@aura-stack/auth 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +36 -1
- package/dist/@types/index.cjs +0 -18
- package/dist/@types/index.d.ts +2 -12
- package/dist/@types/index.js +0 -1
- package/dist/assert-_fBNnaOk.js +3 -0
- package/dist/assert-hDwQ_SPO.cjs +3 -0
- package/dist/client/index.cjs +1 -135
- package/dist/client/index.d.ts +11 -14
- package/dist/client/index.js +1 -10
- package/dist/crypto-D6_SoGMH.cjs +1 -0
- package/dist/crypto-DyrRzBSQ.js +1 -0
- package/dist/env-7as-tgzO.cjs +1 -0
- package/dist/env-CJtSi1eX.js +1 -0
- package/dist/errors-Czt_w1t_.js +1 -0
- package/dist/errors-DcK2ELlk.cjs +1 -0
- package/dist/identity-b8FCr0Oa.cjs +1 -0
- package/dist/index-C9U6ICDT.d.ts +2796 -0
- package/dist/index.cjs +1 -2427
- package/dist/index.d.ts +2 -14
- package/dist/index.js +1 -59
- package/dist/logger-DjXkgSn5.js +1 -0
- package/dist/logger-G5PinyEc.cjs +1 -0
- package/dist/oauth/atlassian.cjs +1 -57
- package/dist/oauth/atlassian.d.ts +2 -12
- package/dist/oauth/atlassian.js +1 -6
- package/dist/oauth/bitbucket.cjs +1 -49
- package/dist/oauth/bitbucket.d.ts +2 -12
- package/dist/oauth/bitbucket.js +1 -6
- package/dist/oauth/click-up.cjs +1 -0
- package/dist/oauth/click-up.d.ts +2 -0
- package/dist/oauth/click-up.js +1 -0
- package/dist/oauth/discord.cjs +1 -57
- package/dist/oauth/discord.d.ts +2 -12
- package/dist/oauth/discord.js +1 -6
- package/dist/oauth/dribbble.cjs +1 -0
- package/dist/oauth/dribbble.d.ts +2 -0
- package/dist/oauth/dribbble.js +1 -0
- package/dist/oauth/dropbox.cjs +1 -53
- package/dist/oauth/dropbox.d.ts +2 -12
- package/dist/oauth/dropbox.js +1 -6
- package/dist/oauth/figma.cjs +1 -49
- package/dist/oauth/figma.d.ts +2 -12
- package/dist/oauth/figma.js +1 -6
- package/dist/oauth/github.cjs +1 -49
- package/dist/oauth/github.d.ts +2 -12
- package/dist/oauth/github.js +1 -6
- package/dist/oauth/gitlab.cjs +1 -49
- package/dist/oauth/gitlab.d.ts +2 -12
- package/dist/oauth/gitlab.js +1 -6
- package/dist/oauth/index.cjs +1 -673
- package/dist/oauth/index.d.ts +2 -12
- package/dist/oauth/index.js +1 -68
- package/dist/oauth/mailchimp.cjs +1 -49
- package/dist/oauth/mailchimp.d.ts +2 -12
- package/dist/oauth/mailchimp.js +1 -6
- package/dist/oauth/notion.cjs +1 -131
- package/dist/oauth/notion.d.ts +2 -12
- package/dist/oauth/notion.js +1 -9
- package/dist/oauth/pinterest.cjs +1 -49
- package/dist/oauth/pinterest.d.ts +2 -12
- package/dist/oauth/pinterest.js +1 -6
- package/dist/oauth/spotify.cjs +1 -49
- package/dist/oauth/spotify.d.ts +2 -12
- package/dist/oauth/spotify.js +1 -6
- package/dist/oauth/strava.cjs +1 -49
- package/dist/oauth/strava.d.ts +2 -12
- package/dist/oauth/strava.js +1 -6
- package/dist/oauth/twitch.cjs +1 -95
- package/dist/oauth/twitch.d.ts +2 -12
- package/dist/oauth/twitch.js +1 -7
- package/dist/oauth/x.cjs +1 -49
- package/dist/oauth/x.d.ts +2 -12
- package/dist/oauth/x.js +1 -6
- package/dist/oauth-D3_mnBOx.js +1 -0
- package/dist/oauth-gPiWxjBd.cjs +1 -0
- package/dist/shared/crypto.cjs +1 -0
- package/dist/shared/crypto.d.ts +71 -0
- package/dist/shared/crypto.js +1 -0
- package/dist/shared/identity.cjs +1 -0
- package/dist/shared/identity.d.ts +2 -0
- package/dist/shared/identity.js +1 -0
- package/dist/shared/index.cjs +1 -0
- package/dist/shared/index.d.ts +5 -0
- package/dist/shared/index.js +1 -0
- package/package.json +37 -11
- package/dist/@types/router.d.cjs +0 -1
- package/dist/@types/router.d.d.ts +0 -16
- package/dist/@types/router.d.js +0 -0
- package/dist/@types/utility.cjs +0 -18
- package/dist/@types/utility.d.ts +0 -6
- package/dist/@types/utility.js +0 -1
- package/dist/actions/callback/access-token.cjs +0 -250
- package/dist/actions/callback/access-token.d.ts +0 -33
- package/dist/actions/callback/access-token.js +0 -9
- package/dist/actions/callback/callback.cjs +0 -715
- package/dist/actions/callback/callback.d.ts +0 -42
- package/dist/actions/callback/callback.js +0 -18
- package/dist/actions/callback/userinfo.cjs +0 -283
- package/dist/actions/callback/userinfo.d.ts +0 -25
- package/dist/actions/callback/userinfo.js +0 -13
- package/dist/actions/csrfToken/csrfToken.cjs +0 -189
- package/dist/actions/csrfToken/csrfToken.d.ts +0 -7
- package/dist/actions/csrfToken/csrfToken.js +0 -13
- package/dist/actions/index.cjs +0 -1161
- package/dist/actions/index.d.ts +0 -17
- package/dist/actions/index.js +0 -39
- package/dist/actions/session/session.cjs +0 -188
- package/dist/actions/session/session.d.ts +0 -7
- package/dist/actions/session/session.js +0 -12
- package/dist/actions/signIn/authorization-url.cjs +0 -288
- package/dist/actions/signIn/authorization-url.d.ts +0 -31
- package/dist/actions/signIn/authorization-url.js +0 -16
- package/dist/actions/signIn/authorization.cjs +0 -281
- package/dist/actions/signIn/authorization.d.ts +0 -54
- package/dist/actions/signIn/authorization.js +0 -19
- package/dist/actions/signIn/signIn.cjs +0 -595
- package/dist/actions/signIn/signIn.d.ts +0 -42
- package/dist/actions/signIn/signIn.js +0 -16
- package/dist/actions/signOut/signOut.cjs +0 -492
- package/dist/actions/signOut/signOut.d.ts +0 -16
- package/dist/actions/signOut/signOut.js +0 -15
- package/dist/api/createApi.cjs +0 -750
- package/dist/api/createApi.d.ts +0 -12
- package/dist/api/createApi.js +0 -19
- package/dist/api/getSession.cjs +0 -141
- package/dist/api/getSession.d.ts +0 -16
- package/dist/api/getSession.js +0 -10
- package/dist/api/signIn.cjs +0 -549
- package/dist/api/signIn.d.ts +0 -26
