@atproto/oauth-provider 0.9.2 → 0.9.3

package/dist/router/create-authorization-page-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-authorization-page-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAOhE,OAAO,EACL,UAAU,EAQX,MAAM,sBAAsB,CAAA;AAG7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAMzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAQhE,wBAAgB,iCAAiC,CAC/C,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAmH3B"}
+{"version":3,"file":"create-authorization-page-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAOhE,OAAO,EACL,UAAU,EAQX,MAAM,sBAAsB,CAAA;AAG7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAMzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAQhE,wBAAgB,iCAAiC,CAC/C,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAoH3B"}

package/dist/router/create-authorization-page-middleware.js

@@ -2,10 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createAuthorizationPageMiddleware = createAuthorizationPageMiddleware;
 const oauth_types_1 = require("@atproto/oauth-types");
-const access_denied_error_js_1 = require("../errors/access-denied-error.js");
+const authorization_error_js_1 = require("../errors/authorization-error.js");
 const invalid_request_error_js_1 = require("../errors/invalid-request-error.js");
 const index_js_1 = require("../lib/http/index.js");
-const zod_error_js_1 = require("../lib/util/zod-error.js");
+const error_js_1 = require("../lib/util/error.js");
 const request_uri_js_1 = require("../request/request-uri.js");
 const send_authorization_page_js_1 = require("./assets/send-authorization-page.js");
 const send_error_page_js_1 = require("./assets/send-error-page.js");
@@ -27,13 +27,13 @@ function createAuthorizationPageMiddleware(server, { onError }) {
         const query = Object.fromEntries(this.url.searchParams);
         const clientCredentials = await oauth_types_1.oauthClientCredentialsSchema
             .parseAsync(query, { path: ['query'] })
-            .catch(throwInvalidRequest);
+            .catch((err) => throwInvalidRequest(err, 'Invalid client credentials'));
         if ('client_secret' in clientCredentials) {
             throw new invalid_request_error_js_1.InvalidRequestError('Client secret must not be provided');
         }
         const authorizationRequest = await oauth_types_1.oauthAuthorizationRequestQuerySchema
             .parseAsync(query, { path: ['query'] })
-            .catch(throwInvalidRequest);
+            .catch((err) => throwInvalidRequest(err, 'Invalid request parameters'));
         const deviceInfo = await server.deviceManager.load(req, res);
         try {
             const result = await server.authorize(clientCredentials, authorizationRequest, deviceInfo.deviceId, deviceInfo.deviceMetadata);
@@ -45,18 +45,20 @@ function createAuthorizationPageMiddleware(server, { onError }) {
             }
         }
         catch (err) {
-            // If we have the "redirect_uri" parameter, we can redirect the user
-            // to the client with an error.
-            if (err instanceof access_denied_error_js_1.AccessDeniedError && err.parameters.redirect_uri) {
-                // Prefer logging the cause
-                onError?.(req, res, err.cause ?? err, 'Authorization failed');
-                return sendAuthorizeRedirect(res, {
-                    issuer: server.issuer,
-                    parameters: err.parameters,
-                    redirect: err.toJSON(),
-                });
+            onError?.(req, res, err, 'Authorization request denied');
+            if (err instanceof authorization_error_js_1.AuthorizationError) {
+                try {
+                    return sendAuthorizeRedirect(res, {
+                        issuer: server.issuer,
+                        parameters: err.parameters,
+                        redirect: err.toJSON(),
+                    });
+                }
+                catch {
+                    // If we fail to send the redirect, we fall back to sending an error
+                }
             }
-            throw err;
+            return sendErrorPage(req, res, err);
         }
     }));
     // This is a private endpoint that will be called by the user after the
@@ -92,8 +94,8 @@ function createAuthorizationPageMiddleware(server, { onError }) {
         };
     }
 }
-function throwInvalidRequest(err) {
-    throw new invalid_request_error_js_1.InvalidRequestError((0, zod_error_js_1.extractZodErrorMessage)(err) ?? 'Input validation error', err);
+function throwInvalidRequest(err, prefix) {
+    throw new invalid_request_error_js_1.InvalidRequestError((0, error_js_1.formatError)(err, prefix), err);
 }
 function sendAuthorizeRedirect(res, { issuer, parameters, redirect }) {
     const redirectUri = (0, send_redirect_js_1.buildRedirectUri)(parameters);

