@authrim/sveltekit 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +191 -0
- package/README.md +531 -0
- package/dist/__tests__/client-events.test.d.ts +2 -0
- package/dist/__tests__/client-events.test.d.ts.map +1 -0
- package/dist/__tests__/client-events.test.js +225 -0
- package/dist/__tests__/providers.test.d.ts +2 -0
- package/dist/__tests__/providers.test.d.ts.map +1 -0
- package/dist/__tests__/providers.test.js +68 -0
- package/dist/__tests__/response.test.d.ts +2 -0
- package/dist/__tests__/response.test.d.ts.map +1 -0
- package/dist/__tests__/response.test.js +99 -0
- package/dist/__tests__/stores.test.d.ts +2 -0
- package/dist/__tests__/stores.test.d.ts.map +1 -0
- package/dist/__tests__/stores.test.js +91 -0
- package/dist/client.d.ts +25 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +411 -0
- package/dist/components/AuthProvider.svelte +56 -0
- package/dist/components/AuthProvider.svelte.d.ts +34 -0
- package/dist/components/AuthProvider.svelte.d.ts.map +1 -0
- package/dist/components/ProtectedRoute.svelte +71 -0
- package/dist/components/ProtectedRoute.svelte.d.ts +38 -0
- package/dist/components/ProtectedRoute.svelte.d.ts.map +1 -0
- package/dist/components/SignInButton.svelte +93 -0
- package/dist/components/SignInButton.svelte.d.ts +43 -0
- package/dist/components/SignInButton.svelte.d.ts.map +1 -0
- package/dist/components/SignOutButton.svelte +72 -0
- package/dist/components/SignOutButton.svelte.d.ts +40 -0
- package/dist/components/SignOutButton.svelte.d.ts.map +1 -0
- package/dist/components/UserProfile.svelte +71 -0
- package/dist/components/UserProfile.svelte.d.ts +51 -0
- package/dist/components/UserProfile.svelte.d.ts.map +1 -0
- package/dist/components/index.d.ts +6 -0
- package/dist/components/index.d.ts.map +1 -0
- package/dist/components/index.js +5 -0
- package/dist/direct-auth/ciba.d.ts +47 -0
- package/dist/direct-auth/ciba.d.ts.map +1 -0
- package/dist/direct-auth/ciba.js +77 -0
- package/dist/direct-auth/consent.d.ts +85 -0
- package/dist/direct-auth/consent.d.ts.map +1 -0
- package/dist/direct-auth/consent.js +57 -0
- package/dist/direct-auth/device-flow.d.ts +40 -0
- package/dist/direct-auth/device-flow.d.ts.map +1 -0
- package/dist/direct-auth/device-flow.js +45 -0
- package/dist/direct-auth/email-code.d.ts +48 -0
- package/dist/direct-auth/email-code.d.ts.map +1 -0
- package/dist/direct-auth/email-code.js +265 -0
- package/dist/direct-auth/index.d.ts +9 -0
- package/dist/direct-auth/index.d.ts.map +1 -0
- package/dist/direct-auth/index.js +8 -0
- package/dist/direct-auth/login-challenge.d.ts +41 -0
- package/dist/direct-auth/login-challenge.d.ts.map +1 -0
- package/dist/direct-auth/login-challenge.js +34 -0
- package/dist/direct-auth/passkey.d.ts +30 -0
- package/dist/direct-auth/passkey.d.ts.map +1 -0
- package/dist/direct-auth/passkey.js +392 -0
- package/dist/direct-auth/session.d.ts +48 -0
- package/dist/direct-auth/session.d.ts.map +1 -0
- package/dist/direct-auth/session.js +219 -0
- package/dist/direct-auth/social.d.ts +56 -0
- package/dist/direct-auth/social.d.ts.map +1 -0
- package/dist/direct-auth/social.js +484 -0
- package/dist/index.d.ts +17 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +14 -0
- package/dist/providers/crypto.d.ts +13 -0
- package/dist/providers/crypto.d.ts.map +1 -0
- package/dist/providers/crypto.js +27 -0
- package/dist/providers/http.d.ts +30 -0
- package/dist/providers/http.d.ts.map +1 -0
- package/dist/providers/http.js +65 -0
- package/dist/providers/index.d.ts +4 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +3 -0
- package/dist/providers/storage.d.ts +21 -0
- package/dist/providers/storage.d.ts.map +1 -0
- package/dist/providers/storage.js +83 -0
- package/dist/server/handle.d.ts +46 -0
- package/dist/server/handle.d.ts.map +1 -0
- package/dist/server/handle.js +60 -0
- package/dist/server/index.d.ts +4 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +3 -0
- package/dist/server/load.d.ts +83 -0
- package/dist/server/load.d.ts.map +1 -0
- package/dist/server/load.js +86 -0
- package/dist/server/session.d.ts +44 -0
- package/dist/server/session.d.ts.map +1 -0
- package/dist/server/session.js +50 -0
- package/dist/stores/auth.d.ts +56 -0
- package/dist/stores/auth.d.ts.map +1 -0
- package/dist/stores/auth.js +64 -0
- package/dist/stores/index.d.ts +2 -0
- package/dist/stores/index.d.ts.map +1 -0
- package/dist/stores/index.js +1 -0
- package/dist/types.d.ts +164 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +4 -0
- package/dist/ui/account/LinkAccountButton.svelte +133 -0
- package/dist/ui/account/LinkAccountButton.svelte.d.ts +37 -0
- package/dist/ui/account/LinkAccountButton.svelte.d.ts.map +1 -0
- package/dist/ui/account/LinkedAccountsList.svelte +233 -0
- package/dist/ui/account/LinkedAccountsList.svelte.d.ts +32 -0
- package/dist/ui/account/LinkedAccountsList.svelte.d.ts.map +1 -0
- package/dist/ui/account/UnlinkAccountButton.svelte +179 -0
- package/dist/ui/account/UnlinkAccountButton.svelte.d.ts +28 -0
- package/dist/ui/account/UnlinkAccountButton.svelte.d.ts.map +1 -0
- package/dist/ui/account/index.d.ts +7 -0
- package/dist/ui/account/index.d.ts.map +1 -0
- package/dist/ui/account/index.js +6 -0
- package/dist/ui/context.d.ts +17 -0
- package/dist/ui/context.d.ts.map +1 -0