- package/dist/api/signIn.js +0 -15
- package/dist/api/signOut.cjs +0 -279
- package/dist/api/signOut.d.ts +0 -16
- package/dist/api/signOut.js +0 -13
- package/dist/assert.cjs +0 -194
- package/dist/assert.d.ts +0 -37
- package/dist/assert.js +0 -26
- package/dist/chunk-2A5B7GWR.js +0 -125
- package/dist/chunk-2GQLSIJ2.js +0 -40
- package/dist/chunk-2IR674WX.js +0 -44
- package/dist/chunk-3J5TUH2I.js +0 -50
- package/dist/chunk-4RWSYUKX.js +0 -98
- package/dist/chunk-4YHJ4IEQ.js +0 -25
- package/dist/chunk-54CZPKR4.js +0 -25
- package/dist/chunk-5LZ7TOM3.js +0 -25
- package/dist/chunk-5X7JZMEF.js +0 -0
- package/dist/chunk-7BE46WWS.js +0 -88
- package/dist/chunk-7YYXFKLR.js +0 -35
- package/dist/chunk-C3A37LQC.js +0 -33
- package/dist/chunk-CITNGXDA.js +0 -31
- package/dist/chunk-CWX724AG.js +0 -78
- package/dist/chunk-D2CSIUKP.js +0 -74
- package/dist/chunk-E6G5YCI6.js +0 -25
- package/dist/chunk-EBAMFRB7.js +0 -34
- package/dist/chunk-EEE7UM5T.js +0 -25
- package/dist/chunk-FPCVZUVG.js +0 -37
- package/dist/chunk-FW4W3REU.js +0 -25
- package/dist/chunk-GNNBM2WJ.js +0 -83
- package/dist/chunk-IPKO6UQN.js +0 -25
- package/dist/chunk-ITQ7352M.js +0 -0
- package/dist/chunk-JOCGX3RP.js +0 -59
- package/dist/chunk-KBXWTD6E.js +0 -94
- package/dist/chunk-KMMAZFSJ.js +0 -25
- package/dist/chunk-LATR3NIV.js +0 -117
- package/dist/chunk-LAYPUDQF.js +0 -39
- package/dist/chunk-LDU7A2JE.js +0 -25
- package/dist/chunk-LX3TJ2TJ.js +0 -294
- package/dist/chunk-NHZBQNRR.js +0 -143
- package/dist/chunk-OVHNRULD.js +0 -33
- package/dist/chunk-PDP3PHB3.js +0 -127
- package/dist/chunk-PG7UYFG5.js +0 -0
- package/dist/chunk-PHYNROD4.js +0 -47
- package/dist/chunk-QQEKY4XP.js +0 -29
- package/dist/chunk-U4RK4LKJ.js +0 -348
- package/dist/chunk-U5663F2U.js +0 -70
- package/dist/chunk-UN7X6SU5.js +0 -53
- package/dist/chunk-UZQJJD6A.js +0 -100
- package/dist/chunk-V6LLEAR4.js +0 -80
- package/dist/chunk-WHNDRO3N.js +0 -50
- package/dist/chunk-XY5R3EHH.js +0 -204
- package/dist/chunk-ZNCZVF6U.js +0 -14
- package/dist/client/client.cjs +0 -135
- package/dist/client/client.d.ts +0 -85
- package/dist/client/client.js +0 -9
- package/dist/context.cjs +0 -1237
- package/dist/context.d.ts +0 -16
- package/dist/context.js +0 -28
- package/dist/cookie.cjs +0 -277
- package/dist/cookie.d.ts +0 -89
- package/dist/cookie.js +0 -30
- package/dist/createAuth.cjs +0 -2320
- package/dist/createAuth.d.ts +0 -12
- package/dist/createAuth.js +0 -48
- package/dist/env.cjs +0 -78
- package/dist/env.d.ts +0 -10
- package/dist/env.js +0 -12
- package/dist/errors.cjs +0 -102
- package/dist/errors.d.ts +0 -60
- package/dist/errors.js +0 -22
- package/dist/headers.cjs +0 -61
- package/dist/headers.d.ts +0 -33
- package/dist/headers.js +0 -12
- package/dist/index-_aXtxb_s.d.ts +0 -1377
- package/dist/jose.cjs +0 -166
- package/dist/jose.d.ts +0 -12
- package/dist/jose.js +0 -20
- package/dist/logger.cjs +0 -424
- package/dist/logger.d.ts +0 -12
- package/dist/logger.js +0 -17
- package/dist/request.cjs +0 -38
- package/dist/request.d.ts +0 -13
- package/dist/request.js +0 -6
- package/dist/schemas.cjs +0 -158
- package/dist/schemas.d.ts +0 -229
- package/dist/schemas.js +0 -24
- package/dist/secure.cjs +0 -170
- package/dist/secure.d.ts +0 -41
- package/dist/secure.js +0 -20
- package/dist/utils.cjs +0 -329
- package/dist/utils.d.ts +0 -35
- package/dist/utils.js +0 -36
package/dist/oauth/x.cjs
CHANGED
|
@@ -1,49 +1 @@
|
|
|
1
|
-
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __export = (target, all) => {
|
|
7
|
-
for (var name in all)
|
|
8
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
-
};
|
|
10
|
-
var __copyProps = (to, from, except, desc) => {
|
|
11
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
-
for (let key of __getOwnPropNames(from))
|
|
13
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
-
}
|
|
16
|
-
return to;
|
|
17
|
-
};
|
|
18
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
|
|
20
|
-
// src/oauth/x.ts
|
|
21
|
-
var x_exports = {};
|
|
22
|
-
__export(x_exports, {
|
|
23
|
-
x: () => x
|
|
24
|
-
});
|
|
25
|
-
module.exports = __toCommonJS(x_exports);
|
|
26
|
-
var x = (options) => {
|
|
27
|
-
return {
|
|
28
|
-
id: "x",
|
|
29
|
-
name: "X",
|
|
30
|
-
authorizeURL: "https://twitter.com/i/oauth2/authorize",
|
|
31
|
-
accessToken: "https://api.twitter.com/2/oauth2/token",
|
|
32
|
-
userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
|
|
33
|
-
scope: "tweet.read users.read offline.access",
|
|
34
|
-
responseType: "code",
|
|
35
|
-
profile(profile) {
|
|
36
|
-
return {
|
|
37
|
-
sub: profile.data.id,
|
|
38
|
-
name: profile.data.name,
|
|
39
|
-
image: profile.data.profile_image_url,
|
|
40
|
-
email: void 0
|
|
41
|
-
};
|
|
42
|
-
},
|
|
43
|
-
...options
|
|
44
|
-
};
|
|
45
|
-
};
|
|
46
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
47
|
-
0 && (module.exports = {
|
|
48
|
-
x
|
|
49
|
-
});
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});exports.x=e;
|
package/dist/oauth/x.d.ts
CHANGED
|
@@ -1,12 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
import '../schemas.js';
|
|
4
|
-
import 'zod/v4';
|
|
5
|
-
import '@aura-stack/jose';
|
|
6
|
-
import '@aura-stack/jose/jose';
|
|
7
|
-
import '@aura-stack/jose/crypto';
|
|
8
|
-
import '@aura-stack/router/cookie';
|
|
9
|
-
import '../@types/utility.js';
|
|
10
|
-
import 'jose';
|
|
11
|
-
import '@aura-stack/router';
|
|
12
|
-
import 'zod/v4/core';
|
|
1
|
+
import { Gn as XProfile, Kn as x } from "../index-C9U6ICDT.js";
