@atproto/oauth-provider 0.9.1 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/lib/util/type.d.ts +3 -0
- package/dist/lib/util/type.d.ts.map +1 -1
- package/dist/lib/util/type.js.map +1 -1
- package/dist/router/create-oauth-middleware.d.ts.map +1 -1
- package/dist/router/create-oauth-middleware.js +4 -2
- package/dist/router/create-oauth-middleware.js.map +1 -1
- package/dist/signer/signer.d.ts +2 -2
- package/dist/signer/signer.d.ts.map +1 -1
- package/dist/signer/signer.js.map +1 -1
- package/package.json +7 -7
- package/src/lib/util/type.ts +8 -0
- package/src/router/create-oauth-middleware.ts +5 -2
- package/src/signer/signer.ts +1 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# @atproto/oauth-provider
|
|
2
2
|
|
|
3
|
+
## 0.9.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#3967](https://github.com/bluesky-social/atproto/pull/3967) [`68c43a94b`](https://github.com/bluesky-social/atproto/commit/68c43a94bd76dc8040cdff9406cabaf1a484d999) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Return `invalid_grant` instead of `invalid_client` when incorrectly authenticated with token endpoint
|
|
8
|
+
|
|
9
|
+
- [#3967](https://github.com/bluesky-social/atproto/pull/3967) [`68c43a94b`](https://github.com/bluesky-social/atproto/commit/68c43a94bd76dc8040cdff9406cabaf1a484d999) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Return `invalid_client` instead of `invalid_grant` when incorrectly authenticated with PAR endpoint
|
|
10
|
+
|
|
11
|
+
- Updated dependencies [[`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee), [`90b4775fc`](https://github.com/bluesky-social/atproto/commit/90b4775fc9c6959171bc12b961ce9421cc14d6ee)]:
|
|
12
|
+
- @atproto/jwk@0.4.0
|
|
13
|
+
- @atproto/jwk-jose@0.1.9
|
|
14
|
+
- @atproto/oauth-provider-api@0.1.5
|
|
15
|
+
- @atproto/oauth-types@0.3.1
|
|
16
|
+
- @atproto/oauth-provider-frontend@0.1.9
|
|
17
|
+
- @atproto/oauth-provider-ui@0.1.10
|
|
18
|
+
|
|
3
19
|
## 0.9.1
|
|
4
20
|
|
|
5
21
|
### Patch Changes
|
package/dist/lib/util/type.d.ts
CHANGED
|
@@ -27,6 +27,9 @@ export type NonNullableKeys<T, K extends keyof T> = Simplify<OmitKey<T, K> & {
|
|
|
27
27
|
export type OmitKey<T, K extends keyof T> = {
|
|
28
28
|
[K2 in keyof T as K2 extends K ? never : K2]: T[K2];
|
|
29
29
|
};
|
|
30
|
+
export type RequiredKey<T, K extends keyof T = never> = Simplify<T & {
|
|
31
|
+
[L in K]-?: unknown extends T[L] ? NonNullable<unknown> | null : Exclude<T[L], undefined>;
|
|
32
|
+
}>;
|
|
30
33
|
/**
|
|
31
34
|
* Converts a tuple to the equivalent type of combining every item into a single
|
|
32
35
|
* one. If any of the item in the tuple is non nullish, the result will be non
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"type.d.ts","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,EAAE,CAAA;AACvD,MAAM,MAAM,QAAQ,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC;KACnC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,GACnC,CAAC,CAAC,CAAC,CAAC,GACJ,CAAC,SAAS,MAAM,CAAC,GACf,CAAC,CAAC,CAAC,CAAC,GACJ,KAAK;CACZ,CAAC,CAAA;AACF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;AACzC,MAAM,MAAM,eAAe,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IAAI,QAAQ,CAC1D,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG;KACb,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAC9B,CACF,CAAA;AACD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,OAAO,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IAAI;KACzC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;CACpD,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,SAAS,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,GAClE,SAAS,GACT,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,EAGT;KACG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GACX,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,GAClC,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,SAAS,CAAC;CACjD,CAAC,MAAM,CAAC,CAAC,CACX,CAAA;AAEL;;GAEG;AACH,MAAM,MAAM,eAAe,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;CAAE,CAAA;AAI/E;;;;;GAKG;AACH,KAAK,cAAc,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,CAAA;AAExD;;;;;;;GAOG;AACH,KAAK,mBAAmB,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI,GAAG,KAAK,CAAC,SAAS,CAC7E,CAAC,EAAE,MAAM,CAAC,KACP,IAAI,GACL,CAAC,GACD,KAAK,CAAA;AAET;;;;;GAKG;AACH,KAAK,gBAAgB,CAAC,CAAC,IAYrB,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE1E;;;;;;;;;;;;GAYG;AACH,KAAK,YAAY,CAAC,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC,CAAA;AAE9C,KAAK,oBAAoB,CACvB,CAAC,EAED,GAAG,SAAS,SAAS,GAAG,EAAE,GAAG,EAAE,EAE/B,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAG1B;IAAC,IAAI;CAAC,SAAS,CAAC,KAAK,CAAC,GAElB,GAAG,GAGH,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAA;AAErE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,eAAO,MAAM,qBAAqB,GAC/B,CAAC,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,MACjE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,KAAG,KAAK,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,CACf,CAAA"}
