,CAAA;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6EAA6E;YAC7E,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAE1C,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;gBACnC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;oBAClD,cAAc,EAAE,QAAQ;oBACxB,cAAc,EAAE,CAAC,KAAK,CAAC;iBACxB,CAAC,CAAA;gBACF,MAAM,OAAO,GAAG,2BAAa,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;gBACrC,OAAM;YACR,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED,KAAK,IAAA,gBAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,SAAS;oBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;gBACzD,OAAM;YACR,CAAC;YAED;gBACE,wDAAwD;gBACxD,OAAM;QACV,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,MAAc,EACd,UAAsB,EACtB,KAAa;QAEb,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAC1C,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,KAAa;QACzC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,IAAA,uBAAS,EAAC,KAAK,CAAC;gBACnB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAEpC,KAAK,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;qBAClC,iBAAiB,CAAC,KAAK,CAAC;qBACxB,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;gBACpC,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAA;gBAEzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAE3B,oEAAoE;gBACpE,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,OAAO,IAAI,CAAA;gBACb,CAAC;gBAED,iCAAiC;gBACjC,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAC1C,MAAM,IAAI,KAAK,CACb,gBAAgB,SAAS,CAAC,OAAO,CAAC,GAAG,+BAA+B,OAAO,CAAC,GAAG,GAAG,CACnF,CAAA;gBACH,CAAC;gBAED,OAAO,SAAS,CAAA;YAClB,CAAC;YAED,KAAK,IAAA,iCAAc,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;gBACjE,IAAI,CAAC,SAAS,EAAE,mBAAmB;oBAAE,OAAO,IAAI,CAAA;gBAChD,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK;oBAAE,OAAO,IAAI,CAAA;gBACxD,OAAO,SAAS,CAAA;YAClB,CAAC;YAED;gBACE,sBAAsB;gBACtB,OAAO,IAAI,CAAA;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAAyB,EAAE,OAAgB;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,SAAyB,EACzB,KAAc,EACd,OAAsB,EACtB,aAAwC;QAExC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,IAAI,CAAA;QAErC,wDAAwD;QACxD,MAAM,MAAM,GAAgB;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG;YAC1B,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,GAAG,EAAE,IAAA,qBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK;YACtC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;YAClC,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;SACpE,CAAA;QAED,MAAM,MAAM,GAAG,IAAA,0CAAiB,EAC9B,KAAK,EACL,KAAK,EACL,SAAS,EACT,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAA;QAED,OAAO,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,CAAA;IACjC,CAAC;CACF;AA5jBD,oCA4jBC"}
|
|
1
|
+
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/token/token-manager.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,sCAAqD;AAErD,sDAU6B;AAC7B,+EAAsE;AAuC7D,gGAvCA,sCAAe,OAuCA;AApCxB,kDAMwB;AAExB,mGAAwF;AACxF,uFAA6E;AAC7E,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AAEpE,iDAAwE;AACxE,yDAAmD;AAGnD,gDAAiD;AAEjD,mDAA4C;AAgBlB,uFAhBjB,kBAAM,OAgBiB;AAfhC,yDAK2B;AAE3B,+CAAmE;AAEnE,qEAIiC;AAKjC,MAAa,YAAY;IAEF;IACA;IACA;IACA;IACA;IALrB,YACqB,KAAiB,EACjB,MAAc,EACd,KAAiB,EACjB,eAAgC,EAChC,cAAc,4BAAa;QAJ3B,UAAK,GAAL,KAAK,CAAY;QACjB,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,oBAAe,GAAf,eAAe,CAAiB;QAChC,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE;QAC1C,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IACnD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,OAAgB,EAChB,OAAgB,EAChB,MAAc,EACd,UAA+C,EAC/C,OAGC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnC,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,IAAA,qBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YACnC,GAAG,EAAE,IAAA,qBAAW,EAAC,OAAO,CAAC,GAAG,CAAC;YAC7B,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;YAEnE,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,SAAS,IAAI;gBACxD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,KAAK,EAAE,UAAU,CAAC,KAAK;gBACvB,4DAA4D;gBAC5D,SAAS,EAAE,MAAM,CAAC,