@atproto/oauth-provider 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +49 -0
- package/dist/client/client-auth.d.ts +48 -3
- package/dist/client/client-auth.d.ts.map +1 -1
- package/dist/client/client-auth.js +0 -31
- package/dist/client/client-auth.js.map +1 -1
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +19 -19
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client.d.ts +14 -17
- package/dist/client/client.d.ts.map +1 -1
- package/dist/client/client.js +115 -73
- package/dist/client/client.js.map +1 -1
- package/dist/constants.d.ts +7 -6
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +8 -7
- package/dist/constants.js.map +1 -1
- package/dist/metadata/build-metadata.js +1 -1
- package/dist/metadata/build-metadata.js.map +1 -1
- package/dist/oauth-provider.d.ts +20 -16
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +268 -122
- package/dist/oauth-provider.js.map +1 -1
- package/dist/replay/replay-manager.d.ts +1 -1
- package/dist/replay/replay-manager.d.ts.map +1 -1
- package/dist/replay/replay-manager.js +5 -2
- package/dist/replay/replay-manager.js.map +1 -1
- package/dist/request/request-data.d.ts +3 -2
- package/dist/request/request-data.d.ts.map +1 -1
- package/dist/request/request-data.js.map +1 -1
- package/dist/request/request-info.d.ts +1 -1
- package/dist/request/request-info.d.ts.map +1 -1
- package/dist/request/request-manager.d.ts +73 -9
- package/dist/request/request-manager.d.ts.map +1 -1
- package/dist/request/request-manager.js +34 -61
- package/dist/request/request-manager.js.map +1 -1
- package/dist/request/request-store.d.ts +6 -2
- package/dist/request/request-store.d.ts.map +1 -1
- package/dist/request/request-store.js +6 -6
- package/dist/request/request-store.js.map +1 -1
- package/dist/router/create-api-middleware.js +1 -1
- package/dist/router/create-api-middleware.js.map +1 -1
- package/dist/router/create-oauth-middleware.d.ts.map +1 -1
- package/dist/router/create-oauth-middleware.js +2 -1
- package/dist/router/create-oauth-middleware.js.map +1 -1
- package/dist/token/token-data.d.ts +2 -2
- package/dist/token/token-data.d.ts.map +1 -1
- package/dist/token/token-manager.d.ts +10 -10
- package/dist/token/token-manager.d.ts.map +1 -1
- package/dist/token/token-manager.js +64 -201
- package/dist/token/token-manager.js.map +1 -1
- package/package.json +8 -7
- package/src/client/client-auth.ts +52 -33
- package/src/client/client-manager.ts +26 -27
- package/src/client/client.ts +153 -89
- package/src/constants.ts +9 -7
- package/src/metadata/build-metadata.ts +2 -2
- package/src/oauth-provider.ts +391 -191
- package/src/replay/replay-manager.ts +10 -6
- package/src/request/request-data.ts +12 -2
- package/src/request/request-info.ts +1 -1
- package/src/request/request-manager.ts +45 -85
- package/src/request/request-store.ts +11 -8
- package/src/router/create-api-middleware.ts +1 -1
- package/src/router/create-oauth-middleware.ts +7 -1
- package/src/token/token-data.ts +2 -2
- package/src/token/token-manager.ts +112 -312
- package/tsconfig.build.tsbuildinfo +1 -1
- package/dist/request/request-store-memory.d.ts +0 -16
- package/dist/request/request-store-memory.d.ts.map +0 -1
- package/dist/request/request-store-memory.js +0 -31
- package/dist/request/request-store-memory.js.map +0 -1
- package/dist/request/request-store-redis.d.ts +0 -24
- package/dist/request/request-store-redis.d.ts.map +0 -1
- package/dist/request/request-store-redis.js +0 -58
- package/dist/request/request-store-redis.js.map +0 -1
- package/src/request/request-store-memory.ts +0 -39
- package/src/request/request-store-redis.ts +0 -71
package/dist/client/client.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Client = void 0;
|
|
4
|
+
exports.authJwkThumbprint = authJwkThumbprint;
|
|
4
5
|
const jose_1 = require("jose");
|
|
5
6
|
const oauth_types_1 = require("@atproto/oauth-types");
|
|
6
7
|
const constants_js_1 = require("../constants.js");
|
|
@@ -10,8 +11,8 @@ const invalid_client_metadata_error_js_1 = require("../errors/invalid-client-met
|
|
|
10
11
|
const invalid_parameters_error_js_1 = require("../errors/invalid-parameters-error.js");
|
|
11
12
|
const invalid_request_error_js_1 = require("../errors/invalid-request-error.js");
|
|
12
13
|
const invalid_scope_error_js_1 = require("../errors/invalid-scope-error.js");
|
|
14
|
+
const cast_js_1 = require("../lib/util/cast.js");
|
|
13
15
|
const redirect_uri_js_1 = require("../lib/util/redirect-uri.js");
|
|
14
|
-
const client_auth_js_1 = require("./client-auth.js");
|
|
15
16
|
const { JOSEError } = jose_1.errors;
|
|
16
17
|
class Client {
|
|
17
18
|
id;
|
|
@@ -34,26 +35,38 @@ class Client {
|
|
|
34
35
|
? (0, jose_1.createLocalJWKSet)(jwks || { keys: [] })
|
|
35
36
|
: (0, jose_1.createRemoteJWKSet)(new URL(metadata.jwks_uri), {});
|
|
36
37
|
}
|
|
37
|
-
|
|
38
|
+
/**
|
|
39
|
+
* @see {@link https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2}
|
|
40
|
+
*/
|
|
41
|
+
async decodeRequestObject(jar, audience) {
|
|
42
|
+
// https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2
|
|
43
|
+
// > If signed, the Authorization Request Object SHOULD contain the Claims
|
|
44
|
+
// > iss (issuer) and aud (audience) as members with their semantics being
|
|
45
|
+
// > the same as defined in the JWT [RFC7519] specification. The value of
|
|
46
|
+
// > aud should be the value of the authorization server (AS) issuer, as
|
|
47
|
+
// > defined in RFC 8414 [RFC8414].
|
|
38
48
|
try {
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
return await this.jwtVerify(jar, {
|
|
49
|
-
maxTokenAge: constants_js_1.JAR_MAX_AGE / 1000,
|
|
50
|
-
});
|
|
51
|
-
default:
|
|
52
|
-
return await this.jwtVerify(jar, {
|
|
53
|
-
maxTokenAge: constants_js_1.JAR_MAX_AGE / 1000,
|
|
54
|
-
algorithms: [this.metadata.request_object_signing_alg],
|
|
55
|
-
});
|
|
49
|
+
// We need to special case the "none" algorithm, as the validation method
|
|
50
|
+
// is different for signed and unsigned JWTs.