|
|
1
|
+
{"version":3,"file":"type.d.ts","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,EAAE,CAAA;AACvD,MAAM,MAAM,QAAQ,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC;KACnC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,GACnC,CAAC,CAAC,CAAC,CAAC,GACJ,CAAC,SAAS,MAAM,CAAC,GACf,CAAC,CAAC,CAAC,CAAC,GACJ,KAAK;CACZ,CAAC,CAAA;AACF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;AACzC,MAAM,MAAM,eAAe,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IAAI,QAAQ,CAC1D,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG;KACb,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAC9B,CACF,CAAA;AACD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,OAAO,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IAAI;KACzC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;CACpD,CAAA;AAED,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,GAAG,KAAK,IAAI,QAAQ,CAC9D,CAAC,GAAG;KACD,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GAC5B,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,GAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;CAC7B,CACF,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,SAAS,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,GAClE,SAAS,GACT,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,EAGT;KACG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GACX,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,GAClC,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,SAAS,CAAC;CACjD,CAAC,MAAM,CAAC,CAAC,CACX,CAAA;AAEL;;GAEG;AACH,MAAM,MAAM,eAAe,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;CAAE,CAAA;AAI/E;;;;;GAKG;AACH,KAAK,cAAc,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,CAAA;AAExD;;;;;;;GAOG;AACH,KAAK,mBAAmB,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI,GAAG,KAAK,CAAC,SAAS,CAC7E,CAAC,EAAE,MAAM,CAAC,KACP,IAAI,GACL,CAAC,GACD,KAAK,CAAA;AAET;;;;;GAKG;AACH,KAAK,gBAAgB,CAAC,CAAC,IAYrB,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE1E;;;;;;;;;;;;GAYG;AACH,KAAK,YAAY,CAAC,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC,CAAA;AAE9C,KAAK,oBAAoB,CACvB,CAAC,EAED,GAAG,SAAS,SAAS,GAAG,EAAE,GAAG,EAAE,EAE/B,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAG1B;IAAC,IAAI;CAAC,SAAS,CAAC,KAAK,CAAC,GAElB,GAAG,GAGH,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAA;AAErE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,eAAO,MAAM,qBAAqB,GAC/B,CAAC,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,MACjE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,KAAG,KAAK,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,CACf,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":";;;AA4IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACI,MAAM,qBAAqB,GAChC,CAAmB,IAA+C,EAAE,EAAE,CACtE,CAAuB,KAAQ,EAAmC,EAAE,CAClE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAA;AAHtC,QAAA,qBAAqB,yBAGiB;AAEnD,mBAAmB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-oauth-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAYhE,OAAO,EACL,UAAU,EAOX,MAAM,sBAAsB,CAAA;AAE7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAqChE,wBAAgB,qBAAqB,CACnC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"create-oauth-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAYhE,OAAO,EACL,UAAU,EAOX,MAAM,sBAAsB,CAAA;AAE7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAqChE,wBAAgB,qBAAqB,CACnC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAuK3B"}
|
|
@@ -48,9 +48,11 @@ function createOAuthMiddleware(server, { onError }) {
|
|
|
48
48
|
router.options('/oauth/par', corsPreflight);
|
|
49
49
|
router.post('/oauth/par', corsHeaders, oauthHandler(async function (req) {
|
|
50
50
|
const payload = await (0, index_js_1.parseHttpRequest)(req, ['json', 'urlencoded']);
|
|
51
|
+
// https://datatracker.ietf.org/doc/html/rfc9126#name-error-response
|
|
52
|
+
// https://datatracker.ietf.org/doc/html/rfc6749#autoid-56
|
|
51
53
|
const credentials = await oauth_types_1.oauthClientCredentialsSchema
|
|
52
54
|
.parseAsync(payload, { path: ['body'] })
|
|
53
|
-
.catch(
|
|
55
|
+
