@atproto/oauth-types 0.1.0

package/dist/oauth-client-id-discoverable.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseOAuthDiscoverableClientId = exports.isOAuthClientIdDiscoverable = void 0;
+const oauth_client_id_url_js_1 = require("./oauth-client-id-url.js");
+const util_js_1 = require("./util.js");
+function isOAuthClientIdDiscoverable(clientId) {
+    try {
+        parseOAuthDiscoverableClientId(clientId);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+exports.isOAuthClientIdDiscoverable = isOAuthClientIdDiscoverable;
+function parseOAuthDiscoverableClientId(clientId) {
+    const url = (0, oauth_client_id_url_js_1.parseOAuthClientIdUrl)(clientId);
+    // Optimization: cheap checks first
+    if (url.hostname === 'localhost') {
+        throw new TypeError('ClientID must not be a loopback hostname');
+    }
+    if (url.protocol !== 'https:') {
+        throw new TypeError('ClientID must use the "https:" protocol');
+    }
+    if (url.hash) {
+        throw new TypeError('ClientID must not contain a fragment');
+    }
+    if (url.username || url.password) {
+        throw new TypeError('ClientID must not contain credentials');
+    }
+    if (url.pathname === '/') {
+        throw new TypeError('ClientID must contain a path (e.g. "/client-metadata")');
+    }
+    if (url.pathname !== '/' && url.pathname.endsWith('/')) {
+        throw new TypeError('ClientID must not end with a trailing slash');
+    }
+    if (url.pathname.includes('//')) {
+        throw new TypeError(`ClientID must not contain any double slashes in its path`);
+    }
+    // Note: Query string is allowed
+    // Note: no restriction on the port for non-loopback URIs
+    if ((0, util_js_1.isIP)(url.hostname)) {
+        throw new TypeError('ClientID must not be an IP address');
+    }
+    return url;
+}
+exports.parseOAuthDiscoverableClientId = parseOAuthDiscoverableClientId;
+//# sourceMappingURL=oauth-client-id-discoverable.js.map

package/dist/oauth-client-id-discoverable.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AAAA,qEAAgE;AAEhE,uCAAgC;AAOhC,SAAgB,2BAA2B,CACzC,QAAW;IAEX,IAAI,CAAC;QACH,8BAA8B,CAAC,QAAQ,CAAC,CAAA;QACxC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AATD,kEASC;AAED,SAAgB,8BAA8B,CAAC,QAAuB;IACpE,MAAM,GAAG,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE3C,mCAAmC;IAEnC,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAA;IACjE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;IAChE,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CACjB,wDAAwD,CACzD,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,6CAA6C,CAAC,CAAA;IACpE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CACjB,0DAA0D,CAC3D,CAAA;IACH,CAAC;IAED,gCAAgC;IAChC,yDAAyD;IAEzD,IAAI,IAAA,cAAI,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAA;IAC3D,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AA7CD,wEA6CC"}

package/dist/oauth-client-id-loopback.d.ts

@@ -0,0 +1,5 @@
+import { OAuthClientId } from './oauth-client-id.js';
+export type OAuthClientIdLoopback = OAuthClientId & `http://localhost${'' | `${'/' | '?' | '#'}${string}`}`;
+export declare function isOAuthClientIdLoopback<C extends OAuthClientId>(clientId: C): clientId is C & OAuthClientIdLoopback;
+export declare function parseOAuthLoopbackClientId(clientId: OAuthClientId): URL;
+//# sourceMappingURL=oauth-client-id-loopback.d.ts.map

package/dist/oauth-client-id-loopback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEpD,MAAM,MAAM,qBAAqB,GAAG,aAAa,GAC/C,mBAAmB,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,MAAM,EAAE,EAAE,CAAA;AAEzD,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,aAAa,EAC7D,QAAQ,EAAE,CAAC,GACV,QAAQ,IAAI,CAAC,GAAG,qBAAqB,CAOvC;AAED,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,aAAa,GAAG,GAAG,CAwCvE"}

