@atproto/oauth-provider 0.9.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +38 -0
- package/dist/client/client-manager.d.ts.map +1 -1
- package/dist/client/client-manager.js +0 -7
- package/dist/client/client-manager.js.map +1 -1
- package/dist/client/client.js +6 -6
- package/dist/client/client.js.map +1 -1
- package/dist/device/device-manager.js +1 -1
- package/dist/device/device-manager.js.map +1 -1
- package/dist/dpop/dpop-manager.js +15 -15
- package/dist/dpop/dpop-manager.js.map +1 -1
- package/dist/errors/access-denied-error.d.ts +4 -7
- package/dist/errors/access-denied-error.d.ts.map +1 -1
- package/dist/errors/access-denied-error.js +4 -13
- package/dist/errors/access-denied-error.js.map +1 -1
- package/dist/errors/account-selection-required-error.d.ts +2 -2
- package/dist/errors/account-selection-required-error.d.ts.map +1 -1
- package/dist/errors/account-selection-required-error.js +2 -2
- package/dist/errors/account-selection-required-error.js.map +1 -1
- package/dist/errors/authorization-error.d.ts +10 -0
- package/dist/errors/authorization-error.d.ts.map +1 -0
- package/dist/errors/authorization-error.js +31 -0
- package/dist/errors/authorization-error.js.map +1 -0
- package/dist/errors/consent-required-error.d.ts +2 -2
- package/dist/errors/consent-required-error.d.ts.map +1 -1
- package/dist/errors/consent-required-error.js +2 -2
- package/dist/errors/consent-required-error.js.map +1 -1
- package/dist/errors/error-parser.d.ts.map +1 -1
- package/dist/errors/error-parser.js +2 -1
- package/dist/errors/error-parser.js.map +1 -1
- package/dist/errors/invalid-authorization-details-error.d.ts +2 -2
- package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -1
- package/dist/errors/invalid-authorization-details-error.js +2 -2
- package/dist/errors/invalid-authorization-details-error.js.map +1 -1
- package/dist/errors/invalid-scope-error.d.ts +2 -2
- package/dist/errors/invalid-scope-error.d.ts.map +1 -1
- package/dist/errors/invalid-scope-error.js +2 -2
- package/dist/errors/invalid-scope-error.js.map +1 -1
- package/dist/errors/login-required-error.d.ts +2 -3
- package/dist/errors/login-required-error.d.ts.map +1 -1
- package/dist/errors/login-required-error.js +2 -7
- package/dist/errors/login-required-error.js.map +1 -1
- package/dist/lib/http/response.d.ts +4 -4
- package/dist/lib/http/response.d.ts.map +1 -1
- package/dist/lib/http/response.js +8 -7
- package/dist/lib/http/response.js.map +1 -1
- package/dist/lib/http/stream.d.ts +1 -0
- package/dist/lib/http/stream.d.ts.map +1 -1
- package/dist/lib/http/stream.js +6 -0
- package/dist/lib/http/stream.js.map +1 -1
- package/dist/lib/util/error.d.ts +2 -0
- package/dist/lib/util/error.d.ts.map +1 -0
- package/dist/lib/util/error.js +11 -0
- package/dist/lib/util/error.js.map +1 -0
- package/dist/lib/util/zod-error.d.ts +3 -1
- package/dist/lib/util/zod-error.d.ts.map +1 -1
- package/dist/lib/util/zod-error.js +20 -10
- package/dist/lib/util/zod-error.js.map +1 -1
- package/dist/metadata/build-metadata.d.ts +0 -1
- package/dist/metadata/build-metadata.d.ts.map +1 -1
- package/dist/metadata/build-metadata.js +6 -2
- package/dist/metadata/build-metadata.js.map +1 -1
- package/dist/oauth-errors.d.ts +1 -1
- package/dist/oauth-errors.d.ts.map +1 -1
- package/dist/oauth-errors.js +1 -1
- package/dist/oauth-errors.js.map +1 -1
- package/dist/oauth-hooks.d.ts +17 -3
- package/dist/oauth-hooks.d.ts.map +1 -1
- package/dist/oauth-hooks.js +7 -4
- package/dist/oauth-hooks.js.map +1 -1
- package/dist/oauth-provider.d.ts +1 -0
- package/dist/oauth-provider.d.ts.map +1 -1
- package/dist/oauth-provider.js +35 -49
- package/dist/oauth-provider.js.map +1 -1
- package/dist/oauth-verifier.d.ts +2 -1
- package/dist/oauth-verifier.d.ts.map +1 -1
- package/dist/oauth-verifier.js.map +1 -1
- package/dist/request/request-manager.d.ts +5 -5
- package/dist/request/request-manager.d.ts.map +1 -1
- package/dist/request/request-manager.js +63 -45
- package/dist/request/request-manager.js.map +1 -1
- package/dist/request/request-store.d.ts +6 -6
- package/dist/request/request-store.d.ts.map +1 -1
- package/dist/result/authorization-result-authorize-page.d.ts +2 -3
- package/dist/result/authorization-result-authorize-page.d.ts.map +1 -1
