@atproto/oauth-provider 0.6.6 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (465) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/dist/access-token/access-token-mode.d.ts +5 -0
  3. package/dist/access-token/access-token-mode.d.ts.map +1 -0
  4. package/dist/access-token/access-token-mode.js +9 -0
  5. package/dist/access-token/access-token-mode.js.map +1 -0
  6. package/dist/account/account-manager.d.ts +13 -7
  7. package/dist/account/account-manager.d.ts.map +1 -1
  8. package/dist/account/account-manager.js +69 -52
  9. package/dist/account/account-manager.js.map +1 -1
  10. package/dist/account/account-store.d.ts +88 -77
  11. package/dist/account/account-store.d.ts.map +1 -1
  12. package/dist/account/account-store.js +24 -73
  13. package/dist/account/account-store.js.map +1 -1
  14. package/dist/account/sign-in-data.d.ts +4 -13
  15. package/dist/account/sign-in-data.d.ts.map +1 -1
  16. package/dist/account/sign-in-data.js +9 -9
  17. package/dist/account/sign-in-data.js.map +1 -1
  18. package/dist/account/sign-up-input.d.ts +4 -5
  19. package/dist/account/sign-up-input.d.ts.map +1 -1
  20. package/dist/account/sign-up-input.js +13 -3
  21. package/dist/account/sign-up-input.js.map +1 -1
  22. package/dist/client/client-manager.d.ts +4 -1
  23. package/dist/client/client-manager.d.ts.map +1 -1
  24. package/dist/client/client-manager.js +13 -1
  25. package/dist/client/client-manager.js.map +1 -1
  26. package/dist/client/client-store.d.ts +1 -1
  27. package/dist/client/client-store.d.ts.map +1 -1
  28. package/dist/constants.d.ts +5 -1
  29. package/dist/constants.d.ts.map +1 -1
  30. package/dist/constants.js +6 -2
  31. package/dist/constants.js.map +1 -1
  32. package/dist/customization/branding.d.ts +54 -0
  33. package/dist/customization/branding.d.ts.map +1 -0
  34. package/dist/customization/branding.js +13 -0
  35. package/dist/customization/branding.js.map +1 -0
  36. package/dist/customization/build-customization-css.d.ts +3 -0
  37. package/dist/customization/build-customization-css.d.ts.map +1 -0
  38. package/dist/customization/build-customization-css.js +27 -0
  39. package/dist/customization/build-customization-css.js.map +1 -0
  40. package/dist/customization/build-customization-data.d.ts +4 -0
  41. package/dist/customization/build-customization-data.d.ts.map +1 -0
  42. package/dist/customization/build-customization-data.js +18 -0
  43. package/dist/customization/build-customization-data.js.map +1 -0
  44. package/dist/customization/colors.d.ts +7 -0
  45. package/dist/customization/colors.d.ts.map +1 -0
  46. package/dist/customization/colors.js +27 -0
  47. package/dist/customization/colors.js.map +1 -0
  48. package/dist/customization/customization.d.ts +129 -0
  49. package/dist/customization/customization.d.ts.map +1 -0
  50. package/dist/customization/customization.js +26 -0
  51. package/dist/customization/customization.js.map +1 -0
  52. package/dist/customization/links.d.ts +26 -0
  53. package/dist/customization/links.d.ts.map +1 -0
  54. package/dist/customization/links.js +12 -0
  55. package/dist/customization/links.js.map +1 -0
  56. package/dist/device/device-id.d.ts +1 -0
  57. package/dist/device/device-id.d.ts.map +1 -1
  58. package/dist/device/device-id.js +4 -0
  59. package/dist/device/device-id.js.map +1 -1
  60. package/dist/device/device-manager.d.ts +6 -36
  61. package/dist/device/device-manager.d.ts.map +1 -1
  62. package/dist/device/device-manager.js +49 -43
  63. package/dist/device/device-manager.js.map +1 -1
  64. package/dist/device/device-store.d.ts +1 -0
  65. package/dist/device/device-store.d.ts.map +1 -1
  66. package/dist/device/device-store.js.map +1 -1
  67. package/dist/dpop/dpop-manager.d.ts +3 -3
  68. package/dist/dpop/dpop-nonce.d.ts +3 -3
  69. package/dist/dpop/dpop-nonce.d.ts.map +1 -1
  70. package/dist/errors/access-denied-error.d.ts +4 -3
  71. package/dist/errors/access-denied-error.d.ts.map +1 -1
  72. package/dist/errors/access-denied-error.js +5 -6
  73. package/dist/errors/access-denied-error.js.map +1 -1
  74. package/dist/{output/build-error-payload.d.ts → errors/error-parser.d.ts} +1 -1
  75. package/dist/errors/error-parser.d.ts.map +1 -0
  76. package/dist/{output/build-error-payload.js → errors/error-parser.js} +2 -2
  77. package/dist/errors/error-parser.js.map +1 -0
  78. package/dist/errors/invalid-grant-error.d.ts +1 -0
  79. package/dist/errors/invalid-grant-error.d.ts.map +1 -1
  80. package/dist/errors/invalid-grant-error.js +5 -0
  81. package/dist/errors/invalid-grant-error.js.map +1 -1
  82. package/dist/errors/login-required-error.d.ts +1 -0
  83. package/dist/errors/login-required-error.d.ts.map +1 -1
  84. package/dist/errors/login-required-error.js +5 -0
  85. package/dist/errors/login-required-error.js.map +1 -1
  86. package/dist/index.d.ts +1 -0
  87. package/dist/index.d.ts.map +1 -1
  88. package/dist/index.js +1 -0
  89. package/dist/index.js.map +1 -1
  90. package/dist/lib/html/build-document.d.ts +2 -2
  91. package/dist/lib/html/build-document.d.ts.map +1 -1
  92. package/dist/lib/html/build-document.js +4 -0
  93. package/dist/lib/html/build-document.js.map +1 -1
  94. package/dist/lib/html/hydration-data.d.ts +4 -0
  95. package/dist/lib/html/hydration-data.d.ts.map +1 -0
  96. package/dist/{output/backend-data.js → lib/html/hydration-data.js} +8 -8
  97. package/dist/lib/html/hydration-data.js.map +1 -0
  98. package/dist/lib/html/tags.d.ts +1 -1
  99. package/dist/lib/html/tags.d.ts.map +1 -1
  100. package/dist/lib/html/tags.js +1 -1
  101. package/dist/lib/html/tags.js.map +1 -1
  102. package/dist/lib/http/accept.d.ts +2 -2
  103. package/dist/lib/http/accept.d.ts.map +1 -1
  104. package/dist/lib/http/accept.js +1 -1
  105. package/dist/lib/http/accept.js.map +1 -1
  106. package/dist/lib/http/context.d.ts +2 -4
  107. package/dist/lib/http/context.d.ts.map +1 -1
  108. package/dist/lib/http/context.js +29 -4
  109. package/dist/lib/http/context.js.map +1 -1
  110. package/dist/lib/http/headers.d.ts +3 -0
  111. package/dist/lib/http/headers.d.ts.map +1 -0
  112. package/dist/lib/http/headers.js +14 -0
  113. package/dist/lib/http/headers.js.map +1 -0
  114. package/dist/lib/http/index.d.ts +1 -0
  115. package/dist/lib/http/index.d.ts.map +1 -1
  116. package/dist/lib/http/index.js +1 -0
  117. package/dist/lib/http/index.js.map +1 -1
  118. package/dist/lib/http/middleware.d.ts +1 -1
  119. package/dist/lib/http/middleware.d.ts.map +1 -1
  120. package/dist/lib/http/middleware.js +8 -24
  121. package/dist/lib/http/middleware.js.map +1 -1
  122. package/dist/lib/http/parser.d.ts +3 -3
  123. package/dist/lib/http/parser.d.ts.map +1 -1
  124. package/dist/lib/http/request.d.ts +13 -9
  125. package/dist/lib/http/request.d.ts.map +1 -1
  126. package/dist/lib/http/request.js +27 -49
  127. package/dist/lib/http/request.js.map +1 -1
  128. package/dist/lib/http/response.d.ts +6 -2
  129. package/dist/lib/http/response.d.ts.map +1 -1
  130. package/dist/lib/http/response.js +31 -11
  131. package/dist/lib/http/response.js.map +1 -1
  132. package/dist/lib/http/route.d.ts +3 -3
  133. package/dist/lib/http/route.d.ts.map +1 -1
  134. package/dist/lib/http/route.js +1 -1
  135. package/dist/lib/http/route.js.map +1 -1
  136. package/dist/lib/http/router.d.ts +12 -11
  137. package/dist/lib/http/router.d.ts.map +1 -1
  138. package/dist/lib/http/router.js +26 -34
  139. package/dist/lib/http/router.js.map +1 -1
  140. package/dist/lib/http/security-headers.js +1 -1
  141. package/dist/lib/http/security-headers.js.map +1 -1
  142. package/dist/lib/http/stream.d.ts +3 -3
  143. package/dist/lib/http/stream.d.ts.map +1 -1
  144. package/dist/lib/http/types.d.ts +1 -1
  145. package/dist/lib/http/types.d.ts.map +1 -1
  146. package/dist/lib/send-web-page.d.ts +8 -0
  147. package/dist/lib/send-web-page.d.ts.map +1 -0
  148. package/dist/{output → lib}/send-web-page.js +9 -7