package/dist/oauth-client-id-loopback.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseOAuthLoopbackClientId = exports.isOAuthClientIdLoopback = void 0;
+const oauth_client_id_url_js_1 = require("./oauth-client-id-url.js");
+function isOAuthClientIdLoopback(clientId) {
+    try {
+        parseOAuthLoopbackClientId(clientId);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+exports.isOAuthClientIdLoopback = isOAuthClientIdLoopback;
+function parseOAuthLoopbackClientId(clientId) {
+    const url = (0, oauth_client_id_url_js_1.parseOAuthClientIdUrl)(clientId);
+    // Optimization: cheap checks first
+    if (url.protocol !== 'http:') {
+        throw new TypeError('Loopback ClientID must use the "http:" protocol');
+    }
+    if (url.hostname !== 'localhost') {
+        throw new TypeError('Loopback ClientID must use the "localhost" hostname');
+    }
+    if (url.hash) {
+        throw new TypeError('Loopback ClientID must not contain a fragment');
+    }
+    if (url.username || url.password) {
+        throw new TypeError('Loopback ClientID must not contain credentials');
+    }
+    if (url.port) {
+        throw new TypeError('Loopback ClientID must not contain a port');
+    }
+    // Note: url.pathname === '/' is allowed for loopback URIs
+    if (url.pathname !== '/' && url.pathname.endsWith('/')) {
+        throw new TypeError('Loopback ClientID must not end with a trailing slash');
+    }
+    if (url.pathname.includes('//')) {
+        throw new TypeError(`Loopback ClientID must not contain any double slashes in its path`);
+    }
+    // Note: Query string is allowed
+    return url;
+}
+exports.parseOAuthLoopbackClientId = parseOAuthLoopbackClientId;
+//# sourceMappingURL=oauth-client-id-loopback.js.map

package/dist/oauth-client-id-loopback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id-loopback.js","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":";;;AAAA,qEAAgE;AAMhE,SAAgB,uBAAuB,CACrC,QAAW;IAEX,IAAI,CAAC;QACH,0BAA0B,CAAC,QAAQ,CAAC,CAAA;QACpC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AATD,0DASC;AAED,SAAgB,0BAA0B,CAAC,QAAuB;IAChE,MAAM,GAAG,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE3C,mCAAmC;IAEnC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAA;IACxE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,qDAAqD,CAAC,CAAA;IAC5E,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAA;IACvE,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,0DAA0D;IAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAA;IAC7E,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CACjB,mEAAmE,CACpE,CAAA;IACH,CAAC;IAED,gCAAgC;IAEhC,OAAO,GAAG,CAAA;AACZ,CAAC;AAxCD,gEAwCC"}

package/dist/oauth-client-id-url.d.ts

@@ -0,0 +1,3 @@
+import { OAuthClientId } from './oauth-client-id.js';
+export declare function parseOAuthClientIdUrl(clientId: OAuthClientId): URL;
+//# sourceMappingURL=oauth-client-id-url.d.ts.map

package/dist/oauth-client-id-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id-url.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEpD,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,aAAa,GAAG,GAAG,CAsBlE"}

package/dist/oauth-client-id-url.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseOAuthClientIdUrl = void 0;
+function parseOAuthClientIdUrl(clientId) {
+    if (clientId.endsWith('/')) {
+        throw new TypeError('ClientID must not end with a trailing slash');
+    }
+    const url = new URL(clientId);
+    if (url.protocol !== 'https:' && url.protocol !== 'http:') {
+        throw new TypeError('ClientID must use the "https:" or "http:" protocol');
+    }
+    url.searchParams.sort();
+    // URL constructor normalizes the URL, so we need to compare the canonical form
+    const canonicalUri = url.pathname === '/' ? url.origin + url.search : url.href;
+    if (canonicalUri !== clientId) {
+        throw new TypeError(`ClientID must be in canonical form ("${canonicalUri}", got "${clientId}")`);
+    }
+    return url;
+}
+exports.parseOAuthClientIdUrl = parseOAuthClientIdUrl;
+//# sourceMappingURL=oauth-client-id-url.js.map