- package/dist/router/assets/send-authorization-page.js +3 -2
- package/dist/router/assets/send-authorization-page.js.map +1 -1
- package/dist/router/create-api-middleware.d.ts.map +1 -1
- package/dist/router/create-api-middleware.js +68 -48
- package/dist/router/create-api-middleware.js.map +1 -1
- package/dist/router/create-authorization-page-middleware.d.ts.map +1 -1
- package/dist/router/create-authorization-page-middleware.js +19 -17
- package/dist/router/create-authorization-page-middleware.js.map +1 -1
- package/dist/router/create-oauth-middleware.d.ts.map +1 -1
- package/dist/router/create-oauth-middleware.js +21 -18
- package/dist/router/create-oauth-middleware.js.map +1 -1
- package/dist/router/send-redirect.js +2 -2
- package/dist/router/send-redirect.js.map +1 -1
- package/dist/token/token-manager.js +1 -1
- package/dist/token/verify-token-claims.d.ts +1 -0
- package/dist/token/verify-token-claims.d.ts.map +1 -1
- package/dist/token/verify-token-claims.js.map +1 -1
- package/dist/types/authorization-response-error.d.ts +5 -0
- package/dist/types/authorization-response-error.d.ts.map +1 -0
- package/dist/types/authorization-response-error.js +21 -0
- package/dist/types/authorization-response-error.js.map +1 -0
- package/dist/types/par-response-error.d.ts +5 -0
- package/dist/types/par-response-error.d.ts.map +1 -0
- package/dist/types/par-response-error.js +22 -0
- package/dist/types/par-response-error.js.map +1 -0
- package/package.json +7 -6
- package/src/client/client-manager.ts +0 -8
- package/src/client/client.ts +6 -6
- package/src/device/device-manager.ts +1 -1
- package/src/dpop/dpop-manager.ts +16 -16
- package/src/errors/access-denied-error.ts +6 -33
- package/src/errors/account-selection-required-error.ts +2 -2
- package/src/errors/authorization-error.ts +45 -0
- package/src/errors/consent-required-error.ts +2 -2
- package/src/errors/error-parser.ts +2 -1
- package/src/errors/invalid-authorization-details-error.ts +2 -2
- package/src/errors/invalid-scope-error.ts +2 -2
- package/src/errors/login-required-error.ts +2 -12
- package/src/lib/http/response.ts +14 -13
- package/src/lib/http/stream.ts +6 -0
- package/src/lib/util/error.ts +7 -0
- package/src/lib/util/zod-error.ts +23 -11
- package/src/metadata/build-metadata.ts +8 -3
- package/src/oauth-errors.ts +1 -1
- package/src/oauth-hooks.ts +18 -2
- package/src/oauth-provider.ts +37 -58
- package/src/oauth-verifier.ts +3 -1
- package/src/request/request-manager.ts +76 -55
- package/src/request/request-store.ts +6 -6
- package/src/result/authorization-result-authorize-page.ts +2 -3
- package/src/router/assets/send-authorization-page.ts +3 -3
- package/src/router/create-api-middleware.ts +92 -64
- package/src/router/create-authorization-page-middleware.ts +19 -21
- package/src/router/create-oauth-middleware.ts +28 -27
- package/src/router/send-redirect.ts +2 -2
- package/src/token/token-manager.ts +1 -1
- package/src/token/verify-token-claims.ts +8 -0
- package/src/types/authorization-response-error.ts +27 -0
- package/src/types/par-response-error.ts +25 -0
- package/tsconfig.build.tsbuildinfo +1 -1
- package/dist/errors/invalid-parameters-error.d.ts +0 -6
- package/dist/errors/invalid-parameters-error.d.ts.map +0 -1
- package/dist/errors/invalid-parameters-error.js +0 -11
- package/dist/errors/invalid-parameters-error.js.map +0 -1
- package/dist/request/request-info.d.ts +0 -14
- package/dist/request/request-info.d.ts.map +0 -1
- package/dist/request/request-info.js +0 -3
- package/dist/request/request-info.js.map +0 -1
- package/src/errors/invalid-parameters-error.ts +0 -12
- package/src/request/request-info.ts +0 -14
|
@@ -2,13 +2,14 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.RequestManager = void 0;
|
|
4
4
|
const did_1 = require("@atproto/did");
|
|
5
|
+
const oauth_scopes_1 = require("@atproto/oauth-scopes");
|
|
5
6
|
const syntax_1 = require("@atproto/syntax");
|
|
6
7
|
const constants_js_1 = require("../constants.js");
|
|
7
8
|
const access_denied_error_js_1 = require("../errors/access-denied-error.js");
|
|
9
|
+
const authorization_error_js_1 = require("../errors/authorization-error.js");
|
|
8
10
|
const consent_required_error_js_1 = require("../errors/consent-required-error.js");