|
|
51
|
+
if (this.metadata.request_object_signing_alg === 'none') {
|
|
52
|
+
return await this.jwtVerifyUnsecured(jar, {
|
|
53
|
+
audience,
|
|
54
|
+
maxTokenAge: constants_js_1.JAR_MAX_AGE / 1e3,
|
|
55
|
+
allowMissingAudience: true,
|
|
56
|
+
allowMissingIssuer: true,
|
|
57
|
+
});
|
|
56
58
|
}
|
|
59
|
+
return await this.jwtVerify(jar, {
|
|
60
|
+
audience,
|
|
61
|
+
maxTokenAge: constants_js_1.JAR_MAX_AGE / 1e3,
|
|
62
|
+
algorithms: this.metadata.request_object_signing_alg
|
|
63
|
+
? [this.metadata.request_object_signing_alg]
|
|
64
|
+
: // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2
|
|
65
|
+
//
|
|
66
|
+
// > The default, if omitted, is that any algorithm supported by the OP
|
|
67
|
+
// > and the RP MAY be used.
|
|
68
|
+
undefined,
|
|
69
|
+
});
|
|
57
70
|
}
|
|
58
71
|
catch (err) {
|
|
59
72
|
const message = err instanceof JOSEError
|
|
@@ -62,11 +75,25 @@ class Client {
|
|
|
62
75
|
throw new invalid_request_error_js_1.InvalidRequestError(message, err);
|
|
63
76
|
}
|
|
64
77
|
}
|
|
65
|
-
async jwtVerifyUnsecured(token, options) {
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
78
|
+
async jwtVerifyUnsecured(token, { audience, allowMissingAudience = false, allowMissingIssuer = false, ...options } = {}) {
|
|
79
|
+
// jose does not support `allowMissingAudience` and `allowMissingIssuer`
|
|
80
|
+
// options, so we need to handle audience and issuer checks manually (see
|
|
81
|
+
// bellow).
|
|
82
|
+
const result = jose_1.UnsecuredJWT.decode(token, options);
|
|
83
|
+
if (!allowMissingIssuer || result.payload.iss != null) {
|
|
84
|
+
if (result.payload.iss !== this.id) {
|
|
85
|
+
throw new JOSEError(`Invalid "iss" claim "${result.payload.iss}"`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
if (!allowMissingAudience || result.payload.aud != null) {
|
|
89
|
+
if (audience != null) {
|
|
90
|
+
const payloadAud = (0, cast_js_1.asArray)(result.payload.aud);
|
|
91
|
+
if (!(0, cast_js_1.asArray)(audience).some((aud) => payloadAud.includes(aud))) {
|
|
92
|
+
throw new JOSEError(`Invalid "aud" claim "${result.payload.aud}"`);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
return result;
|
|
70
97
|
}
|
|
71
98
|
async jwtVerify(token, options) {
|
|
72
99
|
return (0, jose_1.jwtVerify)(token, this.keyGetter, {
|
|
@@ -79,42 +106,78 @@ class Client {
|
|
|
79
106
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
|
|
80
107
|
* @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}
|
|
81
108
|
*/
|
|
82
|
-
async
|
|
83
|
-
const method = this.metadata
|
|
109
|
+
async authenticate(input, checks) {
|
|
110
|
+
const method = this.metadata.token_endpoint_auth_method;
|
|
84
111
|
if (method === 'none') {
|
|
85
|
-
|
|
86
|
-
return { clientAuth };
|
|
112
|
+
return { method: 'none' };
|
|
87
113
|
}
|
|
88
114
|
if (method === 'private_key_jwt') {
|
|
89
|
-
if (!('
|
|
90
|
-
throw new invalid_request_error_js_1.InvalidRequestError(`
|
|
91
|
-
}
|
|
92
|
-
else if (!input.client_assertion) {
|
|
93
|
-
throw new invalid_request_error_js_1.InvalidRequestError(`client_assertion required for "${method}"`);
|
|
115
|
+
if (!('client_assertion' in input)) {
|
|
116
|
+
throw new invalid_request_error_js_1.InvalidRequestError(`client authentication method "${method}" required a "client_assertion"`);
|
|
94
117
|
}
|
|
95
118
|
if (input.client_assertion_type === oauth_types_1.CLIENT_ASSERTION_TYPE_JWT_BEARER) {
|
|
119
|
+
// https://www.rfc-editor.org/rfc/rfc7523.html#section-3
|
|
96
120
|
const result = await this.jwtVerify(input.client_assertion, {
|
|
97
|
-
|
|
121
|
+
// > 1. The JWT MUST contain an "iss" (issuer) claim that contains a
|
|
122
|
+
// > unique identifier for the entity that issued the JWT.
|
|
123
|
+
//
|
|
124
|
+
// The "issuer" is already checked by jwtVerify()
|
|
125
|
+
// > 2. The JWT MUST contain a "sub" (subject) claim identifying the
|
|
126
|
+
// > principal that is the subject of the JWT. Two cases need to be
|
|
127
|
+
// > differentiated: [...] For client authentication, the subject
|
|
128
|
+
// > MUST be the "client_id" of the OAuth client.
|
|
98
129
|
subject: this.id,
|
|
130
|
+
// > 3. The JWT MUST contain an "aud" (audience) claim containing a
|
|
131
|
+
// > value that identifies the authorization server as an intended
|
|
132
|
+
// > audience. The token endpoint URL of the authorization server
|
|
133
|
+
// > MAY be used as a value for an "aud" element to identify the
|
|
134
|
+
// > authorization server as an intended audience of the JWT.
|
|
135
|
+
audience: checks.authorizationServerIdentifier,
|
|
136
|
+
requiredClaims: [
|
|
137
|
+
// > 4. The JWT MUST contain an "exp" (expiration time) claim that
|
|
138
|
+
// > limits the time window during which the JWT can be used.
|
|
139
|
+
//
|
|
140
|
+
// @TODO The presence of "exp" didn't use to be enforced by this
|
|
141
|
+
// implementation (or provided by the oauth-client). This is mostly
|
|
142
|
+
// fine because "iat" *is* required, but this makes this
|
|
143
|
+
// implementation non compliant with RFC7523. We can't just make it
|
|
144
|
+
// required as it might break existing clients.
|
|
145
|
+
// 'exp',
|
|
146
|
+
// > 7. The JWT MAY contain a "jti" (JWT ID) claim that provides a
|
|
147
|
+
// > unique identifier for the token. The authorization server
|
|
148
|
+
// > MAY ensure that JWTs are not replayed by maintaining the set
|
|
149
|
+
// > of used "jti" values for the length of time for which the
|
|
150
|
+
// > JWT would be considered valid based on the applicable "exp"
|
|
151
|
+
// > instant.
|
|
152
|
+
'jti',
|
|
153
|
+
],
|
|
154
|
+
// > 5. The JWT MAY contain an "nbf" (not before) claim that
|
|
155
|
+
// > identifies the time before which the token MUST NOT be
|
|
156
|
+
// > accepted for processing.