package/dist/oauth-client-id-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id-url.js","sourceRoot":"","sources":["../src/oauth-client-id-url.ts"],"names":[],"mappings":";;;AAEA,SAAgB,qBAAqB,CAAC,QAAuB;IAC3D,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,SAAS,CAAC,6CAA6C,CAAC,CAAA;IACpE,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAA;IAE7B,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC1D,MAAM,IAAI,SAAS,CAAC,oDAAoD,CAAC,CAAA;IAC3E,CAAC;IAED,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAA;IAEvB,+EAA+E;IAC/E,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;IAC9E,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CACjB,wCAAwC,YAAY,WAAW,QAAQ,IAAI,CAC5E,CAAA;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAtBD,sDAsBC"}

package/dist/oauth-client-id.d.ts

@@ -0,0 +1,4 @@
+import { z } from 'zod';
+export declare const oauthClientIdSchema: z.ZodString;
+export type OAuthClientId = z.infer<typeof oauthClientIdSchema>;
+//# sourceMappingURL=oauth-client-id.d.ts.map

package/dist/oauth-client-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id.d.ts","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA"}

package/dist/oauth-client-id.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthClientIdSchema = void 0;
+const zod_1 = require("zod");
+exports.oauthClientIdSchema = zod_1.z.string().min(1);
+//# sourceMappingURL=oauth-client-id.js.map

package/dist/oauth-client-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA"}

package/dist/oauth-client-identification.d.ts

@@ -0,0 +1,31 @@
+import { z } from 'zod';
+export declare const oauthClientIdentificationSchema: z.ZodUnion<[z.ZodUnion<[z.ZodObject<{
+    client_id: z.ZodString;
+    client_assertion_type: z.ZodLiteral<"urn:ietf:params:oauth:client-assertion-type:jwt-bearer">;
+    client_assertion: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+    client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
+    client_assertion: `${string}.${string}.${string}`;
+}, {
+    client_id: string;
+    client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
+    client_assertion: string;
+}>, z.ZodObject<{
+    client_id: z.ZodString;
+    client_secret: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+    client_secret: string;
+}, {
+    client_id: string;
+    client_secret: string;
+}>]>, z.ZodObject<{
+    client_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+}, {
+    client_id: string;
+}>]>;
+export type OAuthClientIdentification = z.infer<typeof oauthClientIdentificationSchema>;
+//# sourceMappingURL=oauth-client-identification.d.ts.map

package/dist/oauth-client-identification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-identification.d.ts","sourceRoot":"","sources":["../src/oauth-client-identification.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI1C,CAAA;AAEF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAA"}

package/dist/oauth-client-identification.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthClientIdentificationSchema = void 0;
+const zod_1 = require("zod");
+const oauth_client_id_js_1 = require("./oauth-client-id.js");
+const oauth_client_credentials_js_1 = require("./oauth-client-credentials.js");
+exports.oauthClientIdentificationSchema = zod_1.z.union([
+    oauth_client_credentials_js_1.oauthClientCredentialsSchema,
+    // Must be last since it is less specific
+    zod_1.z.object({ client_id: oauth_client_id_js_1.oauthClientIdSchema }),
+]);
+//# sourceMappingURL=oauth-client-identification.js.map

package/dist/oauth-client-identification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-identification.js","sourceRoot":"","sources":["../src/oauth-client-identification.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,6DAA0D;AAC1D,+EAA4E;AAE/D,QAAA,+BAA+B,GAAG,OAAC,CAAC,KAAK,CAAC;IACrD,0DAA4B;IAC5B,yCAAyC;IACzC,OAAC,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,wCAAmB,EAAE,CAAC;CAC7C,CAAC,CAAA"}