  149. package/dist/lib/send-web-page.js.map +1 -0
  150. package/dist/lib/util/authorization-header.d.ts.map +1 -1
  151. package/dist/lib/util/color.d.ts +32 -0
  152. package/dist/lib/util/color.d.ts.map +1 -0
  153. package/dist/lib/util/color.js +116 -0
  154. package/dist/lib/util/color.js.map +1 -0
  155. package/dist/lib/util/crypto.d.ts +1 -0
  156. package/dist/lib/util/crypto.d.ts.map +1 -1
  157. package/dist/lib/util/crypto.js +8 -3
  158. package/dist/lib/util/crypto.js.map +1 -1
  159. package/dist/lib/util/function.d.ts +1 -0
  160. package/dist/lib/util/function.d.ts.map +1 -1
  161. package/dist/lib/util/function.js +12 -0
  162. package/dist/lib/util/function.js.map +1 -1
  163. package/dist/lib/util/locale.d.ts +20 -0
  164. package/dist/lib/util/locale.d.ts.map +1 -0
  165. package/dist/lib/util/locale.js +14 -0
  166. package/dist/lib/util/locale.js.map +1 -0
  167. package/dist/lib/util/time.d.ts +1 -1
  168. package/dist/lib/util/time.d.ts.map +1 -1
  169. package/dist/lib/util/time.js +1 -1
  170. package/dist/lib/util/time.js.map +1 -1
  171. package/dist/lib/util/type.d.ts +22 -0
  172. package/dist/lib/util/type.d.ts.map +1 -1
  173. package/dist/lib/util/type.js.map +1 -1
  174. package/dist/lib/util/ui8.d.ts +4 -0
  175. package/dist/lib/util/ui8.d.ts.map +1 -0
  176. package/dist/lib/util/ui8.js +17 -0
  177. package/dist/lib/util/ui8.js.map +1 -0
  178. package/dist/lib/util/zod-error.d.ts +2 -0
  179. package/dist/lib/util/zod-error.d.ts.map +1 -0
  180. package/dist/lib/util/zod-error.js +16 -0
  181. package/dist/lib/util/zod-error.js.map +1 -0
  182. package/dist/oauth-errors.d.ts +22 -22
  183. package/dist/oauth-errors.d.ts.map +1 -1
  184. package/dist/oauth-errors.js +37 -45
  185. package/dist/oauth-errors.js.map +1 -1
  186. package/dist/oauth-hooks.d.ts +11 -23
  187. package/dist/oauth-hooks.d.ts.map +1 -1
  188. package/dist/oauth-hooks.js.map +1 -1
  189. package/dist/oauth-middleware.d.ts +12 -0
  190. package/dist/oauth-middleware.d.ts.map +1 -0
  191. package/dist/oauth-middleware.js +32 -0
  192. package/dist/oauth-middleware.js.map +1 -0
  193. package/dist/oauth-provider.d.ts +109 -113
  194. package/dist/oauth-provider.d.ts.map +1 -1
  195. package/dist/oauth-provider.js +124 -542
  196. package/dist/oauth-provider.js.map +1 -1
  197. package/dist/oauth-verifier.d.ts +7 -26
  198. package/dist/oauth-verifier.d.ts.map +1 -1
  199. package/dist/oauth-verifier.js +6 -16
  200. package/dist/oauth-verifier.js.map +1 -1
  201. package/dist/request/code.d.ts.map +1 -1
  202. package/dist/request/request-data.d.ts +2 -4
  203. package/dist/request/request-data.d.ts.map +1 -1
  204. package/dist/request/request-data.js.map +1 -1
  205. package/dist/request/request-manager.d.ts +4 -2
  206. package/dist/request/request-manager.d.ts.map +1 -1
  207. package/dist/request/request-manager.js +9 -8
  208. package/dist/request/request-manager.js.map +1 -1
  209. package/dist/request/request-store.d.ts +6 -0
  210. package/dist/request/request-store.d.ts.map +1 -1
  211. package/dist/request/request-store.js +3 -1
  212. package/dist/request/request-store.js.map +1 -1
  213. package/dist/result/authorization-redirect-parameters.d.ts +18 -0
  214. package/dist/result/authorization-redirect-parameters.d.ts.map +1 -0
  215. package/dist/result/authorization-redirect-parameters.js +3 -0
  216. package/dist/result/authorization-redirect-parameters.js.map +1 -0
  217. package/dist/result/authorization-result-authorize-page.d.ts +13 -0
  218. package/dist/result/authorization-result-authorize-page.d.ts.map +1 -0
  219. package/dist/result/authorization-result-authorize-page.js +3 -0
  220. package/dist/result/authorization-result-authorize-page.js.map +1 -0
  221. package/dist/result/authorization-result-redirect.d.ts +8 -0
  222. package/dist/result/authorization-result-redirect.d.ts.map +1 -0
  223. package/dist/result/authorization-result-redirect.js +3 -0
  224. package/dist/result/authorization-result-redirect.js.map +1 -0
  225. package/dist/router/assets/assets-manifest.d.ts +10 -0
  226. package/dist/router/assets/assets-manifest.d.ts.map +1 -0
  227. package/dist/router/assets/assets-manifest.js +77 -0
  228. package/dist/router/assets/assets-manifest.js.map +1 -0
  229. package/dist/router/assets/assets.d.ts +16 -0
  230. package/dist/router/assets/assets.d.ts.map +1 -0
  231. package/dist/router/assets/assets.js +43 -0
  232. package/dist/router/assets/assets.js.map +1 -0
  233. package/dist/router/assets/csrf.d.ts +4 -0
  234. package/dist/router/assets/csrf.d.ts.map +1 -0
  235. package/dist/router/assets/csrf.js +51 -0
  236. package/dist/router/assets/csrf.js.map +1 -0
  237. package/dist/router/assets/send-account-page.d.ts +7 -0
  238. package/dist/router/assets/send-account-page.d.ts.map +1 -0
  239. package/dist/router/assets/send-account-page.js +34 -0
  240. package/dist/router/assets/send-account-page.js.map +1 -0
  241. package/dist/router/assets/send-authorization-page.d.ts +5 -0
  242. package/dist/router/assets/send-authorization-page.d.ts.map +1 -0
  243. package/dist/router/assets/send-authorization-page.js +49 -0
  244. package/dist/router/assets/send-authorization-page.js.map +1 -0
  245. package/dist/router/assets/send-error-page.d.ts +4 -0
  246. package/dist/router/assets/send-error-page.d.ts.map +1 -0
  247. package/dist/router/assets/send-error-page.js +34 -0
  248. package/dist/router/assets/send-error-page.js.map +1 -0
  249. package/dist/router/create-account-page-middleware.d.ts +6 -0
  250. package/dist/router/create-account-page-middleware.d.ts.map +1 -0
  251. package/dist/router/create-account-page-middleware.js +39 -0
  252. package/dist/router/create-account-page-middleware.js.map +1 -0
  253. package/dist/router/create-api-middleware.d.ts +8 -0
  254. package/dist/router/create-api-middleware.d.ts.map +1 -0
  255. package/dist/router/create-api-middleware.js +501 -0
  256. package/dist/router/create-api-middleware.js.map +1 -0
  257. package/dist/router/create-authorization-page-middleware.d.ts +6 -0
  258. package/dist/router/create-authorization-page-middleware.d.ts.map +1 -0
  259. package/dist/router/create-authorization-page-middleware.js +104 -0
  260. package/dist/router/create-authorization-page-middleware.js.map +1 -0
  261. package/dist/router/create-oauth-middleware.d.ts +6 -0
  262. package/dist/router/create-oauth-middleware.d.ts.map +1 -0
  263. package/dist/router/create-oauth-middleware.js +142 -0
  264. package/dist/router/create-oauth-middleware.js.map +1 -0
  265. package/dist/router/error-handler.d.ts +3 -0
  266. package/dist/router/error-handler.d.ts.map +1 -0
  267. package/dist/{account/account.js → router/error-handler.js} +1 -1
  268. package/dist/router/error-handler.js.map +1 -0
  269. package/dist/router/middleware-options.d.ts +6 -0
  270. package/dist/router/middleware-options.d.ts.map +1 -0
  271. package/dist/router/middleware-options.js +3 -0
  272. package/dist/router/middleware-options.js.map +1 -0
  273. package/dist/router/send-redirect.d.ts +16 -0
  274. package/dist/router/send-redirect.d.ts.map +1 -0
  275. package/dist/{output/send-authorize-redirect.js → router/send-redirect.js} +40 -24
  276. package/dist/router/send-redirect.js.map +1 -0
  277. package/dist/{token/token-claims.d.ts → signer/api-token-payload.d.ts} +237 -232
  278. package/dist/signer/api-token-payload.d.ts.map +1 -0
  279. package/dist/signer/api-token-payload.js +17 -0
  280. package/dist/signer/api-token-payload.js.map +1 -0
  281. package/dist/signer/signed-token-payload.d.ts +164 -159
  282. package/dist/signer/signed-token-payload.d.ts.map +1 -1
  283. package/dist/signer/signed-token-payload.js +10 -16
  284. package/dist/signer/signed-token-payload.js.map +1 -1
  285. package/dist/signer/signer.d.ts +42 -11246
  286. package/dist/signer/signer.d.ts.map +1 -1
  287. package/dist/signer/signer.js +30 -15