|
|
9
11
|
const invalid_authorization_details_error_js_1 = require("../errors/invalid-authorization-details-error.js");
|
|
10
12
|
const invalid_grant_error_js_1 = require("../errors/invalid-grant-error.js");
|
|
11
|
-
const invalid_parameters_error_js_1 = require("../errors/invalid-parameters-error.js");
|
|
12
13
|
const invalid_request_error_js_1 = require("../errors/invalid-request-error.js");
|
|
13
14
|
const invalid_scope_error_js_1 = require("../errors/invalid-scope-error.js");
|
|
14
15
|
const function_js_1 = require("../lib/util/function.js");
|
|
@@ -34,9 +35,14 @@ class RequestManager {
|
|
|
34
35
|
}
|
|
35
36
|
async createAuthorizationRequest(client, clientAuth, input, deviceId) {
|
|
36
37
|
const parameters = await this.validate(client, clientAuth, input);
|
|
38
|
+
await (0, function_js_1.callAsync)(this.hooks.onAuthorizationRequest, {
|
|
39
|
+
client,
|
|
40
|
+
clientAuth,
|
|
41
|
+
parameters,
|
|
42
|
+
});
|
|
37
43
|
const expiresAt = new Date(Date.now() + constants_js_1.PAR_EXPIRES_IN);
|
|
38
|
-
const
|
|
39
|
-
await this.store.createRequest(
|
|
44
|
+
const requestId = await (0, request_id_js_1.generateRequestId)();
|
|
45
|
+
await this.store.createRequest(requestId, {
|
|
40
46
|
clientId: client.id,
|
|
41
47
|
clientAuth,
|
|
42
48
|
parameters,
|
|
@@ -45,8 +51,8 @@ class RequestManager {
|
|
|
45
51
|
sub: null,
|
|
46
52
|
code: null,
|
|
47
53
|
});
|
|
48
|
-
const
|
|
49
|
-
return {
|
|
54
|
+
const requestUri = (0, request_uri_js_1.encodeRequestUri)(requestId);
|
|
55
|
+
return { requestUri, expiresAt, parameters };
|
|
50
56
|
}
|
|
51
57
|
async validate(client, clientAuth, parameters) {
|
|
52
58
|
// -------------------------------
|
|
@@ -59,28 +65,18 @@ class RequestManager {
|
|
|
59
65
|
'nonce', // note that OIDC "nonce" is redundant with PKCE
|
|
60
66
|
]) {
|
|
61
67
|
if (parameters[k] !== undefined) {
|
|
62
|
-
throw new
|
|
68
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, `Unsupported "${k}" parameter`);
|
|
63
69
|
}
|
|
64
70
|
}
|
|
65
71
|
// -----------------------
|
|
66
72
|
// Validate against server
|
|
67
73
|
// -----------------------
|
|
68
74
|
if (!this.metadata.response_types_supported?.includes(parameters.response_type)) {
|
|
69
|
-
throw new
|
|
75
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, `Unsupported response_type "${parameters.response_type}"`, 'unsupported_response_type');
|
|
70
76
|
}
|
|
71
77
|
if (parameters.response_type === 'code' &&
|
|
72
78
|
!this.metadata.grant_types_supported?.includes('authorization_code')) {
|
|
73
|
-
throw new
|
|
74
|
-
}
|
|
75
|
-
if (parameters.scope) {
|
|
76
|
-
for (const scope of parameters.scope.split(' ')) {
|
|
77
|
-
// Currently, the implementation requires all the scopes to be statically
|
|
78
|
-
// defined in the server metadata. In the future, we might add support
|
|
79
|
-
// for dynamic scopes.
|
|
80
|
-
if (!this.metadata.scopes_supported?.includes(scope)) {
|
|
81
|
-
throw new invalid_parameters_error_js_1.InvalidParametersError(parameters, `Scope "${scope}" is not supported by this server`);
|
|
82
|
-
}
|
|
83
|
-
}
|
|
79
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, `Unsupported grant_type "authorization_code"`, 'invalid_request');
|
|
84
80
|
}
|
|
85
81
|
if (parameters.authorization_details) {
|
|
86
82
|
for (const detail of parameters.authorization_details) {
|
|
@@ -99,7 +95,7 @@ class RequestManager {
|
|
|
99
95
|
if (!parameters.redirect_uri) {
|
|
100
96
|
// Should already be ensured by client.validateRequest(). Adding here for
|
|
101
97
|
// clarity & extra safety.
|
|
102
|
-
throw new
|
|
98
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, 'Missing "redirect_uri"');
|
|
103
99
|
}
|
|
104
100
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-1.4.1
|
|
105
101
|
// > The authorization server MAY fully or partially ignore the scope
|
|
@@ -108,8 +104,13 @@ class RequestManager {
|
|
|
108
104
|
// > different from the one requested by the client, the authorization
|
|
109
105
|
// > server MUST include the scope response parameter in the token response
|
|
110
106
|
// > (Section 3.2.3) to inform the client of the actual scope granted.