EAAE;aACrB,CAAC;SACH,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CACV,MAAc,EACd,UAAsB,EACtB,cAA+B,EAC/B,OAAgB,EAChB,QAAyB,EACzB,UAA+C,EAC/C,KAGkC,EAClC,OAAsB;QAEtB,qEAAqE;QACrE,gEAAgE;QAChE,uBAAuB;QACvB,IAAI,MAAM,CAAC,QAAQ,CAAC,wBAAwB,IAAI,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACzB,iEAAiE;YACjE,+DAA+D;YAC/D,yBAAyB;YACzB,IAAI,OAAO;gBAAE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAChE,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;QACxC,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,8CAAgC,EAAE,CAAC;YAC3D,kEAAkE;YAClE,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,8CAAmB,CAC3B,8EAA8E,CAC/E,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;QACH,CAAC;QAED,IAAI,IAAI,GAAgB,IAAI,CAAA;QAE5B,QAAQ,KAAK,CAAC,UAAU,EAAE,CAAC;YACzB,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,IAAI,CAAC,IAAA,gBAAM,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxB,MAAM,IAAI,0CAAiB,CAAC,cAAc,CAAC,CAAA;gBAC7C,CAAC;gBAED,wEAAwE;gBACxE,oEAAoE;gBACpE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC9D,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBACpC,MAAM,IAAI,0CAAiB,CAAC,eAAe,CAAC,CAAA;gBAC9C,CAAC;gBAED,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;gBAEjB,IAAI,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY,EAAE,CAAC;oBACnD,MAAM,IAAI,0CAAiB,CACzB,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBAED,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC9B,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;wBACzB,MAAM,IAAI,0CAAiB,CAAC,2BAA2B,CAAC,CAAA;oBAC1D,CAAC;oBACD,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;wBACpC,MAAM,IAAI,0CAAiB,CAAC,yBAAyB,CAAC,CAAA;oBACxD,CAAC;oBACD,QAAQ,UAAU,CAAC,qBAAqB,IAAI,OAAO,EAAE,CAAC;wBACpD,KAAK,OAAO,CAAC,CAAC,CAAC;4BACb,IAAI,UAAU,CAAC,cAAc,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;gCACtD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;4BACtD,CAAC;4BACD,MAAK;wBACP,CAAC;wBACD,KAAK,MAAM,CAAC,CAAC,CAAC;4BACZ,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,UAAU,CAAC,cAAc,EACzB,QAAQ,CACT,CAAA;4BACD,MAAM,iBAAiB,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;iCAC3C,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC;iCAC3B,MAAM,EAAE,CAAA;4BACX,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gCACpD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;4BACtD,CAAC;4BACD,MAAK;wBACP,CAAC;wBACD,OAAO,CAAC,CAAC,CAAC;4BACR,qEAAqE;4BACrE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;wBACtD,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC7C,MAAM,IAAI,8CAAmB,CAC3B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,MAAK;YACP,CAAC;YAED,OAAO,CAAC,CAAC,CAAC;gBACR,qEAAqE;gBACrE,wBAAwB;gBACxB,MAAM,IAAI,8CAAmB,CAC3B,2BAA2B,KAAK,CAAC,UAAU,GAAG,CAC/C,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;QACvC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC;YACxE,CAAC,CAAC,MAAM,IAAA,uCAAoB,GAAE;YAC9B,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QAE7C,MAAM,SAAS,GAAc;YAC3B,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,QAAQ;YACR,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,UAAU;YACV,OAAO,EAAE,IAAI;YACb,IAAI;SACL,CAAA;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,YAAY,CAAC,CAAA;QAE9D,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC7C,OAAO,EACP,OAAO,EACP,MAAM,EACN,UAAU,EACV,EAAE,GAAG,EAAE,SAAS,EAAE,CACnB,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC5C,MAAM,EACN,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,EACV,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;gBACzC,MAAM;gBACN,UAAU;gBACV,cAAc;gBACd,OAAO;gBACP,UAAU;aACX,CAAC,CAAA;YAEF,OAAO,QAAQ,CAAA;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0EAA0E;YAC1E,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YAE/B,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAES,kBAAkB,CAC1B,MAAc,EACd,WAA6B,EAC7B,YAAgC,EAChC,SAAe,EACf,UAA+C,EAC/C,GAAQ;QAER,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,UAAU,CAAC,KAAK;YAEvB,qEAAqE;YACrE,0EAA0E;YAC1E,IAAI,UAAU;gBACZ,OAAO,IAAA,+BAAqB,EAAC,SAAS,CAAC,CAAA;YACzC,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,aAAa;YACb,GAAG;SACJ,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,MAAc,EACd,UAAsB,EACtB,SAAoB;QAEpB,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,0CAAiB,CAAC,qCAAqC,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,0CAAiB,CAAC,uCAAuC,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,0CAAiB,CAAC,gCAAgC,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,eAAe,CAC1B,MAAc,EACd,UAAsB,EACtB,EAAE,IAAI,EAAa;QAEnB,2EAA2E;QAC3E,uEAAuE;QACvE,6CAA6C;QAC7C,MAAM,mBAAmB,GACvB,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,CAAA;QAE/D,MAAM,QAAQ,GAAG,mBAAmB;YAClC,CAAC,CAAC,6CAA8B;YAChC,CAAC,CAAC,+CAAgC,CAAA;QAEpC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,iBAAiB,GAAG,mBAAmB;YAC3C,CAAC,CAAC,uDAAwC;YAC1C,CAAC,CAAC,yDAA0C,CAAA;QAE9C,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,0CAAiB,CAAC,2CAA2C,CAAC,CAAA;QAC1E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAc,EACd,UAAsB,EACtB,cAA+B,EAC/B,KAAyC,EACzC,OAAsB;QAEtB,MAAM,kBAAkB,GAAG,qCAAkB,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;QAC5E,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,8CAAmB,CAAC,uBAAuB,CAAC,CAAA;QACxD,CAAC;QACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAA;QAE5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC,KAAK,CACjE,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,0CAAiB,CAAC,IAAI,CAC1B,GAAG,EACH,GAAG,YAAY,8CAAmB;gBAChC,CAAC,CAAC,GAAG,CAAC,iBAAiB;gBACvB,CAAC,CAAC,uBAAuB,CAC5B,CAAA;QACH,CAAC,CACF,CAAA;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;QACnC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAE3B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;YACxD,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;YAEzD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC5D,qEAAqE;gBACrE,MAAM,IAAI,0CAAiB,CACzB,0CAA0C,KAAK,CAAC,UAAU,cAAc,CACzE,CAAA;YACH,CAAC;YAED,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;gBACxD,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC3C,MAAM,IAAI,8DAA0B,EAAE,CAAA;gBACxC,CAAC;YACH,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAe,GAAE,CAAA;YAC3C,MAAM,gBAAgB,GAAG,MAAM,IAAA,uCAAoB,GAAE,CAAA;YAErD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;YAE7C,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAC1B,SAAS,CAAC,EAAE,EACZ,WAAW,EACX,gBAAgB,EAChB;gBACE,SAAS,EAAE,GAAG;gBACd,SAAS;gBACT,mEAAmE;gBACnE,iEAAiE;gBACjE,kEAAkE;gBAClE,+DAA+D;gBAC/D,iEAAiE;gBACjE,kEAAkE;gBAClE,sEAAsE;gBACtE,mEAAmE;gBACnE,sEAAsE;gBACtE,oEAAoE;gBACpE,qEAAqE;gBACrE,sBAAsB;gBACtB,UAAU;aACX,CACF,CAAA;YAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC7C,WAAW,EACX,OAAO,EACP,MAAM,EACN,UAAU,EACV,EAAE,GAAG,EAAE,SAAS,EAAE,CACnB,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC5C,MAAM,EACN,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,UAAU,EACV,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE;gBAC3C,MAAM;gBACN,UAAU;gBACV,cAAc;gBACd,OAAO;gBACP,UAAU;aACX,CAAC,CAAA;YAEF,OAAO,QAAQ,CAAA;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6EAA6E;YAC7E,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAEpC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,SAAS,CAAC,KAAa;QAClC,IAAI,IAAA,uBAAS,EAAC,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACjC,CAAC;aAAM,IAAI,IAAA,gBAAM,EAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAC/B,CAAC;aAAM,IAAI,IAAA,iCAAc,EAAC,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAA;QACvC,CAAC;aAAM,IAAI,IAAA,iBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,8CAAmB,CAAC,eAAe,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,KAAgB;QAC3C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE;YAC7D,cAAc,EAAE,QAAQ;SACzB,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEtD,6CAA6C;QAC7C,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC1C,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YACpC,MAAM,IAAI,KAAK,CACb,gBAAgB,SAAS,CAAC,OAAO,CAAC,GAAG,+BAA+B,OAAO,CAAC,GAAG,GAAG,CACnF,CAAA;QACH,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAAC,KAAmB;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;QAEjE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8CAAmB,CAAC,uBAAuB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,SAAS,CAAC,mBAAmB,KAAK,KAAK,EAAE,CAAC;YAC5C,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAEpC,MAAM,IAAI,8CAAmB,CAAC,wBAAwB,CAAC,CAAA;QACzD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,IAAU;QAChC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;QAExD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8CAAmB,CAAC,cAAc,CAAC,CAAA;QAC/C,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,OAAgB;QACvC,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAgB;QACjC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8CAAmB,CAAC,eAAe,CAAC,CAAA;QAChD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,KAAK,CAAC,WAAW,CACf,KAAuB,EACvB,SAAyB,EACzB,OAAgB,EAChB,OAAsB,EACtB,aAAwC;QAExC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/D,MAAM,0CAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;QAEF,IAAI,qBAAqB,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAA;QACzD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;QACnC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAE3B,wDAAwD;QACxD,MAAM,MAAM,GAAuB;YACjC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YACvB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,IAAA,qBAAW,EAAC,IAAI,CAAC,SAAS,CAAC;YAChC,GAAG,EAAE,IAAA,qBAAW,EAAC,IAAI,CAAC,SAAS,CAAC;YAChC,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;YAEnE,uEAAuE;YACvE,gCAAgC;YAChC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,SAAS,EAAE,IAAI,CAAC,QAAQ;SACzB,CAAA;QAED,OAAO,IAAA,0CAAiB,EACtB,KAAK,EACL,OAAO,EACP,SAAS,EACT,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QACvD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,aAAa;aAClE,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC,CAAA;IAC7D,CAAC;CACF;AA5gBD,oCA4gBC;AAED,SAAS,qBAAqB,CAAC,SAAoB;IACjD,OAAO,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;AACxD,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { Account } from '../account/account.js';
|
|
1
|
+
import type { Account } from '@atproto/oauth-provider-api';
|
|
3
2
|
import { Awaitable } from '../lib/util/type.js';
|
|
3
|
+
import { Sub } from '../oidc/sub.js';
|
|
4
4
|
import { Code } from '../request/code.js';
|
|
5
5
|
import { RefreshToken } from './refresh-token.js';
|
|
6
6
|
import { TokenData } from './token-data.js';
|
|
@@ -8,12 +8,11 @@ import { TokenId } from './token-id.js';
|
|
|
8
8
|
export * from './refresh-token.js';
|
|
9
9
|
export * from './token-data.js';
|
|
10
10
|
export * from './token-id.js';
|
|
11
|
-
export type { Awaitable };
|
|
11
|
+
export type { Account, Awaitable, Sub };
|
|
12
12
|
export type TokenInfo = {
|
|
13
13
|
id: TokenId;
|
|
14
14
|
data: TokenData;
|
|
15
15
|
account: Account;
|
|
16
|
-
info?: DeviceAccountInfo;
|
|
17
16
|
currentRefreshToken: null | RefreshToken;
|
|
18
17
|
};
|
|
19
18
|
export type NewTokenData = Pick<TokenData, 'clientAuth' | 'expiresAt' | 'updatedAt'>;
|
|
@@ -29,6 +28,7 @@ export interface TokenStore {
|
|
|
29
28
|
*/
|
|
30
29
|
findTokenByRefreshToken(refreshToken: RefreshToken): Awaitable<null | TokenInfo>;
|
|
31
30
|
findTokenByCode(code: Code): Awaitable<null | TokenInfo>;
|
|
31
|
+
listAccountTokens(sub: Sub): Awaitable<TokenInfo[]>;
|
|
32
32
|
}
|
|
33
33
|
export declare const isTokenStore: <V extends Partial<TokenStore>>(value: V) => value is V & import("../lib/util/type.js").RequiredDefined<TokenStore>;
|
|
34
34
|