package/dist/router/create-authorization-page-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-authorization-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":";;AAiCA,8EA0HC;AA1JD,sDAG6B;AAC7B,6EAAoE;AACpE,iFAAwE;AACxE,mDAS6B;AAE7B,2DAAiE;AAEjE,8DAA4D;AAE5D,oFAA8E;AAC9E,oEAAkE;AAClE,yEAA6D;AAE7D,yDAK2B;AAE3B,SAAgB,iCAAiC,CAK/C,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,iBAAiB,GAAG,IAAA,qDAAwB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,kBAAkB,EAClB,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;QAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAA;QAC9C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvD,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,IAAI,eAAe,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,8CAAmB,CAAC,oCAAoC,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,kDAAoC;aACpE,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CACnC,iBAAiB,EACjB,oBAAoB,EACpB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,cAAc,CAC1B,CAAA;YAED,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,qBAAqB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,oEAAoE;YACpE,+BAA+B;YAC/B,IAAI,GAAG,YAAY,0CAAiB,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBACpE,2BAA2B;gBAC3B,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,IAAI,GAAG,EAAE,sBAAsB,CAAC,CAAA;gBAE7D,OAAO,qBAAqB,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE;iBACvB,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CACH,CAAA;IAED,uEAAuE;IACvE,2EAA2E;IAC3E,sEAAsE;IACtE,oDAAoD;IACpD,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,6CAA6C;QAC7C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;QACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE;YACrC,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QAEF,mDAAmD;QACnD,iCAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;QAEhE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,IAAA,2CAAgB,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACtD,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,gBAAgB,CACvB,OAAyD;QAEzD,OAAO,KAAK,WAAW,GAAG,EAAE,GAAG;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,IAAI,8CAAmB,CAC3B,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,wBAAwB,EACvD,GAAG,CACJ,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAmB,EACnB,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAA+B;IAE7D,MAAM,WAAW,GAAG,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,IAAA,sCAAmB,EAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;IAChE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAA;AACzD,CAAC"}
+{"version":3,"file":"create-authorization-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":";;AAiCA,8EA2HC;AA3JD,sDAG6B;AAC7B,6EAAqE;AACrE,iFAAwE;AACxE,mDAS6B;AAC7B,mDAAkD;AAGlD,8DAA4D;AAE5D,oFAA8E;AAC9E,oEAAkE;AAClE,yEAA6D;AAE7D,yDAK2B;AAE3B,SAAgB,iCAAiC,CAK/C,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,iBAAiB,GAAG,IAAA,qDAAwB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,kBAAkB,EAClB,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;QAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAA;QAC9C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvD,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,IAAI,eAAe,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,8CAAmB,CAAC,oCAAoC,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,kDAAoC;aACpE,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CACnC,iBAAiB,EACjB,oBAAoB,EACpB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,cAAc,CAC1B,CAAA;YAED,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,qBAAqB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAA;YAExD,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,OAAO,qBAAqB,CAAC,GAAG,EAAE;wBAChC,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE;qBACvB,CAAC,CAAA;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC,CAAC,CACH,CAAA;IAED,uEAAuE;IACvE,2EAA2E;IAC3E,sEAAsE;IACtE,oDAAoD;IACpD,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,6CAA6C;QAC7C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;QACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE;YACrC,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QAEF,mDAAmD;QACnD,iCAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;QAEhE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,IAAA,2CAAgB,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACtD,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,gBAAgB,CACvB,OAAyD;QAEzD,OAAO,KAAK,WAAW,GAAG,EAAE,GAAG;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAmB,EACnB,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAA+B;IAE7D,MAAM,WAAW,GAAG,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,IAAA,sCAAmB,EAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;IAChE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAA;AACzD,CAAC"}

package/dist/router/create-oauth-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-oauth-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAYhE,OAAO,EACL,UAAU,EAOX,MAAM,sBAAsB,CAAA;AAE7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAqChE,wBAAgB,qBAAqB,CACnC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAuK3B"}
+{"version":3,"file":"create-oauth-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAYhE,OAAO,EACL,UAAU,EAOX,MAAM,sBAAsB,CAAA;AAG7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAqChE,wBAAgB,qBAAqB,CACnC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAgL3B"}