|
|
111
|
-
// Let's make sure the scopes are unique (to reduce the token & storage
|
|
112
|
-
|
|
107
|
+
// Let's make sure the scopes are unique (to reduce the token & storage
|
|
108
|
+
// size) & are indeed supported.
|
|
109
|
+
// @NOTE An app requesting a not yet supported list of scopes will need to
|
|
110
|
+
// re-authenticate the user once the scopes are supported. This is due to
|
|
111
|
+
// the fact that the AS does not know how to properly display those scopes
|
|
112
|
+
// to the user, so it cannot properly ask for consent.
|
|
113
|
+
const scopes = new Set(parameters.scope?.split(' ')?.filter(oauth_scopes_1.isValidAtprotoOauthScope));
|
|
113
114
|
parameters = { ...parameters, scope: [...scopes].join(' ') || undefined };
|
|
114
115
|
if (parameters.code_challenge) {
|
|
115
116
|
switch (parameters.code_challenge_method) {
|
|
@@ -121,14 +122,14 @@ class RequestManager {
|
|
|
121
122
|
case 'S256':
|
|
122
123
|
break;
|
|
123
124
|
default: {
|
|
124
|
-
throw new
|
|
125
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, `Unsupported code_challenge_method "${parameters.code_challenge_method}"`);
|
|
125
126
|
}
|
|
126
127
|
}
|
|
127
128
|
}
|
|
128
129
|
else {
|
|
129
130
|
if (parameters.code_challenge_method) {
|
|
130
131
|
// https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1
|
|
131
|
-
throw new
|
|
132
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, 'code_challenge is required when code_challenge_method is provided');
|
|
132
133
|
}
|
|
133
134
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-4.1.2.1
|
|
134
135
|
//
|
|
@@ -144,13 +145,13 @@ class RequestManager {
|
|
|
144
145
|
//
|
|
145
146
|
// atproto does not implement the OpenID Connect nonce mechanism, so we
|
|
146
147
|
// require the use of PKCE for all clients.
|
|
147
|
-
throw new
|
|
148
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, 'Use of PKCE is required');
|
|
148
149
|
}
|
|
149
150
|
// -----------------
|
|
150
151
|
// atproto extension
|
|
151
152
|
// -----------------
|
|
152
153
|
if (parameters.response_type !== 'code') {
|
|
153
|
-
throw new
|
|
154
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, 'atproto only supports the "code" response_type');
|
|
154
155
|
}
|
|
155
156
|
if (!scopes.has('atproto')) {
|
|
156
157
|
throw new invalid_scope_error_js_1.InvalidScopeError(parameters, 'The "atproto" scope is required');
|
|
@@ -159,7 +160,7 @@ class RequestManager {
|
|
|
159
160
|
throw new invalid_scope_error_js_1.InvalidScopeError(parameters, 'OpenID Connect is not compatible with atproto');
|
|
160
161
|
}
|
|
161
162
|
if (parameters.code_challenge_method !== 'S256') {
|
|
162
|
-
throw new
|
|
163
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, 'atproto requires use of "S256" code_challenge_method');
|
|
163
164
|
}
|
|
164
165
|
// atproto extension: if the client is not trusted, and not authenticated,
|
|
165
166
|
// force users to consent to authorization requests. We do this to avoid
|
|
@@ -179,7 +180,7 @@ class RequestManager {
|
|
|
179
180
|
const hint = parameters.login_hint?.toLowerCase();
|
|
180
181
|
if (hint) {
|
|
181
182
|
if (!(0, did_1.isAtprotoDid)(hint) && !(0, syntax_1.isValidHandle)(hint)) {
|
|
182
|
-
throw new
|
|
183
|
+
throw new authorization_error_js_1.AuthorizationError(parameters, `Invalid login_hint "${hint}"`);
|
|
183
184
|
}
|
|
184
185
|
// @TODO: ensure that the account actually exists on this server (there is
|
|
185
186
|
// no point in showing the UI to the user if the account does not exist).