|
|
157
|
+
//
|
|
158
|
+
// This is already enforced by jose
|
|
159
|
+
// > 6. The JWT MAY contain an "iat" (issued at) claim that identifies
|
|
160
|
+
// > the time at which the JWT was issued. Note that the
|
|
161
|
+
// > authorization server may reject JWTs with an "iat" claim value
|
|
162
|
+
// > that is unreasonably far in the past.
|
|
99
163
|
maxTokenAge: constants_js_1.CLIENT_ASSERTION_MAX_AGE / 1000,
|
|
100
|
-
requiredClaims: ['jti'],
|
|
101
164
|
}).catch((err) => {
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
throw err;
|
|
165
|
+
const msg = err instanceof JOSEError
|
|
166
|
+
? `Validation of "client_assertion" failed: ${err.message}`
|
|
167
|
+
: `Unable to verify "client_assertion" JWT`;
|
|
168
|
+
throw new invalid_client_error_js_1.InvalidClientError(msg, err);
|
|
107
169
|
});
|
|
108
170
|
if (!result.protectedHeader.kid) {
|
|
109
171
|
throw new invalid_client_error_js_1.InvalidClientError(`"kid" required in client_assertion`);
|
|
110
172
|
}
|
|
111
|
-
|
|
112
|
-
method:
|
|
113
|
-
|
|
173
|
+
return {
|
|
174
|
+
method: 'private_key_jwt',
|
|
175
|
+
jti: result.payload.jti,
|
|
176
|
+
exp: result.payload.exp,
|
|
177
|
+
jkt: await authJwkThumbprint(result.key),
|
|
114
178
|
alg: result.protectedHeader.alg,
|
|
115
179
|
kid: result.protectedHeader.kid,
|
|
116
180
|
};
|
|
117
|
-
return { clientAuth, nonce: result.payload.jti };
|
|
118
181
|
}
|
|
119
182
|
throw new invalid_client_error_js_1.InvalidClientError(`Unsupported client_assertion_type "${input.client_assertion_type}"`);
|
|
120
183
|
}
|
|
@@ -127,35 +190,6 @@ class Client {
|
|
|
127
190
|
}
|
|
128
191
|
throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError(`Unsupported token_endpoint_auth_method "${method}"`);
|
|
129
192
|
}
|
|
130
|
-
/**
|
|
131
|
-
* Ensures that a {@link ClientAuth} generated in the past is still valid wrt
|
|
132
|
-
* the current client metadata & jwks. This is used to invalidate tokens when
|
|
133
|
-
* the client stops advertising the key that it used to authenticate itself
|
|
134
|
-
* during the initial token request.
|
|
135
|
-
*/
|
|
136
|
-
async validateClientAuth(clientAuth) {
|
|
137
|
-
if (clientAuth.method === 'none') {
|
|
138
|
-
return this.metadata[`token_endpoint_auth_method`] === 'none';
|
|
139
|
-
}
|
|
140
|
-
if (clientAuth.method === oauth_types_1.CLIENT_ASSERTION_TYPE_JWT_BEARER) {
|
|
141
|
-
if (this.metadata[`token_endpoint_auth_method`] !== 'private_key_jwt') {
|
|
142
|
-
return false;
|
|
143
|
-
}
|
|
144
|
-
try {
|
|
145
|
-
const key = await this.keyGetter({
|
|
146
|
-
kid: clientAuth.kid,
|
|
147
|
-
alg: clientAuth.alg,
|
|
148
|
-
}, { payload: '', signature: '' });
|
|
149
|
-
const jtk = await (0, client_auth_js_1.authJwkThumbprint)(key);
|
|
150
|
-
return jtk === clientAuth.jkt;
|
|
151
|
-
}
|
|
152
|
-
catch (e) {
|
|
153
|
-
return false;
|
|
154
|
-
}
|
|
155
|
-
}
|
|
156
|
-
// @ts-expect-error
|
|
157
|
-
throw new Error(`Invalid method "${clientAuth.method}"`);
|
|
158
|
-
}
|
|
159
193
|
/**
|
|
160
194
|
* Validates the request parameters against the client metadata.
|
|
161
195
|
*/
|
|
@@ -223,4 +257,12 @@ class Client {
|
|
|
223
257
|
}
|
|
224
258
|
}
|
|
225
259
|
exports.Client = Client;
|
|
260
|
+
async function authJwkThumbprint(key) {
|
|
261
|
+
try {
|
|
262
|
+
return await (0, jose_1.calculateJwkThumbprint)(await (0, jose_1.exportJWK)(key), 'sha512');
|
|
263
|
+
}
|
|
264
|
+
catch (err) {
|
|
265
|
+
throw new invalid_client_error_js_1.InvalidClientError('Unable to compute JWK thumbprint', err);
|
|
266
|
+
}
|
|
267
|
+
}
|
|
226
268
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":";;;AAiYA,8CAQC;AAzYD,+BAgBa;AAEb,sDAM6B;AAC7B,kDAAuE;AACvE,6GAAmG;AACnG,+EAAsE;AACtE,iGAAuF;AACvF,uFAA8E;AAC9E,iFAAwE;AACxE,6EAAoE;AACpE,iDAA6C;AAC7C,iEAAgE;AAMhE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAa,MAAM;IAWC;IACA;IACA;IACA;IAblB;;OAEG;IACH,MAAM,CAAU,sBAAsB,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAU,CAAA;IAE5D,SAAS,CAEU;IAEpC,YACkB,EAAY,EACZ,QAA6B,EAC7B,OAAyB,QAAQ,CAAC,IAAI,EACtC,IAAgB;QAHhB,OAAE,GAAF,EAAE,CAAU;QACZ,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,SAAI,GAAJ,IAAI,CAAkC;QACtC,SAAI,GAAJ,IAAI,CAAY;QAEhC,2EAA2E;QAC3E,IAAI,CAAC,SAAS;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACxB,CAAC,CAAC,IAAA,wBAAiB,EAAC,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBACzC,CAAC,CAAC,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,GAA4B,EAC5B,QAAgB;QAEhB,oEAAoE;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,wEAAwE;QACxE,mCAAmC;QACnC,IAAI,CAAC;YACH,yEAAyE;YACzE,6CAA6C;YAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBACxC,QAAQ;oBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;oBAC9B,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAAE,IAAI;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;gBAC/B,QAAQ;gBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;