  288. package/dist/signer/signer.js.map +1 -1
  289. package/dist/token/refresh-token.d.ts.map +1 -1
  290. package/dist/token/token-data.d.ts +1 -1
  291. package/dist/token/token-data.d.ts.map +1 -1
  292. package/dist/token/token-id.d.ts.map +1 -1
  293. package/dist/token/token-manager.d.ts +28 -26
  294. package/dist/token/token-manager.d.ts.map +1 -1
  295. package/dist/token/token-manager.js +138 -196
  296. package/dist/token/token-manager.js.map +1 -1
  297. package/dist/token/token-store.d.ts +4 -4
  298. package/dist/token/token-store.d.ts.map +1 -1
  299. package/dist/token/token-store.js +1 -0
  300. package/dist/token/token-store.js.map +1 -1
  301. package/dist/token/verify-token-claims.d.ts +3 -3
  302. package/dist/token/verify-token-claims.d.ts.map +1 -1
  303. package/dist/token/verify-token-claims.js +1 -1
  304. package/dist/token/verify-token-claims.js.map +1 -1
  305. package/dist/types/email-otp.d.ts +3 -0
  306. package/dist/types/email-otp.d.ts.map +1 -0
  307. package/dist/types/email-otp.js +6 -0
  308. package/dist/types/email-otp.js.map +1 -0
  309. package/dist/types/email.d.ts +3 -0
  310. package/dist/types/email.d.ts.map +1 -0
  311. package/dist/types/email.js +29 -0
  312. package/dist/types/email.js.map +1 -0
  313. package/dist/types/handle.d.ts +3 -0
  314. package/dist/types/handle.d.ts.map +1 -0
  315. package/dist/types/handle.js +22 -0
  316. package/dist/types/handle.js.map +1 -0
  317. package/dist/types/invite-code.d.ts +4 -0
  318. package/dist/types/invite-code.d.ts.map +1 -0
  319. package/dist/types/invite-code.js +6 -0
  320. package/dist/types/invite-code.js.map +1 -0
  321. package/dist/types/password.d.ts +4 -0
  322. package/dist/types/password.d.ts.map +1 -0
  323. package/dist/types/password.js +7 -0
  324. package/dist/types/password.js.map +1 -0
  325. package/package.json +10 -7
  326. package/src/access-token/access-token-mode.ts +4 -0
  327. package/src/account/account-manager.ts +105 -75
  328. package/src/account/account-store.ts +118 -114
  329. package/src/account/sign-in-data.ts +10 -10
  330. package/src/account/sign-up-input.ts +13 -4
  331. package/src/client/client-manager.ts +34 -2
  332. package/src/client/client-store.ts +1 -1
  333. package/src/constants.ts +6 -1
  334. package/src/customization/branding.ts +12 -0
  335. package/src/customization/build-customization-css.ts +30 -0
  336. package/src/customization/build-customization-data.ts +22 -0
  337. package/src/customization/colors.ts +30 -0
  338. package/src/customization/customization.ts +25 -0
  339. package/src/customization/links.ts +10 -0
  340. package/src/device/device-id.ts +5 -0
  341. package/src/device/device-manager.ts +76 -66
  342. package/src/device/device-store.ts +2 -0
  343. package/src/errors/access-denied-error.ts +24 -17
  344. package/src/{output/build-error-payload.ts → errors/error-parser.ts} +1 -1
  345. package/src/errors/invalid-grant-error.ts +5 -0
  346. package/src/errors/login-required-error.ts +10 -0
  347. package/src/index.ts +1 -0
  348. package/src/lib/html/build-document.ts +6 -4
  349. package/src/{output/backend-data.ts → lib/html/hydration-data.ts} +7 -5
  350. package/src/lib/html/tags.ts +2 -2
  351. package/src/lib/http/accept.ts +3 -3
  352. package/src/lib/http/context.ts +41 -10
  353. package/src/lib/http/headers.ts +15 -0
  354. package/src/lib/http/index.ts +1 -0
  355. package/src/lib/http/middleware.ts +8 -23
  356. package/src/lib/http/request.ts +40 -75
  357. package/src/lib/http/response.ts +39 -15
  358. package/src/lib/http/route.ts +8 -5
  359. package/src/lib/http/router.ts +40 -46
  360. package/src/lib/http/security-headers.ts +1 -1
  361. package/src/lib/http/types.ts +1 -6
  362. package/src/{output → lib}/send-web-page.ts +10 -9
  363. package/src/lib/util/color.ts +132 -0
  364. package/src/lib/util/crypto.ts +9 -4
  365. package/src/lib/util/function.ts +14 -0
  366. package/src/lib/util/locale.ts +18 -0
  367. package/src/lib/util/time.ts +3 -4
  368. package/src/lib/util/type.ts +24 -0
  369. package/src/lib/util/ui8.ts +14 -0
  370. package/src/lib/util/zod-error.ts +14 -0
  371. package/src/oauth-errors.ts +22 -22
  372. package/src/oauth-hooks.ts +11 -24
  373. package/src/oauth-middleware.ts +53 -0
  374. package/src/oauth-provider.ts +290 -1061
  375. package/src/oauth-verifier.ts +9 -55
  376. package/src/request/request-data.ts +5 -4
  377. package/src/request/request-manager.ts +11 -11
  378. package/src/request/request-store.ts +7 -0
  379. package/src/result/authorization-redirect-parameters.ts +24 -0
  380. package/src/result/authorization-result-authorize-page.ts +14 -0
  381. package/src/result/authorization-result-redirect.ts +8 -0
  382. package/src/router/assets/assets-manifest.ts +108 -0
  383. package/src/router/assets/assets.ts +54 -0
  384. package/src/router/assets/csrf.ts +63 -0
  385. package/src/router/assets/send-account-page.ts +43 -0
  386. package/src/router/assets/send-authorization-page.ts +62 -0
  387. package/src/router/assets/send-error-page.ts +42 -0
  388. package/src/router/create-account-page-middleware.ts +69 -0
  389. package/src/router/create-api-middleware.ts +814 -0
  390. package/src/router/create-authorization-page-middleware.ts +173 -0
  391. package/src/router/create-oauth-middleware.ts +247 -0
  392. package/src/router/error-handler.ts +6 -0
  393. package/src/router/middleware-options.ts +9 -0
  394. package/src/router/send-redirect.ts +142 -0
  395. package/src/signer/api-token-payload.ts +18 -0
  396. package/src/signer/signed-token-payload.ts +18 -28
  397. package/src/signer/signer.ts +49 -34
  398. package/src/token/token-data.ts +1 -1
  399. package/src/token/token-manager.ts +190 -239
  400. package/src/token/token-store.ts +6 -4
  401. package/src/token/verify-token-claims.ts +4 -4
  402. package/src/types/email-otp.ts +3 -0
  403. package/src/types/email.ts +26 -0
  404. package/src/types/handle.ts +18 -0
  405. package/src/types/invite-code.ts +4 -0
  406. package/src/types/password.ts +4 -0
  407. package/tsconfig.build.tsbuildinfo +1 -0
  408. package/tsconfig.json +1 -1
  409. package/dist/access-token/access-token-type.d.ts +0 -6
  410. package/dist/access-token/access-token-type.d.ts.map +0 -1
  411. package/dist/access-token/access-token-type.js +0 -10
  412. package/dist/access-token/access-token-type.js.map +0 -1
  413. package/dist/account/account.d.ts +0 -2
  414. package/dist/account/account.d.ts.map +0 -1
  415. package/dist/account/account.js.map +0 -1
  416. package/dist/assets/assets-middleware.d.ts +0 -5
  417. package/dist/assets/assets-middleware.d.ts.map +0 -1
  418. package/dist/assets/assets-middleware.js +0 -41
  419. package/dist/assets/assets-middleware.js.map +0 -1
  420. package/dist/lib/locale.d.ts +0 -15
  421. package/dist/lib/locale.d.ts.map +0 -1
  422. package/dist/lib/locale.js +0 -17
  423. package/dist/lib/locale.js.map +0 -1
  424. package/dist/output/backend-data.d.ts +0 -4
  425. package/dist/output/backend-data.d.ts.map +0 -1
  426. package/dist/output/backend-data.js.map +0 -1
  427. package/dist/output/build-authorize-data.d.ts +0 -29
  428. package/dist/output/build-authorize-data.d.ts.map +0 -1
  429. package/dist/output/build-authorize-data.js +0 -21
  430. package/dist/output/build-authorize-data.js.map +0 -1
  431. package/dist/output/build-customization-data.d.ts +0 -234
  432. package/dist/output/build-customization-data.d.ts.map +0 -1
  433. package/dist/output/build-customization-data.js +0 -174
  434. package/dist/output/build-customization-data.js.map +0 -1
  435. package/dist/output/build-error-data.d.ts +0 -3
  436. package/dist/output/build-error-data.d.ts.map +0 -1
  437. package/dist/output/build-error-data.js +0 -10
  438. package/dist/output/build-error-data.js.map +0 -1
  439. package/dist/output/build-error-payload.d.ts.map +0 -1
