@atproto/oauth-types 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +10 -0
- package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
- package/dist/atproto-loopback-client-metadata.js +2 -3
- package/dist/atproto-loopback-client-metadata.js.map +1 -1
- package/dist/oauth-authentication-request-parameters.d.ts +1 -1
- package/dist/oauth-authentication-request-parameters.d.ts.map +1 -1
- package/dist/oauth-authentication-request-parameters.js +7 -14
- package/dist/oauth-authentication-request-parameters.js.map +1 -1
- package/dist/oauth-response-type.js +2 -2
- package/dist/oauth-response-type.js.map +1 -1
- package/dist/oauth-token-response.d.ts +0 -3
- package/dist/oauth-token-response.d.ts.map +1 -1
- package/dist/oauth-token-response.js +0 -1
- package/dist/oauth-token-response.js.map +1 -1
- package/package.json +1 -1
- package/src/atproto-loopback-client-metadata.ts +2 -3
- package/src/oauth-authentication-request-parameters.ts +7 -15
- package/src/oauth-response-type.ts +2 -2
- package/src/oauth-token-response.ts +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# @atproto/oauth-types
|
|
2
2
|
|
|
3
|
+
## 0.1.4
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Validate scopes characters according to OAuth 2.1 spec
|
|
8
|
+
|
|
9
|
+
- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Re-use code definition of oauthResponseTypeSchema
|
|
10
|
+
|
|
11
|
+
- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove non-standard "sub" from OAuthTokenResponse
|
|
12
|
+
|
|
3
13
|
## 0.1.3
|
|
4
14
|
|
|
5
15
|
### Patch Changes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"atproto-loopback-client-metadata.d.ts","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AAGrE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,MAAM,GACf,wBAAwB,
|
|
1
|
+
{"version":3,"file":"atproto-loopback-client-metadata.d.ts","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AAGrE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,MAAM,GACf,wBAAwB,CA6B1B"}
|
|
@@ -17,9 +17,8 @@ function atprotoLoopbackClientMetadata(clientId) {
|
|
|
17
17
|
return {
|
|
18
18
|
client_id: clientId,
|
|
19
19
|
client_name: 'Loopback client',
|
|
20
|
-
response_types: ['code
|
|
21
|
-
grant_types: ['authorization_code', '
|
|
22
|
-
scope: 'openid profile offline_access',
|
|
20
|
+
response_types: ['code'],
|
|
21
|
+
grant_types: ['authorization_code', 'refresh_token'],
|
|
23
22
|
redirect_uris: (redirectUris.length
|
|
24
23
|
? redirectUris
|
|
25
24
|
: ['127.0.0.1', '[::1]'].map((ip) => Object.assign(new URL(pathname, origin), { hostname: ip }).href)),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"atproto-loopback-client-metadata.js","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":";;;AAAA,+EAAuE;AAEvE,qEAAgE;AAEhE,SAAgB,6BAA6B,CAC3C,QAAgB;IAEhB,IAAI,CAAC,IAAA,qDAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,QAAQ,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE1E,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,2BAA2B,IAAI,eAAe,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IAExD,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iBAAiB;QAC9B,cAAc,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"atproto-loopback-client-metadata.js","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":";;;AAAA,+EAAuE;AAEvE,qEAAgE;AAEhE,SAAgB,6BAA6B,CAC3C,QAAgB;IAEhB,IAAI,CAAC,IAAA,qDAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,QAAQ,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE1E,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,2BAA2B,IAAI,eAAe,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IAExD,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iBAAiB;QAC9B,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QACpD,aAAa,EAAE,CAAC,YAAY,CAAC,MAAM;YACjC,CAAC,CAAC,YAAY;YACd,CAAC,CAAE,CAAC,WAAW,EAAE,OAAO,CAAW,CAAC,GAAG,CACnC,CAAC,EAAE,EAAE,EAAE,CACL,MAAM,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAClE,CAA0B;QAC/B,0BAA0B,EAAE,MAAM;QAClC,gBAAgB,EAAE,QAAQ;QAC1B,wBAAwB,EAAE,IAAI;KAC/B,CAAA;AACH,CAAC;AA/BD,sEA+BC"}
|
|
@@ -7,7 +7,7 @@ export declare const oauthAuthenticationRequestParametersSchema: z.ZodObject<{
|
|
|
7
7
|
state: z.ZodOptional<z.ZodString>;
|
|
8
8
|
nonce: z.ZodOptional<z.ZodString>;
|
|
9
9
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
10
|
-
response_type: z.ZodEnum<["code", "token", "
|
|
10
|
+
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
11
11
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
12
12
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
13
13
|
code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authentication-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-authentication-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AASvB;;GAEG;AACH,eAAO,MAAM,0CAA0C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAiErD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG,CAAC,CAAC,KAAK,CACxD,OAAO,0CAA0C,CAClD,CAAA"}