export declare function asTokenStore<V extends Partial<TokenStore>>(implementation?: V): V & TokenStore;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../src/token/token-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../src/token/token-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EAAE,SAAS,EAAyB,MAAM,qBAAqB,CAAA;AACtE,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAGvC,cAAc,oBAAoB,CAAA;AAClC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,eAAe,CAAA;AAC7B,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,CAAA;AAEvC,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,OAAO,CAAA;IACX,IAAI,EAAE,SAAS,CAAA;IACf,OAAO,EAAE,OAAO,CAAA;IAChB,mBAAmB,EAAE,IAAI,GAAG,YAAY,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,IAAI,CAC7B,SAAS,EACT,YAAY,GAAG,WAAW,GAAG,WAAW,CACzC,CAAA;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CACT,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,SAAS,CAAC,IAAI,CAAC,CAAA;IAElB,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,CAAA;IAExD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IAE9C,WAAW,CACT,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,SAAS,CAAC,IAAI,CAAC,CAAA;IAElB;;;;OAIG;IACH,uBAAuB,CACrB,YAAY,EAAE,YAAY,GACzB,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,CAAA;IAE9B,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,CAAA;IAExD,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,CAAA;CACpD;AAED,eAAO,MAAM,YAAY,qHAQvB,CAAA;AAEF,wBAAgB,YAAY,CAAC,CAAC,SAAS,OAAO,CAAC,UAAU,CAAC,EACxD,cAAc,CAAC,EAAE,CAAC,GACjB,CAAC,GAAG,UAAU,CAKhB"}
|
|
@@ -28,6 +28,7 @@ exports.isTokenStore = (0, type_js_1.buildInterfaceChecker)([
|
|
|
28
28
|
'rotateToken',
|
|
29
29
|
'findTokenByRefreshToken',
|
|
30
30
|
'findTokenByCode',
|
|
31
|
+
'listAccountTokens',
|
|
31
32
|
]);
|
|
32
33
|
function asTokenStore(implementation) {
|
|
33
34
|
if (!implementation || !(0, exports.isTokenStore)(implementation)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../src/token/token-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../src/token/token-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoEA,oCAOC;AA1ED,iDAAsE;AAOtE,gEAAgE;AAChE,qDAAkC;AAClC,kDAA+B;AAC/B,gDAA6B;AA+ChB,QAAA,YAAY,GAAG,IAAA,+BAAqB,EAAa;IAC5D,aAAa;IACb,WAAW;IACX,aAAa;IACb,aAAa;IACb,yBAAyB;IACzB,iBAAiB;IACjB,mBAAmB;CACpB,CAAC,CAAA;AAEF,SAAgB,YAAY,CAC1B,cAAkB;IAElB,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,oBAAY,EAAC,cAAc,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;IACtD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { OAuthAccessToken, OAuthTokenType } from '@atproto/oauth-types';
|
|
2
|
-
import {
|
|
2
|
+
import { SignedTokenPayload } from '../signer/signed-token-payload.js';
|
|
3
3
|
import { TokenId } from './token-id.js';
|
|
4
4
|
export type VerifyTokenClaimsOptions = {
|
|
5
5
|
/** One of these audience must be included in the token audience(s) */
|
|
@@ -11,7 +11,7 @@ export type VerifyTokenClaimsResult = {
|
|
|
11
11
|
token: OAuthAccessToken;
|
|
12
12
|
tokenId: TokenId;
|
|
13
13
|
tokenType: OAuthTokenType;
|
|
14
|
-
claims:
|
|
14
|
+
claims: SignedTokenPayload;
|
|
15
15
|
};
|
|
16
|
-
export declare function verifyTokenClaims(token: OAuthAccessToken, tokenId: TokenId, tokenType: OAuthTokenType, dpopJkt: string | null, claims:
|
|
16
|
+
export declare function verifyTokenClaims(token: OAuthAccessToken, tokenId: TokenId, tokenType: OAuthTokenType, dpopJkt: string | null, claims: SignedTokenPayload, options?: VerifyTokenClaimsOptions): VerifyTokenClaimsResult;
|
|
17
17
|
//# sourceMappingURL=verify-token-claims.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-token-claims.d.ts","sourceRoot":"","sources":["../../src/token/verify-token-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAKvE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"verify-token-claims.d.ts","sourceRoot":"","sources":["../../src/token/verify-token-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAKvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAA;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,MAAM,MAAM,wBAAwB,GAAG;IACrC,sEAAsE;IACtE,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;IAChC,gEAAgE;IAChE,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,EAAE,gBAAgB,CAAA;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,cAAc,CAAA;IACzB,MAAM,EAAE,kBAAkB,CAAA;CAC3B,CAAA;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,cAAc,EACzB,OAAO,EAAE,MAAM,GAAG,IAAI,EACtB,MAAM,EAAE,kBAAkB,EAC1B,OAAO,CAAC,EAAE,wBAAwB,GACjC,uBAAuB,CAkCzB"}
|