  440. package/dist/output/build-error-payload.js.map +0 -1
  441. package/dist/output/output-manager.d.ts +0 -28
  442. package/dist/output/output-manager.d.ts.map +0 -1
  443. package/dist/output/output-manager.js +0 -134
  444. package/dist/output/output-manager.js.map +0 -1
  445. package/dist/output/send-authorize-redirect.d.ts +0 -25
  446. package/dist/output/send-authorize-redirect.d.ts.map +0 -1
  447. package/dist/output/send-authorize-redirect.js.map +0 -1
  448. package/dist/output/send-web-page.d.ts +0 -8
  449. package/dist/output/send-web-page.d.ts.map +0 -1
  450. package/dist/output/send-web-page.js.map +0 -1
  451. package/dist/token/token-claims.d.ts.map +0 -1
  452. package/dist/token/token-claims.js +0 -27
  453. package/dist/token/token-claims.js.map +0 -1
  454. package/src/access-token/access-token-type.ts +0 -5
  455. package/src/account/account.ts +0 -1
  456. package/src/assets/assets-middleware.ts +0 -44
  457. package/src/lib/locale.ts +0 -21
  458. package/src/output/build-authorize-data.ts +0 -53
  459. package/src/output/build-customization-data.ts +0 -217
  460. package/src/output/build-error-data.ts +0 -8
  461. package/src/output/output-manager.ts +0 -188
  462. package/src/output/send-authorize-redirect.ts +0 -137
  463. package/src/token/token-claims.ts +0 -30
  464. package/tsconfig.backend.tsbuildinfo +0 -1
  465. /package/{tsconfig.backend.json → tsconfig.build.json} +0 -0
package/dist/oauth-errors.js CHANGED
@@ -1,51 +1,43 @@
1
1
  "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
2
16
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.WWWAuthenticateError = exports.UseDpopNonceError = exports.UnauthorizedClientError = exports.SecondAuthenticationFactorRequiredError = exports.LoginRequiredError = exports.InvalidTokenError = exports.InvalidScopeError = exports.InvalidRequestError = exports.InvalidRedirectUriError = exports.InvalidParametersError = exports.InvalidInviteCodeError = exports.InvalidGrantError = exports.InvalidDpopProofError = exports.InvalidDpopKeyBindingError = exports.InvalidClientMetadataError = exports.InvalidClientIdError = exports.InvalidClientError = exports.InvalidAuthorizationDetailsError = exports.HandleUnavailableError = exports.ConsentRequiredError = exports.AccountSelectionRequiredError = exports.AccessDeniedError = exports.OAuthError = void 0;
17
+ exports.OAuthError = void 0;
4
18
  // Root Error class
5
19
  var oauth_error_js_1 = require("./errors/oauth-error.js");
6
20
  Object.defineProperty(exports, "OAuthError", { enumerable: true, get: function () { return oauth_error_js_1.OAuthError; } });
7
- var access_denied_error_js_1 = require("./errors/access-denied-error.js");
8
- Object.defineProperty(exports, "AccessDeniedError", { enumerable: true, get: function () { return access_denied_error_js_1.AccessDeniedError; } });
9
- var account_selection_required_error_js_1 = require("./errors/account-selection-required-error.js");
10
- Object.defineProperty(exports, "AccountSelectionRequiredError", { enumerable: true, get: function () { return account_selection_required_error_js_1.AccountSelectionRequiredError; } });
11
- var consent_required_error_js_1 = require("./errors/consent-required-error.js");
12
- Object.defineProperty(exports, "ConsentRequiredError", { enumerable: true, get: function () { return consent_required_error_js_1.ConsentRequiredError; } });
13
- var handle_unavailable_error_js_1 = require("./errors/handle-unavailable-error.js");
14
- Object.defineProperty(exports, "HandleUnavailableError", { enumerable: true, get: function () { return handle_unavailable_error_js_1.HandleUnavailableError; } });
15
- var invalid_authorization_details_error_js_1 = require("./errors/invalid-authorization-details-error.js");
16
- Object.defineProperty(exports, "InvalidAuthorizationDetailsError", { enumerable: true, get: function () { return invalid_authorization_details_error_js_1.InvalidAuthorizationDetailsError; } });
17
- var invalid_client_error_js_1 = require("./errors/invalid-client-error.js");
18
- Object.defineProperty(exports, "InvalidClientError", { enumerable: true, get: function () { return invalid_client_error_js_1.InvalidClientError; } });
19
- var invalid_client_id_error_js_1 = require("./errors/invalid-client-id-error.js");
20
- Object.defineProperty(exports, "InvalidClientIdError", { enumerable: true, get: function () { return invalid_client_id_error_js_1.InvalidClientIdError; } });
21
- var invalid_client_metadata_error_js_1 = require("./errors/invalid-client-metadata-error.js");
22
- Object.defineProperty(exports, "InvalidClientMetadataError", { enumerable: true, get: function () { return invalid_client_metadata_error_js_1.InvalidClientMetadataError; } });
23
- var invalid_dpop_key_binding_error_js_1 = require("./errors/invalid-dpop-key-binding-error.js");
24
- Object.defineProperty(exports, "InvalidDpopKeyBindingError", { enumerable: true, get: function () { return invalid_dpop_key_binding_error_js_1.InvalidDpopKeyBindingError; } });
25
- var invalid_dpop_proof_error_js_1 = require("./errors/invalid-dpop-proof-error.js");
26
- Object.defineProperty(exports, "InvalidDpopProofError", { enumerable: true, get: function () { return invalid_dpop_proof_error_js_1.InvalidDpopProofError; } });
27
- var invalid_grant_error_js_1 = require("./errors/invalid-grant-error.js");
28
- Object.defineProperty(exports, "InvalidGrantError", { enumerable: true, get: function () { return invalid_grant_error_js_1.InvalidGrantError; } });
29
- var invalid_invite_code_error_js_1 = require("./errors/invalid-invite-code-error.js");
30
- Object.defineProperty(exports, "InvalidInviteCodeError", { enumerable: true, get: function () { return invalid_invite_code_error_js_1.InvalidInviteCodeError; } });
31
- var invalid_parameters_error_js_1 = require("./errors/invalid-parameters-error.js");
32
- Object.defineProperty(exports, "InvalidParametersError", { enumerable: true, get: function () { return invalid_parameters_error_js_1.InvalidParametersError; } });
33
- var invalid_redirect_uri_error_js_1 = require("./errors/invalid-redirect-uri-error.js");
34
- Object.defineProperty(exports, "InvalidRedirectUriError", { enumerable: true, get: function () { return invalid_redirect_uri_error_js_1.InvalidRedirectUriError; } });
35
- var invalid_request_error_js_1 = require("./errors/invalid-request-error.js");
36
- Object.defineProperty(exports, "InvalidRequestError", { enumerable: true, get: function () { return invalid_request_error_js_1.InvalidRequestError; } });
37
- var invalid_scope_error_js_1 = require("./errors/invalid-scope-error.js");
38
- Object.defineProperty(exports, "InvalidScopeError", { enumerable: true, get: function () { return invalid_scope_error_js_1.InvalidScopeError; } });
39
- var invalid_token_error_js_1 = require("./errors/invalid-token-error.js");
40
- Object.defineProperty(exports, "InvalidTokenError", { enumerable: true, get: function () { return invalid_token_error_js_1.InvalidTokenError; } });
41
- var login_required_error_js_1 = require("./errors/login-required-error.js");
42
- Object.defineProperty(exports, "LoginRequiredError", { enumerable: true, get: function () { return login_required_error_js_1.LoginRequiredError; } });
43
- var second_authentication_factor_required_error_js_1 = require("./errors/second-authentication-factor-required-error.js");
44
- Object.defineProperty(exports, "SecondAuthenticationFactorRequiredError", { enumerable: true, get: function () { return second_authentication_factor_required_error_js_1.SecondAuthenticationFactorRequiredError; } });
45
- var unauthorized_client_error_js_1 = require("./errors/unauthorized-client-error.js");
46
- Object.defineProperty(exports, "UnauthorizedClientError", { enumerable: true, get: function () { return unauthorized_client_error_js_1.UnauthorizedClientError; } });
47
- var use_dpop_nonce_error_js_1 = require("./errors/use-dpop-nonce-error.js");
48