package/dist/router/create-oauth-middleware.js

@@ -8,7 +8,8 @@ const invalid_grant_error_js_1 = require("../errors/invalid-grant-error.js");
 const invalid_request_error_js_1 = require("../errors/invalid-request-error.js");
 const www_authenticate_error_js_1 = require("../errors/www-authenticate-error.js");
 const index_js_1 = require("../lib/http/index.js");
-const zod_error_js_1 = require("../lib/util/zod-error.js");
+const error_js_1 = require("../lib/util/error.js");
+const oauth_errors_js_1 = require("../oauth-errors.js");
 // CORS preflight
 const corsHeaders = function (req, res, next) {
     res.setHeader('Access-Control-Max-Age', '86400'); // 1 day
@@ -52,10 +53,10 @@ function createOAuthMiddleware(server, { onError }) {
         // https://datatracker.ietf.org/doc/html/rfc6749#autoid-56
         const credentials = await oauth_types_1.oauthClientCredentialsSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidClient);
+            .catch((err) => throwInvalidClient(err, 'Client credentials missing'));
         const authorizationRequest = await oauth_types_1.oauthAuthorizationRequestParSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidRequest);
+            .catch((err) => throwInvalidRequest(err, 'Invalid authorization request'));
         const dpopProof = await server.checkDpopProof(req.method, this.url, req.headers);
         return server.pushedAuthorizationRequest(credentials, authorizationRequest, dpopProof);
     }, 201));
@@ -71,10 +72,10 @@ function createOAuthMiddleware(server, { onError }) {
         const clientMetadata = await server.deviceManager.getRequestMetadata(req);
         const clientCredentials = await oauth_types_1.oauthClientCredentialsSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidGrant);
+            .catch((err) => throwInvalidGrant(err, 'Client credentials missing'));
         const tokenRequest = await oauth_types_1.oauthTokenRequestSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidGrant);
+            .catch((err) => throwInvalidGrant(err, 'Invalid request payload'));
         const dpopProof = await server.checkDpopProof(req.method, this.url, req.headers);
         return server.token(clientCredentials, clientMetadata, tokenRequest, dpopProof);
     }));
@@ -83,10 +84,10 @@ function createOAuthMiddleware(server, { onError }) {
         const payload = await (0, index_js_1.parseHttpRequest)(req, ['json', 'urlencoded']);
         const credentials = await oauth_types_1.oauthClientCredentialsSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidRequest);
+            .catch((err) => throwInvalidRequest(err, 'Client credentials missing'));
         const tokenIdentification = await oauth_types_1.oauthTokenIdentificationSchema
             .parseAsync(payload, { path: ['body'] })
-            .catch(throwInvalidRequest);
+            .catch((err) => throwInvalidRequest(err, 'Invalid request payload'));
         const dpopProof = await server.checkDpopProof(req.method, this.url, req.headers);
         try {
             await server.revoke(credentials, tokenIdentification, dpopProof);
@@ -116,30 +117,32 @@ function createOAuthMiddleware(server, { onError }) {
                     res.setHeader(name, dpopNonce);
                     res.appendHeader('Access-Control-Expose-Headers', name);
                 }
-                const payload = await buildOAuthResponse.call(this, req, res);
-                return { payload, status };
+                const json = await buildOAuthResponse.call(this, req, res);
+                return { json, status };
             }
             catch (err) {
-                onError?.(req, res, err, 'OAuth request error');
+                onError?.(req, res, err, err instanceof oauth_errors_js_1.OAuthError
+                    ? `OAuth "${err.error}" error`
+                    : 'Unexpected error');
                 if (!res.headersSent && err instanceof www_authenticate_error_js_1.WWWAuthenticateError) {
                     const name = 'WWW-Authenticate';
                     res.setHeader(name, err.wwwAuthenticateHeader);
                     res.appendHeader('Access-Control-Expose-Headers', name);
                 }
                 const status = (0, error_parser_js_1.buildErrorStatus)(err);
-                const payload = (0, error_parser_js_1.buildErrorPayload)(err);
-                return { payload, status };
+                const json = (0, error_parser_js_1.buildErrorPayload)(err);
+                return { json, status };
             }
         });
     }
 }
-function throwInvalidGrant(err) {
-    throw new invalid_grant_error_js_1.InvalidGrantError((0, zod_error_js_1.extractZodErrorMessage)(err) ?? 'Invalid grant', err);
+function throwInvalidGrant(err, prefix) {
+    throw new invalid_grant_error_js_1.InvalidGrantError((0, error_js_1.formatError)(err, prefix), err);
 }
-function throwInvalidClient(err) {
-    throw new invalid_client_error_js_1.InvalidClientError((0, zod_error_js_1.extractZodErrorMessage)(err) ?? 'Client authentication failed', err);
+function throwInvalidClient(err, prefix) {
+    throw new invalid_client_error_js_1.InvalidClientError((0, error_js_1.formatError)(err, prefix), err);
 }
-function throwInvalidRequest(err) {
-    throw new invalid_request_error_js_1.InvalidRequestError((0, zod_error_js_1.extractZodErrorMessage)(err) ?? 'Input validation error', err);
+function throwInvalidRequest(err, prefix) {
+    throw new invalid_request_error_js_1.InvalidRequestError((0, error_js_1.formatError)(err, prefix), err);
 }
 //# sourceMappingURL=create-oauth-middleware.js.map