|
|
2
|
+
export { XProfile, x };
|
package/dist/oauth/x.js
CHANGED
|
@@ -1,6 +1 @@
|
|
|
1
|
-
|
|
2
|
-
x
|
|
3
|
-
} from "../chunk-EEE7UM5T.js";
|
|
4
|
-
export {
|
|
5
|
-
x
|
|
6
|
-
};
|
|
1
|
+
const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});export{e as x};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{n as e}from"./errors-Czt_w1t_.js";import{n as t}from"./env-CJtSi1eX.js";import{T as n}from"./assert-_fBNnaOk.js";import{github as r}from"./oauth/github.js";import{bitbucket as i}from"./oauth/bitbucket.js";import{figma as a}from"./oauth/figma.js";import{discord as o}from"./oauth/discord.js";import{gitlab as s}from"./oauth/gitlab.js";import{spotify as c}from"./oauth/spotify.js";import{x as l}from"./oauth/x.js";import{strava as u}from"./oauth/strava.js";import{mailchimp as d}from"./oauth/mailchimp.js";import{pinterest as f}from"./oauth/pinterest.js";import{twitch as p}from"./oauth/twitch.js";import{notion as m}from"./oauth/notion.js";import{dropbox as h}from"./oauth/dropbox.js";import{atlassian as g}from"./oauth/atlassian.js";import{clickUp as _}from"./oauth/click-up.js";import{dribbble as v}from"./oauth/dribbble.js";import{array as y,enum as b,null as x,number as S,object as C,string as w,union as T,z as E}from"zod/v4";const D=E.union([w().url(),C({url:w().url(),params:C({owner:w().optional(),responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:w().optional()})})]),O=E.union([w().url(),C({url:w().url(),headers:E.record(w(),w()).optional()})]),k=E.union([w().url(),C({url:w().url(),headers:E.record(w(),w()).optional(),method:w().optional()})]),A=C({id:w(),name:w(),authorize:D.optional(),authorizeURL:w().url().optional(),accessToken:O,scope:w().optional(),userInfo:k,responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:w(),clientSecret:w(),profile:E.function().optional()}),j=C({authorize:D.optional(),authorizeURL:w().url().optional(),accessToken:O,scope:w().optional(),userInfo:k,responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:w(),clientSecret:w()}),M=j.extend({redirectURI:w(),state:w(),codeChallenge:w(),codeChallengeMethod:b([`plain`,`S256`])});C({state:w({message:`Missing state parameter in the OAuth authorization response.`}),code:w({message:`Missing code parameter in the OAuth authorization response.`})});const N=C({error:b([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:w().optional(),error_uri:w().optional(),state:w()});j.extend({redirectURI:w(),code:w(),codeVerifier:w().min(43).max(128)});const P=C({access_token:w(),token_type:w().optional(),expires_in:S().optional(),refresh_token:w().optional(),scope:T([w().optional().or(x()),y(w()).optional()])}),F=C({error:b([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:w().optional(),error_uri:w().optional()}),I=C({error:w(),error_description:w().optional()}),L=C({clientId:E.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:E.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),R={github:r,bitbucket:i,figma:a,discord:o,gitlab:s,spotify:c,x:l,strava:u,mailchimp:d,pinterest:f,twitch:p,notion:m,dropbox:h,atlassian:g,clickUp:_,dribbble:v},z=r=>{let i=L.safeParse({clientId:t(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n(i.error)},null,2));return i.data},B=t=>{if(typeof t==`string`){let r=z(t),i=R[t](),a=A.safeParse({...i,...r});if(!a.success)throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:z(t.id),i=A.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n(i.error)},null,2);throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},V=(t=[])=>t.reduce((t,n)=>{let r=B(n);if(r.id in t)throw new e(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});export{M as a,P as i,V as n,N as o,F as r,I as s,R as t};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require(`./identity-b8FCr0Oa.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-7as-tgzO.cjs`),n=require(`./assert-hDwQ_SPO.cjs`),r=require(`./oauth/github.cjs`),i=require(`./oauth/bitbucket.cjs`),a=require(`./oauth/figma.cjs`),o=require(`./oauth/discord.cjs`),s=require(`./oauth/gitlab.cjs`),c=require(`./oauth/spotify.cjs`),l=require(`./oauth/x.cjs`),u=require(`./oauth/strava.cjs`),d=require(`./oauth/mailchimp.cjs`),f=require(`./oauth/pinterest.cjs`),p=require(`./oauth/twitch.cjs`),m=require(`./oauth/notion.cjs`),h=require(`./oauth/dropbox.cjs`),g=require(`./oauth/atlassian.cjs`),_=require(`./oauth/click-up.cjs`),v=require(`./oauth/dribbble.cjs`);let y=require(`zod/v4`);const b=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),params:(0,y.object)({owner:(0,y.string)().optional(),responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,y.string)().optional()})})]),x=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),headers:y.z.record((0,y.string)(),(0,y.string)()).optional()})]),S=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),headers:y.z.record((0,y.string)(),(0,y.string)()).optional(),method:(0,y.string)().optional()})]),C=(0,y.object)({id:(0,y.string)(),name:(0,y.string)(),authorize:b.optional(),authorizeURL:(0,y.string)().url().optional(),accessToken:x,scope:(0,y.string)().optional(),userInfo:S,responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,y.string)(),clientSecret:(0,y.string)(),profile:y.z.function().optional()}),w=(0,y.object)({authorize:b.optional(),authorizeURL:(0,y.string)().url().optional(),accessToken:x,scope:(0,y.string)().optional(),userInfo:S,responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,y.string)(),clientSecret:(0,y.string)()}),T=w.extend({redirectURI:(0,y.string)(),state:(0,y.string)(),codeChallenge:(0,y.string)(),codeChallengeMethod:(0,y.enum)([`plain`,`S256`])});(0,y.object)({state:(0,y.