gBAC9B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,0BAA0B;oBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC;oBAC5C,CAAC,CAAC,8EAA8E;wBAC9E,EAAE;wBACF,uEAAuE;wBACvE,4BAA4B;wBAC5B,SAAS;aACd,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,SAAS;gBACtB,CAAC,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE;gBAC5C,CAAC,CAAC,0BAA0B,CAAA;YAEhC,MAAM,IAAI,8CAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,KAAa,EACb,EACE,QAAQ,EACR,oBAAoB,GAAG,KAAK,EAC5B,kBAAkB,GAAG,KAAK,EAC1B,GAAG,OAAO,KAIR,EAAE;QAEN,wEAAwE;QACxE,yEAAyE;QACzE,WAAW;QAEX,MAAM,MAAM,GAAG,mBAAY,CAAC,MAAM,CAAc,KAAK,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,CAAC,kBAAkB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACtD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACxD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,IAAA,iBAAO,EAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,CAAC,IAAA,iBAAO,EAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC/D,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,OAA0C;QAE1C,OAAO,IAAA,gBAAS,EAAc,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACnD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CACvB,KAA6B,EAC7B,MAEC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAA;QAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,kBAAkB,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,8CAAmB,CAC3B,iCAAiC,MAAM,iCAAiC,CACzE,CAAA;YACH,CAAC;YAED,IAAI,KAAK,CAAC,qBAAqB,KAAK,8CAAgC,EAAE,CAAC;gBACrE,wDAAwD;gBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAGhC,KAAK,CAAC,gBAAgB,EAAE;oBACzB,oEAAoE;oBACpE,6DAA6D;oBAC7D,EAAE;oBACF,iDAAiD;oBAEjD,oEAAoE;oBACpE,sEAAsE;oBACtE,oEAAoE;oBACpE,oDAAoD;oBACpD,OAAO,EAAE,IAAI,CAAC,EAAE;oBAEhB,mEAAmE;oBACnE,qEAAqE;oBACrE,oEAAoE;oBACpE,mEAAmE;oBACnE,gEAAgE;oBAChE,QAAQ,EAAE,MAAM,CAAC,6BAA6B;oBAE9C,cAAc,EAAE;wBACd,kEAAkE;wBAClE,gEAAgE;wBAChE,EAAE;wBACF,gEAAgE;wBAChE,mEAAmE;wBACnE,wDAAwD;wBACxD,mEAAmE;wBACnE,+CAA+C;wBAE/C,SAAS;wBAET,kEAAkE;wBAClE,iEAAiE;wBACjE,oEAAoE;wBACpE,iEAAiE;wBACjE,mEAAmE;wBACnE,gBAAgB;wBAChB,KAAK;qBACN;oBAED,4DAA4D;oBAC5D,8DAA8D;oBAC9D,gCAAgC;oBAChC,EAAE;oBACF,mCAAmC;oBAEnC,sEAAsE;oBACtE,4DAA4D;oBAC5D,sEAAsE;oBACtE,6CAA6C;oBAC7C,WAAW,EAAE,uCAAwB,GAAG,IAAI;iBAC7C,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACf,MAAM,GAAG,GACP,GAAG,YAAY,SAAS;wBACtB,CAAC,CAAC,4CAA4C,GAAG,CAAC,OAAO,EAAE;wBAC3D,CAAC,CAAC,yCAAyC,CAAA;oBAE/C,MAAM,IAAI,4CAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBACxC,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;oBAChC,MAAM,IAAI,4CAAkB,CAAC,oCAAoC,CAAC,CAAA;gBACpE,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,iBAAiB;oBACzB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;oBACxC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;oBAC/B,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;iBAChC,CAAA;YACH,CAAC;YAED,MAAM,IAAI,4CAAkB,CAC1B,sCAAsC,KAAK,CAAC,qBAAqB,GAAG,CACrE,CAAA;QACH,CAAC;QAED,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC7C,MAAM,CAAC,sBAAsB;aAC9B,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,MAAM,GAAG,CACrD,CAAA;IACH,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAyD;QAEzD,IAAI,UAAU,CAAC,SAAS,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,oDAAsB,CAC9B,UAAU,EACV,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,qEAAqE;YACrE,YAAY;YACZ,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,UAAU,KAAK,0CAA0C,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,oDAAsB,CAC9B,UAAU,EACV,0BAA0B,UAAU,CAAC,aAAa,2BAA2B,CAC9E,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,oDAAsB,CAC9B,UAAU,EACV,uEAAuE,CACxE,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;QACnC,IAAI,YAAY,EAAE,CAAC;YACjB,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACxC,IAAA,oCAAkB,EAAC,GAAG,EAAE,YAAY,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,oDAAsB,CAC9B,UAAU,EACV,wBAAwB,YAAY,EAAE,CACvC,CAAA;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAAA;YACnC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;YAClE,CAAC;iBAAM,CAAC;gBACN,uFAAuF;gBACvF,EAAE;gBACF,wEAAwE;gBACxE,4EAA4E;gBAC5E,YAAY;gBACZ,MAAM,IAAI,oDAAsB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YAC1E,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;YACrD,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,8DAA8D,CAC/D,CAAA;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,yEAAyE,MAAM,CAAC,IAAI,GAAG,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,IAAI,kBAAkB;QACpB,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;QACvC,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,CAAC;;AArVH,wBAsVC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,6BAAsB,EAAC,MAAM,IAAA,gBAAS,EAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,4CAAkB,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;AACH,CAAC"}
|
package/dist/constants.d.ts
CHANGED
|
@@ -18,14 +18,14 @@ export declare const EPHEMERAL_SESSION_MAX_AGE: number;
|
|
|
18
18
|
export declare const TOKEN_MAX_AGE: number;