package/dist/router/create-oauth-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA4DA,sDA8KC;AAzOD,sDAK6B;AAC7B,+DAA+E;AAC/E,+EAAsE;AACtE,6EAAoE;AACpE,iFAAwE;AACxE,mFAA0E;AAC1E,mDAQ6B;AAC7B,2DAAiE;AAIjE,iBAAiB;AACjB,MAAM,WAAW,GAAe,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;IACtD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA,CAAC,QAAQ;IAEzD,wFAAwF;IACxF,EAAE;IACF,mEAAmE;IACnE,+DAA+D;IAC/D,4DAA4D;IAC5D,kEAAkE;IAClE,WAAW;IACX,EAAE;IACF,4DAA4D;IAC5D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAA;IAEjD,yFAAyF;IACzF,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,eAAe;IACf,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IAElD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAA;IAElE,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAED,MAAM,aAAa,GAAe,IAAA,6BAAkB,EAAC;IACnD,WAAW;IACX,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC;CACF,CAAC,CAAA;AAEF,SAAgB,qBAAqB,CAKnC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhE,0BAA0B;IAE1B,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE,aAAa,CAAC,CAAA;IACxE,MAAM,CAAC,GAAG,CACR,yCAAyC,EACzC,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;IAC5C,MAAM,CAAC,GAAG,CACR,aAAa,EACb,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,IAAI,CAAC,CAClC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,oEAAoE;QACpE,0DAA0D;QAE1D,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,kBAAkB,CAAC,CAAA;QAE5B,MAAM,oBAAoB,GAAG,MAAM,gDAAkC;aAClE,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,0BAA0B,CACtC,WAAW,EACX,oBAAoB,EACpB,SAAS,CACV,CAAA;IACH,CAAC,EAAE,GAAG,CAAC,CACR,CAAA;IACD,4DAA4D;IAC5D,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,aAAa,CAAC,CAAA;IAC7C,MAAM,CAAC,IAAI,CACT,cAAc,EACd,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEzE,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE3B,MAAM,YAAY,GAAG,MAAM,qCAAuB;aAC/C,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE3B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,SAAS,CACV,CAAA;IACH,CAAC,CAAC,CACH,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CACT,eAAe,EACf,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,mBAAmB,GAAG,MAAM,4CAA8B;aAC7D,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAE7B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAA;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,kEAAkE;YAClE,uEAAuE;YACvE,uEAAuE;YACvE,gCAAgC;YAChC,EAAE;YACF,4DAA4D;YAE5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,YAAY,CACnB,kBAA4D,EAC5D,MAAe;QAEf,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,4DAA4D;gBAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;gBACxC,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,YAAY,CAAA;oBACzB,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;oBAC9B,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,qBAAqB,CAAC,CAAA;gBAE/C,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,YAAY,gDAAoB,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAA;oBAC/B,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC9C,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;gBAEtC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;YAC5B,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY;IACrC,MAAM,IAAI,0CAAiB,CACzB,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,eAAe,EAC9C,GAAG,CACJ,CAAA;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,MAAM,IAAI,4CAAkB,CAC1B,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,8BAA8B,EAC7D,GAAG,CACJ,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,IAAI,8CAAmB,CAC3B,IAAA,qCAAsB,EAAC,GAAG,CAAC,IAAI,wBAAwB,EACvD,GAAG,CACJ,CAAA;AACH,CAAC"}
+{"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA6DA,sDAuLC;AAnPD,sDAK6B;AAC7B,+DAA+E;AAC/E,+EAAsE;AACtE,6EAAoE;AACpE,iFAAwE;AACxE,mFAA0E;AAC1E,mDAQ6B;AAC7B,mDAAkD;AAClD,wDAA+C;AAI/C,iBAAiB;AACjB,MAAM,WAAW,GAAe,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;IACtD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA,CAAC,QAAQ;IAEzD,wFAAwF;IACxF,EAAE;IACF,mEAAmE;IACnE,+DAA+D;IAC/D,4DAA4D;IAC5D,kEAAkE;IAClE,WAAW;IACX,EAAE;IACF,4DAA4D;IAC5D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAA;IAEjD,yFAAyF;IACzF,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,eAAe;IACf,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IAElD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAA;IAElE,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAED,MAAM,aAAa,GAAe,IAAA,6BAAkB,EAAC;IACnD,WAAW;IACX,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC;CACF,CAAC,CAAA;AAEF,SAAgB,qBAAqB,CAKnC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhE,0BAA0B;IAE1B,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE,aAAa,CAAC,CAAA;IACxE,MAAM,CAAC,GAAG,CACR,yCAAyC,EACzC,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;IAC5C,MAAM,CAAC,GAAG,CACR,aAAa,EACb,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,IAAI,CAAC,CAClC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,oEAAoE;QACpE,0DAA0D;QAE1D,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAExE,MAAM,oBAAoB,GAAG,MAAM,gDAAkC;aAClE,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,mBAAmB,CAAC,GAAG,EAAE,+BAA+B,CAAC,CAC1D,CAAA;QAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,0BAA0B,CACtC,WAAW,EACX,oBAAoB,EACpB,SAAS,CACV,CAAA;IACH,CAAC,EAAE,GAAG,CAAC,CACR,CAAA;IACD,4DAA4D;IAC5D,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,aAAa,CAAC,CAAA;IAC7C,MAAM,CAAC,IAAI,CACT,cAAc,EACd,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEzE,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEvE,MAAM,YAAY,GAAG,MAAM,qCAAuB;aAC/C,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEpE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,SAAS,CACV,CAAA;IACH,CAAC,CAAC,CACH,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CACT,eAAe,EACf,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,mBAAmB,GAAG,MAAM,4CAA8B;aAC7D,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEtE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAA;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,kEAAkE;YAClE,uEAAuE;YACvE,uEAAuE;YACvE,gCAAgC;YAChC,EAAE;YACF,4DAA4D;YAE5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,YAAY,CACnB,kBAA4D,EAC5D,MAAe;QAEf,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,4DAA4D;gBAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;gBACxC,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,YAAY,CAAA;oBACzB,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;oBAC9B,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,YAAY,4BAAU;oBACvB,CAAC,CAAC,UAAU,GAAG,CAAC,KAAK,SAAS;oBAC9B,CAAC,CAAC,kBAAkB,CACvB,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,YAAY,gDAAoB,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAA;oBAC/B,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC9C,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;gBAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY,EAAE,MAAc;IACrD,MAAM,IAAI,0CAAiB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC5D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY,EAAE,MAAc;IACtD,MAAM,IAAI,4CAAkB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC"}