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,y.string)({message:`Missing code parameter in the OAuth authorization response.`})});const E=(0,y.object)({error:(0,y.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,y.string)().optional(),error_uri:(0,y.string)().optional(),state:(0,y.string)()});w.extend({redirectURI:(0,y.string)(),code:(0,y.string)(),codeVerifier:(0,y.string)().min(43).max(128)});const D=(0,y.object)({access_token:(0,y.string)(),token_type:(0,y.string)().optional(),expires_in:(0,y.number)().optional(),refresh_token:(0,y.string)().optional(),scope:(0,y.union)([(0,y.string)().optional().or((0,y.null)()),(0,y.array)((0,y.string)()).optional()])}),O=(0,y.object)({error:(0,y.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,y.string)().optional(),error_uri:(0,y.string)().optional()}),k=(0,y.object)({error:(0,y.string)(),error_description:(0,y.string)().optional()}),A=(0,y.object)({clientId:y.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:y.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),j={github:r.github,bitbucket:i.bitbucket,figma:a.figma,discord:o.discord,gitlab:s.gitlab,spotify:c.spotify,x:l.x,strava:u.strava,mailchimp:d.mailchimp,pinterest:f.pinterest,twitch:p.twitch,notion:m.notion,dropbox:h.dropbox,atlassian:g.atlassian,clickUp:_.clickUp,dribbble:v.dribbble},M=r=>{let i=A.safeParse({clientId:t.n(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t.n(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e.n(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n.T(i.error)},null,2));return i.data},N=t=>{if(typeof t==`string`){let r=M(t),i=j[t](),a=C.safeParse({...i,...r});if(!a.success)throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n.T(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:M(t.id),i=C.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n.T(i.error)},null,2);throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},P=(t=[])=>t.reduce((t,n)=>{let r=N(n);if(r.id in t)throw new e.n(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return P}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return E}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return O}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return k}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return j}});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-b8FCr0Oa.cjs`);const e=require(`../crypto-D6_SoGMH.cjs`);let t=require(`@aura-stack/jose/jose`);exports.createCSRF=e.t,exports.createHash=e.n,Object.defineProperty(exports,`createKeyPair`,{enumerable:!0,get:function(){return t.generateKeyPair}}),exports.createPKCE=e.r,exports.createSecretValue=e.i,exports.exportJWKKeyPair=e.a,exports.hashPassword=e.o,exports.importPEMKeyPair=e.s,exports.verifyCSRF=e.c,exports.verifyPassword=e.l;
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import { Ct as JoseInstance, Vt as AsymmetricKeyPairFromEnv, dt as AuthRuntimeConfig, ln as User } from "../index-C9U6ICDT.js";
|
|
2
|
+
import * as _$_aura_stack_jose_jose0 from "@aura-stack/jose/jose";
|
|
3
|
+
import { GenerateKeyPairOptions, generateKeyPair as createKeyPair } from "@aura-stack/jose/jose";
|
|
4
|
+
|
|
5
|
+
//#region src/shared/crypto.d.ts
|
|
6
|
+
declare const createSecretValue: (length?: number) => string;
|
|
7
|
+
declare const createHash: (data: string) => Promise<string>;
|
|
8
|
+
/**
|
|
9
|
+
* Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
|
|
10
|
+
* code challenge using SHA-256 hashing.
|
|
11
|
+
* - code_verifier: A cryptographically random string used to mitigate authorization code interception attacks.
|
|
12
|
+
* - code_challenge: A hashed version of the code_verifier sent in the authorization request.
|
|
13
|
+
* - method: The method used to generate the code challenge, typically "S256" for SHA-256.
|
|
14
|
+
*
|
|
15
|
+
* @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
|
|
16
|
+
*/
|
|
17
|
+
declare const createPKCE: (verifier?: string) => Promise<{
|
|
18
|
+
codeVerifier: string;
|
|
19
|
+
codeChallenge: string;
|
|
20
|
+
method: string;
|
|
21
|
+
}>;
|
|
22
|
+
/**
|
|
23
|
+
* Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
|
|
24
|
+
*
|
|
25
|
+
* @param csrfCookie - Optional existing CSRF cookie to verify and reuse
|
|
26
|
+
* @returns Signed CSRF token
|
|
27
|
+
*/
|
|
28
|
+
declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
|
|
29
|
+
declare const verifyCSRF: <DefaultUser extends User = User>(jose: JoseInstance<DefaultUser>, cookie: string, header: string) => Promise<boolean>;
|
|
30
|
+
/**
|
|
31
|
+
* Hashes a password using PBKDF2 with SHA-256.
|
|
32
|
+
* PBKDF2 is available in standard Web Crypto (SubtleCrypto).
|
|
33
|
+
*
|
|
34
|
+
* @param password - The password to hash.
|
|
35
|
+
* @param salt - Optional salt (base64url encoded). If not provided, a random salt will be generated.
|
|
36
|
+
* @param iterations - The number of PBKDF2 iterations. Default is 100,000.
|
|
37
|
+
* @returns The hashed password in the format `iterations:salt:hash` (all segments base64url encoded).
|
|
38
|
+
*/
|
|
39
|
+
declare const hashPassword: (password: string, salt?: string, iterations?: number) => Promise<string>;
|
|
40
|
+
/**
|
|
41
|
+
* Verifies a password against a hashed value.
|
|
42
|
+
*
|
|
43
|
+
* @param password - The password to verify.