|
|
19
19
|
/** 5 minutes */
|
|
20
20
|
export declare const AUTHORIZATION_INACTIVITY_TIMEOUT: number;
|
|
21
|
-
/** 1 months */
|
|
22
|
-
export declare const AUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT: number;
|
|
23
|
-
/** 2 days */
|
|
24
|
-
export declare const UNAUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT: number;
|
|
25
21
|
/** 1 week */
|
|
26
|
-
export declare const
|
|
22
|
+
export declare const PUBLIC_CLIENT_SESSION_LIFETIME: number;
|
|
23
|
+
/** 2 days */
|
|
24
|
+
export declare const PUBLIC_CLIENT_REFRESH_LIFETIME: number;
|
|
27
25
|
/** 1 year */
|
|
28
|
-
export declare const
|
|
26
|
+
export declare const CONFIDENTIAL_CLIENT_SESSION_LIFETIME: number;
|
|
27
|
+
/** 1 months */
|
|
28
|
+
export declare const CONFIDENTIAL_CLIENT_REFRESH_LIFETIME: number;
|
|
29
29
|
/** 5 minutes */
|
|
30
30
|
export declare const PAR_EXPIRES_IN: number;
|
|
31
31
|
/**
|
|
@@ -44,4 +44,5 @@ export declare const DPOP_NONCE_MAX_AGE: number;
|
|
|
44
44
|
export declare const SESSION_FIXATION_MAX_AGE: number;
|
|
45
45
|
/** 1 day */
|
|
46
46
|
export declare const CODE_CHALLENGE_REPLAY_TIMEFRAME: number;
|
|
47
|
+
export declare const NODE_ENV: string;
|
|
47
48
|
//# sourceMappingURL=constants.d.ts.map
|
package/dist/constants.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,gBAAgB,SAAS,CAAA;AACtC,eAAO,MAAM,sBAAsB,KAAK,CAAA;AAExC,eAAO,MAAM,iBAAiB,SAAS,CAAA;AACvC,eAAO,MAAM,uBAAuB,KAAK,CAAA;AAEzC,eAAO,MAAM,oBAAoB,SAAS,CAAA;AAC1C,eAAO,MAAM,0BAA0B,KAAK,CAAA;AAE5C,eAAO,MAAM,eAAe,SAAS,CAAA;AACrC,eAAO,MAAM,qBAAqB,KAAK,CAAA;AAEvC,eAAO,MAAM,iBAAiB,SAAS,CAAA;AACvC,eAAO,MAAM,uBAAuB,KAAK,CAAA;AAEzC,eAAO,MAAM,WAAW,SAAS,CAAA;AACjC,eAAO,MAAM,iBAAiB,KAAK,CAAA;AAUnC,aAAa;AACb,eAAO,MAAM,sBAAsB,QAAU,CAAA;AAE7C,iBAAiB;AACjB,eAAO,MAAM,yBAAyB,QAAc,CAAA;AAEpD,iBAAiB;AACjB,eAAO,MAAM,aAAa,QAAc,CAAA;AAExC,gBAAgB;AAChB,eAAO,MAAM,gCAAgC,QAAa,CAAA;AAE1D,
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,gBAAgB,SAAS,CAAA;AACtC,eAAO,MAAM,sBAAsB,KAAK,CAAA;AAExC,eAAO,MAAM,iBAAiB,SAAS,CAAA;AACvC,eAAO,MAAM,uBAAuB,KAAK,CAAA;AAEzC,eAAO,MAAM,oBAAoB,SAAS,CAAA;AAC1C,eAAO,MAAM,0BAA0B,KAAK,CAAA;AAE5C,eAAO,MAAM,eAAe,SAAS,CAAA;AACrC,eAAO,MAAM,qBAAqB,KAAK,CAAA;AAEvC,eAAO,MAAM,iBAAiB,SAAS,CAAA;AACvC,eAAO,MAAM,uBAAuB,KAAK,CAAA;AAEzC,eAAO,MAAM,WAAW,SAAS,CAAA;AACjC,eAAO,MAAM,iBAAiB,KAAK,CAAA;AAUnC,aAAa;AACb,eAAO,MAAM,sBAAsB,QAAU,CAAA;AAE7C,iBAAiB;AACjB,eAAO,MAAM,yBAAyB,QAAc,CAAA;AAEpD,iBAAiB;AACjB,eAAO,MAAM,aAAa,QAAc,CAAA;AAExC,gBAAgB;AAChB,eAAO,MAAM,gCAAgC,QAAa,CAAA;AAE1D,aAAa;AACb,eAAO,MAAM,8BAA8B,QAAW,CAAA;AAEtD,aAAa;AACb,eAAO,MAAM,8BAA8B,QAAU,CAAA;AAErD,aAAa;AACb,eAAO,MAAM,oCAAoC,QAAW,CAAA;AAE5D,eAAe;AACf,eAAO,MAAM,oCAAoC,QAAY,CAAA;AAE7D,gBAAgB;AAChB,eAAO,MAAM,cAAc,QAAa,CAAA;AAExC;;;;;;GAMG;AACH,eAAO,MAAM,WAAW,QAAc,CAAA;AAEtC,eAAe;AACf,eAAO,MAAM,wBAAwB,QAAa,CAAA;AAElD,gBAAgB;AAChB,eAAO,MAAM,kBAAkB,QAAa,CAAA;AAE5C,gBAAgB;AAChB,eAAO,MAAM,wBAAwB,QAAa,CAAA;AAElD,YAAY;AACZ,eAAO,MAAM,+BAA+B,QAAU,CAAA;AAEtD,eAAO,MAAM,QAAQ,QAAuC,CAAA"}
|
package/dist/constants.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
// The purpose of the prefix is to provide type safety
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.CODE_CHALLENGE_REPLAY_TIMEFRAME = exports.SESSION_FIXATION_MAX_AGE = exports.DPOP_NONCE_MAX_AGE = exports.CLIENT_ASSERTION_MAX_AGE = exports.JAR_MAX_AGE = exports.PAR_EXPIRES_IN = exports.
|
|
4
|
+
exports.NODE_ENV = exports.CODE_CHALLENGE_REPLAY_TIMEFRAME = exports.SESSION_FIXATION_MAX_AGE = exports.DPOP_NONCE_MAX_AGE = exports.CLIENT_ASSERTION_MAX_AGE = exports.JAR_MAX_AGE = exports.PAR_EXPIRES_IN = exports.CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = exports.CONFIDENTIAL_CLIENT_SESSION_LIFETIME = exports.PUBLIC_CLIENT_REFRESH_LIFETIME = exports.PUBLIC_CLIENT_SESSION_LIFETIME = exports.AUTHORIZATION_INACTIVITY_TIMEOUT = exports.TOKEN_MAX_AGE = exports.EPHEMERAL_SESSION_MAX_AGE = exports.AUTHENTICATION_MAX_AGE = exports.CODE_BYTES_LENGTH = exports.CODE_PREFIX = exports.REQUEST_ID_BYTES_LENGTH = exports.REQUEST_ID_PREFIX = exports.TOKEN_ID_BYTES_LENGTH = exports.TOKEN_ID_PREFIX = exports.REFRESH_TOKEN_BYTES_LENGTH = exports.REFRESH_TOKEN_PREFIX = exports.SESSION_ID_BYTES_LENGTH = exports.SESSION_ID_PREFIX = exports.DEVICE_ID_BYTES_LENGTH = exports.DEVICE_ID_PREFIX = void 0;
|
|
5
5
|
exports.DEVICE_ID_PREFIX = 'dev-';
|
|
6
6
|
exports.DEVICE_ID_BYTES_LENGTH = 16; // 128 bits
|
|
7
7
|
exports.SESSION_ID_PREFIX = 'ses-';
|
|
@@ -29,14 +29,14 @@ exports.EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE;
|
|
|
29
29
|
exports.TOKEN_MAX_AGE = 60 * MINUTE;
|
|
30
30
|
/** 5 minutes */
|
|
31
31
|
exports.AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE;
|
|
32
|
-
/** 1 months */
|
|
33
|
-
exports.AUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT = 1 * MONTH;
|
|
34
|
-
/** 2 days */
|
|
35
|
-
exports.UNAUTHENTICATED_REFRESH_INACTIVITY_TIMEOUT = 2 * DAY;
|
|
36
32
|
/** 1 week */
|
|
37
|
-
exports.