- Object.defineProperty(exports, "UseDpopNonceError", { enumerable: true, get: function () { return use_dpop_nonce_error_js_1.UseDpopNonceError; } });
49
- var www_authenticate_error_js_1 = require("./errors/www-authenticate-error.js");
50
- Object.defineProperty(exports, "WWWAuthenticateError", { enumerable: true, get: function () { return www_authenticate_error_js_1.WWWAuthenticateError; } });
21
+ __exportStar(require("./errors/access-denied-error.js"), exports);
22
+ __exportStar(require("./errors/account-selection-required-error.js"), exports);
23
+ __exportStar(require("./errors/consent-required-error.js"), exports);
24
+ __exportStar(require("./errors/handle-unavailable-error.js"), exports);
25
+ __exportStar(require("./errors/invalid-authorization-details-error.js"), exports);
26
+ __exportStar(require("./errors/invalid-client-error.js"), exports);
27
+ __exportStar(require("./errors/invalid-client-id-error.js"), exports);
28
+ __exportStar(require("./errors/invalid-client-metadata-error.js"), exports);
29
+ __exportStar(require("./errors/invalid-dpop-key-binding-error.js"), exports);
30
+ __exportStar(require("./errors/invalid-dpop-proof-error.js"), exports);
31
+ __exportStar(require("./errors/invalid-grant-error.js"), exports);
32
+ __exportStar(require("./errors/invalid-invite-code-error.js"), exports);
33
+ __exportStar(require("./errors/invalid-parameters-error.js"), exports);
34
+ __exportStar(require("./errors/invalid-redirect-uri-error.js"), exports);
35
+ __exportStar(require("./errors/invalid-request-error.js"), exports);
36
+ __exportStar(require("./errors/invalid-scope-error.js"), exports);
37
+ __exportStar(require("./errors/invalid-token-error.js"), exports);
38
+ __exportStar(require("./errors/login-required-error.js"), exports);
39
+ __exportStar(require("./errors/second-authentication-factor-required-error.js"), exports);
40
+ __exportStar(require("./errors/unauthorized-client-error.js"), exports);
41
+ __exportStar(require("./errors/use-dpop-nonce-error.js"), exports);
42
+ __exportStar(require("./errors/www-authenticate-error.js"), exports);
51
43
  //# sourceMappingURL=oauth-errors.js.map
package/dist/oauth-errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":";;;AAAA,mBAAmB;AACnB,0DAAoD;AAA3C,4GAAA,UAAU,OAAA;AAEnB,0EAAmE;AAA1D,2HAAA,iBAAiB,OAAA;AAC1B,oGAA4F;AAAnF,oJAAA,6BAA6B,OAAA;AACtC,gFAAyE;AAAhE,iIAAA,oBAAoB,OAAA;AAC7B,oFAA6E;AAApE,qIAAA,sBAAsB,OAAA;AAC/B,0GAAkG;AAAzF,0JAAA,gCAAgC,OAAA;AACzC,4EAAqE;AAA5D,6HAAA,kBAAkB,OAAA;AAC3B,kFAA0E;AAAjE,kIAAA,oBAAoB,OAAA;AAC7B,8FAAsF;AAA7E,8IAAA,0BAA0B,OAAA;AACnC,gGAAuF;AAA9E,+IAAA,0BAA0B,OAAA;AACnC,oFAA4E;AAAnE,oIAAA,qBAAqB,OAAA;AAC9B,0EAAmE;AAA1D,2HAAA,iBAAiB,OAAA;AAC1B,sFAA8E;AAArE,sIAAA,sBAAsB,OAAA;AAC/B,oFAA6E;AAApE,qIAAA,sBAAsB,OAAA;AAC/B,wFAAgF;AAAvE,wIAAA,uBAAuB,OAAA;AAChC,8EAAuE;AAA9D,+HAAA,mBAAmB,OAAA;AAC5B,0EAAmE;AAA1D,2HAAA,iBAAiB,OAAA;AAC1B,0EAAmE;AAA1D,2HAAA,iBAAiB,OAAA;AAC1B,4EAAqE;AAA5D,6HAAA,kBAAkB,OAAA;AAC3B,0HAAiH;AAAxG,yKAAA,uCAAuC,OAAA;AAChD,sFAA+E;AAAtE,uIAAA,uBAAuB,OAAA;AAChC,4EAAoE;AAA3D,4HAAA,iBAAiB,OAAA;AAC1B,gFAAyE;AAAhE,iIAAA,oBAAoB,OAAA"}
1
+ {"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mBAAmB;AACnB,0DAAoD;AAA3C,4GAAA,UAAU,OAAA;AAEnB,kEAA+C;AAC/C,+EAA4D;AAC5D,qEAAkD;AAClD,uEAAoD;AACpD,kFAA+D;AAC/D,mEAAgD;AAChD,sEAAmD;AACnD,4EAAyD;AACzD,6EAA0D;AAC1D,uEAAoD;AACpD,kEAA+C;AAC/C,wEAAqD;AACrD,uEAAoD;AACpD,yEAAsD;AACtD,oEAAiD;AACjD,kEAA+C;AAC/C,kEAA+C;AAC/C,mEAAgD;AAChD,0FAAuE;AACvE,wEAAqD;AACrD,mEAAgD;AAChD,qEAAkD"}
package/dist/oauth-hooks.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Jwks } from '@atproto/jwk';
2
+ import type { Account } from '@atproto/oauth-provider-api';
2
3
  import { OAuthAuthorizationDetails, OAuthAuthorizationRequestParameters, OAuthClientMetadata, OAuthTokenResponse } from '@atproto/oauth-types';
3
- import { Account } from './account/account.js';
4
4
  import { SignInData } from './account/sign-in-data.js';
5
5
  import { SignUpInput } from './account/sign-up-input.js';
6
6
  import { ClientAuth } from './client/client-auth.js';
@@ -12,8 +12,9 @@ import { HcaptchaClientTokens, HcaptchaConfig, HcaptchaVerifyResult } from './li
12
12
  import { RequestMetadata } from './lib/http/request.js';
13
13
  import { Awaitable } from './lib/util/type.js';
14
14
  import { AccessDeniedError, OAuthError } from './oauth-errors.js';
15
- import { DeviceAccountInfo, DeviceId, SignUpData } from './oauth-store.js';
16
- export { AccessDeniedError, type Account, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceAccountInfo, type DeviceId, type HcaptchaClientTokens, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidRequestError, type Jwks, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type RequestMetadata, type SignInData, type SignUpData, type SignUpInput, };
15
+ import { DeviceId, SignUpData } from './oauth-store.js';
16
+ import { RequestId } from './request/request-id.js';
17
+ export { AccessDeniedError, type Account, type Awaitable, Client, type ClientAuth, type ClientId, type ClientInfo, type DeviceId, type HcaptchaClientTokens, type HcaptchaConfig, type HcaptchaVerifyResult, InvalidRequestError, type Jwks, type OAuthAuthorizationDetails, type OAuthAuthorizationRequestParameters, type OAuthClientMetadata, OAuthError, type OAuthTokenResponse, type RequestMetadata, type SignInData, type SignUpData, type SignUpInput, };
17
18
  export type OAuthHooks = {
18
19
  /**
19
20
  * Use this to alter, override or validate the client metadata & jwks returned
@@ -26,24 +27,11 @@ export type OAuthHooks = {
26
27
  metadata: OAuthClientMetadata;
27
28
  jwks?: Jwks;
28
29
  }) => Awaitable<undefined | Partial<ClientInfo>>;
29
- /**
30
- * Allows enriching the authorization details with additional information
31
- * when the tokens are issued.
32
- *
33
- * @see {@link https://datatracker.ietf.org/doc/html/rfc9396 | RFC 9396}
34
- */
35
- getAuthorizationDetails?: (data: {
36
- client: Client;
37
- clientAuth: ClientAuth;
38
- clientMetadata: RequestMetadata;
39
- parameters: OAuthAuthorizationRequestParameters;
40
- account: Account;
41
- }) => Awaitable<undefined | OAuthAuthorizationDetails>;
42
30
  /**
43
31
  * This hook is called when a user attempts to sign up, after every validation
44
32
  * has passed (including hcaptcha).
45
33
  */
46
- onSignupAttempt?: (data: {
34
+ onSignUpAttempt?: (data: {
47
35
  input: SignUpInput;
48
36
  deviceId: DeviceId;
49
37
  deviceMetadata: RequestMetadata;
@@ -66,11 +54,15 @@ export type OAuthHooks = {
66
54
  */
67
55
  onSignedUp?: (data: {
68
56
  data: SignUpData;
69
- info: DeviceAccountInfo;
70
57
  account: Account;
71
58
  deviceId: DeviceId;
72
59
  deviceMetadata: RequestMetadata;
73
60
  }) => Awaitable<void>;
61
+ onSignInAttempt?: (data: {
62
+ data: SignInData;
63
+ deviceId: DeviceId;
64
+ deviceMetadata: RequestMetadata;
65
+ }) => Awaitable<void>;
74
66
  /**
75
67
  * This hook is called when a user successfully signs in.
76
68
  *
@@ -78,7 +70,6 @@ export type OAuthHooks = {
78
70
  */
79
71
  onSignedIn?: (data: {
80
72
  data: SignInData;
81
- info: DeviceAccountInfo;
82
73
  account: Account;
83
74
  deviceId: DeviceId;
84
75
  deviceMetadata: RequestMetadata;
@@ -100,6 +91,7 @@ export type OAuthHooks = {
100
91
  parameters: OAuthAuthorizationRequestParameters;
101
92
  deviceId: DeviceId;
102
93
  deviceMetadata: RequestMetadata;
94
+ requestId: RequestId;
103
95
  }) => Awaitable<void>;
104
96
  /**
105
97
  * This hook is called when an authorized client exchanges an authorization
@@ -113,8 +105,6 @@ export type OAuthHooks = {
113
105
  clientMetadata: RequestMetadata;
114
106
  account: Account;
115
107
  parameters: OAuthAuthorizationRequestParameters;
116
- /** null when "password grant" used (in which case {@link onAuthorized} won't have been called) */
117
- deviceId: null | DeviceId;
118
108
  }) => Awaitable<void>;
119
109
  /**
120
110
  * This hook is called when an authorized client refreshes an access token.