|
|
@@ -5,6 +5,7 @@ const jwk_1 = require("@atproto/jwk");
|
|
|
5
5
|
const zod_1 = require("zod");
|
|
6
6
|
const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
|
|
7
7
|
const oauth_client_id_js_1 = require("./oauth-client-id.js");
|
|
8
|
+
const oauth_response_type_js_1 = require("./oauth-response-type.js");
|
|
8
9
|
const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
|
|
9
10
|
const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
|
|
10
11
|
const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
|
|
@@ -16,28 +17,20 @@ exports.oauthAuthenticationRequestParametersSchema = zod_1.z.object({
|
|
|
16
17
|
state: zod_1.z.string().optional(),
|
|
17
18
|
nonce: zod_1.z.string().optional(),
|
|
18
19
|
dpop_jkt: zod_1.z.string().optional(),
|
|
19
|
-
response_type:
|
|
20
|
-
// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
|
|
21
|
-
'code',
|
|
22
|
-
'token',
|
|
23
|
-
// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
|
|
24
|
-
'id_token',
|
|
25
|
-
'none',
|
|
26
|
-
'code token',
|
|
27
|
-
'code id_token',
|
|
28
|
-
'id_token token',
|
|
29
|
-
'code id_token token',
|
|
30
|
-
]),
|
|
20
|
+
response_type: oauth_response_type_js_1.oauthResponseTypeSchema,
|
|
31
21
|
// Default depend on response_type
|
|
32
22
|
response_mode: zod_1.z.enum(['query', 'fragment', 'form_post']).optional(),
|
|
33
23
|
// PKCE
|
|
34
24
|
code_challenge: zod_1.z.string().optional(),
|
|
35
25
|
code_challenge_method: zod_1.z.enum(['S256', 'plain']).default('S256').optional(),
|
|
36
26
|
redirect_uri: zod_1.z.string().url().optional(),
|
|
37
|
-
//
|
|
27
|
+
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
|
|
28
|
+
// scope = scope-token *( SP scope-token )
|
|
29
|
+
// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
|
|
30
|
+
// = Basically most ASCII characters except backslash and double quote
|
|
38
31
|
scope: zod_1.z
|
|
39
32
|
.string()
|
|
40
|
-
.regex(/^[
|
|
33
|
+
.regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
|
|
41
34
|
.optional(),
|
|
42
35
|
// OIDC
|
|
43
36
|
// Specifies the allowable elapsed time in seconds since the last time the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authentication-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,6DAA0D;AAC1D,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,0CAA0C,GAAG,OAAC,CAAC,MAAM,CAAC;IACjE,SAAS,EAAE,wCAAmB;IAE9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"oauth-authentication-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,6DAA0D;AAC1D,qEAAkE;AAClE,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,0CAA0C,GAAG,OAAC,CAAC,MAAM,CAAC;IACjE,SAAS,EAAE,wCAAmB;IAE9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,aAAa,EAAE,gDAAuB;IAEtC,kCAAkC;IAClC,aAAa,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEpE,OAAO;IACP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;IAE3E,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC,+EAA+E;IAC/E,gDAAgD;IAChD,+CAA+C;IAC/C,sEAAsE;IACtE,KAAK,EAAE,OAAC;SACL,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC;SAC3D,QAAQ,EAAE;IAEb,OAAO;IAEP,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3C,MAAM,EAAE,OAAC;SACN,MAAM,CACL,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,gDAAgD,CAAC,CAAC,cAAc;SACtE,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEtD;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAA"}
|
|
@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.oauthResponseTypeSchema = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
exports.oauthResponseTypeSchema = zod_1.z.enum([
|
|
6
|
-
//
|
|
6
|
+
// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
|
|
7
7
|
'code', // Authorization Code Grant
|
|
8
8
|
'token', // Implicit Grant
|
|
9
|
-
//
|
|
9
|
+
// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
|
|
10
10
|
'none',
|
|
11
11
|
'code id_token token',
|
|
12
12
|
'code id_token',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,
|
|
1
|
+
{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA"}
|
|
@@ -6,7 +6,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
|
|
|
6
6
|
access_token: z.ZodString;
|
|
7
7
|
token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
|
|
8
8
|
issuer: z.ZodOptional<z.ZodString>;
|
|
9
|
-
sub: z.ZodOptional<z.ZodString>;
|
|
10
9
|
scope: z.ZodOptional<z.ZodString>;
|
|
11
10
|
id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
12
11
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
@@ -37,7 +36,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
|
|
|
37
36
|
access_token: z.ZodString;
|
|
38
37
|
token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
|
|
39
38
|
issuer: z.ZodOptional<z.ZodString>;