|
|
@@ -188,9 +189,9 @@ class RequestManager {
|
|
|
188
189
|
}
|
|
189
190
|
return parameters;
|
|
190
191
|
}
|
|
191
|
-
async get(
|
|
192
|
-
const
|
|
193
|
-
const data = await this.store.readRequest(
|
|
192
|
+
async get(requestUri, deviceId, clientId) {
|
|
193
|
+
const requestId = (0, request_uri_js_1.decodeRequestUri)(requestUri);
|
|
194
|
+
const data = await this.store.readRequest(requestId);
|
|
194
195
|
if (!data)
|
|
195
196
|
throw new invalid_request_error_js_1.InvalidRequestError('Unknown request_uri');
|
|
196
197
|
const updates = {};
|
|
@@ -217,36 +218,52 @@ class RequestManager {
|
|
|
217
218
|
}
|
|
218
219
|
}
|
|
219
220
|
catch (err) {
|
|
220
|
-
await this.store.deleteRequest(
|
|
221
|
+
await this.store.deleteRequest(requestId);
|
|
221
222
|
throw err;
|
|
222
223
|
}
|
|
223
224
|
if (Object.keys(updates).length > 0) {
|
|
224
|
-
await this.store.updateRequest(
|
|
225
|
+
await this.store.updateRequest(requestId, updates);
|
|
225
226
|
}
|
|
226
227
|
return {
|
|
227
|
-
|
|
228
|
+
requestUri,
|
|
228
229
|
expiresAt: updates.expiresAt || data.expiresAt,
|
|
229
230
|
parameters: data.parameters,
|
|
230
231
|
clientId: data.clientId,
|
|
231
232
|
};
|
|
232
233
|
}
|
|
233
|
-
async setAuthorized(
|
|
234
|
-
const requestId = (0, request_uri_js_1.decodeRequestUri)(
|
|
234
|
+
async setAuthorized(requestUri, client, account, deviceId, deviceMetadata, scopeOverride) {
|
|
235
|
+
const requestId = (0, request_uri_js_1.decodeRequestUri)(requestUri);
|
|
235
236
|
const data = await this.store.readRequest(requestId);
|
|
236
237
|
if (!data)
|
|
237
238
|
throw new invalid_request_error_js_1.InvalidRequestError('Unknown request_uri');
|
|
239
|
+
let { parameters } = data;
|
|
238
240
|
try {
|
|
239
241
|
if (data.expiresAt < new Date()) {
|
|
240
|
-
throw new access_denied_error_js_1.AccessDeniedError(
|
|
242
|
+
throw new access_denied_error_js_1.AccessDeniedError(parameters, 'This request has expired');
|
|
241
243
|
}
|
|
242
244
|
if (!data.deviceId) {
|
|
243
|
-
throw new access_denied_error_js_1.AccessDeniedError(
|
|
245
|
+
throw new access_denied_error_js_1.AccessDeniedError(parameters, 'This request was not initiated');
|
|
244
246
|
}
|
|
245
247
|
if (data.deviceId !== deviceId) {
|
|
246
|
-
throw new access_denied_error_js_1.AccessDeniedError(
|
|
248
|
+
throw new access_denied_error_js_1.AccessDeniedError(parameters, 'This request was initiated from another device');
|
|
247
249
|
}
|
|
248
250
|
if (data.sub || data.code) {
|
|
249
|
-
throw new access_denied_error_js_1.AccessDeniedError(
|
|
251
|
+
throw new access_denied_error_js_1.AccessDeniedError(parameters, 'This request was already authorized');
|
|
252
|
+
}
|
|
253
|
+
// If a new scope value is provided, update the parameters by ensuring
|
|
254
|
+
// that every existing scope in the parameters is also present in the
|
|
255
|
+
// override value. This allows the user to remove scopes from the request,
|
|
256
|
+
// but not to add new ones.
|
|
257
|
+
if (scopeOverride != null) {
|
|
258
|
+
const allowedScopes = new Set(scopeOverride.split(' '));
|
|
259
|
+
const existingScopes = parameters.scope?.split(' ');
|
|
260
|
+
// Compute the intersection of the existing scopes and the overrides.
|
|
261
|
+
const newScopes = existingScopes?.filter((s) => allowedScopes.has(s));
|
|
262
|
+
// Validate: make sure the new scopes are valid
|
|
263
|
+
if (!newScopes?.includes('atproto')) {
|
|
264
|
+
throw new access_denied_error_js_1.AccessDeniedError(parameters, 'The "atproto" scope is required');
|
|
265
|
+
}
|
|
266
|
+
parameters = { ...parameters, scope: newScopes.join(' ') };
|
|
250
267
|
}
|
|
251
268
|
// Only response_type=code is supported
|
|
252
269
|
const code = await (0, code_js_1.generateCode)();
|
|
@@ -256,11 +273,12 @@ class RequestManager {
|
|
|
256
273
|
code,
|
|
257
274
|
// Allow the client to exchange the code for a token within the next 60 seconds.
|
|
258
275
|
expiresAt: new Date(Date.now() + constants_js_1.AUTHORIZATION_INACTIVITY_TIMEOUT),
|
|
276
|
+
parameters,
|
|
259
277
|
});
|
|
260
278
|
await (0, function_js_1.callAsync)(this.hooks.onAuthorized, {
|
|
261
279
|
client,
|
|
262
280
|
account,
|
|
263
|
-
parameters
|
|
281
|
+
parameters,
|
|
264
282
|
deviceId,
|
|
265
283
|
deviceMetadata,
|
|
266
284
|
requestId,
|
|
@@ -280,11 +298,11 @@ class RequestManager {
|
|
|
280
298
|
const result = await this.store.consumeRequestCode(code);
|
|
281
299
|
if (!result)
|
|
282
300
|
throw new invalid_grant_error_js_1.InvalidGrantError('Invalid code');
|
|
283
|
-
const {
|
|
301
|
+
const { requestId, data } = result;
|
|
284
302
|
// Fool-proofing the store implementation against code replay attacks (in
|
|
285
303
|
// case consumeRequestCode() does not delete the request).