@@ -127,8 +117,6 @@ export type OAuthHooks = {
127
117
  clientMetadata: RequestMetadata;
128
118
  account: Account;
129
119
  parameters: OAuthAuthorizationRequestParameters;
130
- /** null when "password grant" used (in which case {@link onAuthorized} won't have been called) */
131
- deviceId: null | DeviceId;
132
120
  }) => Awaitable<void>;
133
121
  };
134
122
  //# sourceMappingURL=oauth-hooks.d.ts.map
package/dist/oauth-hooks.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACjE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAG1E,OAAO,EACL,iBAAiB,EACjB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,KAAK,QAAQ,EACb,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,UAAU,EAAE,mCAAmC,CAAA;QAC/C,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,SAAS,GAAG,yBAAyB,CAAC,CAAA;IAEtD;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,IAAI,EAAE,iBAAiB,CAAA;QACvB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,IAAI,EAAE,iBAAiB,CAAA;QACvB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,kGAAkG;QAClG,QAAQ,EAAE,IAAI,GAAG,QAAQ,CAAA;KAC1B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,kGAAkG;QAClG,QAAQ,EAAE,IAAI,GAAG,QAAQ,CAAA;KAC1B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
1
+ {"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAC9C,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACjE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAGnD,OAAO,EACL,iBAAiB,EACjB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,UAAU,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
package/dist/oauth-hooks.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAaA,kDAA2C;AAiBzC,uFAjBO,kBAAM,OAiBP;AAhBR,gFAAuE;AAyBrE,oGAzBO,8CAAmB,OAyBP;AAjBrB,uDAAiE;AAK/D,kGALO,mCAAiB,OAKP;AAiBjB,2FAtB0B,4BAAU,OAsB1B"}
1
+ {"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAaA,kDAA2C;AAkBzC,uFAlBO,kBAAM,OAkBP;AAjBR,gFAAuE;AAyBrE,oGAzBO,8CAAmB,OAyBP;AAjBrB,uDAAiE;AAM/D,kGANO,mCAAiB,OAMP;AAgBjB,2FAtB0B,4BAAU,OAsB1B"}
package/dist/oauth-middleware.d.ts ADDED
@@ -0,0 +1,12 @@
1
+ import type { IncomingMessage, ServerResponse } from 'node:http';
2
+ import { Handler } from './lib/http/types.js';
3
+ import { OAuthProvider } from './oauth-provider.js';
4
+ import { ErrorHandler } from './router/error-handler.js';
5
+ import { MiddlewareOptions } from './router/middleware-options.js';
6
+ export type { ErrorHandler, Handler, IncomingMessage, MiddlewareOptions, ServerResponse, };
7
+ /**
8
+ * @returns An http request handler that can be used with node's http server
9
+ * or as a middleware with express / connect.
10
+ */
11
+ export declare function oauthMiddleware<Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse>(server: OAuthProvider, { ...options }?: MiddlewareOptions<Req, Res>): Handler<void, Req, Res>;
12
+ //# sourceMappingURL=oauth-middleware.d.ts.map
package/dist/oauth-middleware.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-middleware.d.ts","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAMnD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAGlE,YAAY,EACV,YAAY,EACZ,OAAO,EACP,eAAe,EACf,iBAAiB,EACjB,cAAc,GACf,CAAA;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,GAAG,OAAO,EAAE,GAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAM,GAC/C,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAqBzB"}
package/dist/oauth-middleware.js ADDED
@@ -0,0 +1,32 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.oauthMiddleware = oauthMiddleware;
4
+ const middleware_js_1 = require("./lib/http/middleware.js");
5
+ const assets_js_1 = require("./router/assets/assets.js");
6
+ const create_account_page_middleware_js_1 = require("./router/create-account-page-middleware.js");
7
+ const create_api_middleware_js_1 = require("./router/create-api-middleware.js");
8
+ const create_authorization_page_middleware_js_1 = require("./router/create-authorization-page-middleware.js");
9
+ const create_oauth_middleware_js_1 = require("./router/create-oauth-middleware.js");
10
+ /**
11
+ * @returns An http request handler that can be used with node's http server
12
+ * or as a middleware with express / connect.
13
+ */
14
+ function oauthMiddleware(server, { ...options } = {}) {
15
+ const { onError } = options;
16
+ // options is shallow cloned so it's fine to mutate it
17
+ options.onError =
18
+ process.env['NODE_ENV'] === 'development'
19
+ ? (req, res, err, msg) => {
20
+ console.error(`OAuthProvider error (${msg}):`, err);
21
+ return onError?.(req, res, err, msg);
22
+ }
23
+ : onError;
24
+ return (0, middleware_js_1.asHandler)((0, middleware_js_1.combineMiddlewares)([
25
+ assets_js_1.assetsMiddleware,
26
+ (0, create_oauth_middleware_js_1.createOAuthMiddleware)(server, options),
27
+ (0, create_api_middleware_js_1.createApiMiddleware)(server, options),
28
+ (0, create_authorization_page_middleware_js_1.createAuthorizationPageMiddleware)(server, options),
29
+ (0, create_account_page_middleware_js_1.createAccountPageMiddleware)(server, options),
30
+ ]));
31
+ }
32
+ //# sourceMappingURL=oauth-middleware.js.map
package/dist/oauth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":";;AAyBA,0CA2BC;AAnDD,4DAAwE;AAGxE,yDAA4D;AAC5D,kGAAwF;AACxF,gFAAuE;AACvE,8GAAoG;AACpG,oFAA2E;AAa3E;;;GAGG;AACH,SAAgB,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,OAAO,IAAA,yBAAS,EACd,IAAA,kCAAkB,EAAC;QACjB,4BAAgB;QAChB,IAAA,kDAAqB,EAAC,MAAM,EAAE,OAAO,CAAC;QACtC,IAAA,8CAAmB,EAAC,MAAM,EAAE,OAAO,CAAC;QACpC,IAAA,2EAAiC,EAAC,MAAM,EAAE,OAAO,CAAC;QAClD,IAAA,+DAA2B,EAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CACH,CAAA;AACH,CAAC"}
package/dist/oauth-provider.d.ts CHANGED
@@ -1,56 +1,68 @@
1
- import type { IncomingMessage, ServerResponse } from 'node:http';
2
1
  import type { Redis, RedisOptions } from 'ioredis';
3
2
  import { Jwks, Keyset } from '@atproto/jwk';
4
- import { OAuthAccessToken, OAuthAuthorizationCodeGrantTokenRequest, OAuthAuthorizationRequestJar, OAuthAuthorizationRequestPar, OAuthAuthorizationRequestParameters, OAuthAuthorizationRequestQuery, OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthClientCredentialsNone, OAuthClientMetadata, OAuthIntrospectionResponse, OAuthParResponse, OAuthRefreshTokenGrantTokenRequest, OAuthTokenIdentification, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
3
+ import type { Account } from '@atproto/oauth-provider-api';
4
+ import { OAuthAccessToken, OAuthAuthorizationCodeGrantTokenRequest, OAuthAuthorizationRequestJar, OAuthAuthorizationRequestPar, OAuthAuthorizationRequestParameters, OAuthAuthorizationRequestQuery, OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthClientCredentialsNone, OAuthClientMetadata, OAuthParResponse, OAuthRefreshTokenGrantTokenRequest, OAuthTokenIdentification, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
5
5
  import { SimpleStore } from '@atproto-labs/simple-store';
6
+ import { AccessTokenMode } from './access-token/access-token-mode.js';
6
7
  import { AccountManager } from './account/account-manager.js';
7
- import { AccountStore, DeviceAccountInfo } from './account/account-store.js';
8
- import { Account } from './account/account.js';
8
+ import { AccountStore, AuthorizedClientData, DeviceAccount } from './account/account-store.js';
9
9
  import { ClientAuth } from './client/client-auth.js';
10
+ import { ClientId } from './client/client-id.js';
10
11
  import { ClientManager, LoopbackMetadataGetter } from './client/client-manager.js';
11
12
  import { ClientStore } from './client/client-store.js';
12
13
  import { Client } from './client/client.js';
14
+ import { Branding, BrandingInput } from './customization/branding.js';
15
+ import { Customization, CustomizationInput } from './customization/customization.js';
13
16
  import { DeviceId } from './device/device-id.js';
14
17
  import { DeviceManager, DeviceManagerOptions } from './device/device-manager.js';
15
18
  import { DeviceStore } from './device/device-store.js';
16
19
  import { HcaptchaConfig } from './lib/hcaptcha.js';
17
- import { Handler, Router } from './lib/http/index.js';
18
20
  import { RequestMetadata } from './lib/http/request.js';
19
- import { Override } from './lib/util/type.js';
21
+ import { LocalizedString, MultiLangString } from './lib/util/locale.js';
20
22
  import { CustomMetadata } from './metadata/build-metadata.js';
21
- import { OAuthHooks, SignInData, SignUpData } from './oauth-hooks.js';
23
+ import { OAuthHooks } from './oauth-hooks.js';
22
24
  import { OAuthVerifier, OAuthVerifierOptions } from './oauth-verifier.js';
23
- import { AuthorizationResultAuthorize } from './output/build-authorize-data.js';
24
- import { Branding, BrandingInput, Customization, CustomizationInput } from './output/build-customization-data.js';
25
- import { OutputManager } from './output/output-manager.js';
26
- import { AuthorizationResultRedirect } from './output/send-authorize-redirect.js';
27
25
  import { ReplayStore } from './replay/replay-store.js';
28
26
  import { RequestManager } from './request/request-manager.js';
29
27
  import { RequestStore } from './request/request-store.js';
30
- import { RequestUri } from './request/request-uri.js';
28
+ import { AuthorizationRedirectParameters } from './result/authorization-redirect-parameters.js';
29
+ import { AuthorizationResultAuthorizePage } from './result/authorization-result-authorize-page.js';
30
+ import { AuthorizationResultRedirect } from './result/authorization-result-redirect.js';
31
+ import { ErrorHandler } from './router/error-handler.js';
31
32
  import { TokenManager } from './token/token-manager.js';
32
33
  import { TokenStore } from './token/token-store.js';
33
- import { VerifyTokenClaimsOptions } from './token/verify-token-claims.js';
34
- export { type Branding, type BrandingInput, type CustomMetadata, type Customization, type CustomizationInput, type Handler, type HcaptchaConfig, Keyset, type OAuthAuthorizationServerMetadata, };
35
- type ApiContext = {
36
- requestUri: RequestUri;
37
- deviceId: DeviceId;
38
- deviceMetadata: RequestMetadata;
39
- };
40
- export type ErrorHandler<Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse> = (req: Req, res: Res, err: unknown, message: string) => void;
41
- export type RouterOptions<Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse> = {
42
- onError?: ErrorHandler<Req, Res>;
43
- };
44
- export type OAuthProviderOptions = Override<OAuthVerifierOptions & OAuthHooks & DeviceManagerOptions & CustomizationInput, {
34
+ import { VerifyTokenClaimsOptions, VerifyTokenClaimsResult } from './token/verify-token-claims.js';
35
+ export { AccessTokenMode, Keyset };
36
+ export type { AuthorizationRedirectParameters, AuthorizationResultAuthorizePage as AuthorizationResultAuthorize, AuthorizationResultRedirect, Branding, BrandingInput, CustomMetadata, Customization, CustomizationInput, ErrorHandler, HcaptchaConfig, LocalizedString, MultiLangString, OAuthAuthorizationServerMetadata, };
37
+ type OAuthProviderConfig = {
45
38
  /**
46
39
  * Maximum age a device/account session can be before requiring
47
40
  * re-authentication.