|
|
40
|
-
sub: z.ZodOptional<z.ZodString>;
|
|
41
39
|
scope: z.ZodOptional<z.ZodString>;
|
|
42
40
|
id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
43
41
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
@@ -68,7 +66,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
|
|
|
68
66
|
access_token: z.ZodString;
|
|
69
67
|
token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
|
|
70
68
|
issuer: z.ZodOptional<z.ZodString>;
|
|
71
|
-
sub: z.ZodOptional<z.ZodString>;
|
|
72
69
|
scope: z.ZodOptional<z.ZodString>;
|
|
73
70
|
id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
74
71
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-response.d.ts","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,wBAAwB
|
|
1
|
+
{"version":3,"file":"oauth-token-response.d.ts","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAarB,CAAA;AAEhB;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAA"}
|
|
@@ -13,7 +13,6 @@ exports.oauthTokenResponseSchema = zod_1.z
|
|
|
13
13
|
access_token: zod_1.z.string(),
|
|
14
14
|
token_type: oauth_token_type_js_1.oauthTokenTypeSchema,
|
|
15
15
|
issuer: zod_1.z.string().url().optional(),
|
|
16
|
-
sub: zod_1.z.string().optional(),
|
|
17
16
|
scope: zod_1.z.string().optional(),
|
|
18
17
|
id_token: jwk_1.signedJwtSchema.optional(),
|
|
19
18
|
refresh_token: zod_1.z.string().optional(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnC,
|
|
1
|
+
{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA"}
|
package/package.json
CHANGED
|
@@ -21,9 +21,8 @@ export function atprotoLoopbackClientMetadata(
|
|
|
21
21
|
return {
|
|
22
22
|
client_id: clientId,
|
|
23
23
|
client_name: 'Loopback client',
|
|
24
|
-
response_types: ['code
|
|
25
|
-
grant_types: ['authorization_code', '
|
|
26
|
-
scope: 'openid profile offline_access',
|
|
24
|
+
response_types: ['code'],
|
|
25
|
+
grant_types: ['authorization_code', 'refresh_token'],
|
|
27
26
|
redirect_uris: (redirectUris.length
|
|
28
27
|
? redirectUris
|
|
29
28
|
: (['127.0.0.1', '[::1]'] as const).map(
|
|
@@ -3,6 +3,7 @@ import { z } from 'zod'
|
|
|
3
3
|
|
|
4
4
|
import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'
|
|
5
5
|
import { oauthClientIdSchema } from './oauth-client-id.js'
|
|
6
|
+
import { oauthResponseTypeSchema } from './oauth-response-type.js'
|
|
6
7
|
import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'
|
|
7
8
|
import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'
|
|
8
9
|
import { oidcEntityTypeSchema } from './oidc-entity-type.js'
|
|
@@ -17,19 +18,7 @@ export const oauthAuthenticationRequestParametersSchema = z.object({
|
|
|
17
18
|
nonce: z.string().optional(),
|
|
18
19
|
dpop_jkt: z.string().optional(),
|
|
19
20
|
|
|
20
|
-
response_type:
|
|
21
|
-
// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
|
|
22
|
-
'code',
|
|
23
|
-
'token',
|
|
24
|
-
|
|
25
|
-
// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
|
|
26
|
-
'id_token',
|
|
27
|
-
'none',
|
|
28
|
-
'code token',
|
|
29
|
-
'code id_token',
|
|
30
|
-
'id_token token',
|
|
31
|
-
'code id_token token',
|
|
32
|
-
]),
|
|
21
|
+
response_type: oauthResponseTypeSchema,
|
|
33
22
|
|
|
34
23
|
// Default depend on response_type
|
|
35
24
|
response_mode: z.enum(['query', 'fragment', 'form_post']).optional(),
|
|
@@ -40,10 +29,13 @@ export const oauthAuthenticationRequestParametersSchema = z.object({
|
|
|
40
29
|
|
|
41
30
|
redirect_uri: z.string().url().optional(),
|
|
42
31
|
|
|
43
|
-
//
|
|
32
|
+
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
|
|
33
|
+
// scope = scope-token *( SP scope-token )
|
|
34
|
+
// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
|
|
35
|
+
// = Basically most ASCII characters except backslash and double quote
|
|
44
36
|
scope: z
|
|
45
37
|
.string()
|
|
46
|
-
.regex(/^[
|
|
38
|
+
.regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
|
|
47
39
|
.optional(),
|
|
48
40
|
|
|
49
41
|
// OIDC
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { z } from 'zod'
|
|
2
2
|
|
|
3
3
|
export const oauthResponseTypeSchema = z.enum([
|
|
4
|
-
//
|
|
4
|
+
// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
|
|
5
5
|
'code', // Authorization Code Grant
|
|
6
6
|
'token', // Implicit Grant
|
|
7
7
|
|
|
8
|
-
//
|
|
8
|
+
// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
|
|
9
9
|
'none',
|
|
10
10
|
'code id_token token',
|
|
11
11
|
'code id_token',
|
|
@@ -12,7 +12,6 @@ export const oauthTokenResponseSchema = z
|
|
|
12
12
|
access_token: z.string(),
|
|
13
13
|
token_type: oauthTokenTypeSchema,
|
|
14
14
|
issuer: z.string().url().optional(),
|
|
15
|
-
sub: z.string().optional(),
|
|
16
15
|
scope: z.string().optional(),
|
|
17
16
|
id_token: signedJwtSchema.optional(),
|
|
18
17
|
refresh_token: z.string().optional(),
|