package/dist/router/send-redirect.js

@@ -5,7 +5,7 @@ exports.buildRedirectUri = buildRedirectUri;
 exports.buildRedirectMode = buildRedirectMode;
 exports.buildRedirectParams = buildRedirectParams;
 exports.sendRedirect = sendRedirect;
-const access_denied_error_js_1 = require("../errors/access-denied-error.js");
+const authorization_error_js_1 = require("../errors/authorization-error.js");
 const index_js_1 = require("../lib/html/index.js");
 const send_web_page_js_1 = require("../lib/send-web-page.js");
 // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4
@@ -26,7 +26,7 @@ function buildRedirectUri(parameters) {
     const uri = parameters.redirect_uri;
     if (uri)
         return uri;
-    throw new access_denied_error_js_1.AccessDeniedError(parameters, 'No redirect_uri', 'invalid_request');
+    throw new authorization_error_js_1.AuthorizationError(parameters, 'No redirect_uri', 'invalid_request');
 }
 function buildRedirectMode(parameters) {
     const mode = parameters.response_mode || 'query'; // @TODO default should depend on response_type

package/dist/router/send-redirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../src/router/send-redirect.ts"],"names":[],"mappings":";;;AAiCA,4CAOC;AAED,8CAKC;AAED,kDAoBC;AAQD,oCAiBC;AAzFD,6EAAoE;AACpE,mDAA+C;AAC/C,8DAAqD;AAGrD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEnB,QAAA,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEG,QAAA,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,SAAgB,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAC/E,CAAC;AAED,SAAgB,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAgB,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,6BAAqB,CAAC,CAAC,CAAC,2BAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAQD,SAAgB,YAAY,CAC1B,GAAmB,EACnB,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAwB;IAExD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YACrC,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../src/router/send-redirect.ts"],"names":[],"mappings":";;;AAiCA,4CAOC;AAED,8CAKC;AAED,kDAoBC;AAQD,oCAiBC;AAzFD,6EAAqE;AACrE,mDAA+C;AAC/C,8DAAqD;AAGrD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEnB,QAAA,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEG,QAAA,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,SAAgB,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAChF,CAAC;AAED,SAAgB,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAgB,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,6BAAqB,CAAC,CAAC,CAAC,2BAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAQD,SAAgB,YAAY,CAC1B,GAAmB,EACnB,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAwB;IAExD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YACrC,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}

package/dist/token/token-manager.js

@@ -188,7 +188,7 @@ class TokenManager {
         // @TODO Add another store method that atomically consumes the refresh token
         // with a lock.
         const tokenInfo = await this.findByRefreshToken(token).catch((err) => {
-            throw invalid_token_error_js_1.InvalidTokenError.from(err, `Invalid refresh token`);
+            throw invalid_grant_error_js_1.InvalidGrantError.from(err, `Invalid refresh token`);
         });
         if (!tokenInfo) {
             throw new invalid_grant_error_js_1.InvalidGrantError(`Invalid refresh token`);

package/dist/types/authorization-response-error.d.ts

@@ -0,0 +1,5 @@
+import { z } from 'zod';
+export declare const authorizationResponseErrorSchema: z.ZodUnion<[z.ZodEnum<["invalid_request", "unauthorized_client", "access_denied", "unsupported_response_type", "invalid_scope", "server_error", "temporarily_unavailable"]>, z.ZodEnum<["interaction_required", "login_required", "account_selection_required", "consent_required", "invalid_request_uri", "invalid_request_object", "request_not_supported", "request_uri_not_supported", "registration_not_supported"]>, z.ZodLiteral<"invalid_authorization_details">]>;
+export type AuthorizationResponseError = z.infer<typeof authorizationResponseErrorSchema>;
+export declare function isAuthorizationResponseError<T>(value: T): value is T & AuthorizationResponseError;
+//# sourceMappingURL=authorization-response-error.d.ts.map

package/dist/types/authorization-response-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-response-error.d.ts","sourceRoot":"","sources":["../../src/types/authorization-response-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,gCAAgC,4cAU3C,CAAA;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAC9C,OAAO,gCAAgC,CACxC,CAAA;AAED,wBAAgB,4BAA4B,CAAC,CAAC,EAC5C,KAAK,EAAE,CAAC,GACP,KAAK,IAAI,CAAC,GAAG,0BAA0B,CAEzC"}

package/dist/types/authorization-response-error.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizationResponseErrorSchema = void 0;
+exports.isAuthorizationResponseError = isAuthorizationResponseError;
+const zod_1 = require("zod");
+const oauth_types_1 = require("@atproto/oauth-types");
+exports.authorizationResponseErrorSchema = zod_1.z.union([
+    oauth_types_1.oauthAuthorizationResponseErrorSchema,
+    // OIDC authentication error response are not part of the ATproto flavoured
+    // OAuth but we allow them because they provide better feedback to the client
+    // (in particular when SSO is used).
+    oauth_types_1.oidcAuthorizationResponseErrorSchema,
+    // This error is defined by rfc9396 (not part of the OAuth 2.1 or OIDC). But
+    // since, in ATproto flavoured OAuth, client registration is a dynamic part of
+    // the authorization process, we allow it.
+    zod_1.z.literal('invalid_authorization_details'),
+]);
+function isAuthorizationResponseError(value) {
+    return exports.authorizationResponseErrorSchema.safeParse(value).success;
+}
+//# sourceMappingURL=authorization-response-error.js.map