48
41
  */
49
42
  authenticationMaxAge?: number;
43
+ /**
44
+ * Maximum age an ephemeral session (one where "remember me" was not
45
+ * checked) can be before requiring re-authentication.
46
+ */
50
47
  /**
51
48
  * Maximum age access & id tokens can be before requiring a refresh.
52
49
  */
53
50
  tokenMaxAge?: number;
51
+ /**
52
+ * If set to {@link AccessTokenMode.stateless}, the generated access tokens
53
+ * will contain all the necessary information to validate the token without
54
+ * needing to query the database. This is useful for cases where the Resource
55
+ * Server is on a different host/server than the Authorization Server.
56
+ *
57
+ * When set to {@link AccessTokenMode.light}, the access tokens will contain
58
+ * only the necessary information to validate the token, but the token id
59
+ * will need to be queried from the database to retrieve the full token
60
+ * information (scope, audience, etc.)
61
+ *
62
+ * @see {@link AccessTokenMode}
63
+ * @default {AccessTokenMode.stateless}
64
+ */
65
+ accessTokenMode?: AccessTokenMode;
54
66
  /**
55
67
  * Additional metadata to be included in the discovery document.
56
68
  */
@@ -105,117 +117,123 @@ export type OAuthProviderOptions = Override<OAuthVerifierOptions & OAuthHooks &
105
117
  * @default is as specified by ATPROTO
106
118
  */
107
119
  loopbackMetadata?: null | false | LoopbackMetadataGetter;
108
- }>;
120
+ };
121
+ export type OAuthProviderOptions = OAuthProviderConfig & OAuthVerifierOptions & OAuthHooks & DeviceManagerOptions & CustomizationInput;
109
122
  export declare class OAuthProvider extends OAuthVerifier {
123
+ protected readonly accessTokenMode: AccessTokenMode;
110
124
  readonly metadata: OAuthAuthorizationServerMetadata;
125
+ readonly customization: Customization;
111
126
  readonly authenticationMaxAge: number;
112
127
  readonly accountManager: AccountManager;
113
128
  readonly deviceManager: DeviceManager;
114
129
  readonly clientManager: ClientManager;
115
130
  readonly requestManager: RequestManager;
116
131
  readonly tokenManager: TokenManager;
117
- readonly outputManager: OutputManager;
118
- constructor({ metadata, authenticationMaxAge, tokenMaxAge, safeFetch, redis, store, // compound store implementation
132
+ constructor({ authenticationMaxAge, tokenMaxAge, accessTokenMode, metadata, safeFetch, redis, store, // compound store implementation
119
133
  accountStore, deviceStore, tokenStore, clientStore, replayStore, requestStore, clientJwksCache, clientMetadataCache, loopbackMetadata, ...rest }: OAuthProviderOptions);
120
134
  get jwks(): {
121
135
  readonly keys: readonly ({
122
136
  readonly kty: "RSA";
123
137
  readonly n: string;
124
138
  readonly e: string;
125
- readonly alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
126
- readonly kid?: string | undefined;
127
- readonly ext?: boolean | undefined;
128
- readonly use?: "sig" | "enc" | undefined;
139
+ readonly alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined | undefined;
140
+ readonly kid?: string | undefined | undefined;
141
+ readonly ext?: boolean | undefined | undefined;
142
+ readonly use?: "sig" | "enc" | undefined | undefined;
129
143
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
130
144
  readonly x5c?: readonly string[] | undefined;
131
- readonly x5t?: string | undefined;
132
- readonly 'x5t#S256'?: string | undefined;
133
- readonly x5u?: string | undefined;
134
- readonly d?: string | undefined;
135
- readonly p?: string | undefined;
136
- readonly q?: string | undefined;
137
- readonly dp?: string | undefined;
138
- readonly dq?: string | undefined;
139
- readonly qi?: string | undefined;
145
+ readonly x5t?: string | undefined | undefined;
146
+ readonly 'x5t#S256'?: string | undefined | undefined;
147
+ readonly x5u?: string | undefined | undefined;
148
+ readonly d?: string | undefined | undefined;
149
+ readonly p?: string | undefined | undefined;
150
+ readonly q?: string | undefined | undefined;
151
+ readonly dp?: string | undefined | undefined;
152
+ readonly dq?: string | undefined | undefined;
153
+ readonly qi?: string | undefined | undefined;
140
154
  readonly oth?: readonly [{
141
- readonly d?: string | undefined;
142
- readonly r?: string | undefined;
143
- readonly t?: string | undefined;
155
+ readonly d?: string | undefined | undefined;
156
+ readonly r?: string | undefined | undefined;
157
+ readonly t?: string | undefined | undefined;
144
158
  }, ...{
145
- readonly d?: string | undefined;
146
- readonly r?: string | undefined;
147
- readonly t?: string | undefined;
159
+ readonly d?: string | undefined | undefined;
160
+ readonly r?: string | undefined | undefined;
161
+ readonly t?: string | undefined | undefined;
148
162
  }[]] | undefined;
149
163
  } | {
150
164
  readonly kty: "EC";
151
165
  readonly crv: "P-256" | "P-384" | "P-521";
152
166
  readonly x: string;
153
167
  readonly y: string;
154
- readonly alg?: "ES256" | "ES384" | "ES512" | undefined;
155
- readonly kid?: string | undefined;
156
- readonly ext?: boolean | undefined;
157
- readonly use?: "sig" | "enc" | undefined;
168
+ readonly alg?: "ES256" | "ES384" | "ES512" | undefined | undefined;
169
+ readonly kid?: string | undefined | undefined;
170
+ readonly ext?: boolean | undefined | undefined;
171
+ readonly use?: "sig" | "enc" | undefined | undefined;
158
172
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
159
173
  readonly x5c?: readonly string[] | undefined;
160
- readonly x5t?: string | undefined;
161
- readonly 'x5t#S256'?: string | undefined;
162
- readonly x5u?: string | undefined;
163
- readonly d?: string | undefined;
174
+ readonly x5t?: string | undefined | undefined;
175
+ readonly 'x5t#S256'?: string | undefined | undefined;
176
+ readonly x5u?: string | undefined | undefined;
177
+ readonly d?: string | undefined | undefined;
164
178
  } | {
165
179
  readonly kty: "EC";
166
180
  readonly crv: "secp256k1";
167
181
  readonly x: string;
168
182
  readonly y: string;
169
- readonly alg?: "ES256K" | undefined;
170
- readonly kid?: string | undefined;
171
- readonly ext?: boolean | undefined;
172
- readonly use?: "sig" | "enc" | undefined;
183
+ readonly alg?: "ES256K" | undefined | undefined;
184
+ readonly kid?: string | undefined | undefined;
185
+ readonly ext?: boolean | undefined | undefined;
186
+ readonly use?: "sig" | "enc" | undefined | undefined;
173
187
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
174
188
  readonly x5c?: readonly string[] | undefined;
175
- readonly x5t?: string | undefined;
176
- readonly 'x5t#S256'?: string | undefined;
177
- readonly x5u?: string | undefined;
178
- readonly d?: string | undefined;
189
+ readonly x5t?: string | undefined | undefined;
190
+ readonly 'x5t#S256'?: string | undefined | undefined;
191
+ readonly x5u?: string | undefined | undefined;
192
+ readonly d?: string | undefined | undefined;
179
193
  } | {
180
194
  readonly kty: "OKP";
181
195
  readonly crv: "Ed25519" | "Ed448";
182
196
  readonly x: string;
183
- readonly alg?: "EdDSA" | undefined;
184
- readonly kid?: string | undefined;
185
- readonly ext?: boolean | undefined;
186
- readonly use?: "sig" | "enc" | undefined;
197
+ readonly alg?: "EdDSA" | undefined | undefined;
198
+ readonly kid?: string | undefined | undefined;
199
+ readonly ext?: boolean | undefined | undefined;
200
+ readonly use?: "sig" | "enc" | undefined | undefined;
187