|
|
44
|
+
* @param hashedPassword - The hashed password to compare against.
|
|
45
|
+
* @returns A promise that resolves to true if the password matches the hash, false otherwise.
|
|
46
|
+
*/
|
|
47
|
+
declare const verifyPassword: (password: string, hashedPassword: string) => Promise<boolean>;
|
|
48
|
+
/**
|
|
49
|
+
* Imports a PEM-formatted asymmetric key pair from strings.
|
|
50
|
+
*
|
|
51
|
+
* @param key - An object containing the public and private keys as PEM-formatted strings
|
|
52
|
+
* @param algorithm - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
|
|
53
|
+
* @returns A Promise that resolves to a CryptoKeyPair with the imported keys
|
|
54
|
+
*/
|
|
55
|
+
declare const importPEMKeyPair: (key: AsymmetricKeyPairFromEnv, algorithm: string) => Promise<{
|
|
56
|
+
publicKey: CryptoKey;
|
|
57
|
+
privateKey: CryptoKey;
|
|
58
|
+
}>;
|
|
59
|
+
/**
|
|
60
|
+
* Generates a new asymmetric key pair and exports it in JWK format.
|
|
61
|
+
*
|
|
62
|
+
* @param alg - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
|
|
63
|
+
* @param options - Optional parameters for key generation (e.g. modulusLength for RSA)
|
|
64
|
+
* @returns A Promise that resolves to an object containing the public and private keys in JWK format
|
|
65
|
+
*/
|
|
66
|
+
declare const exportJWKKeyPair: (alg: string, options?: GenerateKeyPairOptions) => Promise<{
|
|
67
|
+
publicKey: _$_aura_stack_jose_jose0.JWK;
|
|
68
|
+
privateKey: _$_aura_stack_jose_jose0.JWK;
|
|
69
|
+
}>;
|
|
70
|
+
//#endregion
|
|
71
|
+
export { createCSRF, createHash, createKeyPair, createPKCE, createSecretValue, exportJWKKeyPair, hashPassword, importPEMKeyPair, verifyCSRF, verifyPassword };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-DyrRzBSQ.js";export{c as createCSRF,i as createHash,o as createKeyPair,n as createPKCE,e as createSecretValue,a as exportJWKKeyPair,s as hashPassword,t as importPEMKeyPair,r as verifyCSRF,l as verifyPassword};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-b8FCr0Oa.cjs`);exports.UserIdentity=e.t,exports.UserIdentityArkType=e.n,exports.UserIdentityTypeBox=e.r,exports.UserIdentityValibot=e.i,exports.createIdentity=e.a;
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import { Q as InferZodShape, W as EditableShape, X as InferSession, Y as FromShapeToObject, Z as InferUser, _r as UserShape, at as ValibotShapeToObject, br as UserShapeValibot, cr as Identities, dr as IsZod, fr as SchemaTypes, gr as UserIdentityValibot, hr as UserIdentityTypeBox, it as UserFrom, lr as IsArkType, mr as UserIdentityArkType, nt as SessionFrom, pr as UserIdentity, rt as TypeboxShapeToObject, st as ZodShapeToObject, ur as IsValibot, vr as UserShapeArkType, xr as createIdentity, yr as UserShapeTypeBox, z as ArktypeShapeToObject } from "../index-C9U6ICDT.js";
|
|
2
|
+
export { ArktypeShapeToObject, EditableShape, FromShapeToObject, Identities, InferSession, InferUser, InferZodShape, IsArkType, IsValibot, IsZod, SchemaTypes, SessionFrom, TypeboxShapeToObject, UserFrom, UserIdentity, UserIdentityArkType, UserIdentityTypeBox, UserIdentityValibot, UserShape, UserShapeArkType, UserShapeTypeBox, UserShapeValibot, ValibotShapeToObject, ZodShapeToObject, createIdentity };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{g as e,h as t,t as n,y as r}from"../assert-_fBNnaOk.js";import{z as i}from"zod/v4";import*as a from"valibot";import{type as o}from"arktype";import{Type as s}from"typebox";const c=i.object({sub:i.string(),name:i.string().nullable().optional(),image:i.string().nullable().optional(),email:i.email().nullable().optional()}),l=a.object({sub:a.string(),name:a.optional(a.nullable(a.string())),image:a.optional(a.nullable(a.string())),email:a.optional(a.nullable(a.pipe(a.string(),a.email())))}),u=o({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),d=s.Object({sub:s.String(),name:s.Optional(s.Union([s.String(),s.Null()])),image:s.Optional(s.Union([s.String(),s.Null()])),email:s.Optional(s.Union([s.String({format:`email`}),s.Null()]))}),f=o=>n(o)?o:e(o)?a.object(o):r(o)?i.object(o):t(o)?s.Object(o):i.object(o);export{c as UserIdentity,u as UserIdentityArkType,d as UserIdentityTypeBox,l as UserIdentityValibot,f as createIdentity};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-hDwQ_SPO.cjs`),t=require(`../logger-G5PinyEc.cjs`);exports.createBasicAuthHeader=e.S,exports.createSyslogMessage=t.n;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{S as e}from"../assert-_fBNnaOk.js";import{n as t}from"../logger-DjXkgSn5.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aura-stack/auth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"description": "Core auth for @aura-stack/auth",
|
|
@@ -12,6 +12,7 @@
|
|
|
12
12
|
"access": "public",
|
|
13
13
|
"registry": "https://registry.npmjs.org/@aura-stack/auth"
|
|
14
14
|
},
|
|
15
|
+
"sideEffects": false,
|
|
15
16
|
"files": [
|
|
16
17
|
"dist"
|
|
17
18
|
],
|
|
@@ -21,6 +22,11 @@
|
|
|
21
22
|
"import": "./dist/index.js",
|
|
22
23
|
"require": "./dist/index.cjs"
|
|
23
24
|
},
|
|
25
|
+
"./oauth": {
|
|
26
|
+
"types": "./dist/oauth/index.d.ts",
|
|
27
|
+
"import": "./dist/oauth/index.js",
|
|
28
|
+
"require": "./dist/oauth/index.cjs"
|
|
29
|
+
},
|
|
24
30
|
"./oauth/*": {
|
|
25
31
|
"types": "./dist/oauth/*.d.ts",
|
|
26
32
|
"import": "./dist/oauth/*.js",
|
|
@@ -35,6 +41,21 @@
|
|
|
35
41
|
"types": "./dist/client/index.d.ts",
|
|
36
42
|
"import": "./dist/client/index.js",
|
|
37
43
|
"require": "./dist/client/index.cjs"
|
|
44
|
+
},
|
|
45
|
+
"./identity": {
|
|
46
|
+
"types": "./dist/shared/identity.d.ts",
|
|
47
|
+
"import": "./dist/shared/identity.js",
|
|
48
|
+
"require": "./dist/shared/identity.cjs"
|
|
49
|
+
},
|
|
50
|
+
"./crypto": {
|
|
51
|
+
"types": "./dist/shared/crypto.d.ts",
|
|
52
|
+
"import": "./dist/shared/crypto.js",
|
|
53
|
+
"require": "./dist/shared/crypto.cjs"
|
|
54
|
+
},
|
|
55
|
+
"./shared": {
|
|
56
|
+
"types": "./dist/shared/index.d.ts",
|
|
57
|
+
"import": "./dist/shared/index.js",
|
|
58
|
+
"require": "./dist/shared/index.cjs"
|
|
38
59
|
}
|
|
39
60
|
},
|
|
40
61
|
"keywords": [
|
|
@@ -49,26 +70,31 @@
|
|
|
49
70
|
},
|
|
50
71
|
"license": "MIT",
|
|
51
72
|
"dependencies": {
|
|
52
|
-
"@aura-stack/router": "^0.