|
|
33
|
+
exports.PUBLIC_CLIENT_SESSION_LIFETIME = 1 * WEEK;
|
|
34
|
+
/** 2 days */
|
|
35
|
+
exports.PUBLIC_CLIENT_REFRESH_LIFETIME = 2 * DAY;
|
|
38
36
|
/** 1 year */
|
|
39
|
-
exports.
|
|
37
|
+
exports.CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 1 * YEAR;
|
|
38
|
+
/** 1 months */
|
|
39
|
+
exports.CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 1 * MONTH;
|
|
40
40
|
/** 5 minutes */
|
|
41
41
|
exports.PAR_EXPIRES_IN = 5 * MINUTE;
|
|
42
42
|
/**
|
|
@@ -55,4 +55,5 @@ exports.DPOP_NONCE_MAX_AGE = 3 * MINUTE;
|
|
|
55
55
|
exports.SESSION_FIXATION_MAX_AGE = 5 * SECOND;
|
|
56
56
|
/** 1 day */
|
|
57
57
|
exports.CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY;
|
|
58
|
+
exports.NODE_ENV = process.env.NODE_ENV || 'production';
|
|
58
59
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;;;AAEzC,QAAA,gBAAgB,GAAG,MAAM,CAAA;AACzB,QAAA,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEvC,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAE3E,QAAA,oBAAoB,GAAG,MAAM,CAAA;AAC7B,QAAA,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAE3C,QAAA,eAAe,GAAG,MAAM,CAAA;AACxB,QAAA,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAEjF,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAExC,QAAA,WAAW,GAAG,MAAM,CAAA;AACpB,QAAA,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACA,QAAA,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACJ,QAAA,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACJ,QAAA,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AACH,QAAA,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;;;AAEzC,QAAA,gBAAgB,GAAG,MAAM,CAAA;AACzB,QAAA,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEvC,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAE3E,QAAA,oBAAoB,GAAG,MAAM,CAAA;AAC7B,QAAA,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAE3C,QAAA,eAAe,GAAG,MAAM,CAAA;AACxB,QAAA,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAEjF,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAExC,QAAA,WAAW,GAAG,MAAM,CAAA;AACpB,QAAA,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACA,QAAA,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACJ,QAAA,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACJ,QAAA,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AACH,QAAA,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,aAAa;AACA,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,CAAA;AAEtD,aAAa;AACA,QAAA,8BAA8B,GAAG,CAAC,GAAG,GAAG,CAAA;AAErD,aAAa;AACA,QAAA,oCAAoC,GAAG,CAAC,GAAG,IAAI,CAAA;AAE5D,eAAe;AACF,QAAA,oCAAoC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE7D,gBAAgB;AACH,QAAA,cAAc,GAAG,CAAC,GAAG,MAAM,CAAA;AAExC;;;;;;GAMG;AACU,QAAA,WAAW,GAAG,EAAE,GAAG,MAAM,CAAA;AAEtC,eAAe;AACF,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,gBAAgB;AACH,QAAA,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAA;AAE5C,gBAAgB;AACH,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,YAAY;AACC,QAAA,+BAA+B,GAAG,CAAC,GAAG,GAAG,CAAA;AAEzC,QAAA,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAA"}
|
|
@@ -9,7 +9,7 @@ const crypto_js_1 = require("../lib/util/crypto.js");
|
|
|
9
9
|
* @see {@link https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata}
|
|
10
10
|
*/
|
|
11
11
|
function buildMetadata(issuer, keyset, customMetadata) {
|
|
12
|
-
return oauth_types_1.
|
|
12
|
+
return oauth_types_1.oauthAuthorizationServerMetadataValidator.parse({
|
|
13
13
|
issuer,
|
|
14
14
|
scopes_supported: [
|
|
15
15
|
'atproto',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"build-metadata.js","sourceRoot":"","sources":["../../src/metadata/build-metadata.ts"],"names":[],"mappings":";;AAmBA,sCA0GC;AA5HD,sDAI6B;AAC7B,mDAA4C;AAC5C,qDAAoD;AAQpD;;;GAGG;AACH,SAAgB,aAAa,CAC3B,MAA6B,EAC7B,MAAc,EACd,cAA+B;IAE/B,OAAO,
|
|
1
|
+
{"version":3,"file":"build-metadata.js","sourceRoot":"","sources":["../../src/metadata/build-metadata.ts"],"names":[],"mappings":";;AAmBA,sCA0GC;AA5HD,sDAI6B;AAC7B,mDAA4C;AAC5C,qDAAoD;AAQpD;;;GAGG;AACH,SAAgB,aAAa,CAC3B,MAA6B,EAC7B,MAAc,EACd,cAA+B;IAE/B,OAAO,uDAAyC,CAAC,KAAK,CAAC;QACrD,MAAM;QAEN,gBAAgB,EAAE;YAChB,SAAS;YACT,EAAE;YACF,GAAG,CAAC,cAAc,EAAE,gBAAgB,IAAI,EAAE,CAAC;SAC5C;QACD,uBAAuB,EAAE;YACvB,EAAE;YACF,QAAQ,EAAE,6CAA6C;YACvD,+DAA+D;SAChE;QACD,wBAAwB,EAAE;YACxB,QAAQ;YACR,MAAM;YACN,WAAW;YAEX,SAAS;YACT,UAAU;YACV,yBAAyB;YACzB,mBAAmB;YACnB,gBAAgB;YAChB,oBAAoB;YACpB,cAAc;SACf;QACD,wBAAwB,EAAE;YACxB,mFAAmF;YACnF,OAAO;YACP,UAAU;YACV,0FAA0F;YAC1F,WAAW;SACZ;QACD,qBAAqB,EAAE;YACrB,EAAE;YACF,oBAAoB;YACpB,eAAe;SAChB;QACD,gCAAgC,EAAE;YAChC,sGAAsG;YACtG,MAAM;YAEN,iCAAiC;YACjC,WAAW;SACZ;QACD,oBAAoB,EAAE;YACpB,EAAE;YACF,OAAO;SACR;QACD,wBAAwB,EAAE;YACxB,EAAE;YACF,MAAM;YACN,OAAO;YACP,OAAO;YACP,aAAa;SACd;QAED,gDAAgD;QAChD,8CAA8C,EAAE,IAAI;QAEpD,0DAA0D;QAC1D,2CAA2C,EAAE,CAAC,GAAG,wBAAY,EAAE,MAAM,CAAC;QACtE,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAC3D,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAE3D,2BAA2B,EAAE,IAAI;QACjC,+BAA+B,EAAE,IAAI;QACrC,gCAAgC,EAAE,IAAI;QAEtC,QAAQ,EAAE,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI;QAE7C,sBAAsB,EAAE,IAAI,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC,IAAI;QAEhE,cAAc,EAAE,IAAI,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,IAAI;QACpD,qCAAqC,EAAE,CAAC,GAAG,kBAAM,CAAC,sBAAsB,CAAC;QACzE,gDAAgD,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEnE,mBAAmB,EAAE,IAAI,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,IAAI;QAE1D,sBAAsB,EAAE,IAAI,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,IAAI;QAEjE,+DAA+D;QAE/D,0DAA0D;QAC1D,qCAAqC,EAAE,IAAI,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI;QAEzE,qCAAqC,EAAE,IAAI;QAE3C,4DAA4D;QAC5D,iCAAiC,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEpD,6DAA6D;QAC7D,qCAAqC,EACnC,cAAc,EAAE,qCAAqC;QAEvD,wFAAwF;QACxF,mBAAmB,EAAE,cAAc,EAAE,mBAAmB;QAExD,kIAAkI;QAClI,qCAAqC,EAAE,IAAI;KAC5C,CAAC,CAAA;AACJ,CAAC"}