- package/dist/ui/context.js +71 -0
- package/dist/ui/forms/CIBARequestCard.svelte +315 -0
- package/dist/ui/forms/CIBARequestCard.svelte.d.ts +50 -0
- package/dist/ui/forms/CIBARequestCard.svelte.d.ts.map +1 -0
- package/dist/ui/forms/ClientInfo.svelte +232 -0
- package/dist/ui/forms/ClientInfo.svelte.d.ts +35 -0
- package/dist/ui/forms/ClientInfo.svelte.d.ts.map +1 -0
- package/dist/ui/forms/ConsentScopesList.svelte +109 -0
- package/dist/ui/forms/ConsentScopesList.svelte.d.ts +30 -0
- package/dist/ui/forms/ConsentScopesList.svelte.d.ts.map +1 -0
- package/dist/ui/forms/EmailCodeForm.svelte +224 -0
- package/dist/ui/forms/EmailCodeForm.svelte.d.ts +39 -0
- package/dist/ui/forms/EmailCodeForm.svelte.d.ts.map +1 -0
- package/dist/ui/forms/OrgSelector.svelte +95 -0
- package/dist/ui/forms/OrgSelector.svelte.d.ts +37 -0
- package/dist/ui/forms/OrgSelector.svelte.d.ts.map +1 -0
- package/dist/ui/forms/PasskeyConditionalInput.svelte +173 -0
- package/dist/ui/forms/PasskeyConditionalInput.svelte.d.ts +36 -0
- package/dist/ui/forms/PasskeyConditionalInput.svelte.d.ts.map +1 -0
- package/dist/ui/forms/QRCodeDisplay.svelte +122 -0
- package/dist/ui/forms/QRCodeDisplay.svelte.d.ts +27 -0
- package/dist/ui/forms/QRCodeDisplay.svelte.d.ts.map +1 -0
- package/dist/ui/forms/SocialLoginButtons.svelte +209 -0
- package/dist/ui/forms/SocialLoginButtons.svelte.d.ts +33 -0
- package/dist/ui/forms/SocialLoginButtons.svelte.d.ts.map +1 -0
- package/dist/ui/forms/UserCodeInput.svelte +183 -0
- package/dist/ui/forms/UserCodeInput.svelte.d.ts +34 -0
- package/dist/ui/forms/UserCodeInput.svelte.d.ts.map +1 -0
- package/dist/ui/forms/index.d.ts +13 -0
- package/dist/ui/forms/index.d.ts.map +1 -0
- package/dist/ui/forms/index.js +12 -0
- package/dist/ui/helpers/AuthError.svelte +124 -0
- package/dist/ui/helpers/AuthError.svelte.d.ts +26 -0
- package/dist/ui/helpers/AuthError.svelte.d.ts.map +1 -0
- package/dist/ui/helpers/AuthLoading.svelte +83 -0
- package/dist/ui/helpers/AuthLoading.svelte.d.ts +25 -0
- package/dist/ui/helpers/AuthLoading.svelte.d.ts.map +1 -0
- package/dist/ui/helpers/OTPInput.svelte +214 -0
- package/dist/ui/helpers/OTPInput.svelte.d.ts +34 -0
- package/dist/ui/helpers/OTPInput.svelte.d.ts.map +1 -0
- package/dist/ui/helpers/ResendCodeButton.svelte +140 -0
- package/dist/ui/helpers/ResendCodeButton.svelte.d.ts +28 -0
- package/dist/ui/helpers/ResendCodeButton.svelte.d.ts.map +1 -0
- package/dist/ui/helpers/index.d.ts +8 -0
- package/dist/ui/helpers/index.d.ts.map +1 -0
- package/dist/ui/helpers/index.js +7 -0
- package/dist/ui/index.d.ts +43 -0
- package/dist/ui/index.d.ts.map +1 -0
- package/dist/ui/index.js +48 -0
- package/dist/ui/passkey/PasskeyDeleteButton.svelte +177 -0
- package/dist/ui/passkey/PasskeyDeleteButton.svelte.d.ts +26 -0
- package/dist/ui/passkey/PasskeyDeleteButton.svelte.d.ts.map +1 -0
- package/dist/ui/passkey/PasskeyList.svelte +225 -0
- package/dist/ui/passkey/PasskeyList.svelte.d.ts +30 -0
- package/dist/ui/passkey/PasskeyList.svelte.d.ts.map +1 -0
- package/dist/ui/passkey/PasskeyRegisterButton.svelte +52 -0
- package/dist/ui/passkey/PasskeyRegisterButton.svelte.d.ts +38 -0
- package/dist/ui/passkey/PasskeyRegisterButton.svelte.d.ts.map +1 -0
- package/dist/ui/passkey/index.d.ts +7 -0
- package/dist/ui/passkey/index.d.ts.map +1 -0
- package/dist/ui/passkey/index.js +6 -0
- package/dist/ui/session/SessionExpiryIndicator.svelte +109 -0
- package/dist/ui/session/SessionExpiryIndicator.svelte.d.ts +23 -0
- package/dist/ui/session/SessionExpiryIndicator.svelte.d.ts.map +1 -0
- package/dist/ui/session/SessionList.svelte +231 -0
- package/dist/ui/session/SessionList.svelte.d.ts +31 -0
- package/dist/ui/session/SessionList.svelte.d.ts.map +1 -0
- package/dist/ui/session/SessionRevokeButton.svelte +72 -0
- package/dist/ui/session/SessionRevokeButton.svelte.d.ts +26 -0
- package/dist/ui/session/SessionRevokeButton.svelte.d.ts.map +1 -0
- package/dist/ui/session/index.d.ts +7 -0
- package/dist/ui/session/index.d.ts.map +1 -0
- package/dist/ui/session/index.js +6 -0
- package/dist/ui/shared/Alert.svelte +246 -0
- package/dist/ui/shared/Alert.svelte.d.ts +36 -0
- package/dist/ui/shared/Alert.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Badge.svelte +100 -0
- package/dist/ui/shared/Badge.svelte.d.ts +35 -0
- package/dist/ui/shared/Badge.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Button.svelte +213 -0
- package/dist/ui/shared/Button.svelte.d.ts +42 -0
- package/dist/ui/shared/Button.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Card.svelte +85 -0
- package/dist/ui/shared/Card.svelte.d.ts +39 -0
- package/dist/ui/shared/Card.svelte.d.ts.map +1 -0
- package/dist/ui/shared/CountdownTimer.svelte +150 -0
- package/dist/ui/shared/CountdownTimer.svelte.d.ts +30 -0
- package/dist/ui/shared/CountdownTimer.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Dialog.svelte +240 -0
- package/dist/ui/shared/Dialog.svelte.d.ts +39 -0
- package/dist/ui/shared/Dialog.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Input.svelte +192 -0
- package/dist/ui/shared/Input.svelte.d.ts +42 -0
- package/dist/ui/shared/Input.svelte.d.ts.map +1 -0
- package/dist/ui/shared/LanguageSwitcher.svelte +99 -0
- package/dist/ui/shared/LanguageSwitcher.svelte.d.ts +31 -0