|
|
73
|
+
"@aura-stack/router": "^0.7.0",
|
|
74
|
+
"arktype": "^2.2.0",
|
|
75
|
+
"typebox": "^1.1.38",
|
|
76
|
+
"valibot": "^1.4.0",
|
|
53
77
|
"zod": "4.3.5",
|
|
54
|
-
"@aura-stack/jose": "0.
|
|
78
|
+
"@aura-stack/jose": "0.6.0"
|
|
55
79
|
},
|
|
56
80
|
"devDependencies": {
|
|
57
81
|
"typescript": "^5.9.2",
|
|
58
|
-
"
|
|
59
|
-
"@aura-stack/
|
|
82
|
+
"vitest": "4.1.4",
|
|
83
|
+
"@aura-stack/tsdown-config": "0.0.0",
|
|
84
|
+
"@aura-stack/tsconfig": "0.0.0"
|
|
60
85
|
},
|
|
61
86
|
"scripts": {
|
|
62
|
-
"dev": "
|
|
63
|
-
"build": "
|
|
87
|
+
"dev": "tsdown --watch",
|
|
88
|
+
"build": "tsdown",
|
|
89
|
+
"lint": "oxlint",
|
|
90
|
+
"lint:fix": "oxlint --fix",
|
|
64
91
|
"test": "vitest --run",
|
|
65
92
|
"test:watch": "vitest",
|
|
66
93
|
"test:coverage": "vitest --run --coverage",
|
|
67
|
-
"format": "
|
|
68
|
-
"format:check": "
|
|
94
|
+
"format": "oxfmt",
|
|
95
|
+
"format:check": "oxfmt --check",
|
|
69
96
|
"type-check": "tsc --noEmit",
|
|
70
97
|
"clean": "rm -rf dist",
|
|
71
|
-
"clean:cts": "find dist -type f -name \"*.cts\" -delete"
|
|
72
|
-
"prepublish": "pnpm clean:cts"
|
|
98
|
+
"clean:cts": "find dist -type f -name \"*.cts\" -delete"
|
|
73
99
|
}
|
|
74
100
|
}
|
package/dist/@types/router.d.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import { R as RouterGlobalContext } from '../index-_aXtxb_s.js';
|
|
2
|
-
import 'zod';
|
|
3
|
-
import '../schemas.js';
|
|
4
|
-
import 'zod/v4';
|
|
5
|
-
import '@aura-stack/jose';
|
|
6
|
-
import '@aura-stack/jose/jose';
|
|
7
|
-
import '@aura-stack/jose/crypto';
|
|
8
|
-
import '@aura-stack/router/cookie';
|
|
9
|
-
import './utility.js';
|
|
10
|
-
import 'jose';
|
|
11
|
-
import '@aura-stack/router';
|
|
12
|
-
import 'zod/v4/core';
|
|
13
|
-
|
|
14
|
-
declare module "@aura-stack/router" {
|
|
15
|
-
interface GlobalContext extends RouterGlobalContext {}
|
|
16
|
-
}
|
package/dist/@types/router.d.js
DELETED
|
File without changes
|
package/dist/@types/utility.cjs
DELETED
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __copyProps = (to, from, except, desc) => {
|
|
7
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
8
|
-
for (let key of __getOwnPropNames(from))
|
|
9
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
10
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
11
|
-
}
|
|
12
|
-
return to;
|
|
13
|
-
};
|
|
14
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
15
|
-
|
|
16
|
-
// src/@types/utility.ts
|
|
17
|
-
var utility_exports = {};
|
|
18
|
-
module.exports = __toCommonJS(utility_exports);
|
package/dist/@types/utility.d.ts
DELETED
package/dist/@types/utility.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import "../chunk-PG7UYFG5.js";
|
|
@@ -1,250 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __export = (target, all) => {
|
|
7
|
-
for (var name in all)
|
|
8
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
-
};
|
|
10
|
-
var __copyProps = (to, from, except, desc) => {
|
|
11
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
-
for (let key of __getOwnPropNames(from))
|
|
13
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
-
}
|
|
16
|
-
return to;
|
|
17
|
-
};
|
|
18
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
|
|
20
|
-
// src/actions/callback/access-token.ts
|
|
21
|
-
var access_token_exports = {};
|
|
22
|
-
__export(access_token_exports, {
|
|
23
|
-
createAccessToken: () => createAccessToken
|
|
24
|
-
});
|
|
25
|
-
module.exports = __toCommonJS(access_token_exports);
|
|
26
|
-
|
|
27
|
-
// src/request.ts
|
|
28
|
-
var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
|
|
29
|
-
const controller = new AbortController();
|
|
30
|
-
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
31
|
-
const response = await fetch(url, {
|
|
32
|
-
...options2,
|
|
33
|
-
signal: controller.signal
|
|
34
|
-
}).finally(() => clearTimeout(timeoutId));
|
|
35
|
-
return response;
|
|
36
|
-
};
|
|
37
|
-
|
|
38
|
-
// src/errors.ts
|
|
39
|
-
var OAuthProtocolError = class extends Error {
|
|
40
|
-
type = "OAUTH_PROTOCOL_ERROR";
|
|
41
|
-
error;
|
|
42
|
-
errorURI;
|
|
43
|
-
constructor(error, description, errorURI, options2) {
|
|
44
|
-
super(description, options2);
|
|
45
|
-
this.error = error;
|
|
46
|
-
this.errorURI = errorURI;
|
|
47
|
-
this.name = new.target.name;
|
|
48
|
-
Error.captureStackTrace(this, new.target);
|
|
49
|
-
}
|
|
50
|
-
};
|
|
51
|
-
var AuthInternalError = class extends Error {
|
|
52
|
-
type = "AUTH_INTERNAL_ERROR";
|
|
53
|
-
code;
|
|
54
|
-
constructor(code, message, options2) {
|
|
55
|
-
super(message, options2);
|
|
56
|
-
this.code = code;
|
|
57
|
-
this.name = new.target.name;
|
|
58
|
-
Error.captureStackTrace(this, new.target);
|
|
59
|
-
}
|
|
60
|
-
};
|
|
61
|
-
|
|
62
|
-
// src/schemas.ts
|
|
63
|
-
var import_v4 = require("zod/v4");
|
|
64
|
-
var AuthorizeConfigSchema = import_v4.z.union([
|
|
65
|