package/dist/types/authorization-response-error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-response-error.js","sourceRoot":"","sources":["../../src/types/authorization-response-error.ts"],"names":[],"mappings":";;;AAsBA,oEAIC;AA1BD,6BAAuB;AACvB,sDAG6B;AAEhB,QAAA,gCAAgC,GAAG,OAAC,CAAC,KAAK,CAAC;IACtD,mDAAqC;IACrC,2EAA2E;IAC3E,6EAA6E;IAC7E,oCAAoC;IACpC,kDAAoC;IACpC,4EAA4E;IAC5E,8EAA8E;IAC9E,0CAA0C;IAC1C,OAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC;CAC3C,CAAC,CAAA;AAMF,SAAgB,4BAA4B,CAC1C,KAAQ;IAER,OAAO,wCAAgC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AAClE,CAAC"}

package/dist/types/par-response-error.d.ts

@@ -0,0 +1,5 @@
+import { z } from 'zod';
+export declare const parResponseErrorSchema: z.ZodIntersection<z.ZodUnion<[z.ZodEnum<["invalid_request", "unauthorized_client", "access_denied", "unsupported_response_type", "invalid_scope", "server_error", "temporarily_unavailable"]>, z.ZodEnum<["interaction_required", "login_required", "account_selection_required", "consent_required", "invalid_request_uri", "invalid_request_object", "request_not_supported", "request_uri_not_supported", "registration_not_supported"]>, z.ZodLiteral<"invalid_authorization_details">]>, z.ZodEnum<["invalid_request", "unauthorized_client", "unsupported_response_type", "invalid_scope", "server_error", "temporarily_unavailable"]>>;
+export type PARResponseError = z.infer<typeof parResponseErrorSchema>;
+export declare function isPARResponseError<T>(value: T): value is T & PARResponseError;
+//# sourceMappingURL=par-response-error.d.ts.map

package/dist/types/par-response-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"par-response-error.d.ts","sourceRoot":"","sources":["../../src/types/par-response-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAQvB,eAAO,MAAM,sBAAsB,+mBAUlC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAA;AAErE,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,gBAAgB,CAE7E"}

package/dist/types/par-response-error.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parResponseErrorSchema = void 0;
+exports.isPARResponseError = isPARResponseError;
+const zod_1 = require("zod");
+const authorization_response_error_js_1 = require("./authorization-response-error.js");
+// https://datatracker.ietf.org/doc/html/rfc9126#section-2.3-1
+// > Since initial processing of the pushed authorization request does not
+// > involve resource owner interaction, error codes related to user
+// > interaction, such as "access_denied", are never returned.
+exports.parResponseErrorSchema = zod_1.z.intersection(authorization_response_error_js_1.authorizationResponseErrorSchema, zod_1.z.enum([
+    'invalid_request',
+    'unauthorized_client',
+    'unsupported_response_type',
+    'invalid_scope',
+    'server_error',
+    'temporarily_unavailable',
+]));
+function isPARResponseError(value) {
+    return exports.parResponseErrorSchema.safeParse(value).success;
+}
+//# sourceMappingURL=par-response-error.js.map

package/dist/types/par-response-error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"par-response-error.js","sourceRoot":"","sources":["../../src/types/par-response-error.ts"],"names":[],"mappings":";;;AAsBA,gDAEC;AAxBD,6BAAuB;AACvB,uFAAoF;AAEpF,8DAA8D;AAC9D,0EAA0E;AAC1E,oEAAoE;AACpE,8DAA8D;AAEjD,QAAA,sBAAsB,GAAG,OAAC,CAAC,YAAY,CAClD,kEAAgC,EAChC,OAAC,CAAC,IAAI,CAAC;IACL,iBAAiB;IACjB,qBAAqB;IACrB,2BAA2B;IAC3B,eAAe;IACf,cAAc;IACd,yBAAyB;CAC1B,CAAC,CACH,CAAA;AAID,SAAgB,kBAAkB,CAAI,KAAQ;IAC5C,OAAO,8BAAsB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACxD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "license": "MIT",
   "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
   "keywords": [
@@ -51,10 +51,10 @@
     "@atproto/did": "0.1.5",
     "@atproto/jwk": "0.4.0",
     "@atproto/jwk-jose": "0.1.9",
-    "@atproto/oauth-types": "0.3.1",
-    "@atproto/oauth-provider-api": "0.1.5",
-    "@atproto/oauth-provider-frontend": "0.1.9",
-    "@atproto/oauth-provider-ui": "0.1.10",
+    "@atproto/oauth-types": "0.4.0",
+    "@atproto/oauth-provider-api": "0.1.6",
+    "@atproto/oauth-provider-frontend": "0.1.10",
+    "@atproto/oauth-provider-ui": "0.1.11",
     "@atproto/syntax": "0.4.0"
   },
   "devDependencies": {