|
package/dist/oauth-provider.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { SimpleStore } from '@atproto-labs/simple-store';
|
|
|
6
6
|
import { AccessTokenMode } from './access-token/access-token-mode.js';
|
|
7
7
|
import { AccountManager } from './account/account-manager.js';
|
|
8
8
|
import { AccountStore, AuthorizedClientData, DeviceAccount } from './account/account-store.js';
|
|
9
|
-
import { ClientAuth } from './client/client-auth.js';
|
|
9
|
+
import { ClientAuth, ClientAuthLegacy } from './client/client-auth.js';
|
|
10
10
|
import { ClientId } from './client/client-id.js';
|
|
11
11
|
import { ClientManager, LoopbackMetadataGetter } from './client/client-manager.js';
|
|
12
12
|
import { ClientStore } from './client/client-store.js';
|
|
@@ -29,6 +29,7 @@ import { AuthorizationRedirectParameters } from './result/authorization-redirect
|
|
|
29
29
|
import { AuthorizationResultAuthorizePage } from './result/authorization-result-authorize-page.js';
|
|
30
30
|
import { AuthorizationResultRedirect } from './result/authorization-result-redirect.js';
|
|
31
31
|
import { ErrorHandler } from './router/error-handler.js';
|
|
32
|
+
import { TokenData } from './token/token-data.js';
|
|
32
33
|
import { TokenManager } from './token/token-manager.js';
|
|
33
34
|
import { TokenStore } from './token/token-store.js';
|
|
34
35
|
import { VerifyTokenClaimsOptions, VerifyTokenClaimsResult } from './token/verify-token-claims.js';
|
|
@@ -129,8 +130,8 @@ export declare class OAuthProvider extends OAuthVerifier {
|
|
|
129
130
|
readonly clientManager: ClientManager;
|
|
130
131
|
readonly requestManager: RequestManager;
|
|
131
132
|
readonly tokenManager: TokenManager;
|
|
132
|
-
constructor({ authenticationMaxAge, tokenMaxAge, accessTokenMode, metadata, safeFetch,
|
|
133
|
-
accountStore, deviceStore, tokenStore, clientStore, replayStore,
|
|
133
|
+
constructor({ authenticationMaxAge, tokenMaxAge, accessTokenMode, metadata, safeFetch, store, // compound store implementation
|
|
134
|
+
accountStore, deviceStore, tokenStore, requestStore, clientStore, replayStore, clientJwksCache, clientMetadataCache, loopbackMetadata, ...rest }: OAuthProviderOptions);
|
|
134
135
|
get jwks(): {
|
|
135
136
|
readonly keys: readonly ({
|
|
136
137
|
readonly kty: "RSA";
|
|
@@ -234,17 +235,13 @@ export declare class OAuthProvider extends OAuthVerifier {
|
|
|
234
235
|
*/
|
|
235
236
|
checkConsentRequired(parameters: OAuthAuthorizationRequestParameters, clientData?: AuthorizedClientData): boolean;
|
|
236
237
|
checkLoginRequired(deviceAccount: DeviceAccount): boolean;
|
|
237
|
-
protected authenticateClient(
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
protectedHeader: {
|
|
243
|
-
kid: string;
|
|
244
|
-
alg: string;
|
|
245
|
-
};
|
|
246
|
-
jkt: string;
|
|
238
|
+
protected authenticateClient(clientCredentials: OAuthClientCredentials, dpopProof: null | DpopProof, options?: {
|
|
239
|
+
allowMissingDpopProof?: boolean;
|
|
240
|
+
}): Promise<{
|
|
241
|
+
client: Client;
|
|
242
|
+
clientAuth: ClientAuth;
|
|
247
243
|
}>;
|
|
244
|
+
protected decodeJAR(client: Client, input: OAuthAuthorizationRequestJar): Promise<OAuthAuthorizationRequestParameters>;
|
|
248
245
|
/**
|
|
249
246
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc9126}
|
|
250
247
|
*/
|
|
@@ -262,12 +259,19 @@ export declare class OAuthProvider extends OAuthVerifier {
|
|
|
262
259
|
matchesHint: boolean;
|
|
263
260
|
}[]>;
|
|
264
261
|
token(clientCredentials: OAuthClientCredentials, clientMetadata: RequestMetadata, request: OAuthTokenRequest, dpopProof: null | DpopProof): Promise<OAuthTokenResponse>;
|
|
265
|
-
protected
|
|
266
|
-
|
|
262
|
+
protected compareClientAuth(client: Client, clientAuth: ClientAuth, dpopProof: null | DpopProof, initial: {
|
|
263
|
+
parameters: OAuthAuthorizationRequestParameters;
|
|
264
|
+
clientId: ClientId;
|
|
265
|
+
clientAuth: null | ClientAuth | ClientAuthLegacy;
|
|
266
|
+
}): Promise<void>;
|
|
267
|
+
protected authorizationCodeGrant(client: Client, clientAuth: ClientAuth, clientMetadata: RequestMetadata, input: OAuthAuthorizationCodeGrantTokenRequest, dpopProof: null | DpopProof): Promise<OAuthTokenResponse>;
|
|
268
|
+
protected validateCodeGrant(parameters: OAuthAuthorizationRequestParameters, input: OAuthAuthorizationCodeGrantTokenRequest): Promise<void>;
|
|
269
|
+
protected refreshTokenGrant(client: Client, clientAuth: ClientAuth, clientMetadata: RequestMetadata, input: OAuthRefreshTokenGrantTokenRequest, dpopProof: null | DpopProof): Promise<OAuthTokenResponse>;
|
|
270
|
+
protected validateRefreshGrant(client: Client, clientAuth: ClientAuth, data: TokenData): Promise<void>;
|
|
267
271
|
/**
|
|
268
272
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 rfc7009}
|
|
269
273
|
*/
|
|
270
|
-
revoke(
|
|
274
|
+
revoke(clientCredentials: OAuthClientCredentials, { token }: OAuthTokenIdentification, dpopProof: null | DpopProof): Promise<void>;
|
|
271
275
|
protected verifyToken(tokenType: OAuthTokenType, token: OAuthAccessToken, dpopProof: null | DpopProof, verifyOptions?: VerifyTokenClaimsOptions): Promise<VerifyTokenClaimsResult>;