-
(0, import_v4.string)().url(),
|
|
66
|
-
(0, import_v4.object)({
|
|
67
|
-
url: (0, import_v4.string)().url(),
|
|
68
|
-
params: (0, import_v4.object)({
|
|
69
|
-
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
70
|
-
scope: (0, import_v4.string)().optional()
|
|
71
|
-
})
|
|
72
|
-
})
|
|
73
|
-
]);
|
|
74
|
-
var AccessTokenConfigSchema = import_v4.z.union([
|
|
75
|
-
(0, import_v4.string)().url(),
|
|
76
|
-
(0, import_v4.object)({
|
|
77
|
-
url: (0, import_v4.string)().url(),
|
|
78
|
-
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
|
|
79
|
-
})
|
|
80
|
-
]);
|
|
81
|
-
var UserInfoConfigSchema = import_v4.z.union([
|
|
82
|
-
(0, import_v4.string)().url(),
|
|
83
|
-
(0, import_v4.object)({
|
|
84
|
-
url: (0, import_v4.string)().url(),
|
|
85
|
-
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
|
|
86
|
-
method: (0, import_v4.string)().optional()
|
|
87
|
-
})
|
|
88
|
-
]);
|
|
89
|
-
var OAuthProviderCredentialsSchema = (0, import_v4.object)({
|
|
90
|
-
id: (0, import_v4.string)(),
|
|
91
|
-
name: (0, import_v4.string)(),
|
|
92
|
-
authorize: AuthorizeConfigSchema.optional(),
|
|
93
|
-
/** @deprecated */
|
|
94
|
-
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
95
|
-
accessToken: AccessTokenConfigSchema,
|
|
96
|
-
/** @deprecated */
|
|
97
|
-
scope: (0, import_v4.string)().optional(),
|
|
98
|
-
userInfo: UserInfoConfigSchema,
|
|
99
|
-
/** @deprecated */
|
|
100
|
-
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
101
|
-
clientId: (0, import_v4.string)(),
|
|
102
|
-
clientSecret: (0, import_v4.string)(),
|
|
103
|
-
profile: import_v4.z.function().optional()
|
|
104
|
-
});
|
|
105
|
-
var OAuthProviderConfigSchema = (0, import_v4.object)({
|
|
106
|
-
authorize: AuthorizeConfigSchema.optional(),
|
|
107
|
-
/** @deprecated */
|
|
108
|
-
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
109
|
-
accessToken: AccessTokenConfigSchema,
|
|
110
|
-
/** @deprecated */
|
|
111
|
-
scope: (0, import_v4.string)().optional(),
|
|
112
|
-
userInfo: UserInfoConfigSchema,
|
|
113
|
-
/** @deprecated */
|
|
114
|
-
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
115
|
-
clientId: (0, import_v4.string)(),
|
|
116
|
-
clientSecret: (0, import_v4.string)()
|
|
117
|
-
});
|
|
118
|
-
var OAuthAuthorization = OAuthProviderConfigSchema.extend({
|
|
119
|
-
redirectURI: (0, import_v4.string)(),
|
|
120
|
-
state: (0, import_v4.string)(),
|
|
121
|
-
codeChallenge: (0, import_v4.string)(),
|
|
122
|
-
codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
|
|
123
|
-
});
|
|
124
|
-
var OAuthAuthorizationResponse = (0, import_v4.object)({
|
|
125
|
-
state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
|
|
126
|
-
code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
|
|
127
|
-
});
|
|
128
|
-
var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
|
|
129
|
-
error: (0, import_v4.enum)([
|
|
130
|
-
"invalid_request",
|
|
131
|
-
"unauthorized_client",
|
|
132
|
-
"access_denied",
|
|
133
|
-
"unsupported_response_type",
|
|
134
|
-
"invalid_scope",
|
|
135
|
-
"server_error",
|
|
136
|
-
"temporarily_unavailable"
|
|
137
|
-
]),
|
|
138
|
-
error_description: (0, import_v4.string)().optional(),
|
|
139
|
-
error_uri: (0, import_v4.string)().optional(),
|
|
140
|
-
state: (0, import_v4.string)()
|
|
141
|
-
});
|
|
142
|
-
var OAuthAccessToken = OAuthProviderConfigSchema.extend({
|
|
143
|
-
redirectURI: (0, import_v4.string)(),
|
|
144
|
-
code: (0, import_v4.string)(),
|
|
145
|
-
codeVerifier: (0, import_v4.string)().min(43).max(128)
|
|
146
|
-
});
|
|
147
|
-
var OAuthAccessTokenResponse = (0, import_v4.object)({
|
|
148
|
-
access_token: (0, import_v4.string)(),
|
|
149
|
-
token_type: (0, import_v4.string)().optional(),
|
|
150
|
-
expires_in: (0, import_v4.number)().optional(),
|
|
151
|
-
refresh_token: (0, import_v4.string)().optional(),
|
|
152
|
-
scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
|
|
153
|
-
});
|
|
154
|
-
var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
|
|
155
|
-
error: (0, import_v4.enum)([
|
|
156
|
-
"invalid_request",
|
|
157
|
-
"invalid_client",
|
|
158
|
-
"invalid_grant",
|
|
159
|
-
"unauthorized_client",
|
|
160
|
-
"unsupported_grant_type",
|
|
161
|
-
"invalid_scope"
|
|
162
|
-
]),
|
|
163
|
-
error_description: (0, import_v4.string)().optional(),
|
|
164
|
-
error_uri: (0, import_v4.string)().optional()
|
|
165
|
-
});
|
|
166
|
-
var OAuthErrorResponse = (0, import_v4.object)({
|
|
167
|
-
error: (0, import_v4.string)(),
|
|
168
|
-
error_description: (0, import_v4.string)().optional()
|
|
169
|
-
});
|
|
170
|
-
var OAuthEnvSchema = (0, import_v4.object)({
|
|
171
|
-
clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
|
|
172
|
-
clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
|
|
173
|
-
});
|
|
174
|
-
|
|
175
|
-
// src/actions/callback/access-token.ts
|
|
176
|
-
var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier, logger) => {