.catch(throwInvalidClient);
|
|
54
56
|
const authorizationRequest = await oauth_types_1.oauthAuthorizationRequestParSchema
|
|
55
57
|
.parseAsync(payload, { path: ['body'] })
|
|
56
58
|
.catch(throwInvalidRequest);
|
|
@@ -69,7 +71,7 @@ function createOAuthMiddleware(server, { onError }) {
|
|
|
69
71
|
const clientMetadata = await server.deviceManager.getRequestMetadata(req);
|
|
70
72
|
const clientCredentials = await oauth_types_1.oauthClientCredentialsSchema
|
|
71
73
|
.parseAsync(payload, { path: ['body'] })
|
|
72
|
-
.catch(
|
|
74
|
+
.catch(throwInvalidGrant);
|
|
73
75
|
const tokenRequest = await oauth_types_1.oauthTokenRequestSchema
|
|
74
76
|
.parseAsync(payload, { path: ['body'] })
|
|
75
77
|
.catch(throwInvalidGrant);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA4DA,
|
|
1
|
+
{"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA4DA,sDA8KC;AAzOD,sDAK6B;AAC7B,+DAA+E;AAC/E,+EAAsE;AACtE,6EAAoE;AACpE,iFAAwE;AACxE,mFAA0E;AAC1E,mDAQ6B;AAC7B,2DAAiE;AAIjE,iBAAiB;AACjB,MAAM,WAAW,GAAe,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;IACtD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA,CAAC,QAAQ;IAEzD,wFAAwF;IACxF,EAAE;IACF,mEAAmE;IACnE,+DAA+D;IAC/D,4DAA4D;IAC5D,kEAAkE;IAClE,WAAW;IACX,EAAE;IACF,4DAA4D;IAC5D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAA;IAEjD,yFAAyF;IACzF,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,eAAe;IACf,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IAElD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAA;IAElE,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAED,MAAM,aAAa,GAAe,IAAA,6BAAkB,EAAC;IACnD,WAAW;IACX,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC;CACF,CAAC,CAAA;AAEF,SAAgB,qBAAqB,CAKnC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhE,0BAA0B;IAE1B,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE,aAAa,CAAC,CAAA;IACxE,MAAM,CAAC,GAAG,CACR,yCAAyC,EACzC,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;IAC5C,MAAM,CAAC,GAAG,CACR,aAAa,EACb,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,IAAI,CAAC,CAClC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,oEAAoE;QACpE,0DAA0D;QAE1D,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,kBAAkB,CAAC,CAAA;QAE5B,MAAM,oBAAoB,GAAG,MAAM,gDAAkC;aAClE,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,0BAA0B,CACtC,WAAW,EACX,oBAAoB,EACpB,SAAS,CACV,CAAA;IACH,CAAC,EAAE,GAAG,CAAC,CACR,CAAA;IACD,4DAA4D;IAC5D,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,aAAa,CAAC,CAAA;IAC7C,MAAM,CAAC,IAAI,CACT,cAAc,EACd,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEzE,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE3B,MAAM,YAAY,GAAG,MAAM,qCAAuB;aAC/C,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE3B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,SAAS,CACV,CAAA;IACH,CAAC,CAAC,CACH,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CACT,eAAe,EACf,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,mBAAmB,GAAG,MAAM,4CAA8B;aAC7D,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAA;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,kEAAkE;YAClE,uEAAuE;YACvE,uEAAuE;YACvE,gCAAgC;YAChC,EAAE;YACF,4DAA4D;YAE5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,YAAY,CACnB,kBAA4D,EAC5D,MAAe;QAEf,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,4DAA4D;gBAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;gBACxC,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,YAAY,CAAA;oBACzB,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;oBAC9B,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,qBAAqB,CAAC,CAAA;gBAE/C,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,YAAY,gDAAoB,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAA;oBAC/B,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC9C,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;gBAEtC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;YAC5B,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY;IACrC,MAAM,IAAI,0CAAiB,CACzB,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,eAAe,EAC9C,GAAG,CACJ,CAAA;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,MAAM,IAAI,4CAAkB,CAC1B,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,8BAA8B,EAC7D,GAAG,CACJ,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,IAAI,8CAAmB,CAC3B,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,wBAAwB,EACvD,GAAG,CACJ,CAAA;AACH,CAAC"}
|
package/dist/signer/signer.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { JwtPayload, JwtPayloadGetter, JwtSignHeader, Keyset,
|
|
2
|
-