- package/dist/ui/shared/LanguageSwitcher.svelte.d.ts.map +1 -0
- package/dist/ui/shared/Spinner.svelte +75 -0
- package/dist/ui/shared/Spinner.svelte.d.ts +24 -0
- package/dist/ui/shared/Spinner.svelte.d.ts.map +1 -0
- package/dist/ui/shared/index.d.ts +13 -0
- package/dist/ui/shared/index.d.ts.map +1 -0
- package/dist/ui/shared/index.js +12 -0
- package/dist/ui/styles/base.css +168 -0
- package/dist/ui/styles/theme.css +279 -0
- package/dist/ui/templates/AccountSettingsTemplate.svelte +205 -0
- package/dist/ui/templates/AccountSettingsTemplate.svelte.d.ts +49 -0
- package/dist/ui/templates/AccountSettingsTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/CIBATemplate.svelte +227 -0
- package/dist/ui/templates/CIBATemplate.svelte.d.ts +45 -0
- package/dist/ui/templates/CIBATemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/ConsentTemplate.svelte +549 -0
- package/dist/ui/templates/ConsentTemplate.svelte.d.ts +76 -0
- package/dist/ui/templates/ConsentTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/DeviceFlowTemplate.svelte +228 -0
- package/dist/ui/templates/DeviceFlowTemplate.svelte.d.ts +47 -0
- package/dist/ui/templates/DeviceFlowTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/LoginTemplate.svelte +234 -0
- package/dist/ui/templates/LoginTemplate.svelte.d.ts +49 -0
- package/dist/ui/templates/LoginTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/ReauthTemplate.svelte +269 -0
- package/dist/ui/templates/ReauthTemplate.svelte.d.ts +54 -0
- package/dist/ui/templates/ReauthTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/SignUpTemplate.svelte +345 -0
- package/dist/ui/templates/SignUpTemplate.svelte.d.ts +53 -0
- package/dist/ui/templates/SignUpTemplate.svelte.d.ts.map +1 -0
- package/dist/ui/templates/index.d.ts +14 -0
- package/dist/ui/templates/index.d.ts.map +1 -0
- package/dist/ui/templates/index.js +13 -0
- package/dist/ui/types.d.ts +151 -0
- package/dist/ui/types.d.ts.map +1 -0
- package/dist/ui/types.js +4 -0
- package/dist/utils/context.d.ts +12 -0
- package/dist/utils/context.d.ts.map +1 -0
- package/dist/utils/context.js +26 -0
- package/dist/utils/error-mapping.d.ts +29 -0
- package/dist/utils/error-mapping.d.ts.map +1 -0
- package/dist/utils/error-mapping.js +38 -0
- package/dist/utils/index.d.ts +7 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +6 -0
- package/dist/utils/response.d.ts +21 -0
- package/dist/utils/response.d.ts.map +1 -0
- package/dist/utils/response.js +84 -0
- package/dist/utils/sensitive-data.d.ts +9 -0
- package/dist/utils/sensitive-data.d.ts.map +1 -0
- package/dist/utils/sensitive-data.js +56 -0
- package/dist/utils/ssr.d.ts +38 -0
- package/dist/utils/ssr.d.ts.map +1 -0
- package/dist/utils/ssr.js +73 -0
- package/dist/utils/webauthn-converters.d.ts +9 -0
- package/dist/utils/webauthn-converters.d.ts.map +1 -0
- package/dist/utils/webauthn-converters.js +75 -0
- package/package.json +111 -0
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Consent API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Provides methods for fetching consent screen data and submitting consent decisions.
|
|
5
|
+
* This is a thin API wrapper — no business logic, just HTTP calls.
|
|
6
|
+
*/
|
|
7
|
+
// =============================================================================
|
|
8
|
+
// Implementation
|
|
9
|
+
// =============================================================================
|
|
10
|
+
export class ConsentApiImpl {
|
|
11
|
+
issuer;
|
|
12
|
+
http;
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.issuer = config.issuer;
|
|
15
|
+
this.http = config.http;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Fetch consent screen data
|
|
19
|
+
*/
|
|
20
|
+
async getData(challengeId) {
|
|
21
|
+
const url = `${this.issuer}/auth/consent?challenge_id=${encodeURIComponent(challengeId)}`;
|
|
22
|
+
const response = await this.http.fetch(url, {
|
|
23
|
+
method: "GET",
|
|
24
|
+
headers: { Accept: "application/json" },
|
|
25
|
+
credentials: "include",
|
|
26
|
+
});
|
|
27
|
+
if (!response.ok || !response.data) {
|
|
28
|
+
const errorMsg = response.data
|
|
29
|
+
?.error_description || "Failed to load consent data";
|
|
30
|
+
throw new Error(errorMsg);
|
|
31
|
+
}
|
|
32
|
+
return response.data;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Submit consent decision (approve or deny)
|
|
36
|
+
*/
|
|
37
|
+
async submit(challengeId, options) {
|
|
38
|
+
const url = `${this.issuer}/auth/consent`;
|
|
39
|
+
const response = await this.http.fetch(url, {
|
|
40
|
+
method: "POST",
|
|
41
|
+
headers: { "Content-Type": "application/json" },
|
|
42
|
+
credentials: "include",
|
|
43
|
+
body: JSON.stringify({
|
|
44
|
+
challenge_id: challengeId,
|
|
45
|
+
approved: options.approve,
|
|
46
|
+
selected_org_id: options.selectedOrgId,
|
|
47
|
+
acting_as_user_id: options.actingAsUserId,
|
|
48
|
+
}),
|
|
49
|
+
});
|
|
50
|
+
if (!response.ok || !response.data) {
|
|
51
|
+
const errorMsg = response.data
|
|
52
|
+
?.error_description || "Failed to submit consent";
|
|
53
|
+
throw new Error(errorMsg);
|
|
54
|
+
}
|
|
55
|
+
return response.data;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Device Flow API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Provides methods for device code verification (RFC 8628).