package/src/client/client.ts

@@ -24,10 +24,10 @@ import {
   OAuthRedirectUri,
 } from '@atproto/oauth-types'
 import { CLIENT_ASSERTION_MAX_AGE, JAR_MAX_AGE } from '../constants.js'
+import { AuthorizationError } from '../errors/authorization-error.js'
 import { InvalidAuthorizationDetailsError } from '../errors/invalid-authorization-details-error.js'
 import { InvalidClientError } from '../errors/invalid-client-error.js'
 import { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'
-import { InvalidParametersError } from '../errors/invalid-parameters-error.js'
 import { InvalidRequestError } from '../errors/invalid-request-error.js'
 import { InvalidScopeError } from '../errors/invalid-scope-error.js'
 import { asArray } from '../lib/util/cast.js'
@@ -285,7 +285,7 @@ export class Client {
     parameters: Readonly<OAuthAuthorizationRequestParameters>,
   ): Readonly<OAuthAuthorizationRequestParameters> {
     if (parameters.client_id !== this.id) {
-      throw new InvalidParametersError(
+      throw new AuthorizationError(
         parameters,
         'The "client_id" parameter field does not match the value used to authenticate the client',
       )
@@ -314,7 +314,7 @@ export class Client {
     }
 
     if (!this.metadata.response_types.includes(parameters.response_type)) {
-      throw new InvalidParametersError(
+      throw new AuthorizationError(
         parameters,
         `Invalid response_type "${parameters.response_type}" requested by the client`,
       )
@@ -322,7 +322,7 @@ export class Client {
 
     if (parameters.response_type.includes('code')) {
       if (!this.metadata.grant_types.includes('authorization_code')) {
-        throw new InvalidParametersError(
+        throw new AuthorizationError(
           parameters,
           `This client is not allowed to use the "authorization_code" grant type`,
         )
@@ -336,7 +336,7 @@ export class Client {
           compareRedirectUri(uri, redirect_uri),
         )
       ) {
-        throw new InvalidParametersError(
+        throw new AuthorizationError(
           parameters,
           `Invalid redirect_uri ${redirect_uri}`,
         )
@@ -351,7 +351,7 @@ export class Client {
         // > "redirect_uri": OPTIONAL if only one redirect URI is registered for
         // > this client. REQUIRED if multiple redirect URIs are registered for this
         // > client.
-        throw new InvalidParametersError(parameters, 'redirect_uri is required')
+        throw new AuthorizationError(parameters, 'redirect_uri is required')
       }
     }
 

package/src/device/device-manager.ts

@@ -261,7 +261,7 @@ export class DeviceManager {
     const rawValue = Object.hasOwn(cookies, name) ? cookies[name] : null
     if (!rawValue) return null
 
-    const result = schema.safeParse(rawValue, { path: ['cookie', name] })
+    const result = schema.safeParse(rawValue)
     if (!result.success) return null
 
     const value = result.data

package/src/dpop/dpop-manager.ts

@@ -68,7 +68,7 @@ export class DpopManager {
       maxTokenAge: 10, // Will ensure presence & validity of "iat" claim
       clockTolerance: DPOP_NONCE_MAX_AGE / 1e3,
     }).catch((err) => {
-      throw newInvalidDpopProofError('Failed to verify DPoP proof', err)
+      throw wrapInvalidDpopProofError(err, 'Failed to verify DPoP proof')
     })
 
     // @NOTE For legacy & backwards compatibility reason, we cannot use
@@ -86,20 +86,20 @@ export class DpopManager {
     const { ath, htm, htu, jti, nonce } = payload
 
     if (nonce !== undefined && typeof nonce !== 'string') {
-      throw newInvalidDpopProofError('Invalid DPoP "nonce" type')
+      throw new InvalidDpopProofError('Invalid DPoP "nonce" type')
     }
 
     if (!jti || typeof jti !== 'string') {
-      throw newInvalidDpopProofError('DPoP "jti" missing')
+      throw new InvalidDpopProofError('DPoP "jti" missing')
     }
 
     // Note rfc9110#section-9.1 states that the method name is case-sensitive
     if (!htm || htm !== httpMethod) {
-      throw newInvalidDpopProofError('DPoP "htm" mismatch')
+      throw new InvalidDpopProofError('DPoP "htm" mismatch')
     }
 
     if (!htu || typeof htu !== 'string') {
-      throw newInvalidDpopProofError('Invalid DPoP "htu" type')
+      throw new InvalidDpopProofError('Invalid DPoP "htu" type')
     }
 
     // > To reduce the likelihood of false negatives, servers SHOULD employ
@@ -109,7 +109,7 @@ export class DpopManager {
     //
     // RFC9449 section 4.3. Checking DPoP Proofs - https://datatracker.ietf.org/doc/html/rfc9449#section-4.3
     if (!htu || parseHtu(htu) !== normalizeHtuUrl(httpUrl)) {
-      throw newInvalidDpopProofError('DPoP "htu" mismatch')
+      throw new InvalidDpopProofError('DPoP "htu" mismatch')
     }
 
     if (!nonce && this.dpopNonce) {
@@ -123,17 +123,17 @@ export class DpopManager {
     if (accessToken) {
       const accessTokenHash = createHash('sha256').update(accessToken).digest()
       if (ath !== accessTokenHash.toString('base64url')) {
-        throw newInvalidDpopProofError('DPoP "ath" mismatch')
+        throw new InvalidDpopProofError('DPoP "ath" mismatch')
       }
     } else if (ath !== undefined) {
-      throw newInvalidDpopProofError('DPoP "ath" claim not allowed')
+      throw new InvalidDpopProofError('DPoP "ath" claim not allowed')
     }
 