|
|
177
|
-
const { accessToken, clientId, clientSecret } = oauthConfig;
|
|
178
|
-
if (!clientId || !clientSecret || !redirectURI || !code || !codeVerifier || !accessToken) {
|
|
179
|
-
logger?.log("INVALID_OAUTH_CONFIGURATION", {
|
|
180
|
-
structuredData: {
|
|
181
|
-
has_client_id: Boolean(clientId),
|
|
182
|
-
has_client_secret: Boolean(clientSecret),
|
|
183
|
-
has_access_token: Boolean(accessToken),
|
|
184
|
-
has_redirect_uri: Boolean(redirectURI),
|
|
185
|
-
has_code: Boolean(code),
|
|
186
|
-
has_code_verifier: Boolean(codeVerifier)
|
|
187
|
-
}
|
|
188
|
-
});
|
|
189
|
-
throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
|
|
190
|
-
}
|
|
191
|
-
const tokenURL = typeof accessToken === "string" ? accessToken : accessToken.url;
|
|
192
|
-
const extraHeaders = typeof accessToken === "string" ? void 0 : accessToken.headers;
|
|
193
|
-
try {
|
|
194
|
-
logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_INITIATED", {
|
|
195
|
-
structuredData: {
|
|
196
|
-
has_client_id: Boolean(clientId),
|
|
197
|
-
redirect_uri: redirectURI,
|
|
198
|
-
grant_type: "authorization_code"
|
|
199
|
-
}
|
|
200
|
-
});
|
|
201
|
-
const response = await fetchAsync(tokenURL, {
|
|
202
|
-
method: "POST",
|
|
203
|
-
headers: {
|
|
204
|
-
...extraHeaders ?? {},
|
|
205
|
-
Accept: "application/json",
|
|
206
|
-
"Content-Type": "application/x-www-form-urlencoded"
|
|
207
|
-
},
|
|
208
|
-
body: new URLSearchParams({
|
|
209
|
-
client_id: clientId,
|
|
210
|
-
client_secret: clientSecret,
|
|
211
|
-
code,
|
|
212
|
-
redirect_uri: redirectURI,
|
|
213
|
-
grant_type: "authorization_code",
|
|
214
|
-
code_verifier: codeVerifier
|
|
215
|
-
}).toString()
|
|
216
|
-
});
|
|
217
|
-
if (!response.ok) {
|
|
218
|
-
logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
|
|
219
|
-
throw new OAuthProtocolError("invalid_request", "Invalid access token response");
|
|
220
|
-
}
|
|
221
|
-
const json = await response.json();
|
|
222
|
-
const token = OAuthAccessTokenResponse.safeParse(json);
|
|
223
|
-
if (!token.success) {
|
|
224
|
-
const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
|
|
225
|
-
if (!success) {
|
|
226
|
-
logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
|
|
227
|
-
throw new OAuthProtocolError("invalid_request", "Invalid access token response format");
|
|
228
|
-
}
|
|
229
|
-
logger?.log("OAUTH_ACCESS_TOKEN_ERROR", {
|
|
230
|
-
structuredData: {
|
|
231
|
-
error: data.error,
|
|
232
|
-
error_description: data.error_description ?? ""
|
|
233
|
-
}
|
|
234
|
-
});
|
|
235
|
-
throw new OAuthProtocolError("INVALID_ACCESS_TOKEN", "Failed to retrieve access token");
|
|
236
|
-
}
|
|
237
|
-
logger?.log("OAUTH_ACCESS_TOKEN_SUCCESS");
|
|
238
|
-
return token.data;
|
|
239
|
-
} catch (error) {
|
|
240
|
-
logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_FAILED");
|
|
241
|
-
if (error instanceof Error) {
|
|
242
|
-
throw new OAuthProtocolError("server_error", "Failed to communicate with OAuth provider", "", { cause: error });
|
|
243
|
-
}
|
|
244
|
-
throw error;
|
|
245
|
-
}
|
|
246
|
-
};
|
|
247
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
248
|
-
0 && (module.exports = {
|
|
249
|
-
createAccessToken
|
|
250
|
-
});
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { j as OAuthProviderCredentials, a as InternalLogger } from '../../index-_aXtxb_s.js';
|
|
2
|
-
import 'zod';
|
|
3
|
-
import '../../schemas.js';
|
|
4
|
-
import 'zod/v4';
|
|
5
|
-
import '@aura-stack/jose';
|
|
6
|
-
import '@aura-stack/jose/jose';
|
|
7
|
-
import '@aura-stack/jose/crypto';
|
|
8
|
-
import '@aura-stack/router/cookie';
|
|
9
|
-
import '../../@types/utility.js';
|
|
10
|
-
import 'jose';
|
|
11
|
-
import '@aura-stack/router';
|
|
12
|
-
import 'zod/v4/core';
|
|
13
|
-
|
|
14
|
-
/**
|
|
15
|
-
* Make a request to the OAuth provider to the token endpoint to exchange the authorization code provided
|
|
16
|
-
* by the authorization server.
|
|
17
|
-
*
|
|
18
|
-
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
|
|
19
|
-
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-5
|
|
20
|
-
* @param oauthConfig - OAuth provider configuration
|
|
21
|
-
* @param redirectURI - The redirect URI registered in the Resource Owner's authorization request and sent in the authorization code exchange
|
|
22
|
-
* @param code - The authorization code received from the OAuth server
|
|
23
|
-
* @returns The access token response from the OAuth server
|
|
24
|
-
*/
|
|
25
|
-
declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string, logger?: InternalLogger) => Promise<{
|
|
26
|
-
access_token: string;
|
|
27
|
-
token_type?: string | undefined;
|
|
28
|
-
expires_in?: number | undefined;
|
|
29
|
-
refresh_token?: string | undefined;
|
|
30
|
-
scope?: string | string[] | null | undefined;
|
|
31
|
-
}>;
|
|
32
|
-
|
|
33
|
-
export { createAccessToken };
|