|
|
5
|
+
* This is a thin API wrapper — no business logic, just HTTP calls.
|
|
6
|
+
*/
|
|
7
|
+
import type { HttpClient } from "@authrim/core";
|
|
8
|
+
export interface DeviceFlowData {
|
|
9
|
+
device_code: string;
|
|
10
|
+
user_code: string;
|
|
11
|
+
verification_uri: string;
|
|
12
|
+
verification_uri_complete?: string;
|
|
13
|
+
expires_in: number;
|
|
14
|
+
interval: number;
|
|
15
|
+
}
|
|
16
|
+
export interface DeviceFlowSubmitResult {
|
|
17
|
+
message: string;
|
|
18
|
+
}
|
|
19
|
+
export interface DeviceFlowError {
|
|
20
|
+
error: string;
|
|
21
|
+
error_description?: string;
|
|
22
|
+
}
|
|
23
|
+
export interface DeviceFlowApiConfig {
|
|
24
|
+
issuer: string;
|
|
25
|
+
http: HttpClient;
|
|
26
|
+
}
|
|
27
|
+
export declare class DeviceFlowApiImpl {
|
|
28
|
+
private readonly issuer;
|
|
29
|
+
private readonly http;
|
|
30
|
+
constructor(config: DeviceFlowApiConfig);
|
|
31
|
+
/**
|
|
32
|
+
* Verify and submit device code (approve or deny)
|
|
33
|
+
*/
|
|
34
|
+
submit(userCode: string, approve?: boolean): Promise<DeviceFlowSubmitResult>;
|
|
35
|
+
}
|
|
36
|
+
export declare class DeviceFlowVerificationError extends Error {
|
|
37
|
+
readonly errorCode: string;
|
|
38
|
+
constructor(message: string, errorCode: string);
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=device-flow.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"device-flow.d.ts","sourceRoot":"","sources":["../../src/lib/direct-auth/device-flow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAe,MAAM,eAAe,CAAC;AAW7D,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAMD,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,UAAU,CAAC;CAClB;AAMD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;gBAEtB,MAAM,EAAE,mBAAmB;IAKvC;;OAEG;IACG,MAAM,CACV,QAAQ,EAAE,MAAM,EAChB,OAAO,UAAO,GACb,OAAO,CAAC,sBAAsB,CAAC;CAwBnC;AAED,qBAAa,2BAA4B,SAAQ,KAAK;IACpD,SAAgB,SAAS,EAAE,MAAM,CAAC;gBAEtB,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;CAK/C"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Device Flow API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Provides methods for device code verification (RFC 8628).
|
|
5
|
+
* This is a thin API wrapper — no business logic, just HTTP calls.
|
|
6
|
+
*/
|
|
7
|
+
// =============================================================================
|
|
8
|
+
// Implementation
|
|
9
|
+
// =============================================================================
|
|
10
|
+
export class DeviceFlowApiImpl {
|
|
11
|
+
issuer;
|
|
12
|
+
http;
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.issuer = config.issuer;
|
|
15
|
+
this.http = config.http;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Verify and submit device code (approve or deny)
|
|
19
|
+
*/
|
|
20
|
+
async submit(userCode, approve = true) {
|
|
21
|
+
const url = `${this.issuer}/api/device/verify`;
|
|
22
|
+
const response = await this.http.fetch(url, {
|
|
23
|
+
method: "POST",
|
|
24
|
+
headers: { "Content-Type": "application/json" },
|
|
25
|
+
credentials: "include",
|
|
26
|
+
body: JSON.stringify({
|
|
27
|
+
user_code: userCode,
|
|
28
|
+
approved: approve,
|
|
29
|
+
}),
|
|
30
|
+
});
|
|
31
|
+
if (!response.ok) {
|
|
32
|
+
const errorData = response.data;
|
|
33
|
+
throw new DeviceFlowVerificationError(errorData?.error_description || "Failed to verify device code", errorData?.error || "verification_failed");
|
|
34
|
+
}
|
|
35
|
+
return response.data;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
export class DeviceFlowVerificationError extends Error {
|
|
39
|
+
errorCode;
|
|
40
|
+
constructor(message, errorCode) {
|
|
41
|
+
super(message);
|
|
42
|
+
this.name = "DeviceFlowVerificationError";
|
|
43
|
+
this.errorCode = errorCode;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Email Code Authentication (OTP)
|
|
3
|
+
*
|
|
4
|
+
* IMPORTANT: Multi-tab limitation
|
|
5
|
+
* The pending verification state (codeVerifier, attemptId) is stored in memory.
|
|
6
|
+
* This means that if a user opens multiple tabs:
|
|
7
|
+
* - Each tab has its own EmailCodeAuthImpl instance
|
|
8
|
+
* - send() in Tab A creates state only in Tab A
|
|
9
|
+
* - verify() in Tab B will fail because Tab B has no state
|
|
10
|
+
*
|
|
11
|
+
* For multi-tab support, consider using BroadcastChannel or SharedWorker.
|
|
12
|
+
* For most use cases, this limitation is acceptable.