import { OmitKey } from '../lib/util/type.js';
|
|
1
|
+
import { JwtPayload, JwtPayloadGetter, JwtSignHeader, Keyset, SignedJwt, VerifyOptions } from '@atproto/jwk';
|
|
2
|
+
import { OmitKey, RequiredKey } from '../lib/util/type.js';
|
|
3
3
|
import { ApiTokenPayload } from './api-token-payload.js';
|
|
4
4
|
import { SignedTokenPayload } from './signed-token-payload.js';
|
|
5
5
|
export type SignPayload = JwtPayload & {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,MAAM,EACN,
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,MAAM,EACN,SAAS,EACT,aAAa,EACd,MAAM,cAAc,CAAA;AAGrB,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAyB,MAAM,wBAAwB,CAAA;AAC/E,OAAO,EACL,kBAAkB,EAEnB,MAAM,2BAA2B,CAAA;AAElC,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG;IAAE,GAAG,CAAC,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtD,OAAO,EAAE,MAAM,EAAE,CAAA;AACjB,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;AAEzE,qBAAa,MAAM;aAEC,MAAM,EAAE,MAAM;aACd,MAAM,EAAE,MAAM;gBADd,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM;IAG1B,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACnC,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkFkoc,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;iBAA2C,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA1E90c,IAAI,CACf,UAAU,EAAE,aAAa,EACzB,OAAO,EAAE,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC,GACnD,OAAO,CAAC,SAAS,CAAC;IASf,iBAAiB,CACrB,OAAO,EAAE,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,GAC1C,OAAO,CAAC,SAAS,CAAC;IAWf,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EAC9C,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;;;;;;;;;;;;;iBA+CrB,CAAC;iBAA+B,CAAC;mBAAiC,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;;iBAA6D,CAAC;iBAA+B,CAAC;mBAAiC,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;;;;;;;;;;iBA1CnS,WAAW,CACpE,kBAAkB,EAClB,CAAC,CACF;;IAIC,oBAAoB,CACxB,OAAO,EAAE,OAAO,CAAC,eAAe,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IAepD,oBAAoB,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACjD,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;;;;;;;;;;;;;iBAiBlC,CAAC;iBAA+B,CAAC;mBAAiC,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;;iBAA6D,CAAC;iBAA+B,CAAC;mBAAiC,CAAC;iBAA+B,CAAC;iBAA+B,CAAC;;;;;;;;;;;iBAPtS,WAAW,CACjE,eAAe,EACf,CAAC,CACF;;CAGN"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/signer/signer.ts"],"names":[],"mappings":";;;AAAA,sCAOqB;AAYZ,uFAfP,YAAM,OAeO;AAXf,kDAA2D;AAC3D,iDAAiD;AAEjD,iEAA+E;AAC/E,uEAGkC;AAOlC,MAAa,MAAM;IAEC;IACA;IAFlB,YACkB,MAAc,EACd,MAAc;QADd,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEJ,KAAK,CAAC,MAAM,CACV,KAAgB,EAChB,OAA0C;QAE1C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAI,KAAK,EAAE;YACrC,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,UAAyB,EACzB,OAAoD;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,OAAO,OAAO,KAAK,UAAU;gBAC/B,CAAC,CAAC,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC;gBACrC,CAAC,CAAC,OAAO,CAAC;YACZ,GAAG,EAAE,IAAI,CAAC,MAAM;SACjB,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAA2C;QAE3C,OAAO,IAAI,CAAC,IAAI,CACd;YACE,4DAA4D;YAC5D,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD,OAAO,CACR,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAgB,EAChB,OAAkD;QAElD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAA;QACzE,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,kDAAwB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGrD;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAwD;QAExD,OAAO,IAAI,CAAC,IAAI,CACd;YACE,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,QAAQ;SACd,EACD;YACE,GAAG,OAAO;YACV,GAAG,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YACxC,GAAG,EAAE,IAAA,qBAAW,GAAE;SACnB,CACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAgB,EAChB,OAA+D;QAE/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAI,KAAK,EAAE;YACzC,GAAG,OAAO;YACV,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,wCAAyB,GAAG,GAAG;YACpE,QAAQ,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE;YAC7C,GAAG,EAAE,QAAQ;SACd,CAAC,CAAA;QACF,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,4CAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAGlD;SACF,CAAA;IACH,CAAC;CACF;AAzFD,wBAyFC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.2",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
|
|
6
6
|
"keywords": [
|
|
@@ -49,12 +49,12 @@
|
|
|
49
49
|
"@atproto-labs/simple-store-memory": "0.1.3",
|
|
50
50
|
"@atproto/common": "^0.4.11",
|
|
51
51
|
"@atproto/did": "0.1.5",
|
|
52
|
-
"@atproto/jwk": "0.