     // @NOTE we can assert there is a jwk because the jwtVerify used the
     // EmbeddedJWK key getter mechanism.
     const jwk = protectedHeader.jwk!
     const jkt = await calculateJwkThumbprint(jwk, 'sha256').catch((err) => {
-      throw newInvalidDpopProofError('Failed to calculate jkt', err)
+      throw wrapInvalidDpopProofError(err, 'Failed to calculate jkt')
     })
 
     return { jti, jkt, htm, htu }
@@ -147,12 +147,12 @@ function extractProof(
   switch (typeof dpopHeader) {
     case 'string':
       if (dpopHeader) return dpopHeader
-      throw newInvalidDpopProofError('DPoP header cannot be empty')
+      throw new InvalidDpopProofError('DPoP header cannot be empty')
     case 'object':
       // @NOTE the "0" case should never happen a node.js HTTP server will only
       // return an array if the header is set multiple times.
       if (dpopHeader.length === 1 && dpopHeader[0]) return dpopHeader[0]!
-      throw newInvalidDpopProofError('DPoP header must contain a single proof')
+      throw new InvalidDpopProofError('DPoP header must contain a single proof')
     default:
       return null
   }
@@ -177,7 +177,7 @@ function normalizeHtuUrl(url: Readonly<URL>): string {
 function parseHtu(htu: string): string {
   const url = ifURL(htu)
   if (!url) {
-    throw newInvalidDpopProofError('DPoP "htu" is not a valid URL')
+    throw new InvalidDpopProofError('DPoP "htu" is not a valid URL')
   }
 
   // @NOTE the checks bellow can be removed once once jwtPayloadSchema is used
@@ -185,11 +185,11 @@ function parseHtu(htu: string): string {
   // (though the htuSchema).
 
   if (url.password || url.username) {
-    throw newInvalidDpopProofError('DPoP "htu" must not contain credentials')
+    throw new InvalidDpopProofError('DPoP "htu" must not contain credentials')
   }
 
   if (url.protocol !== 'http:' && url.protocol !== 'https:') {
-    throw newInvalidDpopProofError('DPoP "htu" must be http or https')
+    throw new InvalidDpopProofError('DPoP "htu" must be http or https')
   }
 
   // @NOTE For legacy & backwards compatibility reason, we allow a query and
@@ -200,9 +200,9 @@ function parseHtu(htu: string): string {
   return normalizeHtuUrl(url)
 }
 
-function newInvalidDpopProofError(
+function wrapInvalidDpopProofError(
+  err: unknown,
   title: string,
-  err?: unknown,
 ): InvalidDpopProofError {
   const msg =
     err instanceof JOSEError || err instanceof ValidationError

package/src/errors/access-denied-error.ts

@@ -1,39 +1,12 @@
-import {
-  OAuthAuthenticationErrorResponse,
-  OAuthAuthorizationRequestParameters,
-  OidcAuthenticationErrorResponse,
-} from '@atproto/oauth-types'
-import { buildErrorPayload } from './error-parser.js'
-import { OAuthError } from './oauth-error.js'
+import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'
+import { AuthorizationError } from './authorization-error.js'
 
-export type AuthenticationErrorResponse =
-  | OAuthAuthenticationErrorResponse
-  // OIDC authentication error response are not part of the ATproto flavoured
-  // OAuth but we allow them because they provide better feedback to the client
-  // (in particular when SSO is used).
-  | OidcAuthenticationErrorResponse
-  // This error is defined by rfc9396 (not part of the OAuth 2.1 or OIDC). But
-  // since, in ATproto flavoured OAuth, client registration is a dynamic part of
-  // the authorization process, we allow it.
-  | 'invalid_authorization_details'
-
-export class AccessDeniedError extends OAuthError {
+export class AccessDeniedError extends AuthorizationError {
   constructor(
-    public readonly parameters: OAuthAuthorizationRequestParameters,
-    error_description: string,
-    error: AuthenticationErrorResponse = 'access_denied',
+    parameters: OAuthAuthorizationRequestParameters,
+    error_description = 'Access denied',
     cause?: unknown,
   ) {
-    super(error, error_description, 400, cause)
-  }
-
-  static from(
-    parameters: OAuthAuthorizationRequestParameters,
-    cause: unknown,
-    error: AuthenticationErrorResponse,
-  ): AccessDeniedError {
-    if (cause instanceof AccessDeniedError) return cause
-    const { error_description } = buildErrorPayload(cause)
-    return new AccessDeniedError(parameters, error_description, error, cause)
+    super(parameters, error_description, 'access_denied', cause)
   }
 }

package/src/errors/account-selection-required-error.ts

@@ -1,7 +1,7 @@
 import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'
-import { AccessDeniedError } from './access-denied-error.js'
+import { AuthorizationError } from './authorization-error.js'
 
-export class AccountSelectionRequiredError extends AccessDeniedError {
+export class AccountSelectionRequiredError extends AuthorizationError {
   constructor(
     parameters: OAuthAuthorizationRequestParameters,
     error_description = 'Account selection required',