|
|
13
|
+
*/
|
|
14
|
+
import { type HttpClient, type CryptoProvider, type EmailCodeAuth, type EmailCodeSendOptions, type EmailCodeSendResult, type EmailCodeVerifyOptions, type AuthResult, type Session, type User } from '@authrim/core';
|
|
15
|
+
export interface EmailCodeAuthOptions {
|
|
16
|
+
issuer: string;
|
|
17
|
+
clientId: string;
|
|
18
|
+
http: HttpClient;
|
|
19
|
+
crypto: CryptoProvider;
|
|
20
|
+
exchangeToken: (authCode: string, codeVerifier: string) => Promise<{
|
|
21
|
+
session?: Session;
|
|
22
|
+
user?: User;
|
|
23
|
+
}>;
|
|
24
|
+
}
|
|
25
|
+
export declare class EmailCodeAuthImpl implements EmailCodeAuth {
|
|
26
|
+
private readonly issuer;
|
|
27
|
+
private readonly clientId;
|
|
28
|
+
private readonly http;
|
|
29
|
+
private readonly pkce;
|
|
30
|
+
private readonly exchangeToken;
|
|
31
|
+
private pendingVerifications;
|
|
32
|
+
private cleanupTimer;
|
|
33
|
+
constructor(options: EmailCodeAuthOptions);
|
|
34
|
+
private startCleanupTimer;
|
|
35
|
+
private pruneExpiredVerifications;
|
|
36
|
+
stopCleanupTimer(): void;
|
|
37
|
+
/**
|
|
38
|
+
* Cleanup resources (must be called when the auth client is destroyed)
|
|
39
|
+
*/
|
|
40
|
+
destroy(): void;
|
|
41
|
+
send(email: string, options?: EmailCodeSendOptions): Promise<EmailCodeSendResult>;
|
|
42
|
+
verify(email: string, code: string, _options?: EmailCodeVerifyOptions): Promise<AuthResult>;
|
|
43
|
+
hasPendingVerification(email: string): boolean;
|
|
44
|
+
getRemainingTime(email: string): number;
|
|
45
|
+
clearPendingVerification(email: string): void;
|
|
46
|
+
private isValidEmail;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=email-code.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"email-code.d.ts","sourceRoot":"","sources":["../../src/lib/direct-auth/email-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAGL,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EAKf,KAAK,OAAO,EACZ,KAAK,IAAI,EACV,MAAM,eAAe,CAAC;AAQvB,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,aAAa,EAAE,CACb,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,KACjB,OAAO,CAAC;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb,CAAC,CAAC;CACJ;AAWD,qBAAa,iBAAkB,YAAW,aAAa;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAwC;IACtE,OAAO,CAAC,oBAAoB,CAA0C;IACtE,OAAO,CAAC,YAAY,CAA+C;gBAEvD,OAAO,EAAE,oBAAoB;IASzC,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,yBAAyB;IAUjC,gBAAgB,IAAI,IAAI;IAOxB;;OAEG;IACH,OAAO,IAAI,IAAI;IAST,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAyDjF,MAAM,CACV,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,QAAQ,CAAC,EAAE,sBAAsB,GAChC,OAAO,CAAC,UAAU,CAAC;IAuJtB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAY9C,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAQvC,wBAAwB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI7C,OAAO,CAAC,YAAY;CAIrB"}
|
|
@@ -0,0 +1,265 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Email Code Authentication (OTP)
|
|
3
|
+
*
|
|
4
|
+
* IMPORTANT: Multi-tab limitation
|
|
5
|
+
* The pending verification state (codeVerifier, attemptId) is stored in memory.
|
|
6
|
+
* This means that if a user opens multiple tabs:
|
|
7
|
+
* - Each tab has its own EmailCodeAuthImpl instance
|
|
8
|
+
* - send() in Tab A creates state only in Tab A
|
|
9
|
+
* - verify() in Tab B will fail because Tab B has no state
|
|
10
|
+
*
|
|
11
|
+
* For multi-tab support, consider using BroadcastChannel or SharedWorker.
|
|
12
|
+
* For most use cases, this limitation is acceptable.
|
|
13
|
+
*/
|
|
14
|
+
import { AuthrimError, PKCEHelper, } from '@authrim/core';
|
|
15
|
+
import { getAuthrimCode, mapSeverity } from '../utils/error-mapping.js';
|
|
16
|
+
const ENDPOINTS = {
|
|
17
|
+
EMAIL_CODE_SEND: '/api/v1/auth/direct/email-code/send',
|
|
18
|
+
EMAIL_CODE_VERIFY: '/api/v1/auth/direct/email-code/verify',
|
|
19
|
+
};
|
|
20
|
+
const CLEANUP_INTERVAL = 5 * 60 * 1000;
|
|
21
|
+
export class EmailCodeAuthImpl {
|
|
22
|
+
issuer;
|
|
23
|
+
clientId;
|
|
24
|
+
http;
|
|
25
|
+
pkce;
|
|
26
|
+
exchangeToken;
|
|
27
|
+
pendingVerifications = new Map();
|
|
28
|
+
cleanupTimer = null;
|
|
29
|
+
constructor(options) {
|
|
30
|
+
this.issuer = options.issuer;
|
|
31
|
+
this.clientId = options.clientId;
|
|
32
|
+
this.http = options.http;
|
|
33
|
+
this.pkce = new PKCEHelper(options.crypto);
|
|
34
|
+
this.exchangeToken = options.exchangeToken;
|
|
35
|
+
this.startCleanupTimer();
|
|
36
|
+
}
|
|
37
|
+
startCleanupTimer() {
|
|
38
|
+
if (typeof window === 'undefined')
|
|
39
|
+
return;
|
|
40
|
+
this.cleanupTimer = setInterval(() => {
|
|
41
|
+
this.pruneExpiredVerifications();
|
|
42
|
+
}, CLEANUP_INTERVAL);
|
|
43
|
+
}
|
|
44
|
+
pruneExpiredVerifications() {
|
|
45
|
+
const now = Date.now();
|
|
46
|
+
for (const [email, state] of this.pendingVerifications.entries()) {
|
|
47
|
+
if (now > state.expiresAt) {
|
|
48
|
+
state.codeVerifier = '';
|
|
49
|
+
this.pendingVerifications.delete(email);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