|
|
286
304
|
if (constants_js_1.NODE_ENV !== 'production') {
|
|
287
|
-
const result = await this.store.readRequest(
|
|
305
|
+
const result = await this.store.readRequest(requestId);
|
|
288
306
|
if (result) {
|
|
289
307
|
throw new Error('Invalid store implementation: request not deleted');
|
|
290
308
|
}
|
|
@@ -298,9 +316,9 @@ class RequestManager {
|
|
|
298
316
|
}
|
|
299
317
|
return data;
|
|
300
318
|
}
|
|
301
|
-
async delete(
|
|
302
|
-
const
|
|
303
|
-
await this.store.deleteRequest(
|
|
319
|
+
async delete(requestUri) {
|
|
320
|
+
const requestId = (0, request_uri_js_1.decodeRequestUri)(requestUri);
|
|
321
|
+
await this.store.deleteRequest(requestId);
|
|
304
322
|
}
|
|
305
323
|
}
|
|
306
324
|
exports.RequestManager = RequestManager;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-manager.js","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA2C;
|
|
1
|
+
{"version":3,"file":"request-manager.js","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA2C;AAE3C,wDAAgE;AAKhE,4CAA+C;AAI/C,kDAKwB;AAExB,6EAAoE;AACpE,6EAAqE;AACrE,mFAA0E;AAC1E,6GAAmG;AACnG,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AAEpE,yDAAmD;AAGnD,uCAA8C;AAC9C,uDAG0B;AAC1B,mDAAmD;AAEnD,qDAIyB;AAEzB,MAAa,cAAc;IAEJ;IACA;IACA;IACA;IACA;IALrB,YACqB,KAAmB,EACnB,MAAc,EACd,QAA0C,EAC1C,KAAiB,EACjB,cAAc,4BAAa;QAJ3B,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAkC;QAC1C,UAAK,GAAL,KAAK,CAAY;QACjB,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB;QACzB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,UAA6B,EAC7B,KAAoD,EACpD,QAAyB;QAEzB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAA;QAEjE,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE;YACjD,MAAM;YACN,UAAU;YACV,UAAU;SACX,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,6BAAc,CAAC,CAAA;QACvD,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,GAAE,CAAA;QAE3C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;YACxC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,UAAU;YACV,SAAS;YACT,QAAQ;YACR,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,IAAI;SACX,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,IAAA,iCAAgB,EAAC,SAAS,CAAC,CAAA;QAC9C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC9C,CAAC;IAES,KAAK,CAAC,QAAQ,CACtB,MAAc,EACd,UAA6B,EAC7B,UAAyD;QAEzD,kCAAkC;QAClC,kCAAkC;QAClC,kCAAkC;QAElC,KAAK,MAAM,CAAC,IAAI;YACd,oCAAoC;YACpC,QAAQ;YACR,eAAe;YACf,OAAO,EAAE,gDAAgD;SACjD,EAAE,CAAC;YACX,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAAA;YAC1E,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,QAAQ,CAC/C,UAAU,CAAC,aAAa,CACzB,EACD,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,8BAA8B,UAAU,CAAC,aAAa,GAAG,EACzD,2BAA2B,CAC5B,CAAA;QACH,CAAC;QAED,IACE,UAAU,CAAC,aAAa,KAAK,MAAM;YACnC,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EACpE,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,6CAA6C,EAC7C,iBAAiB,CAClB,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,QAAQ,CAC5D,MAAM,CAAC,IAAI,CACZ,EACD,CAAC;oBACD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,6CAA6C,MAAM,CAAC,IAAI,GAAG,CAC5D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QAE/C,sBAAsB;QACtB,sBAAsB;QACtB,sBAAsB;QAEtB,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;YAC7B,yEAAyE;YACzE,0BAA0B;YAC1B,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAA;QACpE,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,yEAAyE;QACzE,2EAA2E;QAC3E,sEAAsE;QACtE,2EAA2E;QAC3E,sEAAsE;QAEtE,uEAAuE;QACvE,gCAAgC;QAEhC,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,uCAAwB,CAAC,CAC/D,CAAA;QAED,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,EAAE,CAAA;QAEzE,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC9B,QAAQ,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACzC,KAAK,SAAS;oBACZ,4DAA4D;oBAC5D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,qBAAqB,EAAE,OAAO,EAAE,CAAA;gBAChE,gBAAgB;gBAChB,KAAK,OAAO,CAAC;gBACb,KAAK,MAAM;oBACT,MAAK;gBACP,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sCAAsC,UAAU,CAAC,qBAAqB,GAAG,CAC1E,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACrC,8DAA8D;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,iFAAiF;YACjF,EAAE;YACF,oEAAoE;YACpE,qEAAqE;YACrE,4DAA4D;YAC5D,sEAAsE;YACtE,aAAa;YACb,EAAE;YACF,wEAAwE;YACxE,qEAAqE;YACrE,4DAA4D;YAC5D,EAAE;YACF,uEAAuE;YACvE,2CAA2C;YAE3C,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAA;QACrE,CAAC;QAED,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QAEpB,IAAI,UAAU,