|
|
53
|
-
"@atproto/jwk-jose": "0.1.
|
|
54
|
-
"@atproto/oauth-types": "0.3.
|
|
55
|
-
"@atproto/oauth-provider-api": "0.1.
|
|
56
|
-
"@atproto/oauth-provider-frontend": "0.1.
|
|
57
|
-
"@atproto/oauth-provider-ui": "0.1.
|
|
52
|
+
"@atproto/jwk": "0.4.0",
|
|
53
|
+
"@atproto/jwk-jose": "0.1.9",
|
|
54
|
+
"@atproto/oauth-types": "0.3.1",
|
|
55
|
+
"@atproto/oauth-provider-api": "0.1.5",
|
|
56
|
+
"@atproto/oauth-provider-frontend": "0.1.9",
|
|
57
|
+
"@atproto/oauth-provider-ui": "0.1.10",
|
|
58
58
|
"@atproto/syntax": "0.4.0"
|
|
59
59
|
},
|
|
60
60
|
"devDependencies": {
|
package/src/lib/util/type.ts
CHANGED
|
@@ -33,6 +33,14 @@ export type OmitKey<T, K extends keyof T> = {
|
|
|
33
33
|
[K2 in keyof T as K2 extends K ? never : K2]: T[K2]
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
+
export type RequiredKey<T, K extends keyof T = never> = Simplify<
|
|
37
|
+
T & {
|
|
38
|
+
[L in K]-?: unknown extends T[L]
|
|
39
|
+
? NonNullable<unknown> | null
|
|
40
|
+
: Exclude<T[L], undefined>
|
|
41
|
+
}
|
|
42
|
+
>
|
|
43
|
+
|
|
36
44
|
/**
|
|
37
45
|
* Converts a tuple to the equivalent type of combining every item into a single
|
|
38
46
|
* one. If any of the item in the tuple is non nullish, the result will be non
|
|
@@ -93,9 +93,12 @@ export function createOAuthMiddleware<
|
|
|
93
93
|
oauthHandler(async function (req) {
|
|
94
94
|
const payload = await parseHttpRequest(req, ['json', 'urlencoded'])
|
|
95
95
|
|
|
96
|
+
// https://datatracker.ietf.org/doc/html/rfc9126#name-error-response
|
|
97
|
+
// https://datatracker.ietf.org/doc/html/rfc6749#autoid-56
|
|
98
|
+
|
|
96
99
|
const credentials = await oauthClientCredentialsSchema
|
|
97
100
|
.parseAsync(payload, { path: ['body'] })
|
|
98
|
-
.catch(
|
|
101
|
+
.catch(throwInvalidClient)
|
|
99
102
|
|
|
100
103
|
const authorizationRequest = await oauthAuthorizationRequestParSchema
|
|
101
104
|
.parseAsync(payload, { path: ['body'] })
|
|
@@ -132,7 +135,7 @@ export function createOAuthMiddleware<
|
|
|
132
135
|
|
|
133
136
|
const clientCredentials = await oauthClientCredentialsSchema
|
|
134
137
|
.parseAsync(payload, { path: ['body'] })
|
|
135
|
-
.catch(
|
|
138
|
+
.catch(throwInvalidGrant)
|
|
136
139
|
|
|
137
140
|
const tokenRequest = await oauthTokenRequestSchema
|
|
138
141
|
.parseAsync(payload, { path: ['body'] })
|
package/src/signer/signer.ts
CHANGED
|
@@ -3,13 +3,12 @@ import {
|
|
|
3
3
|
JwtPayloadGetter,
|
|
4
4
|
JwtSignHeader,
|
|
5
5
|
Keyset,
|
|
6
|
-
RequiredKey,
|
|
7
6
|
SignedJwt,
|
|
8
7
|
VerifyOptions,
|
|
9
8
|
} from '@atproto/jwk'
|
|
10
9
|
import { EPHEMERAL_SESSION_MAX_AGE } from '../constants.js'
|
|
11
10
|
import { dateToEpoch } from '../lib/util/date.js'
|
|
12
|
-
import { OmitKey } from '../lib/util/type.js'
|
|
11
|
+
import { OmitKey, RequiredKey } from '../lib/util/type.js'
|
|
13
12
|
import { ApiTokenPayload, apiTokenPayloadSchema } from './api-token-payload.js'
|
|
14
13
|
import {
|
|
15
14
|
SignedTokenPayload,
|