stopCleanupTimer() {
|
|
54
|
+
if (this.cleanupTimer) {
|
|
55
|
+
clearInterval(this.cleanupTimer);
|
|
56
|
+
this.cleanupTimer = null;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Cleanup resources (must be called when the auth client is destroyed)
|
|
61
|
+
*/
|
|
62
|
+
destroy() {
|
|
63
|
+
this.stopCleanupTimer();
|
|
64
|
+
// Clear all pending verifications and their codeVerifiers
|
|
65
|
+
for (const state of this.pendingVerifications.values()) {
|
|
66
|
+
state.codeVerifier = '';
|
|
67
|
+
}
|
|
68
|
+
this.pendingVerifications.clear();
|
|
69
|
+
}
|
|
70
|
+
async send(email, options) {
|
|
71
|
+
if (!this.isValidEmail(email)) {
|
|
72
|
+
throw new AuthrimError('invalid_request', 'Invalid email address format');
|
|
73
|
+
}
|
|
74
|
+
const { codeVerifier, codeChallenge } = await this.pkce.generatePKCE();
|
|
75
|
+
const request = {
|
|
76
|
+
client_id: this.clientId,
|
|
77
|
+
email,
|
|
78
|
+
code_challenge: codeChallenge,
|
|
79
|
+
code_challenge_method: 'S256',
|
|
80
|
+
locale: options?.locale,
|
|
81
|
+
};
|
|
82
|
+
const response = await this.http.fetch(`${this.issuer}${ENDPOINTS.EMAIL_CODE_SEND}`, {
|
|
83
|
+
method: 'POST',
|
|
84
|
+
headers: { 'Content-Type': 'application/json' },
|
|
85
|
+
body: JSON.stringify(request),
|
|
86
|
+
});
|
|
87
|
+
if (!response.ok || !response.data) {
|
|
88
|
+
if (response.status === 429) {
|
|
89
|
+
const retryAfter = response.headers?.['retry-after'];
|
|
90
|
+
throw new AuthrimError('email_code_too_many_attempts', 'Too many email code requests. Please wait before trying again.', {
|
|
91
|
+
details: {
|
|
92
|
+
retryAfter: retryAfter ? parseInt(retryAfter, 10) : 300,
|
|
93
|
+
},
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
throw new AuthrimError('network_error', 'Failed to send email code');
|
|
97
|
+
}
|
|
98
|
+
const { attempt_id, expires_in, masked_email } = response.data;
|
|
99
|
+
this.pendingVerifications.set(email.toLowerCase(), {
|
|
100
|
+
email,
|
|
101
|
+
attemptId: attempt_id,
|
|
102
|
+
codeVerifier,
|
|
103
|
+
expiresAt: Date.now() + expires_in * 1000,
|
|
104
|
+
});
|
|
105
|
+
return {
|
|
106
|
+
attemptId: attempt_id,
|
|
107
|
+
expiresIn: expires_in,
|
|
108
|
+
maskedEmail: masked_email,
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
async verify(email, code, _options) {
|
|
112
|
+
if (!/^\d{6,8}$/.test(code)) {
|
|
113
|
+
return {
|
|
114
|
+
success: false,
|
|
115
|
+
error: {
|
|
116
|
+
error: 'email_code_invalid',
|
|
117
|
+
error_description: 'Invalid code format. Please enter a 6-digit code.',
|
|
118
|
+
code: 'AR002001',
|
|
119
|
+
meta: { retryable: true, severity: 'warn' },
|
|
120
|
+
},
|
|
121
|
+
};
|
|
122
|
+
}
|
|
123
|
+
const state = this.pendingVerifications.get(email.toLowerCase());
|
|
124
|
+
if (!state) {
|
|
125
|
+
return {
|
|
126
|
+
success: false,
|
|
127
|
+
error: {
|
|
128
|
+
error: 'challenge_invalid',
|
|
129
|
+
error_description: 'No pending verification found. Please request a new code.',
|
|
130
|
+
code: 'AR002004',
|
|
131
|
+
meta: { retryable: false, severity: 'error' },
|
|
132
|
+
},
|
|
133
|
+
};
|
|
134
|
+
}
|
|
135
|
+
if (Date.now() > state.expiresAt) {
|
|
136
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
137
|
+
return {
|
|
138
|
+
success: false,
|
|
139
|
+
error: {
|
|
140
|
+
error: 'email_code_expired',
|
|
141
|
+
error_description: 'Verification code has expired. Please request a new code.',
|
|
142
|
+
code: 'AR002002',
|
|
143
|
+
meta: { retryable: false, severity: 'warn' },
|
|
144
|
+
},
|
|
145
|
+
};
|
|
146
|
+
}
|
|
147
|
+
try {
|
|
148
|
+
const request = {
|
|
149
|
+
attempt_id: state.attemptId,
|
|
150
|
+
code,
|
|
151
|
+
code_verifier: state.codeVerifier,
|
|
152
|
+
};
|
|
153
|
+
const response = await this.http.fetch(`${this.issuer}${ENDPOINTS.EMAIL_CODE_VERIFY}`, {
|
|
154
|
+
method: 'POST',
|
|
155
|
+
headers: { 'Content-Type': 'application/json' },
|
|
156
|
+
body: JSON.stringify(request),
|
|
157
|
+
});
|
|
158
|
+
if (!response.ok || !response.data) {
|
|
159
|
+
if (response.status === 400) {
|
|
160
|
+
const errorData = response.data;
|
|
161
|
+
if (errorData?.error === 'invalid_code') {
|
|
162
|
+
return {
|
|
163
|
+
success: false,
|
|
164
|
+
error: {
|
|
165
|
+
error: 'email_code_invalid',
|
|
166
|
+
error_description: 'Invalid verification code. Please check and try again.',
|
|
167
|
+
code: 'AR002001',
|
|
168
|
+
meta: { retryable: true, severity: 'warn' },
|
|
169
|
+
},
|
|
170
|
+
};
|
|
171
|
+
}
|
|
172
|
+
if (errorData?.error === 'code_expired') {
|
|
173
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
174
|
+
return {
|
|
175
|
+
success: false,
|
|
176
|
+
error: {
|
|
177
|
+
error: 'email_code_expired',
|
|
178
|
+
error_description: 'Verification code has expired.',
|
|
179
|
+
code: 'AR002002',
|
|
180
|
+
meta: { retryable: false, severity: 'warn' },
|
|
181
|
+
},
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