201
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
188
202
  readonly x5c?: readonly string[] | undefined;
189
- readonly x5t?: string | undefined;
190
- readonly 'x5t#S256'?: string | undefined;
191
- readonly x5u?: string | undefined;
192
- readonly d?: string | undefined;
203
+ readonly x5t?: string | undefined | undefined;
204
+ readonly 'x5t#S256'?: string | undefined | undefined;
205
+ readonly x5u?: string | undefined | undefined;
206
+ readonly d?: string | undefined | undefined;
193
207
  } | {
194
208
  readonly kty: "oct";
195
209
  readonly k: string;
196
- readonly alg?: "HS256" | "HS384" | "HS512" | undefined;
197
- readonly kid?: string | undefined;
198
- readonly ext?: boolean | undefined;
199
- readonly use?: "sig" | "enc" | undefined;
210
+ readonly alg?: "HS256" | "HS384" | "HS512" | undefined | undefined;
211
+ readonly kid?: string | undefined | undefined;
212
+ readonly ext?: boolean | undefined | undefined;
213
+ readonly use?: "sig" | "enc" | undefined | undefined;
200
214
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
201
215
  readonly x5c?: readonly string[] | undefined;
202
- readonly x5t?: string | undefined;
203
- readonly 'x5t#S256'?: string | undefined;
204
- readonly x5u?: string | undefined;
216
+ readonly x5t?: string | undefined | undefined;
217
+ readonly 'x5t#S256'?: string | undefined | undefined;
218
+ readonly x5u?: string | undefined | undefined;
205
219
  } | {
206
220
  readonly kty: string;
207
- readonly alg?: string | undefined;
208
- readonly kid?: string | undefined;
209
- readonly ext?: boolean | undefined;
210
- readonly use?: "sig" | "enc" | undefined;
221
+ readonly alg?: string | undefined | undefined;
222
+ readonly kid?: string | undefined | undefined;
223
+ readonly ext?: boolean | undefined | undefined;
224
+ readonly use?: "sig" | "enc" | undefined | undefined;
211
225
  readonly key_ops?: readonly ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
212
226
  readonly x5c?: readonly string[] | undefined;
213
- readonly x5t?: string | undefined;
214
- readonly 'x5t#S256'?: string | undefined;
215
- readonly x5u?: string | undefined;
227
+ readonly x5t?: string | undefined | undefined;
228
+ readonly 'x5t#S256'?: string | undefined | undefined;
229
+ readonly x5u?: string | undefined | undefined;
216
230
  })[];
217
231
  };
218
- protected loginRequired(client: Client, parameters: OAuthAuthorizationRequestParameters, info: DeviceAccountInfo): boolean;
232
+ /**
233
+ * @returns true if the user's consent is required for the requested scopes
234
+ */
235
+ checkConsentRequired(parameters: OAuthAuthorizationRequestParameters, clientData?: AuthorizedClientData): boolean;
236
+ checkLoginRequired(deviceAccount: DeviceAccount): boolean;
219
237
  protected authenticateClient(credentials: OAuthClientCredentials): Promise<[Client, ClientAuth]>;
220
238
  protected decodeJAR(client: Client, input: OAuthAuthorizationRequestJar): Promise<{
221
239
  payload: OAuthAuthorizationRequestParameters;
@@ -230,48 +248,26 @@ export declare class OAuthProvider extends OAuthVerifier {
230
248
  /**
231
249
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9126}
232
250
  */
233
- protected pushedAuthorizationRequest(credentials: OAuthClientCredentials, authorizationRequest: OAuthAuthorizationRequestPar, dpopJkt: null | string): Promise<OAuthParResponse>;
251
+ pushedAuthorizationRequest(credentials: OAuthClientCredentials, authorizationRequest: OAuthAuthorizationRequestPar, dpopJkt: null | string): Promise<OAuthParResponse>;
234
252
  private processAuthorizationRequest;
235
- private deleteRequest;
236
253
  /**
237
254
  * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-4.1.1}
238
255
  */
239
- protected authorize(clientCredentials: OAuthClientCredentialsNone, query: OAuthAuthorizationRequestQuery, deviceId: DeviceId, deviceMetadata: RequestMetadata): Promise<AuthorizationResultRedirect | AuthorizationResultAuthorize>;
240
- protected getSessions(client: Client, clientAuth: ClientAuth, deviceId: DeviceId, parameters: OAuthAuthorizationRequestParameters): Promise<{
256
+ authorize(clientCredentials: OAuthClientCredentialsNone, query: OAuthAuthorizationRequestQuery, deviceId: DeviceId, deviceMetadata: RequestMetadata): Promise<AuthorizationResultRedirect | AuthorizationResultAuthorizePage>;
257
+ protected getSessions(clientId: ClientId, deviceId: DeviceId, parameters: OAuthAuthorizationRequestParameters): Promise<{
241
258
  account: Account;
242
- info: DeviceAccountInfo;
243
259
  selected: boolean;
244
260
  loginRequired: boolean;
245
261
  consentRequired: boolean;
246
262
  matchesHint: boolean;
247
263
  }[]>;
248
- protected signUp({ requestUri, deviceId, deviceMetadata }: ApiContext, data: SignUpData): Promise<{
249
- account: Account;
250
- consentRequired: boolean;
251
- }>;
252
- protected signIn({ requestUri, deviceId, deviceMetadata }: ApiContext, data: SignInData): Promise<{
253
- account: Account;
254
- consentRequired: boolean;
255
- }>;
256
- protected acceptRequest({ requestUri, deviceId, deviceMetadata }: ApiContext, sub: string): Promise<AuthorizationResultRedirect>;
257
- protected rejectRequest({ requestUri, deviceId, }: ApiContext): Promise<AuthorizationResultRedirect>;
258
- protected token(clientCredentials: OAuthClientCredentials, clientMetadata: RequestMetadata, request: OAuthTokenRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
264
+ token(clientCredentials: OAuthClientCredentials, clientMetadata: RequestMetadata, request: OAuthTokenRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
259
265
  protected codeGrant(client: Client, clientAuth: ClientAuth, clientMetadata: RequestMetadata, input: OAuthAuthorizationCodeGrantTokenRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
260
266
  refreshTokenGrant(client: Client, clientAuth: ClientAuth, clientMetadata: RequestMetadata, input: OAuthRefreshTokenGrantTokenRequest, dpopJkt: null | string): Promise<OAuthTokenResponse>;
261
267
  /**
262
268
  * @see {@link https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 rfc7009}
263
269
  */
264
- protected revoke({ token }: OAuthTokenIdentification): Promise<void>;
265
- /**
266
- * @see {@link https://datatracker.ietf.org/doc/html/rfc7662#section-2.1 rfc7662}
267
- */
268
- protected introspect(credentials: OAuthClientCredentials, { token }: OAuthTokenIdentification): Promise<OAuthIntrospectionResponse>;
269
- protected authenticateToken(tokenType: OAuthTokenType, token: OAuthAccessToken, dpopJkt: string | null, verifyOptions?: VerifyTokenClaimsOptions): Promise<import("./token/verify-token-claims.js").VerifyTokenClaimsResult>;
270
- /**
271
- * @returns An http request handler that can be used with node's http server
272
- * or as a middleware with express / connect.
273
- */
274
- httpHandler<T = void, Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse>(options?: RouterOptions<Req, Res>): Handler<T, Req, Res>;
275
- buildRouter<T = void, Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse>(options?: RouterOptions<Req, Res>): Router<T, Req, Res>;
270
+ revoke(credentials: OAuthClientCredentials, { token }: OAuthTokenIdentification): Promise<void>;
271
+ protected verifyToken(tokenType: OAuthTokenType, token: OAuthAccessToken, dpopJkt: string | null, verifyOptions?: VerifyTokenClaimsOptions): Promise<VerifyTokenClaimsResult>;
276
272
  }
277
273
  //# sourceMappingURL=oauth-provider.d.ts.map