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACxC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,iCAAiC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,wEAAwE;QACxE,sEAAsE;QACtE,SAAS;QACT,IACE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;YACtB,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;YACzB,MAAM,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EACrD,CAAC;YACD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACjC,MAAM,IAAI,gDAAoB,CAC5B,UAAU,EACV,sDAAsD,CACvD,CAAA;YACH,CAAC;YAED,2DAA2D;YAC3D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QACnD,CAAC;QAED,yEAAyE;QACzE,qEAAqE;QACrE,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,EAAE,CAAA;QACjD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,IAAA,kBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,uBAAuB,IAAI,GAAG,CAAC,CAAA;YAC1E,CAAC;YAED,0EAA0E;YAC1E,yEAAyE;YAEzE,yDAAyD;YACzD,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;QAClD,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAsB,EAAE,QAAkB,EAAE,QAAmB;QACvE,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,MAAM,OAAO,GAAsB,EAAE,CAAA;QAErC,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,wEAAwE;gBACxE,wBAAwB;gBACxB,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YAC1E,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,CAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAC9C,CAAA;YACH,CAAC;YAED,IAAI,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;YAC7B,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,gDAAgD,CACjD,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACpD,CAAC;QAED,OAAO;YACL,UAAU;YACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,UAAsB,EACtB,MAAc,EACd,OAAgB,EAChB,QAAkB,EAClB,cAA+B,EAC/B,aAAsB;QAEtB,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,IAAI,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEzB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACrE,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gCAAgC,CACjC,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gDAAgD,CACjD,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,aAAa,IAAI,IAAI,EAAE,CAAC;gBAC1B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;gBACvD,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;gBAEnD,qEAAqE;gBACrE,MAAM,SAAS,GAAG,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBAErE,+CAA+C;gBAC/C,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,iCAAiC,CAClC,CAAA;gBACH,CAAC;gBAED,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;YAC5D,CAAC;YAED,uCAAuC;YACvC,MAAM,IAAI,GAAG,MAAM,IAAA,sBAAY,GAAE,CAAA;YAEjC,wEAAwE;YACxE,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;gBACxC,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI;gBACJ,gFAAgF;gBAChF,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAAC;gBAClE,UAAU;aACX,CAAC,CAAA;YAEF,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE;gBACvC,MAAM;gBACN,OAAO;gBACP,UAAU;gBACV,QAAQ;gBACR,cAAc;gBACd,SAAS;aACV,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW,CAAC,IAAU;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,0CAAiB,CAAC,cAAc,CAAC,CAAA;QAExD,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,MAAM,CAAA;QAElC,yEAAyE;QACzE,0DAA0D;QAC1D,IAAI,uBAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;YACtD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAA,yCAAuB,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACzD,kEAAkE;YAClE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAsB;QACjC,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC3C,CAAC;CACF;AAhbD,wCAgbC"}
|
|
@@ -7,21 +7,21 @@ export * from './code.js';
|
|
|
7
7
|
export * from './request-data.js';
|
|
8
8
|
export * from './request-id.js';
|
|
9
9
|
export type { Awaitable };
|
|
10
|
-
export type UpdateRequestData = Pick<Partial<RequestData>, 'sub' | 'code' | 'deviceId' | 'expiresAt'>;
|
|
10
|
+
export type UpdateRequestData = Pick<Partial<RequestData>, 'sub' | 'code' | 'deviceId' | 'expiresAt' | 'parameters'>;
|
|
11
11
|
export type FoundRequestResult = {
|
|
12
|
-
|
|
12
|
+
requestId: RequestId;
|
|
13
13
|
data: RequestData;
|
|
14
14
|
};
|
|
15
15
|
export { InvalidGrantError };
|
|
16
16
|
export interface RequestStore {
|
|
17
|
-
createRequest(
|
|
17
|
+
createRequest(requestId: RequestId, data: RequestData): Awaitable<void>;
|
|
18
18
|
/**
|
|
19
19
|
* Note that expired requests **can** be returned to yield a different error
|
|
20
20
|
* message than if the request was not found.