if (errorData?.error === 'too_many_attempts') {
|
|
185
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
186
|
+
return {
|
|
187
|
+
success: false,
|
|
188
|
+
error: {
|
|
189
|
+
error: 'email_code_too_many_attempts',
|
|
190
|
+
error_description: 'Too many incorrect attempts. Please request a new code.',
|
|
191
|
+
code: 'AR002003',
|
|
192
|
+
meta: { retryable: false, retry_after: 300, severity: 'error' },
|
|
193
|
+
},
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
throw new AuthrimError('network_error', 'Failed to verify email code');
|
|
198
|
+
}
|
|
199
|
+
// Copy codeVerifier before clearing for security
|
|
200
|
+
const codeVerifier = state.codeVerifier;
|
|
201
|
+
state.codeVerifier = ''; // Clear immediately before exchangeToken
|
|
202
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
203
|
+
const { auth_code } = response.data;
|
|
204
|
+
const { session, user } = await this.exchangeToken(auth_code, codeVerifier);
|
|
205
|
+
return {
|
|
206
|
+
success: true,
|
|
207
|
+
session,
|
|
208
|
+
user,
|
|
209
|
+
};
|
|
210
|
+
}
|
|
211
|
+
catch (error) {
|
|
212
|
+
// Ensure codeVerifier is cleared on error (may already be cleared above)
|
|
213
|
+
if (state && state.codeVerifier) {
|
|
214
|
+
state.codeVerifier = '';
|
|
215
|
+
}
|
|
216
|
+
if (error instanceof AuthrimError) {
|
|
217
|
+
return {
|
|
218
|
+
success: false,
|
|
219
|
+
error: {
|
|
220
|
+
error: error.code,
|
|
221
|
+
error_description: error.message,
|
|
222
|
+
code: getAuthrimCode(error.code, 'AR002000'),
|
|
223
|
+
meta: {
|
|
224
|
+
retryable: error.meta.retryable,
|
|
225
|
+
severity: mapSeverity(error.meta.severity),
|
|
226
|
+
},
|
|
227
|
+
},
|
|
228
|
+
};
|
|
229
|
+
}
|
|
230
|
+
return {
|
|
231
|
+
success: false,
|
|
232
|
+
error: {
|
|
233
|
+
error: 'network_error',
|
|
234
|
+
error_description: error instanceof Error ? error.message : 'Unknown error',
|
|
235
|
+
code: 'AR001001',
|
|
236
|
+
meta: { retryable: true, severity: 'error' },
|
|
237
|
+
},
|
|
238
|
+
};
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
hasPendingVerification(email) {
|
|
242
|
+
const state = this.pendingVerifications.get(email.toLowerCase());
|
|
243
|
+
if (!state)
|
|
244
|
+
return false;
|
|
245
|
+
if (Date.now() > state.expiresAt) {
|
|
246
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
247
|
+
return false;
|
|
248
|
+
}
|
|
249
|
+
return true;
|
|
250
|
+
}
|
|
251
|
+
getRemainingTime(email) {
|
|
252
|
+
const state = this.pendingVerifications.get(email.toLowerCase());
|
|
253
|
+
if (!state)
|
|
254
|
+
return 0;
|
|
255
|
+
const remaining = Math.floor((state.expiresAt - Date.now()) / 1000);
|
|
256
|
+
return Math.max(0, remaining);
|
|
257
|
+
}
|
|
258
|
+
clearPendingVerification(email) {
|
|
259
|
+
this.pendingVerifications.delete(email.toLowerCase());
|
|
260
|
+
}
|
|
261
|
+
isValidEmail(email) {
|
|
262
|
+
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
263
|
+
return emailRegex.test(email);
|
|
264
|
+
}
|
|
265
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export { PasskeyAuthImpl, type PasskeyAuthOptions } from "./passkey.js";
|
|
2
|
+
export { EmailCodeAuthImpl, type EmailCodeAuthOptions } from "./email-code.js";
|
|
3
|
+
export { SocialAuthImpl, type SocialAuthOptions } from "./social.js";
|
|
4
|
+
export { SessionAuthImpl, type SessionManagerOptions } from "./session.js";
|
|
5
|
+
export { ConsentApiImpl, type ConsentApiConfig } from "./consent.js";
|
|
6
|
+
export { DeviceFlowApiImpl, type DeviceFlowApiConfig, DeviceFlowVerificationError, } from "./device-flow.js";
|
|
7
|
+
export { CIBAApiImpl, type CIBAApiConfig } from "./ciba.js";
|
|
8
|
+
export { LoginChallengeApiImpl, type LoginChallengeApiConfig, } from "./login-challenge.js";
|
|
9
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/direct-auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,KAAK,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,KAAK,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EACL,iBAAiB,EACjB,KAAK,mBAAmB,EACxB,2BAA2B,GAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,KAAK,uBAAuB,GAC7B,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export { PasskeyAuthImpl } from "./passkey.js";
|
|
2
|
+
export { EmailCodeAuthImpl } from "./email-code.js";
|
|
3
|
+
export { SocialAuthImpl } from "./social.js";
|
|
4
|
+
export { SessionAuthImpl } from "./session.js";
|
|
5
|
+
export { ConsentApiImpl } from "./consent.js";
|
|
6
|
+
export { DeviceFlowApiImpl, DeviceFlowVerificationError, } from "./device-flow.js";
|
|
7
|
+
export { CIBAApiImpl } from "./ciba.js";
|
|
8
|
+
export { LoginChallengeApiImpl, } from "./login-challenge.js";
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Login Challenge API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Provides methods for fetching login challenge data (OAuth client metadata).
|
|
5
|
+
* This is a thin API wrapper — no business logic, just HTTP calls.