|
|
272
276
|
}
|
|
273
277
|
//# sourceMappingURL=oauth-provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAElD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EAEL,gBAAgB,EAChB,uCAAuC,EACvC,4BAA4B,EAC5B,4BAA4B,EAC5B,mCAAmC,EACnC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,EACnB,gBAAgB,EAChB,kCAAkC,EAClC,wBAAwB,EACxB,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EAGf,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAA;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,aAAa,EAEd,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,aAAa,EACb,sBAAsB,EACvB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAS3C,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AACrE,OAAO,EACL,aAAa,EACb,kBAAkB,EAEnB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EACL,aAAa,EACb,oBAAoB,EAErB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AASrE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AAEvD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAEvE,OAAO,EAAE,cAAc,EAAiB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EACL,SAAS,EACT,aAAa,EACb,oBAAoB,EACrB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAA;AAErE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAkB,MAAM,4BAA4B,CAAA;AAEzE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAA;AAC/F,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAA;AAClG,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAA;AACvF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EACL,UAAU,EAGX,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACxB,MAAM,gCAAgC,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,CAAA;AAClC,YAAY,EACV,+BAA+B,EAC/B,gCAAgC,IAAI,4BAA4B,EAChE,2BAA2B,EAC3B,QAAQ,EACR,aAAa,EACb,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,eAAe,EACf,gCAAgC,GACjC,CAAA;AAED,KAAK,mBAAmB,GAAG;IACzB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B;;;OAGG;IAEH;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;;;;;;;;;;;OAaG;IACH,eAAe,CAAC,EAAE,eAAe,CAAA;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAA;IAEzB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;IAEnC;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,GAAG,YAAY,GAAG,MAAM,CAAA;IAErC;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,OAAO,CACb,YAAY,GACV,WAAW,GACX,WAAW,GACX,WAAW,GACX,YAAY,GACZ,UAAU,CACb,CAAA;IAED,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,WAAW,CAAC,EAAE,WAAW,CAAA;IACzB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,UAAU,CAAC,EAAE,UAAU,CAAA;IAEvB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAE3C;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;IAE9D;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,sBAAsB,CAAA;CACzD,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,GACpD,oBAAoB,GACpB,UAAU,GACV,oBAAoB,GACpB,kBAAkB,CAAA;AAEpB,qBAAa,aAAc,SAAQ,aAAa;IAC9C,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAA;IAEnD,SAAgB,QAAQ,EAAE,gCAAgC,CAAA;IAC1D,SAAgB,aAAa,EAAE,aAAa,CAAA;IAE5C,SAAgB,oBAAoB,EAAE,MAAM,CAAA;IAE5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,aAAa,EAAE,aAAa,CAAA;IAC5C,SAAgB,cAAc,EAAE,cAAc,CAAA;IAC9C,SAAgB,YAAY,EAAE,YAAY,CAAA;gBAEvB,EAEjB,oBAA6C,EAC7C,WAA2B,EAC3B,eAA2C,EAE3C,QAAQ,EAER,SAA2B,EAC3B,KAAK,EAAE,gCAAgC;IAGvC,YAAoC,EACpC,WAAkC,EAClC,UAAgC,EAChC,YAAoC,EAGpC,WAAkC,EAClC,WAAkC,EAElC,eAGE,EACF,mBAGE,EAEF,gBAAgD,EAMhD,GAAG,IAAI,EACR,EAAE,oBAAoB;IAwDvB,IAAI,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAEP;IAED;;OAEG;IACI,oBAAoB,CACzB,UAAU,EAAE,mCAAmC,EAC/C,UAAU,CAAC,EAAE,oBAAoB;IAiB5B,kBAAkB,CAAC,aAAa,EAAE,aAAa;cAKtC,kBAAkB,CAChC,iBAAiB,EAAE,sBAAsB,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,CAAC,EAAE;QACR,qBAAqB,CAAC,EAAE,OAAO,CAAA;KAChC,GACA,OAAO,CAAC;QACT,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;KACvB,CAAC;cAgDc,SAAS,CACvB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,4BAA4B,GAClC,OAAO,CAAC,mCAAmC,CAAC;IA6B/C;;OAEG;IACU,0BAA0B,CACrC,WAAW,EAAE,sBAAsB,EACnC,oBAAoB,EAAE,4BAA4B,EAClD,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,gBAAgB,CAAC;YAgEd,2BAA2B;IAmDzC;;OAEG;IACU,SAAS,CACpB,iBAAiB,EAAE,0BAA0B,EAC7C,KAAK,EAAE,8BAA8B,EACrC,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,GAC9B,OAAO,CAAC,2BAA2B,GAAG,gCAAgC,CAAC;cAgH1D,WAAW,CACzB,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,mCAAmC,GAC9C,OAAO,CACR;QACE,OAAO,EAAE,OAAO,CAAA;QAEhB,QAAQ,EAAE,OAAO,CAAA;QACjB,aAAa,EAAE,OAAO,CAAA;QACtB,eAAe,EAAE,OAAO,CAAA;QAExB,WAAW,EAAE,OAAO,CAAA;KACrB,EAAE,CACJ;IA4BY,KAAK,CAChB,iBAAiB,EAAE,sBAAsB,EACzC,cAAc,EAAE,eAAe,EAC/B,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cA2Cd,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,OAAO,EAAE;QACP,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,UAAU,EAAE,IAAI,GAAG,UAAU,GAAG,gBAAgB,CAAA;KACjD,GACA,OAAO,CAAC,IAAI,CAAC;cA+DA,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,uCAAuC,EAC9C,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cAmEd,iBAAiB,CAC/B,UAAU,EAAE,mCAAmC,EAC/C,KAAK,EAAE,uCAAuC,GAC7C,OAAO,CAAC,IAAI,CAAC;cAmDA,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,eAAe,EAC/B,KAAK,EAAE,kCAAkC,EACzC,SAAS,EAAE,IAAI,GAAG,SAAS,GAC1B,OAAO,CAAC,kBAAkB,CAAC;cA2Bd,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,SAAS,GACd,OAAO,CAAC,IAAI,CAAC;IAoBhB;;OAEG;IACU,MAAM,CACjB,iBAAiB,EAAE,sBAAsB,EACzC,EAAE,KAAK,EAAE,EAAE,wBAAwB,EACnC,SAAS,EAAE,IAAI,GAAG,SAAS;cAuBJ,WAAW,CAClC,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,gBAAgB,EACvB,SAAS,EAAE,IAAI,GAAG,SAAS,EAC3B,aAAa,CAAC,EAAE,wBAAwB,GACvC,OAAO,CAAC,uBAAuB,CAAC;CAgCpC"}
|