|
|
21
21
|
*/
|
|
22
|
-
readRequest(
|
|
23
|
-
updateRequest(
|
|
24
|
-
deleteRequest(
|
|
22
|
+
readRequest(requestId: RequestId): Awaitable<RequestData | null>;
|
|
23
|
+
updateRequest(requestId: RequestId, data: UpdateRequestData): Awaitable<void>;
|
|
24
|
+
deleteRequest(requestId: RequestId): void | Awaitable<void>;
|
|
25
25
|
/**
|
|
26
26
|
* @note it is **IMPORTANT** that this method prevents concurrent retrieval of
|
|
27
27
|
* the same code. If two requests are made with the same code, only one of
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-store.d.ts","sourceRoot":"","sources":["../../src/request/request-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AACpE,OAAO,EAAE,SAAS,EAAyB,MAAM,qBAAqB,CAAA;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAG3C,cAAc,WAAW,CAAA;AACzB,cAAc,mBAAmB,CAAA;AACjC,cAAc,iBAAiB,CAAA;AAC/B,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAClC,OAAO,CAAC,WAAW,CAAC,EACpB,KAAK,GAAG,MAAM,GAAG,UAAU,GAAG,WAAW,
|
|
1
|
+
{"version":3,"file":"request-store.d.ts","sourceRoot":"","sources":["../../src/request/request-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AACpE,OAAO,EAAE,SAAS,EAAyB,MAAM,qBAAqB,CAAA;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAG3C,cAAc,WAAW,CAAA;AACzB,cAAc,mBAAmB,CAAA;AACjC,cAAc,iBAAiB,CAAA;AAC/B,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAClC,OAAO,CAAC,WAAW,CAAC,EACpB,KAAK,GAAG,MAAM,GAAG,UAAU,GAAG,WAAW,GAAG,YAAY,CACzD,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,SAAS,CAAA;IACpB,IAAI,EAAE,WAAW,CAAA;CAClB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IACvE;;;OAGG;IACH,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IAChE,aAAa,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IAC3D;;;;;;;OAOG;IACH,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,SAAS,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;CACrE;AAED,eAAO,MAAM,cAAc,yHAMzB,CAAA;AAEF,wBAAgB,cAAc,CAAC,CAAC,SAAS,OAAO,CAAC,YAAY,CAAC,EAC5D,cAAc,CAAC,EAAE,CAAC,GACjB,CAAC,GAAG,YAAY,CAKlB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { Session } from '@atproto/oauth-provider-api';
|
|
2
2
|
import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types';
|
|
3
3
|
import { Client } from '../client/client.js';
|
|
4
4
|
import { RequestUri } from '../request/request-uri.js';
|
|
@@ -6,8 +6,7 @@ export type AuthorizationResultAuthorizePage = {
|
|
|
6
6
|
issuer: string;
|
|
7
7
|
client: Client;
|
|
8
8
|
parameters: OAuthAuthorizationRequestParameters;
|
|
9
|
-
|
|
10
|
-
scopeDetails?: ScopeDetail[];
|
|
9
|
+
requestUri: RequestUri;
|
|
11
10
|
sessions: readonly Session[];
|
|
12
11
|
};
|
|
13
12
|
//# sourceMappingURL=authorization-result-authorize-page.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-result-authorize-page.d.ts","sourceRoot":"","sources":["../../src/result/authorization-result-authorize-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-result-authorize-page.d.ts","sourceRoot":"","sources":["../../src/result/authorization-result-authorize-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EAAE,mCAAmC,EAAE,MAAM,sBAAsB,CAAA;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AAEtD,MAAM,MAAM,gCAAgC,GAAG;IAC7C,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,mCAAmC,CAAA;IAE/C,UAAU,EAAE,UAAU,CAAA;IACtB,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAA;CAC7B,CAAA"}
|
|
@@ -26,11 +26,12 @@ function sendAuthorizePageFactory(customization) {
|
|
|
26
26
|
const script = (0, hydration_data_js_1.declareHydrationData)({
|
|
27
27
|
__customizationData: customizationData,
|
|
28
28
|
__authorizeData: {
|
|
29
|
-
requestUri: data.
|
|
29
|
+
requestUri: data.requestUri,
|
|
30
30
|
clientId: data.client.id,
|
|
31
31
|
clientMetadata: data.client.metadata,
|
|
32
32
|
clientTrusted: data.client.info.isTrusted,
|
|
33
|
-
|
|
33
|
+
clientFirstParty: data.client.info.isFirstParty,
|
|
34
|
+
scope: data.parameters.scope,
|
|
34
35
|
uiLocales: data.parameters.ui_locales,
|
|
35
36
|
loginHint: data.parameters.login_hint,
|
|
36
37
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAgDC;AA5DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAgDC;AA5DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,UAAU;gBAE3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAE/C,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;gBAC5B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACtC;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI;YACJ,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-api-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-api-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"create-api-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-api-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AA8BhE,OAAO,EAEL,UAAU,EAaX,MAAM,sBAAsB,CAAA;AAK7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAUzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,EAEL,oBAAoB,EAMrB,MAAM,oBAAoB,CAAA;AAI3B,wBAAgB,mBAAmB,CACjC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAkrB3B;AA2BD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,GAAG,GAAG,oBAAoB,CA4C/D"}
|