|
|
6
|
+
*/
|
|
7
|
+
import type { HttpClient } from "@authrim/core";
|
|
8
|
+
export interface LoginChallengeClientInfo {
|
|
9
|
+
client_id: string;
|
|
10
|
+
client_name: string;
|
|
11
|
+
logo_uri?: string;
|
|
12
|
+
client_uri?: string;
|
|
13
|
+
policy_uri?: string;
|
|
14
|
+
tos_uri?: string;
|
|
15
|
+
redirect_uris: string[];
|
|
16
|
+
scope: string;
|
|
17
|
+
response_type: string;
|
|
18
|
+
}
|
|
19
|
+
export interface LoginChallengeData {
|
|
20
|
+
challenge_id: string;
|
|
21
|
+
client: LoginChallengeClientInfo;
|
|
22
|
+
requested_scopes: string[];
|
|
23
|
+
login_hint?: string;
|
|
24
|
+
prompt?: string;
|
|
25
|
+
max_age?: number;
|
|
26
|
+
acr_values?: string[];
|
|
27
|
+
}
|
|
28
|
+
export interface LoginChallengeApiConfig {
|
|
29
|
+
issuer: string;
|
|
30
|
+
http: HttpClient;
|
|
31
|
+
}
|
|
32
|
+
export declare class LoginChallengeApiImpl {
|
|
33
|
+
private readonly issuer;
|
|
34
|
+
private readonly http;
|
|
35
|
+
constructor(config: LoginChallengeApiConfig);
|
|
36
|
+
/**
|
|
37
|
+
* Fetch login challenge data by challenge ID
|
|
38
|
+
*/
|
|
39
|
+
getData(challengeId: string): Promise<LoginChallengeData>;
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=login-challenge.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"login-challenge.d.ts","sourceRoot":"","sources":["../../src/lib/direct-auth/login-challenge.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAe,MAAM,eAAe,CAAC;AAW7D,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,wBAAwB,CAAC;IACjC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAMD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,UAAU,CAAC;CAClB;AAMD,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;gBAEtB,MAAM,EAAE,uBAAuB;IAK3C;;OAEG;IACG,OAAO,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAiBhE"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Login Challenge API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Provides methods for fetching login challenge data (OAuth client metadata).
|
|
5
|
+
* This is a thin API wrapper — no business logic, just HTTP calls.
|
|
6
|
+
*/
|
|
7
|
+
// =============================================================================
|
|
8
|
+
// Implementation
|
|
9
|
+
// =============================================================================
|
|
10
|
+
export class LoginChallengeApiImpl {
|
|
11
|
+
issuer;
|
|
12
|
+
http;
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.issuer = config.issuer;
|
|
15
|
+
this.http = config.http;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Fetch login challenge data by challenge ID
|
|
19
|
+
*/
|
|
20
|
+
async getData(challengeId) {
|
|
21
|
+
const url = `${this.issuer}/auth/login-challenge?challenge_id=${encodeURIComponent(challengeId)}`;
|
|
22
|
+
const response = await this.http.fetch(url, {
|
|
23
|
+
method: "GET",
|
|
24
|
+
headers: { Accept: "application/json" },
|
|
25
|
+
credentials: "include",
|
|
26
|
+
});
|
|
27
|
+
if (!response.ok || !response.data) {
|
|
28
|
+
const errorMsg = response.data
|
|
29
|
+
?.error_description || "Failed to load login challenge data";
|
|
30
|
+
throw new Error(errorMsg);
|
|
31
|
+
}
|
|
32
|
+
return response.data;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Passkey Authentication (WebAuthn)
|
|
3
|
+
*/
|
|
4
|
+
import { type HttpClient, type CryptoProvider, type PasskeyAuth, type PasskeyLoginOptions, type PasskeySignUpOptions, type PasskeyRegisterOptions, type PasskeyCredential, type AuthResult, type Session, type User } from '@authrim/core';
|
|
5
|
+
export interface PasskeyAuthOptions {
|
|
6
|
+
issuer: string;
|
|
7
|
+
clientId: string;
|
|
8
|
+
http: HttpClient;
|
|
9
|
+
crypto: CryptoProvider;
|
|
10
|
+
exchangeToken: (authCode: string, codeVerifier: string) => Promise<{
|
|
11
|
+
session?: Session;
|
|
12
|
+
user?: User;
|
|
13
|
+
}>;
|
|
14
|
+
}
|
|
15
|
+
export declare class PasskeyAuthImpl implements PasskeyAuth {
|
|
16
|
+
private readonly issuer;
|
|
17
|
+
private readonly clientId;
|
|
18
|
+
private readonly http;
|
|
19
|
+
private readonly pkce;
|
|
20
|
+
private readonly exchangeToken;
|
|
21
|
+
private conditionalAbortController;
|
|
22
|
+
constructor(options: PasskeyAuthOptions);
|
|
23
|
+
isSupported(): boolean;
|
|
24
|
+
isConditionalUIAvailable(): Promise<boolean>;
|
|
25
|
+
login(options?: PasskeyLoginOptions): Promise<AuthResult>;
|
|
26
|
+
signUp(options: PasskeySignUpOptions): Promise<AuthResult>;
|
|
27
|
+
register(options?: PasskeyRegisterOptions): Promise<PasskeyCredential>;
|
|
28
|
+
cancelConditionalUI(): void;
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=passkey.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/lib/direct-auth/passkey.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAGL,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,UAAU,EAUf,KAAK,OAAO,EACZ,KAAK,IAAI,EACV,MAAM,eAAe,CAAC;AAkBvB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,aAAa,EAAE,CACb,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,KACjB,OAAO,CAAC;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb,CAAC,CAAC;CACJ;AAED,qBAAa,eAAgB,YAAW,WAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAsC;IACpE,OAAO,CAAC,0BAA0B,CAAgC;gBAEtD,OAAO,EAAE,kBAAkB;IAQvC,WAAW,IAAI,OAAO;IAQhB,wBAAwB,IAAI,OAAO,CAAC,OAAO,CAAC;IAa5C,KAAK,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAoKzD,MAAM,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC;IAyJ1D,QAAQ,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAiF5E,mBAAmB,IAAI,IAAI;CAM5B"}
|